glibc (SUSE:Linux Enterprise Server 12-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12-LTSS package glibc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2014-9984 — CVSS 9.8 (critical): nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when…
CVE-2017-15670 — CVSS 9.8 (critical): The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob…
CVE-2017-15804 — CVSS 9.8 (critical): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user…
CVE-2018-11236 — CVSS 9.8 (critical): stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the…
CVE-2017-1000366 — CVSS 7.8 (high): glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias…
CVE-2018-1000001 — CVSS 7.8 (high): In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination…
CVE-2017-15671 — CVSS 5.9 (medium): The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing…
CVE-2017-12132 — CVSS 5.9 (medium): The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP…