Lucene search
K

202 matches found

Prion
Prion
added 2017/10/20 5:29 p.m.26 views

Heap overflow

The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator followed by a long string...

7.5CVSS9.4AI score0.03002EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/10/20 5:29 p.m.25 views

CVE-2017-15670

The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator followed by a long string...

9.8CVSS7.6AI score
Exploits0References4
OSV
OSV
added 2017/10/20 5:29 p.m.27 views

CVE-2017-15671

The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27, when invoked with GLOBTILDE, could skip freeing allocated memory when processing the operator with a long user name, potentially leading to a denial of service memory leak...

5.9CVSS7AI score
Exploits0References2
CVE
CVE
added 2017/10/20 5:0 p.m.154 views

CVE-2017-15670

CVE-2017-15670 affects glibc (libc6) before 2.27. It is a heap-based buffer overflow in glob.c triggered by processing home directories with the ~ operator followed by a long string. Multiple connected documents confirm the vulnerability class and affected component. Remediation in the disclosed ...

9.8CVSS8.7AI score0.03002EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2017/10/20 5:0 p.m.100 views

CVE-2017-15671

CVE-2017-15671 applies to the GNU C Library (glibc) glob implementation: when invoked with GLOB_TILDE, memory could fail to be freed during ~ expansion for very long usernames, potentially causing a denial of service via memory leak. Affected: glibc versions before 2.27. The connected documents d...

5.9CVSS6.9AI score0.01431EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/09/07 1:29 p.m.28 views

Design/Logic Flaw

Use-after-free vulnerability in the clntudpcall function in sunrpc/clntudp.c in the GNU C Library aka glibc or libc6 before 2.26 allows remote attackers to have unspecified impact via vectors related to error path...

4.3CVSS7.3AI score0.02403EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2017/09/07 1:0 p.m.121 views

CVE-2017-12133

CVE-2017-12133 affects the GNU C Library (glibc) prior to 2.26. It is a use-after-free in clntudp_call() in sunrpc/clnt_udp.c that allows remote attackers to potentially impact the target via error-path vectors. Affected products are glibc/libc6 environments prior to 2.26; remediation is to upgra...

5.9CVSS6.4AI score0.02403EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2017/09/07 1:0 p.m.27 views

CVE-2017-12133

Use-after-free vulnerability in the clntudpcall function in sunrpc/clntudp.c in the GNU C Library aka glibc or libc6 before 2.26 allows remote attackers to have unspecified impact via vectors related to error path...

5.9CVSS6.8AI score0.02403EPSS
Exploits0
Cvelist
Cvelist
added 2017/08/01 4:0 p.m.22 views

CVE-2017-12132

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

7.3AI score0.01897EPSS
Exploits0References4
CVE
CVE
added 2017/08/01 4:0 p.m.204 views

CVE-2017-12132

Summary : CVE-2017-12132 affects the GNU C Library (glibc) DNS stub resolver, enabling off-path DNS spoofing attacks by eliciting large UDP responses when EDNS is enabled. IBM and related advisories reference this GLIBC flaw and tie it to affected IBM hardware/software bundles. What is affected (...

5.9CVSS7.1AI score0.01897EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2017/08/01 4:0 p.m.44 views

CVE-2017-12132

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

5.9CVSS7.6AI score0.01897EPSS
Exploits0
CVE
CVE
added 2017/06/12 1:0 p.m.106 views

CVE-2014-9984

CVE-2014-9984 affects the GNU C Library (glibc) nscd when processing netgroup requests: the internal buffer size is not computed correctly, which can cause an nscd daemon crash or allow code execution as the user running nscd. The vulnerability is tied to glibc versions prior to 2.20. Several adv...

9.8CVSS8.8AI score0.0444EPSS
Exploits2References9Affected Software1
CVE
CVE
added 2017/05/07 6:0 p.m.84 views

CVE-2017-8804

CVE-2017-8804 affects glibc (libc6) 2.25 and permits denial of service via crafted UDP packets to port 111 due to mishandled failures in xdr_bytes/xdr_string during buffer deserialization. It is related to CVE-2017-8779 (RPC/BIND) which in other sources is described as a memory-exhaustion vulnera...

7.8CVSS7.4AI score0.0767EPSS
Exploits0References11Affected Software1
0day.today
0day.today
added 2017/04/21 12:0 a.m.79 views

VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1086 There is a vulnerability in VirtualBox that permits an attacker with root privileges in a virtual machine with a NAT network interface to corrupt the memory of the...

4.6CVSS0.3AI score0.02912EPSS
Exploits1
CVE
CVE
added 2017/03/20 4:0 p.m.134 views

CVE-2015-8985

CVE-2015-8985 affects the GNU C Library (glibc). The vulnerability lies in pop_fail_stack, where an assertion failure can be triggered via vectors related to extended regular expression processing, enabling a context-dependent attacker to cause a denial of service (crash) in the affected applicat...

5.9CVSS5.4AI score0.03001EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2017/03/20 4:0 p.m.110 views

CVE-2015-8983

CVE-2015-8983 describes an Integer overflow in glibc's _IO_wstr_overflow (libio/wstrops.c) prior to version 2.22 that can trigger a heap-based buffer overflow, potentially causing an application crash or arbitrary code execution under certain conditions. Affected: GNU C Library (glibc) before 2.2...

8.1CVSS8AI score0.03871EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2017/03/20 4:0 p.m.97 views

CVE-2015-8984

CVE-2015-8984 affects IBM Cloud Pak for Security (CP4S). The CP4S remediation bulletin confirms CP4S versions 1.8.1.0, 1.8.0.0 and 1.7.2.0 contain the glibc fnmatch out-of-bounds read vulnerability described in the CVE (context-dependent denial-of-service via malformed pattern). The documented fi...

5.9CVSS5.9AI score0.02429EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2017/03/15 7:0 p.m.104 views

CVE-2015-8982

CVE-2015-8982 maps to an Integer Overflow in glibc’s strxfrm (pre-2.21) that could trigger a stack-based overflow, crash, or possible code execution. In the provided data, affected product is Cloud Pak for Security (CP4S) version 1.8.0.0, 1.8.1.0. Remediation = upgrade to CP4S 1.9.0.0 per IBM gui...

8.1CVSS7.2AI score0.03797EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2017/03/02 12:0 a.m.294 views

CVE-2016-10228

Summary of CVE-2016-10228 from provided sources: The GNU C Library (glibc) iconv processing can enter an infinite loop and cause a denial of service when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) together with the -c option, processing invalid multi-byte inp...

5.9CVSS6.3AI score0.04006EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2017/02/16 6:0 p.m.83 views

CVE-2016-5417

CVE-2016-5417 affects GNU C Library (glibc/libc6): memory leak in the __res_vinit function of the IPv6 DNS resolver management code (libresolv) prior to version 2.24 can be exploited remotely to cause denial of service via memory exhaustion. Publicly available connected advisories confirm the iss...

7.5CVSS7AI score0.03361EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder