CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2010-0015
https://notcve.org/view.php?id=CVE-2010-0015
14 Jan 2010 — nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. nis/nss_nis/nis-pwd.c en GNU C Library (también conocido como glibc o libc6) v2.7 y Embedded GLIBC (EGLIBC) v2.10.2, añade información desde el mapa passwd.adjunct.byname a las entradas en el mapa "passwd", lo que... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3508
https://notcve.org/view.php?id=CVE-2007-3508
03 Jul 2007 — Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution ** EN DISPUTA ** Desbordamiento de enteros en la función process_envvars en elf/rtld.c de glibc en versiones anteriores a la 2.5-rc4 permite a usuarios locales ejecutar código arbitrario mediante un valor grande ... • http://bugs.gentoo.org/show_bug.cgi?id=183844 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 0CVE-2004-1382
https://notcve.org/view.php?id=CVE-2004-1382
31 Dec 2004 — The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. • http://marc.info/?l=bugtraq&m=109899903129801&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1453
https://notcve.org/view.php?id=CVE-2004-1453
31 Dec 2004 — GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. • http://bugs.gentoo.org/show_bug.cgi?id=59526 •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2004-0968
https://notcve.org/view.php?id=CVE-2004-0968
20 Oct 2004 — The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318 •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2003-0859
https://notcve.org/view.php?id=CVE-2003-0859
18 Nov 2003 — The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. La función getifaddres en GNU libc (glibc) 2.2.4 y anteriores permite a usuarios locales causar una denegación de servicio enviando mensajes suplantando a otros usuarios al interfaz del kernel netlink. • http://www.redhat.com/support/errata/RHSA-2003-325.html •
CVSS: 9.8EPSS: 96%CPEs: 165EXPL: 1CVE-2003-0028
https://notcve.org/view.php?id=CVE-2003-0028
21 Mar 2003 — Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. Desbordamiento de entero en la función xdrmem_getbytes(), y posiblemente otras funciones, de librerias XDR (representación de datos externos) derivadas de SunRPC, incluyendo l... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc •
CVSS: 7.5EPSS: 5%CPEs: 59EXPL: 0CVE-2002-1265
https://notcve.org/view.php?id=CVE-2002-1265
12 Nov 2002 — The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). La funcionalidad RPC de Sun en múltiples implementaciones de libc no provee de un mecanismo de exceso de tiempo cuando se leen datos de conexiones TCP, lo que permite a atacantes remotos causar una denegación de servicio (cuelgue) • ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P •
CVSS: 9.1EPSS: 8%CPEs: 1EXPL: 0CVE-2002-1146
https://notcve.org/view.php?id=CVE-2002-1146
11 Oct 2002 — The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). Desbordamiento de búfer en el código de resolución de glib 2.2.5 y anteriores permite a atacantes remotos causar una denegación de servicio (caid... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2002-0684
https://notcve.org/view.php?id=CVE-2002-0684
31 Jul 2002 — Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. Desbordamiento de búfer en las funciones de resolución de DNS que buscan nombres de red y direcciones, como en BIND 4.9.8 y glibc 2.2.5 y anteriores, permiten que servidores DNS remotos ejecuten código arbitrario por ... • http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 •