CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2010-0015
https://notcve.org/view.php?id=CVE-2010-0015
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. nis/nss_nis/nis-pwd.c en GNU C Library (también conocido como glibc o libc6) v2.7 y Embedded GLIBC (EGLIBC) v2.10.2, añade información desde el mapa passwd.adjunct.byname a las entradas en el mapa "passwd", lo que permite a atacantes remotos obtener las contraseñas encriptadas de las cuentas NIS llamando a la función getpwam. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333 http://marc.info/?l=oss-security&m=126320356003425&w=2 http://marc.info/?l=oss-security&m=126320570505651&w=2 http://sourceware.org/bugzilla/show_bug.cgi?id=11134 http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff? • CWE-255: Credentials Management Errors •
CVSS: 2.1EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1453
https://notcve.org/view.php?id=CVE-2004-1453
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. • http://bugs.gentoo.org/show_bug.cgi?id=59526 http://secunia.com/advisories/12306 http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml http://www.redhat.com/support/errata/RHSA-2005-256.html http://www.redhat.com/support/errata/RHSA-2005-261.html http://www.securityfocus.com/bid/10963 https://exchange.xforce.ibmcloud.com/vulnerabilities/17006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10762 https://access.redhat.com/security/cve&#x •
CVSS: 2.1EPSS: 0%CPEs: 26EXPL: 0CVE-2004-1382
https://notcve.org/view.php?id=CVE-2004-1382
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. • http://marc.info/?l=bugtraq&m=109899903129801&w=2 http://www.debian.org/security/2005/dsa-636 http://www.mandriva.com/security/advisories?name=MDKSA-2004:159 http://www.redhat.com/support/errata/RHSA-2005-261.html https://access.redhat.com/security/cve/CVE-2004-1382 https://bugzilla.redhat.com/show_bug.cgi?id=1617410 •
CVSS: 2.1EPSS: 0%CPEs: 30EXPL: 0CVE-2004-0968
https://notcve.org/view.php?id=CVE-2004-0968
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318 http://security.gentoo.org/glsa/glsa-200410-19.xml http://www.debian.org/security/2005/dsa-636 http://www.redhat.com/support/errata/RHSA-2004-586.html http://www.redhat.com/support/errata/RHSA-2005-261.html http://www.securityfocus.com/bid/11286 http://www.trustix.org/errata/2004/0050 https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre. •
CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 0CVE-2003-0859
https://notcve.org/view.php?id=CVE-2003-0859
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. La función getifaddres en GNU libc (glibc) 2.2.4 y anteriores permite a usuarios locales causar una denegación de servicio enviando mensajes suplantando a otros usuarios al interfaz del kernel netlink. • http://www.redhat.com/support/errata/RHSA-2003-325.html http://www.redhat.com/support/errata/RHSA-2003-334.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11337 https://access.redhat.com/security/cve/CVE-2003-0859 https://bugzilla.redhat.com/show_bug.cgi?id=1617097 •