CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8777 – glibc: LD_POINTER_GUARD in the environment is not sanitized
https://notcve.org/view.php?id=CVE-2015-8777
26 May 2015 — The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. La función process_envvars en elf/rtld.c en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a usuarios locales eludir un mecanismo de protección de puntero a través de un valor cero de la variable de entorno LD_POINTER_GUARD. It was foun... • http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 1CVE-2015-8778 – glibc: Integer overflow in hcreate and hcreate_r
https://notcve.org/view.php?id=CVE-2015-8778
26 May 2015 — Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. Desbordamiento de entero en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posi... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 1CVE-2015-8779 – glibc: Unbounded stack allocation in catopen function
https://notcve.org/view.php?id=CVE-2015-8779
26 May 2015 — Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Desbordamiento de buffer basado en pila en la función catopen en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes de contexto causar una denegación de servicio (caída de aplicación) o posiblem... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 23EXPL: 2CVE-2014-9761 – glibc: Unbounded stack allocation in nan* functions
https://notcve.org/view.php?id=CVE-2014-9761
26 May 2015 — Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Múltiples desbordamientos de buffer basado en pila en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegación de servicio (caída de apl... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 89%CPEs: 3EXPL: 2CVE-2015-3622 – libtasn1: heap overflow flaw in _asn1_extract_der_octet()
https://notcve.org/view.php?id=CVE-2015-3622
08 May 2015 — The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 anterior a 4.5 permite a atacantes remotos causar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de un certificado manipulado. A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DE... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 12%CPEs: 12EXPL: 0CVE-2015-1781 – glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer
https://notcve.org/view.php?id=CVE-2015-1781
21 Apr 2015 — Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Desbordamiento de buffer en gethostbyname_r y otras funciones NSS no especificadas en la librería C de GNU (también conocida como glibc o libc6) en versiones anteriores a 2.22, permite a atacantes dependientes... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2014-9488 – Mandriva Linux Security Advisory 2015-199
https://notcve.org/view.php?id=CVE-2014-9488
13 Apr 2015 — The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. La función is_utf8_well_formed en GNU less anterior a 475 permite a atacantes remotos tener un impacto no especificado a través de caracteres UFT-8 malformados, lo que provoca una lectura fuera de rango. Updated less package fixes security vulnerability. Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decodi... • http://advisories.mageia.org/MGASA-2015-0139.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-2806 – libtasn1: stack overflow in asn1_der_decoding
https://notcve.org/view.php?id=CVE-2015-2806
07 Apr 2015 — Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Desbordamiento de buffer basado en pila en asn1_der_decoding en libtasn1 anterior a 4.4 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. Libtas... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 1CVE-2015-2775 – mailman: directory traversal in MTA transports that deliver programmatically
https://notcve.org/view.php?id=CVE-2015-2775
06 Apr 2015 — Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. Vulnerabilidad de salto de directorio en GNU Mailman anterior a 2.1.20, cuando no utiliza un alias estático, permite a atacantes remotos ejecutar ficheros arbitrarios a través de un .. (punto punto) en un nombre de lista. It was found that mailman did not sanitize the list name before passing it to certain MTAs. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-5044 – Mandriva Linux Security Advisory 2015-170
https://notcve.org/view.php?id=CVE-2014-5044
31 Mar 2015 — Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. Múltiples desbordamientos de enteros en libgfortran podrían permitir que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (cierre inesperado de la aplicación Fortran) mediante vectores relacionados con la asignación de arrays. Multiple integer overflow issues were found in libgfort... • http://www.openwall.com/lists/oss-security/2014/07/24/1 • CWE-190: Integer Overflow or Wraparound •