Vulnerability & Exploit Database

Displaying entries 1 - 10 of 21 in total

Results for: CVE-2014-0475 Back to search

ELSA-2015-0327 Moderate: Oracle Linux glibc security and bug fix update Vulnerability

  • Severity: 10
  • Published: January 28, 2015

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

ELSA-2015-0092 Critical: Oracle Linux glibc security update Vulnerability

  • Severity: 10
  • Published: January 27, 2015

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

SUSE Linux Security Advisory: SUSE-SU-2014:1100-1 Vulnerability

  • Severity: 10
  • Published: September 03, 2014

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incor...

RHSA-2014:1110: glibc security update Vulnerability

  • Severity: 8
  • Published: August 29, 2014

The glibc packages contain the standard C libraries used by multipleprograms on the system. These packages contain the standard C and thestandard math libraries. Without these two libraries, a Linux system cannotfunction properly.An off-by-one heap-based buffer overflow flaw was found in glibc's internal__gconv_translit_find() function. ...

ELSA-2014-2023 Moderate: Oracle Linux glibc security and bug fix update Vulnerability

  • Severity: 8
  • Published: August 29, 2014

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

ELSA-2014-1391 Moderate: Oracle Linux glibc security, bug fix, and enhancement update Vulnerability

  • Severity: 8
  • Published: August 29, 2014

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

ELSA-2014-1110 Important: Oracle Linux glibc security update Vulnerability

  • Severity: 8
  • Published: August 29, 2014

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

USN-2306-1: GNU C Library vulnerabilities Vulnerability

  • Severity: 8
  • Published: July 29, 2014

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

SUSE: CVE-2014-0475: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: July 29, 2014

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

Gentoo Linux: CVE-2014-0475: GNU C Library: Multiple vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 29, 2014

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.