MiracleLinux 4 : glibc-2.12-1.149.AXS4.7 (AXSA:2015-126:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-126:03 advisory. Description: The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory,...

Unity Linux 20.1070e Security Update: glibc (UTSA-2025-680658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680658 advisory. In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference...

EUVD-2021-27821

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-10739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by...

CVE-2025-5745

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller those registers are defined as non-volatile registers by the powerpc64le ABI, resulting in overwriting of its...

Linux Distros Unpatched Vulnerability : CVE-2021-40647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program t...

DEBIAN-CVE-2024-33599

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was...

DEBIAN-CVE-2024-33602

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...

AZL-40277 CVE-2024-33600 affecting package glibc for versions less than 2.35-7

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This...

DEBIAN-CVE-2024-33601

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's nscd netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was...

UBUNTU-CVE-2024-33602

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...

AZL-34735 CVE-2023-6246 affecting package glibc for versions less than 2.38-6

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

glibc 缓冲区错误漏洞

glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc 2.37 and earlier versions, which stems from the presence of an integer overflow that can be exploited by an attacker to cause the size of the buffer in which a message is stored ...

SUSE CVE-2017-1000409

A buffer overflow in glibc 2.5 released on September 29, 2006 and can be triggered through the LDLIBRARYPATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366...

SUSE CVE-2020-6096

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...

SUSE CVE-2021-43396

In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the vendor states "t...

CVE-2021-40647

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it...

CVE-2021-40647

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it...

CVE-2018-19591

In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function...

glibc $ORIGIN Expansion Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...