202 matches found
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libc6-dev-mipsn32 package of the Debian GNU/Linux operating system may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libc6-dev-mips64 package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libc6-dev-i386 package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libc6-dbg package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
CVE-2016-3706
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2015-8776
The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...
CVE-2015-8779
CVE-2015-8779 affects the GNU C Library (glibc). The vulnerability is a stack-based buffer overflow in the catopen() function when handling long catalog names, which can cause an application crash (DoS) or potentially allow arbitrary code execution. Affected products include glibc releases prior ...
CVE-2015-8778
CVE-2015-8778 affects the GNU C Library (glibc) prior to 2.23, where an integer/size argument in hcreate_r can trigger an out-of-bounds heap access, potentially causing denial of service or arbitrary code execution. Connected advisories detail that multiple products (notably glibc-containing pack...
CVE-2014-9761
The CVE-2014-9761 issue affects the GNU C Library (glibc) prior to 2.23. It involves stack-based buffer overflows in the nan, nanf, and nanl functions caused by long arguments, which could lead to denial of service or potentially arbitrary code execution. Mitigation in the provided documents reco...
CVE-2015-7547
Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...
Null pointer dereference
The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...
CVE-2015-8777
CVE-2015-8777 is a local, environment-variable–driven bypass of the glibc pointer-guarding mechanism. The flaw exists in the GNU C Library (glibc) prior to version 2.23, where the LD_POINTER_GUARD environment variable was not ignored for privileged executions, allowing a local attacker to bypass ...
CVE-2015-8982
Integer overflow in the strxfrm function in the GNU C Library aka glibc or libc6 before 2.21 allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow...
CVE-2015-5277
CVE-2015-5277 affects the GNU C Library (glibc) NSS get_contents backend in nss_files, where a long line in the NSS files database can trigger heap corruption and enable local privilege escalation. Engines in connected advisories confirm this vulnerability existed in glibc prior to version 2.20 a...
Debian DLA-350-1 : eglibc security update
The strxfrm function is vulnerable to integer overflows when computing memory allocation sizes similar to CVE-2012-4412. Furthermore since it fallbacks to use alloca when malloc fails, it is vulnerable to stack-based buffer overflows similar to CVE-2012-4424. Those issues have been fixed in Debia...
DLA-350-1 eglibc - security update
Bulletin has no description...
DLA-316-1 eglibc - security update
Bulletin has no description...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libc6-sparcv9 package of the Debian GNU/Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
CVE-2015-1472
CVE-2015-1472 affects the GNU C Library (glibc) prior to 2.21. The ADDW macro in stdio-common/vfscanf.c can miscalculate allocation size, leading to buffer overflows in wide-character handling during wscanf, enabling context-dependent denial of service and potentially other impact. Affected compo...
CVE-2014-8121
DBLOOKUP in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service infinite loop by performing a look-up on a database while iterating over it,...