VYPR

rpm package

suse/glibc&distro=SUSE Linux Enterprise Software Development Kit 12

pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Vulnerabilities (16)

  • CVE-2016-4429MedJun 10, 2016
    affected < 2.19-22.16.2fixed 2.19-22.16.2

    Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

  • CVE-2016-3706HigJun 10, 2016
    affected < 2.19-22.16.2fixed 2.19-22.16.2

    Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an in

  • CVE-2016-3075HigJun 1, 2016
    affected < 2.19-22.16.2fixed 2.19-22.16.2

    Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

  • CVE-2016-1234HigJun 1, 2016
    affected < 2.19-22.16.2fixed 2.19-22.16.2

    Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

  • CVE-2015-8779CriApr 19, 2016
    affected < 2.19-22.13.1fixed 2.19-22.13.1

    Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

  • CVE-2015-8778CriApr 19, 2016
    affected < 2.19-22.13.1fixed 2.19-22.13.1

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor

  • CVE-2015-8776CriApr 19, 2016
    affected < 2.19-22.13.1fixed 2.19-22.13.1

    The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

  • CVE-2014-9761CriApr 19, 2016
    affected < 2.19-22.13.1fixed 2.19-22.13.1

    Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

  • CVE-2015-7547HigFeb 18, 2016
    affected < 2.19-22.13.1fixed 2.19-22.13.1

    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS respo

  • CVE-2015-8777MedJan 20, 2016
    affected < 2.19-22.13.1fixed 2.19-22.13.1

    The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.

  • CVE-2015-1781Sep 28, 2015
    affected < 2.19-22.7.1fixed 2.19-22.7.1

    Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call wit

  • CVE-2015-1472Apr 8, 2015
    affected < 2.19-20.3fixed 2.19-20.3

    The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified

  • CVE-2014-8121Mar 27, 2015
    affected < 2.19-22.7.1fixed 2.19-22.7.1

    DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database w

  • CVE-2014-9402Feb 24, 2015
    affected < 2.19-20.3fixed 2.19-20.3

    The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is

  • CVE-2013-7423Feb 24, 2015
    affected < 2.19-20.3fixed 2.19-20.3

    The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo fu

  • CVE-2014-7817Nov 24, 2014
    affected < 2.19-20.3fixed 2.19-20.3

    The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".