CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 1CVE-2013-4122 – Ubuntu Security Notice USN-1988-1
https://notcve.org/view.php?id=CVE-2013-4122
02 Sep 2013 — Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. SASL de Cyrus, 2.1.23, 2.1.26 y anteriores no trabaja correctamente cuando un valor NULL se devuelve a un error de... • http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 3%CPEs: 28EXPL: 4CVE-2013-4788 – glibc and eglibc 2.5/2.7/2.13 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4788
16 Jul 2013 — The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. La implementación PTR_MANGLE en la GNU C Library (librería también conocida como glibc o libc6) 2.4, 2.17 y... • https://packetstorm.news/files/id/122413 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2011-4609 – glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
https://notcve.org/view.php?id=CVE-2011-4609
02 May 2013 — The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. La función svc_run en la implementación RPC en glibc anterior a v2.15 que permite a atacantes remotos causar una denegación de servicios (consumo de CPU) a través de una gran número de conexiones RPC. • https://bugzilla.redhat.com/show_bug.cgi?id=767299 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 3CVE-2009-5029 – GNU glibc - Timezone Parsing Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2009-5029
02 May 2013 — Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. Desbordamiento de entero en la función __tzfile_read en glibc anterior a v2.15 que permite a atacantes dependientes del contexto causar una denegación de servicios (caída) y posiblemente ejecutar código arbitrario a través de un fichero timezone (TZ), como se demostró usa... • https://www.exploit-db.com/exploits/36404 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 17%CPEs: 36EXPL: 1CVE-2013-1914 – glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
https://notcve.org/view.php?id=CVE-2013-1914
29 Apr 2013 — Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambien conocido como glibc o libc6) v2.17 y anteriores permite a atacantes remotos provocar una de... • https://packetstorm.news/files/id/164014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 57EXPL: 6CVE-2011-1095 – glibc: insufficient quoting in the locale command output
https://notcve.org/view.php?id=CVE-2011-1095
10 Apr 2011 — locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. locale/programs/locale.c en la librería C GNU (también conocido como glibc o libc6) anterior a v2.13 no formatea su salida, permitiendo a usuarios locales ganar privilegios mediante una variable de entorno localizati... • http://bugs.gentoo.org/show_bug.cgi?id=330923 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 58EXPL: 0CVE-2011-1089 – glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
https://notcve.org/view.php?id=CVE-2011-1089
10 Apr 2011 — The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. La función addmntent en la biblioteca C de GNU (también conocida como glibc o libc6) v2.13 y anteriores no informa de un estado de error de intentos fal... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-16: Configuration •
CVSS: 9.8EPSS: 3%CPEs: 57EXPL: 9CVE-2011-1071 – GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption
https://notcve.org/view.php?id=CVE-2011-1071
08 Apr 2011 — The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. La Biblioteca C (también se conoce como glibc o libc6) anterior a versión 2.12.2 y Embedded GLIBC (E... • https://www.exploit-db.com/exploits/17120 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 58EXPL: 4CVE-2011-1659 – glibc: fnmatch() alloca()-based memory corruption flaw
https://notcve.org/view.php?id=CVE-2011-1659
08 Apr 2011 — Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. Desbordamiento de enteros en posix/fnmatch.c en la biblioteca de C de GNU (también conocida como glibc o libc6) v2.13 y anteriores, permite a atacantes dependientes del contexto causar una denegación... • http://code.google.com/p/chromium/issues/detail?id=48733 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2011-1658 – glibc: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN
https://notcve.org/view.php?id=CVE-2011-1658
08 Apr 2011 — ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard... • http://secunia.com/advisories/46397 • CWE-264: Permissions, Privileges, and Access Controls •