CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 0CVE-2010-0296 – glibc: Improper encoding of names with certain special character in utilities for writing to mtab table
https://notcve.org/view.php?id=CVE-2010-0296
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. La macro "encode_name" en "misc/mntent_r.c" en la Librería C GNU (también conocida como glibc or libc6) v2.11.1 y anteriores, como la usada por "ncpmount" y "mount.cifs" no maneja correctamente los caracteres de "nueva línea" en los nombres de punto de montaje, que permite a usuarios locales provocar una denegación de servicio (corrupción de mtab) o posiblemente modificar las opciones de montado y ganar privilegios, a través de una petición de montaje manipulada The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. • http://frugalware.org/security/662 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://seclists.org/fulldisclosure/2019/Jun/18 http://secunia.com/advisories/39900 http://secunia.com/advisories/43830 http://secunia.com/advisories/46397 http://security.gentoo.org/glsa/glsa-201011-01.xml http://securitytracker.com/id?1024043 http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540 http:&#x • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2010-0015
https://notcve.org/view.php?id=CVE-2010-0015
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. nis/nss_nis/nis-pwd.c en GNU C Library (también conocido como glibc o libc6) v2.7 y Embedded GLIBC (EGLIBC) v2.10.2, añade información desde el mapa passwd.adjunct.byname a las entradas en el mapa "passwd", lo que permite a atacantes remotos obtener las contraseñas encriptadas de las cuentas NIS llamando a la función getpwam. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333 http://marc.info/?l=oss-security&m=126320356003425&w=2 http://marc.info/?l=oss-security&m=126320570505651&w=2 http://sourceware.org/bugzilla/show_bug.cgi?id=11134 http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff? • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3508
https://notcve.org/view.php?id=CVE-2007-3508
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution ** EN DISPUTA ** Desbordamiento de enteros en la función process_envvars en elf/rtld.c de glibc en versiones anteriores a la 2.5-rc4 permite a usuarios locales ejecutar código arbitrario mediante un valor grande de la variable de entorno LD_HWCAP_MASK. NOTA: los mantenedores de glibc aseguran que no creen que esta cuestión sea vulnerable a través de la ejecución de código. • http://bugs.gentoo.org/show_bug.cgi?id=183844 http://osvdb.org/37901 http://secunia.com/advisories/25864 http://security.gentoo.org/glsa/glsa-200707-04.xml http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/glibc/2.5/1600_all_glibc-hwcap-mask-secure.patch?rev=1.1&view=markup http://www.securityfocus.com/bid/24758 http://www.securitytracker.com/id?1018334 http://www.sourceware.org/ml/libc-hacker/2007-07/msg00001.html http://www.vupen.com/english/advisories/ • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1453
https://notcve.org/view.php?id=CVE-2004-1453
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. • http://bugs.gentoo.org/show_bug.cgi?id=59526 http://secunia.com/advisories/12306 http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml http://www.redhat.com/support/errata/RHSA-2005-256.html http://www.redhat.com/support/errata/RHSA-2005-261.html http://www.securityfocus.com/bid/10963 https://exchange.xforce.ibmcloud.com/vulnerabilities/17006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10762 https://access.redhat.com/security/cve&#x •
CVSS: 2.1EPSS: 0%CPEs: 26EXPL: 0CVE-2004-1382
https://notcve.org/view.php?id=CVE-2004-1382
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. • http://marc.info/?l=bugtraq&m=109899903129801&w=2 http://www.debian.org/security/2005/dsa-636 http://www.mandriva.com/security/advisories?name=MDKSA-2004:159 http://www.redhat.com/support/errata/RHSA-2005-261.html https://access.redhat.com/security/cve/CVE-2004-1382 https://bugzilla.redhat.com/show_bug.cgi?id=1617410 •