CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7817 – glibc: command execution in wordexp() with WRDE_NOCMD specified
https://notcve.org/view.php?id=CVE-2014-7817
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". La función wordexp en GNU C Library (también conocido como glibc) 2.21 no fuerza el indicador WRDE_NOCMD, lo que permite a atacantes dependientes de contexto ejecutar comandos arbitrarios, tal y como fue demostrado por entradas que contienen '$((`...`))'. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. • http://linux.oracle.com/errata/ELSA-2015-0016.html http://linux.oracle.com/errata/ELSA-2015-0092.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://rhn.redhat.com/errata/RHSA-2014-2023.html http://seclists.org/oss-sec/2014/q4/730 http://secunia.com/advisories/62100 http://secunia.com/advisories/62146 http://www.debian.org/security/2015/dsa-3142 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com&#x • CWE-20: Improper Input Validation CWE-440: Expected Behavior Violation •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1CVE-2012-6656
https://notcve.org/view.php?id=CVE-2012-6656
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. iconvdata/ibm930.c en GNU C Library (también conocido como glibc) anterior a 2.16 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango) a través de un valor de caracteres de multibytes de '0xffff' en la función iconv cuando convierte datos codificados de IBM930 a UTF-8. • http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.securityfocus.com/bid/69472 http://www.ubuntu.com/usn/USN-2432-1 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=14134 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=6e230d1183 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 29EXPL: 2CVE-2014-6040 – glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
https://notcve.org/view.php?id=CVE-2014-6040
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. GNU C Library (también conocido como glibc) anterior a 2.20 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango y caída) a través de un valor de caracteres de multibytes de '0xffff' en la función iconv cuando convierte datos codificados de (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, o (5) IBM1364 a UTF-8. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. • http://linux.oracle.com/errata/ELSA-2015-0016.html http://secunia.com/advisories/62100 http://secunia.com/advisories/62146 http://ubuntu.com/usn/usn-2432-1 http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.securityfocus.com/bid/69472 https://security.gentoo.org/glsa/201602-02& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2014-5119 – glibc - NUL Byte gconv_translit_find Off-by-One
https://notcve.org/view.php?id=CVE-2014-5119
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Error de superación de límite (off-by-one) en la función __gconv_translit_find en gconv_trans.c en GNU C Library (también conocido como glibc) permite a atacantes dependientes de contexto causar una denegación de servicio (caída) o ejecutar código arbitrario a través de vectores relacionados con la variable del entorno CHARSET y los módulos de transliteración gconv. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. • https://www.exploit-db.com/exploits/34421 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html http://linux.oracle.com/errata/ELSA-2015-0092.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html http://rhn.redhat.com/errata/RHSA-2014-1118.html http://seclists.org/fulldisclosure/2014/Aug/69 http://secunia.com/advisories/60345 http://secunia.com/advisories/60358 http://secunia.com/advisories/60441 http://secunia.com/advi • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2014-4043 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2014-4043
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. La función posix_spawn_file_actions_addopen en glibc anterior a 2.20 no copia su argumento de ruta de acuerdo con la especificación POSIX, lo que permite a atacantes dependientes de contexto provocar vulnerabilidades de uso después de liberación. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.mandriva.com/security/advisories?name=MDVSA-2014:152 http://www.securityfocus.com/bid/68006 https://bugzil • CWE-94: Improper Control of Generation of Code ('Code Injection') •