CVSS: 7.5EPSS: 10%CPEs: 28EXPL: 9CVE-2010-4052 – GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2010-4052
13 Jan 2011 — Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. Vulnerabilidad de lconsumo de pila de memoria en la aplicación regcomp en la Biblioteca de C de GNU (también conocido c... • https://packetstorm.news/files/id/125725 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 3%CPEs: 55EXPL: 9CVE-2010-3847 – glibc - '$ORIGIN' Expansion Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3847
07 Jan 2011 — elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. elf/dl-load.c de ld.so en la Biblioteca GNU C (también conocida como glibc o libc6) hasta v2.11.2, y v2.12.x hasta v2.12.1 no maneja adecuadamente un valor de $ORIGIN de la variable de entorno LD_AUDI... • https://packetstorm.news/files/id/146337 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 5%CPEs: 55EXPL: 9CVE-2010-3856 – glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3856
07 Jan 2011 — ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. ld.so en la librería de GNU C (también conocida como glibc o libc6) anteriores a v2.11.3, y v2.12.x anteriores a v2.12.2, no restringen el uso de ... • https://packetstorm.news/files/id/173661 • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3192
https://notcve.org/view.php?id=CVE-2010-3192
12 Oct 2010 — Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations... • http://seclists.org/fulldisclosure/2010/Apr/399 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •