CVSS: 9.8EPSS: 5%CPEs: 23EXPL: 0CVE-2014-9761 – glibc: Unbounded stack allocation in nan* functions
https://notcve.org/view.php?id=CVE-2014-9761
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Múltiples desbordamientos de buffer basado en pila en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbirario a través de un argumento largo en la función (1) nan, (2) nanf o (3) nanl. A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://packetstormsecurity.com/files/153278/WAGO-852-Industria • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-3075 – glibc: Stack overflow in nss_dns_getnetbyname_r
https://notcve.org/view.php?id=CVE-2016-3075
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. Desbordamiento de buffer basado en pila en la implementación nss_dns de la función getnetbyname en GNU C Library (también conocido como glibc) en versiones anteriores a 2.24 permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de pila y caída de aplicación) a través de un nombre largo. A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-2573.html http://www.securityfocus.com/bid/85732 http://www.ubuntu.com/usn/USN-2985-1 https://security.gentoo.org/glsa/201702-11 https://sourceware.org/bugzilla/show_bug.cgi?id=19879 https://sourceware.org/git/gitweb.cgi?p=glibc. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5277 – glibc: data corruption while reading the NSS files database
https://notcve.org/view.php?id=CVE-2015-5277
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. La función get_contents en nss_files/files-XXX.c en el Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.20 puede permitir a usuarios locales causar una denegación de servicio (corrupción de pila) o ganar privilegios a través de una larga fila en la base de datos de archivos NSS. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://rhn.redhat.com/errata/RHSA-2015-2172.html http://seclists.org/fulldisclosure/2019/Sep/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/78092 http://www.securitytracker.com/id/1034196 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=1262914& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 24EXPL: 0CVE-2015-8776 – glibc: Segmentation fault caused by passing out-of-range data to strftime()
https://notcve.org/view.php?id=CVE-2015-8776
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. La función strftime en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente obtener información sensible a través de un valor de tiempo fuera de rango. It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://rhn.redhat.com/errata/RHSA-2017-0680.html http&# • CWE-189: Numeric Errors •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8777 – glibc: LD_POINTER_GUARD in the environment is not sanitized
https://notcve.org/view.php?id=CVE-2015-8777
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. La función process_envvars en elf/rtld.c en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a usuarios locales eludir un mecanismo de protección de puntero a través de un valor cero de la variable de entorno LD_POINTER_GUARD. It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application. • http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://www.debian.org/security/2016/dsa-3480 http://www.openwall& • CWE-254: 7PK - Security Features •