CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 3CVE-2009-5029 – GNU glibc - Timezone Parsing Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2009-5029
02 May 2013 — Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. Desbordamiento de entero en la función __tzfile_read en glibc anterior a v2.15 que permite a atacantes dependientes del contexto causar una denegación de servicios (caída) y posiblemente ejecutar código arbitrario a través de un fichero timezone (TZ), como se demostró usa... • https://www.exploit-db.com/exploits/36404 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2011-4609 – glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
https://notcve.org/view.php?id=CVE-2011-4609
02 May 2013 — The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. La función svc_run en la implementación RPC en glibc anterior a v2.15 que permite a atacantes remotos causar una denegación de servicios (consumo de CPU) a través de una gran número de conexiones RPC. • https://bugzilla.redhat.com/show_bug.cgi?id=767299 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2012-0864 – glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow
https://notcve.org/view.php?id=CVE-2012-0864
02 May 2013 — Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. Desbordamiento de enteros en la función vfprint en stdio-common/vfprint.c en glibc v2.14 y otras versiones que permite a isiarios dependientes del contexto eludir el mecanismo de protección FORTIFY_SOURCE, llevar a cabo ataques de... • http://rhn.redhat.com/errata/RHSA-2012-0393.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 3%CPEs: 36EXPL: 1CVE-2013-1914 – glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
https://notcve.org/view.php?id=CVE-2013-1914
29 Apr 2013 — Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambien conocido como glibc o libc6) v2.17 y anteriores permite a atacantes remotos provocar una de... • https://packetstorm.news/files/id/164014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2013-0242 – glibc: Buffer overrun (DoS) in regexp matcher by processing multibyte characters
https://notcve.org/view.php?id=CVE-2013-0242
08 Feb 2013 — Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. Desbordamiento de búfer en el metodo extend_buffers del comparador expresiónes regulares (posix / regexec.c) en glibc, posiblemente, v2.17 y anteriores, permite a atacantes dependientes de contexto provocar una denegación de servicio (corrupción de... • http://osvdb.org/89747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-3480 – GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3480
25 Aug 2012 — Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. Múltiples desbordamientos de entero en (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, y otras "funciones relacionadas" no especificadas en stdlib en GNU C Libra... • https://www.exploit-db.com/exploits/37631 • CWE-121: Stack-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 0%CPEs: 58EXPL: 0CVE-2011-1089 – glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
https://notcve.org/view.php?id=CVE-2011-1089
10 Apr 2011 — The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. La función addmntent en la biblioteca C de GNU (también conocida como glibc o libc6) v2.13 y anteriores no informa de un estado de error de intentos fal... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-16: Configuration •
CVSS: 9.8EPSS: 0%CPEs: 57EXPL: 6CVE-2011-1095 – glibc: insufficient quoting in the locale command output
https://notcve.org/view.php?id=CVE-2011-1095
10 Apr 2011 — locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. locale/programs/locale.c en la librería C GNU (también conocido como glibc o libc6) anterior a v2.13 no formatea su salida, permitiendo a usuarios locales ganar privilegios mediante una variable de entorno localizati... • http://bugs.gentoo.org/show_bug.cgi?id=330923 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 8%CPEs: 57EXPL: 9CVE-2011-1071 – GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption
https://notcve.org/view.php?id=CVE-2011-1071
08 Apr 2011 — The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. La Biblioteca C (también se conoce como glibc o libc6) anterior a versión 2.12.2 y Embedded GLIBC (E... • https://www.exploit-db.com/exploits/17120 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 1CVE-2011-0536 – GNU C library dynamic linker - '$ORIGIN' Expansion
https://notcve.org/view.php?id=CVE-2011-0536
08 Apr 2011 — Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: ... • https://www.exploit-db.com/exploits/15274 • CWE-426: Untrusted Search Path •