Vulnerabilities > GNU > Glibc > 1.06.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-19 | CVE-2015-8779 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | 7.5 |
| 2016-04-19 | CVE-2015-8778 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | 7.5 |
| 2016-04-19 | CVE-2015-8776 | Numeric Errors vulnerability in multiple products The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | 6.4 |
| 2016-04-19 | CVE-2014-9761 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | 7.5 |
| 2016-01-20 | CVE-2015-8777 | 7PK - Security Features vulnerability in GNU Glibc The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | 2.1 |
| 2015-02-24 | CVE-2013-7423 | Code vulnerability in multiple products The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. | 5.0 |
| 2014-07-29 | CVE-2014-0475 | Path Traversal vulnerability in GNU Glibc Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. | 6.8 |
| 2013-10-09 | CVE-2013-2207 | Permissions, Privileges, and Access Controls vulnerability in multiple products pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. | 2.6 |
| 2013-10-09 | CVE-2012-4424 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Glibc Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. | 5.1 |
| 2013-10-09 | CVE-2012-4412 | Numeric Errors vulnerability in GNU Glibc Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. | 7.5 |