Vulnerabilities > GNU > Glibc > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-09 | CVE-2012-4412 | Numeric Errors vulnerability in GNU Glibc Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. | 7.5 |
| 2010-01-14 | CVE-2010-0015 | Credentials Management vulnerability in GNU Glibc 2.10.2/2.7 nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. | 7.5 |
| 2003-03-25 | CVE-2003-0028 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | 7.5 |
| 2002-08-12 | CVE-2002-0684 | Remote Security vulnerability in glibc Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. | 7.5 |
| 2000-11-14 | CVE-2000-0824 | Unspecified vulnerability in GNU Glibc 2.1.1 The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. | 7.2 |
| 2000-05-03 | CVE-2000-0335 | The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. | 7.5 |