glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink...
6.3AI Score
0.0004EPSS
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or...
7.1AI Score
0.0004EPSS
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query...
6.6AI Score
0.011EPSS