CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1473 – glibc: Stack-overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1473
24 Feb 2015 — The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (ta... • http://openwall.com/lists/oss-security/2015/02/04/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2013-7424 – glibc: Invalid-free when using getaddrinfo()
https://notcve.org/view.php?id=CVE-2013-7424
24 Feb 2015 — The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. Vulnerabilidad en la función getaddrinfo en glibc en versiones anteriores a 2.15, cuando es compilado con libidn y es utilizado el indicador AI_IDN, permite a atacantes dependientes de contexto provocar una d... • http://rhn.redhat.com/errata/RHSA-2015-1627.html • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 2CVE-2015-1472 – glibc: heap buffer overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1472
24 Feb 2015 — The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (también conocida como glibc o libc6) anterior a 2.21 no considera co... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 11%CPEs: 7EXPL: 3CVE-2014-9402 – glibc: denial of service in getnetbyname function
https://notcve.org/view.php?id=CVE-2014-9402
24 Feb 2015 — The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. La implementación nss_dns de getnetbyname en GNU C Library (también conocido como glibc) anterior a 2.21, cuando el backend DNS en la configuración Name Service Switch está habilitado, permite a atacantes remotos cau... • https://packetstorm.news/files/id/154361 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 39CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
27 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://packetstorm.news/files/id/181060 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7817 – glibc: command execution in wordexp() with WRDE_NOCMD specified
https://notcve.org/view.php?id=CVE-2014-7817
24 Nov 2014 — The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". La función wordexp en GNU C Library (también conocido como glibc) 2.21 no fuerza el indicador WRDE_NOCMD, lo que permite a atacantes dependientes de contexto ejecutar comandos arbitrarios, tal y como fue demostrado por entradas que contienen '$((`...`))'. It was found that the wordexp() function ... • http://linux.oracle.com/errata/ELSA-2015-0016.html • CWE-20: Improper Input Validation CWE-440: Expected Behavior Violation •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 2CVE-2011-2702 – eGlibc - Signedness Code Execution
https://notcve.org/view.php?id=CVE-2011-2702
27 Oct 2014 — Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. Error de signo de enteros en Glibc anterior a 2.13 y eglibc anterior a 2.13, cuando utiliza l... • https://www.exploit-db.com/exploits/20167 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 2CVE-2014-6040 – glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
https://notcve.org/view.php?id=CVE-2014-6040
08 Sep 2014 — GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. GNU C Library (también conocido como glibc) anterior a 2.20 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango y caída) a través de un valor de caracteres de m... • http://linux.oracle.com/errata/ELSA-2015-0016.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2012-6656 – Mandriva Linux Security Advisory 2014-175
https://notcve.org/view.php?id=CVE-2012-6656
08 Sep 2014 — iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. iconvdata/ibm930.c en GNU C Library (también conocido como glibc) anterior a 2.16 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango) a través de un valor de caracteres de multibytes de '0xffff' en la fu... • http://www.debian.org/security/2015/dsa-3142 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2014-5119 – glibc - NUL Byte gconv_translit_find Off-by-One
https://notcve.org/view.php?id=CVE-2014-5119
26 Aug 2014 — Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Error de superación de límite (off-by-one) en la función __gconv_translit_find en gconv_trans.c en GNU C Library (también conocido como glibc) permite a atacantes dependientes de contexto causar una denegación de servicio ... • https://packetstorm.news/files/id/128002 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •