CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 3CVE-2009-5029 – GNU glibc - Timezone Parsing Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2009-5029
02 May 2013 — Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. Desbordamiento de entero en la función __tzfile_read en glibc anterior a v2.15 que permite a atacantes dependientes del contexto causar una denegación de servicios (caída) y posiblemente ejecutar código arbitrario a través de un fichero timezone (TZ), como se demostró usa... • https://www.exploit-db.com/exploits/36404 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 17%CPEs: 36EXPL: 1CVE-2013-1914 – glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
https://notcve.org/view.php?id=CVE-2013-1914
29 Apr 2013 — Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambien conocido como glibc o libc6) v2.17 y anteriores permite a atacantes remotos provocar una de... • https://packetstorm.news/files/id/164014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2013-0242 – glibc: Buffer overrun (DoS) in regexp matcher by processing multibyte characters
https://notcve.org/view.php?id=CVE-2013-0242
08 Feb 2013 — Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. Desbordamiento de búfer en el metodo extend_buffers del comparador expresiónes regulares (posix / regexec.c) en glibc, posiblemente, v2.17 y anteriores, permite a atacantes dependientes de contexto provocar una denegación de servicio (corrupción de... • http://osvdb.org/89747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-3480 – GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3480
25 Aug 2012 — Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. Múltiples desbordamientos de entero en (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, y otras "funciones relacionadas" no especificadas en stdlib en GNU C Libra... • https://www.exploit-db.com/exploits/37631 • CWE-121: Stack-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 57EXPL: 6CVE-2011-1095 – glibc: insufficient quoting in the locale command output
https://notcve.org/view.php?id=CVE-2011-1095
10 Apr 2011 — locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. locale/programs/locale.c en la librería C GNU (también conocido como glibc o libc6) anterior a v2.13 no formatea su salida, permitiendo a usuarios locales ganar privilegios mediante una variable de entorno localizati... • http://bugs.gentoo.org/show_bug.cgi?id=330923 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 58EXPL: 0CVE-2011-1089 – glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
https://notcve.org/view.php?id=CVE-2011-1089
10 Apr 2011 — The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. La función addmntent en la biblioteca C de GNU (también conocida como glibc o libc6) v2.13 y anteriores no informa de un estado de error de intentos fal... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-16: Configuration •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2011-0536 – GNU C library dynamic linker - '$ORIGIN' Expansion
https://notcve.org/view.php?id=CVE-2011-0536
08 Apr 2011 — Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: ... • https://www.exploit-db.com/exploits/15274 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 3%CPEs: 57EXPL: 9CVE-2011-1071 – GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption
https://notcve.org/view.php?id=CVE-2011-1071
08 Apr 2011 — The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. La Biblioteca C (también se conoce como glibc o libc6) anterior a versión 2.12.2 y Embedded GLIBC (E... • https://www.exploit-db.com/exploits/17120 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 58EXPL: 4CVE-2011-1659 – glibc: fnmatch() alloca()-based memory corruption flaw
https://notcve.org/view.php?id=CVE-2011-1659
08 Apr 2011 — Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. Desbordamiento de enteros en posix/fnmatch.c en la biblioteca de C de GNU (también conocida como glibc o libc6) v2.13 y anteriores, permite a atacantes dependientes del contexto causar una denegación... • http://code.google.com/p/chromium/issues/detail?id=48733 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2011-1658 – glibc: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN
https://notcve.org/view.php?id=CVE-2011-1658
08 Apr 2011 — ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard... • http://secunia.com/advisories/46397 • CWE-264: Permissions, Privileges, and Access Controls •