CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3192
https://notcve.org/view.php?id=CVE-2010-3192
12 Oct 2010 — Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations... • http://seclists.org/fulldisclosure/2010/Apr/399 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 1CVE-2010-0296 – glibc: Improper encoding of names with certain special character in utilities for writing to mtab table
https://notcve.org/view.php?id=CVE-2010-0296
01 Jun 2010 — The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. La macro "encode_name" en "misc/mntent_r.c" en la Librería C GNU (también conocida como glibc or libc6) v2.11.1 y anteriores, como la usada por "ncpmoun... • https://packetstorm.news/files/id/153278 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 37EXPL: 4CVE-2009-4880 – GNU glibc 2.x - 'strfmon()' Integer Overflow
https://notcve.org/view.php?id=CVE-2009-4880
01 Jun 2010 — Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. Múltiples desbordamientos de entero en la implementación "strfmon" en la Librería C GNU (también conocida como glibc or libc6) v2.10.1 y anterior... • https://www.exploit-db.com/exploits/33230 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 5%CPEs: 38EXPL: 0CVE-2010-0830 – glibc: ld.so d_tag signedness error in elf_get_dynamic_info
https://notcve.org/view.php?id=CVE-2010-0830
01 Jun 2010 — Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. Error de persistencia de signo en entero en la función "elf_get_dynamic_info" en "elf/dynamic-link.h" de la librería C GNU (también conocida como glibc o... • http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2009-4881
https://notcve.org/view.php?id=CVE-2009-4881
01 Jun 2010 — Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. Desbordamiento de entero en la función "__vstrfmon_l" de "tdlib/strfmon_l.c" en la implementación "strfmon" en la Librería C GNU (también conocida como glibc... • http://security.gentoo.org/glsa/glsa-201011-01.xml • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2010-0015
https://notcve.org/view.php?id=CVE-2010-0015
14 Jan 2010 — nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. nis/nss_nis/nis-pwd.c en GNU C Library (también conocido como glibc o libc6) v2.7 y Embedded GLIBC (EGLIBC) v2.10.2, añade información desde el mapa passwd.adjunct.byname a las entradas en el mapa "passwd", lo que... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3508
https://notcve.org/view.php?id=CVE-2007-3508
03 Jul 2007 — Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution ** EN DISPUTA ** Desbordamiento de enteros en la función process_envvars en elf/rtld.c de glibc en versiones anteriores a la 2.5-rc4 permite a usuarios locales ejecutar código arbitrario mediante un valor grande ... • http://bugs.gentoo.org/show_bug.cgi?id=183844 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 0CVE-2004-1382
https://notcve.org/view.php?id=CVE-2004-1382
31 Dec 2004 — The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. • http://marc.info/?l=bugtraq&m=109899903129801&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1453
https://notcve.org/view.php?id=CVE-2004-1453
31 Dec 2004 — GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. • http://bugs.gentoo.org/show_bug.cgi?id=59526 •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2004-0968
https://notcve.org/view.php?id=CVE-2004-0968
20 Oct 2004 — The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318 •