Lucene search
K

310 matches found

Prion
Prion
added 2018/07/17 12:29 p.m.22 views

Buffer overflow

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms other than Apple platforms where glibc is not used, possibly leading to a buffer overflow...

6.8CVSS7.8AI score0.01433EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/07/17 12:29 p.m.2 views

DEBIAN-CVE-2018-14338

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms other than Apple platforms where glibc is not used, possibly leading to a buffer overflow...

8.1CVSS7.3AI score0.01433EPSS
Exploits1References1
CVE
CVE
added 2018/07/17 12:0 p.m.108 views

CVE-2018-14338

The CVE-2018-14338 issue affects Exiv2 (example code: samples/geotag.cpp) in the 0.26 release. The root cause is misuse of the realpath function on POSIX platforms (excluding Apple), where glibc is not used, which could lead to a buffer overflow. Public references in vendor advisories/NVD entries...

8.1CVSS7.4AI score0.01433EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2018/07/17 12:0 p.m.23 views

CVE-2018-14338

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms other than Apple platforms where glibc is not used, possibly leading to a buffer overflow...

8.1CVSS7AI score0.01433EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/05/24 12:0 a.m.11 views

Fedora 27 : glibc (2018-9c88c32d15)

This updates contains various updates from the upstream glibc 2.26 release branch, including minor fixes for the realpath function and the i386 memmove implementation. Starting with this update, glibc will no longer re-exec systemd during glibc updates RHBZ1579225. Note that Tenable Network...

5.5AI score
Exploits0References1
OSV
OSV
added 2018/05/18 4:29 p.m.2 views

DEBIAN-CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

9.8CVSS9.8AI score0.074EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/05/18 4:29 p.m.34 views

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

9.8CVSS7.5AI score0.074EPSS
Exploits0References3
OSV
OSV
added 2018/05/18 4:29 p.m.2 views

UBUNTU-CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

9.8CVSS7.8AI score0.074EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2018/04/16 12:0 a.m.64 views

glibc security, bug fix, and enhancement update

2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...

9.8CVSS0.2AI score0.13614EPSS
Exploits12
RedHat Linux
RedHat Linux
added 2018/04/10 8:47 a.m.4 views

glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

7.8CVSS7.6AI score0.13614EPSS
Exploits9References4
BDU FSTEC
BDU FSTEC
added 2018/03/21 12:0 a.m.7 views

The vulnerability of the getcwd and realpath functions in libraries that provide system calls and the core glibc functions allows a hacker to execute arbitrary code.

The vulnerability of the getcwd and realpath functions in libraries that provide system calls and the main glibc functions arises from operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially crafted SU...

7.8CVSS8.1AI score0.13614EPSS
Exploits9References11Affected Software2
Tenable Nessus
Tenable Nessus
added 2018/02/13 12:0 a.m.67 views

EulerOS 2.0 SP1 : glibc (EulerOS-SA-2018-1047)

According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to ...

7.8CVSS8AI score0.13614EPSS
Exploits9References2
Positive Technologies
Positive Technologies
added 2018/02/04 12:0 a.m.14 views

PT-2018-2775 · Gnu +5 · Glibc +5

Name of the Vulnerable Software and Affected Versions: glibc versions 2.27 and earlier Description: The issue is caused by an integer overflow in the mempcpy function of the glibc library, which provides system calls and basic functions. This overflow can occur when processing very long pathname...

9.8CVSS7.2AI score0.8833EPSS
Exploits59References197
NVD
NVD
added 2018/01/31 2:29 p.m.23 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

7.8CVSS8.3AI score0.13614EPSS
Exploits9References10
OSV
OSV
added 2018/01/31 2:29 p.m.29 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

7.8CVSS7.2AI score
Exploits0References10
Prion
Prion
added 2018/01/31 2:29 p.m.23 views

Type confusion

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

7.2CVSS7.8AI score0.13614EPSS
Exploits9References10Affected Software9
OSV
OSV
added 2018/01/31 2:29 p.m.1 views

DEBIAN-CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

7.8CVSS7.7AI score0.13614EPSS
Exploits9References1
Cvelist
Cvelist
added 2018/01/31 2:0 p.m.20 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

8.9AI score0.13614EPSS
Exploits9References10
Debian CVE
Debian CVE
added 2018/01/31 2:0 p.m.29 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

7.8CVSS9.2AI score0.13614EPSS
Exploits9
ATTACKERKB
ATTACKERKB
added 2018/01/31 12:0 a.m.210 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS4.9AI score0.13614EPSS
In wildExploits9References11
Rows per page
Query Builder