Gnu Libc Glibc vulnerabilities

CVE-2020-1752 [HIGH] CWE-416 CVE-2020-1752: A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the ti A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, w

CVE-2019-1010025 [MEDIUM] CWE-330 CVE-2019-1010025: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addre GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.

CVE-2019-1010023 [MEDIUM] CVE-2019-1010023: GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impa GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-securi

CVE-2019-1010024 [MEDIUM] CWE-200 CVE-2019-1010024: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using ca GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.