SUSE CVE-2011-0536

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library aka glibc or libc6, including glibc-2.5-49.el55.6 and glibc-2.12-1.7.el60.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object DSO...

SUSE CVE-2011-0707

Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...

SUSE CVE-2011-1071

The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to...

SUSE CVE-2011-1089

The addmntent function in the GNU C Library aka glibc or libc6 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small...

SUSE CVE-2011-1659

Integer overflow in posix/fnmatch.c in the GNU C Library aka glibc or libc6 2.13 and earlier allows context-dependent attackers to cause a denial of service application crash via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than...

SUSE CVE-2011-1658

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

SUSE CVE-2011-2702

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 SSSE3 optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to 1 memcpy-ssse3-rep.S, 2 memcpy-ssse3.S, or 3 memset-sse2.S ...

SUSE CVE-2011-4355

GNU Project Debugger GDB before 7.5, when .debuggdbscripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts...

SUSE CVE-2012-3386

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

SUSE CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

SUSE CVE-2012-3405

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...

SUSE CVE-2012-3480

Multiple integer overflows in the 1 strtod, 2 strtof, 3 strtold, 4 strtodl, and other unspecified "related functions" in stdlib in GNU C Library aka glibc or libc6 2.16 allow local users to cause a denial of service application crash and possibly execute arbitrary code via a long string, which...

SUSE CVE-2012-3509

Multiple integer overflows in the 1 objallocalloc function in objalloc.c and 2 objallocalloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service crash via vectors related to the "addition of CHUNKHEADERSIZE to the length,"...

SUSE CVE-2012-4424

Stack-based buffer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function...

SUSE CVE-2012-5667

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow...

SUSE CVE-2012-6085

The readblock function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service application crash via a crafted length field of an OpenPGP packet...

SUSE CVE-2012-6656

iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8...

SUSE CVE-2013-0242

Buffer overflow in the extendbuffers function in the regular expression matcher posix/regexec.c in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service memory corruption and crash via crafted multibyte characters...

SUSE CVE-2013-1914

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.17 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of domain conversion results...

SUSE CVE-2013-2116

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...