glibc (SUSE:Linux Enterprise Server 11 SP3-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 11 SP3-LTSS package glibc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2018-6551 — CVSS 9.8 (critical): The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on…
CVE-2017-15670 — CVSS 9.8 (critical): The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob…
CVE-2017-15804 — CVSS 9.8 (critical): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user…
CVE-2018-11236 — CVSS 9.8 (critical): stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the…
CVE-2018-6485 — CVSS 9.8 (critical): An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and…
CVE-2017-1000366 — CVSS 7.8 (high): glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias…
CVE-2018-1000001 — CVSS 7.8 (high): In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination…
CVE-2015-5180 — CVSS 7.5 (high): res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process…
CVE-2017-8804 — CVSS 7.5 (high): The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which…
CVE-2017-12132 — CVSS 5.9 (medium): The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP…
CVE-2017-15671 — CVSS 5.9 (medium): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing…