Vulnerabilities > GNU > Glibc > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-15 | CVE-2019-1010025 | Use of Insufficiently Random Values vulnerability in GNU Glibc GNU Libc current is affected by: Mitigation bypass. | 5.3 |
| 2019-07-15 | CVE-2019-1010024 | Information Exposure vulnerability in GNU Glibc GNU Libc current is affected by: Mitigation bypass. | 5.3 |
| 2019-04-10 | CVE-2006-7254 | Data Processing Errors vulnerability in GNU Glibc The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | 5.5 |
| 2019-02-03 | CVE-2019-7309 | Unspecified vulnerability in GNU Glibc In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. | 5.5 |
| 2019-01-21 | CVE-2016-10739 | Improper Input Validation vulnerability in multiple products In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. | 5.3 |
| 2017-10-20 | CVE-2017-15671 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). | 5.9 |
| 2017-10-18 | CVE-2011-5320 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. | 6.2 |
| 2017-09-07 | CVE-2017-12133 | Use After Free vulnerability in GNU Glibc Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. | 5.9 |
| 2017-08-01 | CVE-2017-12132 | Allocation of Resources Without Limits or Throttling vulnerability in GNU Glibc The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. | 5.9 |
| 2017-03-20 | CVE-2015-8985 | Data Processing Errors vulnerability in GNU Glibc 2.0.1 The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. | 5.9 |