CVSS: 8.1EPSS: 97%CPEs: 68EXPL: 18CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2015-7547
16 Feb 2016 — Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pi... • https://packetstorm.news/files/id/167552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 1CVE-2015-5277 – glibc: data corruption while reading the NSS files database
https://notcve.org/view.php?id=CVE-2015-5277
26 May 2015 — The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. La función get_contents en nss_files/files-XXX.c en el Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.20 puede permitir a usuarios locales causar una denegación de servicio (corrupció... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 2CVE-2016-2856 – Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-2856
26 May 2015 — pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysd... • https://packetstorm.news/files/id/141910 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-3075 – glibc: Stack overflow in nss_dns_getnetbyname_r
https://notcve.org/view.php?id=CVE-2016-3075
26 May 2015 — Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. Desbordamiento de buffer basado en pila en la implementación nss_dns de la función getnetbyname en GNU C Library (también conocido como glibc) en versiones anteriores a 2.24 permite a atacantes dependientes del contexto provocar una denegación de servicio (cons... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 24EXPL: 0CVE-2015-8776 – glibc: Segmentation fault caused by passing out-of-range data to strftime()
https://notcve.org/view.php?id=CVE-2015-8776
26 May 2015 — The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. La función strftime en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente obtener información sensible a través de un valor de ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html • CWE-189: Numeric Errors •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8777 – glibc: LD_POINTER_GUARD in the environment is not sanitized
https://notcve.org/view.php?id=CVE-2015-8777
26 May 2015 — The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. La función process_envvars en elf/rtld.c en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a usuarios locales eludir un mecanismo de protección de puntero a través de un valor cero de la variable de entorno LD_POINTER_GUARD. It was foun... • http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 1CVE-2015-8778 – glibc: Integer overflow in hcreate and hcreate_r
https://notcve.org/view.php?id=CVE-2015-8778
26 May 2015 — Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. Desbordamiento de entero en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posi... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 1CVE-2015-8779 – glibc: Unbounded stack allocation in catopen function
https://notcve.org/view.php?id=CVE-2015-8779
26 May 2015 — Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Desbordamiento de buffer basado en pila en la función catopen en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes de contexto causar una denegación de servicio (caída de aplicación) o posiblem... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 23EXPL: 2CVE-2014-9761 – glibc: Unbounded stack allocation in nan* functions
https://notcve.org/view.php?id=CVE-2014-9761
26 May 2015 — Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Múltiples desbordamientos de buffer basado en pila en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegación de servicio (caída de apl... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 12%CPEs: 12EXPL: 0CVE-2015-1781 – glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer
https://notcve.org/view.php?id=CVE-2015-1781
21 Apr 2015 — Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Desbordamiento de buffer en gethostbyname_r y otras funciones NSS no especificadas en la librería C de GNU (también conocida como glibc o libc6) en versiones anteriores a 2.22, permite a atacantes dependientes... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •