High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-17	CVE-2016-5417	Resource Management Errors vulnerability in GNU Glibc Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. network low complexity gnu CWE-399	7.5
2016-10-07	CVE-2016-6323	Improper Access Control vulnerability in multiple products The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. network low complexity gnu opensuse fedoraproject CWE-284	7.5
2016-06-10	CVE-2016-3706	Improper Input Validation vulnerability in multiple products Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. network low complexity opensuse gnu CWE-20	7.5
2016-06-01	CVE-2016-3075	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. network low complexity opensuse gnu fedoraproject canonical CWE-119	7.5
2016-06-01	CVE-2016-1234	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. network low complexity gnu opensuse fedoraproject CWE-119	7.5
2016-04-19	CVE-2015-8779	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. network low complexity suse opensuse canonical debian gnu fedoraproject CWE-119	7.5
2016-04-19	CVE-2015-8778	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. network low complexity fedoraproject debian canonical gnu suse opensuse CWE-119	7.5
2016-04-19	CVE-2014-9761	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. network low complexity suse opensuse fedoraproject gnu canonical CWE-119	7.5
2016-03-14	CVE-2016-2856	Permissions, Privileges, and Access Controls vulnerability in multiple products pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. local low complexity canonical debian gnu CWE-264	7.2
2016-02-18	CVE-2015-7547	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. network high complexity debian canonical hp sophos suse opensuse oracle f5 redhat gnu CWE-119	8.1