cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1377,https://securityvulnerability.io/vulnerability/CVE-2025-1377,Denial of Service Vulnerability in GNU elfutils Product by GNU,"A denial of service vulnerability has been identified in GNU elfutils version 0.192, specifically affecting the gelf_getsymshndx function within the eu-strip component's strip.c file. This vulnerability allows local attackers to manipulate the function to cause a denial of service, potentially disrupting user access or application functionality. The issue has been publicly disclosed, and it is crucial for users to apply the recommended patch (fbf1df9ca286de3323ae541973b08449f8d03aba) to mitigate any risks. Proper action should be undertaken to safeguard systems from potential exploitation.",Gnu,Elfutils,4.8,MEDIUM,0.0004400000034365803,false,,false,false,true,2025-02-17T05:00:19.000Z,true,false,false,,2025-02-17T05:00:19.288Z,0
CVE-2025-1376,https://securityvulnerability.io/vulnerability/CVE-2025-1376,Denial of Service Vulnerability in GNU elfutils Eu-Strip Library,"A problematic vulnerability has been identified in the GNU elfutils library, specifically within the eu-strip component's elf_strptr function. This flaw allows local attackers to trigger a denial of service by manipulating the library's handling of specific inputs. The complexity of executing this attack is high, suggesting that skilled adversaries may be required for successful exploitation. Following the disclosure of this vulnerability, it is critical to apply the recommended patch (b16f441cca0a4841050e3215a9f120a6d8aea918) promptly to mitigate risks.",Gnu,Elfutils,2,LOW,0.0004400000034365803,false,,false,false,true,2025-02-17T04:31:08.000Z,true,false,false,,2025-02-17T04:31:08.264Z,0
CVE-2025-1372,https://securityvulnerability.io/vulnerability/CVE-2025-1372,Buffer Overflow Vulnerability in GNU elfutils eu-readelf Component,"A buffer overflow vulnerability exists in the eu-readelf component of GNU elfutils version 0.192, specifically in the dump_data_section/print_string_section function in readelf.c. This vulnerability stems from the improper handling of arguments which leads to a buffer overflow condition. This issue requires local access for exploitation and has been made public, presenting potential risks for systems running this software. Applying the available patch (identifier: 73db9d2021cab9e23fd734b0a76a612d52a6f1db) is crucial to mitigate the risk associated with this vulnerability.",Gnu,Elfutils,4.8,MEDIUM,0.0004400000034365803,false,,false,false,true,2025-02-17T03:00:36.000Z,true,false,false,,2025-02-17T03:00:36.624Z,0
CVE-2025-1371,https://securityvulnerability.io/vulnerability/CVE-2025-1371,Null Pointer Dereference in GNU elfutils Affects readelf Functionality,"A vulnerability exists in GNU elfutils version 0.192, specifically within the handle_dynamic_symtab function located in readelf.c. This flaw can lead to a null pointer dereference, which may allow an attacker to exploit the application locally. Public disclosure of the exploit has occurred, indicating a potential risk for systems utilizing this version. To mitigate this issue, a patch has been provided identified by the hash b38e562a4c907e08171c76b8b2def8464d5a104a, which is recommended for immediate application.",Gnu,Elfutils,4.8,MEDIUM,0.0004400000034365803,false,,false,false,true,2025-02-17T02:31:07.000Z,true,false,false,,2025-02-17T02:31:07.921Z,0
CVE-2025-1365,https://securityvulnerability.io/vulnerability/CVE-2025-1365,Buffer Overflow Vulnerability in GNU elfutils eu-readelf,"A vulnerability in GNU elfutils version 0.192 has been discovered affecting the eu-readelf component, specifically in the process_symtab function within the readelf.c file. This vulnerability allows for a buffer overflow condition when manipulating the D/a argument, requiring local access for exploitation. The issue has been publicly disclosed, indicating that attackers may leverage this vulnerability. To mitigate potential risks, a patch is available and should be applied promptly.",Gnu,Elfutils,4.8,MEDIUM,0.0004400000034365803,false,,false,false,true,2025-02-17T00:15:00.000Z,true,false,false,,2025-02-17T00:15:00.000Z,0
CVE-2025-1352,https://securityvulnerability.io/vulnerability/CVE-2025-1352,Memory Corruption Vulnerability in GNU elfutils eu-readelf by GNU,"A vulnerability exists in the GNU elfutils library, specifically within the eu-readelf component's function __libdw_thread_tail, which can lead to memory corruption. Attackers can potentially exploit this vulnerability remotely by manipulating the argument 'w'. While the complexity of the attack is considered high, the exploit has been publicly disclosed, raising concerns for users. It is essential for system administrators to apply the patch (identified as 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753) to mitigate potential risks associated with this vulnerability.",Gnu,Elfutils,2.3,LOW,0.0007300000288523734,false,,false,false,true,2025-02-16T14:31:14.000Z,true,false,false,,2025-02-16T14:31:14.650Z,0
CVE-2025-1182,https://securityvulnerability.io/vulnerability/CVE-2025-1182,Memory Corruption Vulnerability in GNU Binutils ld Component,"A memory corruption vulnerability exists in the GNU Binutils' ld component, specifically within the bfd_elf_reloc_symbol_deleted_p function found in elflink.c. This vulnerability can be exploited remotely, allowing attackers to manipulate memory allocation under certain conditions. While the exploit has been publicly disclosed and poses a significant risk, the complexity involved in executing a successful attack is relatively high. Users are strongly advised to apply the recommended patch identified by commit b425859021d17adf62f06fb904797cf8642986ad to mitigate this security risk.",Gnu,Binutils,2.3,LOW,0.0004400000034365803,false,,false,false,true,2025-02-11T08:31:08.000Z,true,false,false,,2025-02-11T08:31:08.272Z,0
CVE-2025-1181,https://securityvulnerability.io/vulnerability/CVE-2025-1181,Memory Corruption Vulnerability in GNU Binutils by GNU,"A vulnerability in GNU Binutils version 2.43 affects the _bfd_elf_gc_mark_rsec function in the bfd/elflink.c file. This vulnerability allows for memory corruption, which can be exploited remotely. Although the complexity of the attack is considered high, attackers have publicly disclosed exploit methods. To mitigate the risk, applying the provided patch and keeping the software updated is strongly recommended.",Gnu,Binutils,2.3,LOW,0.0004400000034365803,false,,false,false,true,2025-02-11T08:00:11.000Z,true,false,false,,2025-02-11T08:00:11.337Z,0
CVE-2025-1180,https://securityvulnerability.io/vulnerability/CVE-2025-1180,Memory Corruption in GNU Binutils Affects Remote Code Execution,"A vulnerability has been identified in GNU Binutils 2.43, specifically within the _bfd_elf_write_section_eh_frame function found in the bfd/elf-eh-frame.c file. This vulnerability facilitates remote memory corruption through complex attack vectors. While the exploitability may be challenging, its public disclosure raises concerns for potential exploitation. Users and administrators are advised to apply available patches promptly to mitigate this risk and safeguard their systems from potential threats.",Gnu,Binutils,2.3,LOW,0.0004400000034365803,false,,false,false,true,2025-02-11T07:31:06.000Z,true,false,false,,2025-02-11T07:31:06.853Z,0
CVE-2025-1179,https://securityvulnerability.io/vulnerability/CVE-2025-1179,Memory Corruption Vulnerability in GNU Binutils ld Component,"A memory corruption vulnerability has been identified in the GNU Binutils version 2.43, specifically within the bfd_putl64 function of the ld component. An attacker could potentially exploit this vulnerability to manipulate memory, affecting the stability and functionality of the software. The complexity of executing a successful attack remains high, but with the exploit disclosed to the public, vigilance is essential. Users are strongly advised to upgrade to version 2.44 or later to mitigate risks associated with this vulnerability.",Gnu,Binutils,2.3,LOW,0.0007300000288523734,false,,false,false,true,2025-02-11T07:00:10.000Z,true,false,false,,2025-02-11T07:00:10.602Z,0
CVE-2025-1178,https://securityvulnerability.io/vulnerability/CVE-2025-1178,Memory Corruption Vulnerability in GNU Binutils by GNU,"A memory corruption vulnerability exists in the bfd_putl64 function of the libbfd.c component within GNU Binutils 2.43. This issue may be exploited remotely, potentially leading to unauthorized memory access. The complexity of launching such an attack is relatively high, making exploitation challenging. The vulnerability has been publicly disclosed, and users are advised to apply the available patch (identified as 75086e9de1707281172cc77f178e7949a4414ed0) to mitigate risks associated with this vulnerability.",Gnu,Binutils,6.3,MEDIUM,0.0004400000034365803,false,,false,false,true,2025-02-11T06:31:12.000Z,true,false,false,,2025-02-11T06:31:12.580Z,0
CVE-2025-1176,https://securityvulnerability.io/vulnerability/CVE-2025-1176,Heap-based Buffer Overflow in GNU Binutils Affects Software Functionality,"A serious vulnerability exists in GNU Binutils version 2.43, specifically within the '_bfd_elf_gc_mark_rsec' function in 'elflink.c'. This flaw can lead to a heap-based buffer overflow, allowing potential attackers to manipulate the system. Although the attack is complex and challenging to execute, its public disclosure means that it could be exploited in the wild. To mitigate this risk, it is crucial to apply the recommended patch, identified by the commit hash 'f9978defb6fab0bd8583942d97c112b0932ac814'.",Gnu,Binutils,2.3,LOW,0.0010900000343099236,false,,false,false,true,2025-02-11T05:31:08.000Z,true,false,false,,2025-02-11T05:31:08.015Z,0
CVE-2025-1152,https://securityvulnerability.io/vulnerability/CVE-2025-1152,Memory Leak Vulnerability in GNU Binutils by GNU,"A memory leak has been discovered in the xstrdup function within the GNU Binutils component ld, specifically in version 2.43. This vulnerability can be exploited remotely, although the complexity of execution is considered high, making the attack challenging. Users are advised to apply patches to mitigate this issue, as the exploit has been disclosed publicly. The code maintainer noted reluctance in committing specific leak fixes to avoid destabilizing the ld component, but all known memory leak issues have been addressed in the binutils master branch.",Gnu,Binutils,2.3,LOW,0.0005200000014156103,false,,false,false,true,2025-02-10T18:00:09.000Z,true,false,false,,2025-02-10T18:00:09.779Z,0
CVE-2025-1151,https://securityvulnerability.io/vulnerability/CVE-2025-1151,Memory Leak Vulnerability in GNU Binutils by GNU,"A vulnerability has been identified in GNU Binutils version 2.43, specifically within the xmemdup function of the xmemdup.c file component of ld. This issue allows for a memory leak that can be exploited remotely, although the complexity of the attack is considered high and challenging. Despite the disclosure of the exploit to the public, it is advisable for users to promptly apply patches as outlined by the code maintainer. The maintainer has indicated that while leak fixes are available in the binutils master branch, similar fixes will not be committed to the 2.44 branch due to concerns about system stability.",Gnu,Binutils,2.3,LOW,0.0005200000014156103,false,,false,false,true,2025-02-10T17:00:10.000Z,true,false,false,,2025-02-10T17:00:10.236Z,0
CVE-2025-1150,https://securityvulnerability.io/vulnerability/CVE-2025-1150,Memory Leak Vulnerability in GNU Binutils by GNU,"A memory leak vulnerability has been identified in GNU Binutils 2.43, specifically in the bfd_malloc function located in libbfd.c of the component ld. This flaw allows remote attackers to potentially exploit the vulnerability to create a persistent memory leak, which can degrade system performance and stability over time. While the complexity of executing this attack is relatively high, the information about this issue has been made publicly available, increasing its risk of exploitation. It is essential that users apply the recommended patches to mitigate this vulnerability, as the code maintainer has indicated that some fixes related to the memory leak will not be included in the 2.44 branch to avoid destabilizing ld.",Gnu,Binutils,2.3,LOW,0.0005200000014156103,false,,false,false,true,2025-02-10T16:31:07.000Z,true,false,false,,2025-02-10T16:31:07.343Z,0
CVE-2025-1149,https://securityvulnerability.io/vulnerability/CVE-2025-1149,Remote Memory Leak Vulnerability in GNU Binutils by GNU,"A remote memory leak vulnerability exists in GNU Binutils version 2.43, specifically within the xstrdup function in libiberty/xmalloc.c of the ld component. The vulnerability can be exploited remotely, making it a risk for systems utilizing this version. Although the complexity of successfully executing an attack is relatively high, the disclosed exploit has been made publicly accessible. It is essential to apply patches to mitigate this vulnerability, though the maintainer has indicated caution in committing leak fixes to the 2.44 branch, prioritizing system stability. All reported leaks have been resolved in the binutils master branch.",Gnu,Binutils,2.3,LOW,0.0005200000014156103,false,,false,false,true,2025-02-10T14:31:07.000Z,true,false,false,,2025-02-10T14:31:07.377Z,0
CVE-2025-1148,https://securityvulnerability.io/vulnerability/CVE-2025-1148,Memory Leak in GNU Binutils Affects Remote Functionality,"A memory leak vulnerability was identified in GNU Binutils version 2.43, specifically within the link_order_scan function of the ld/ldelfgen.c file. This vulnerability allows for the potential manipulation and leakage of memory data, which could be exploited remotely. The complexity of successfully executing an attack is considered high, and while the exploit details have been publicly disclosed, actual exploitation remains challenging. The maintainer has indicated that due to stability concerns, certain leak fixes might not be incorporated into the official 2.44 branch, although all reported issues have been resolved in the development master branch. Users are strongly advised to patch their systems to mitigate this risk.",Gnu,Binutils,2.3,LOW,0.0006000000284984708,false,,false,false,true,2025-02-10T14:00:12.000Z,true,false,false,,2025-02-10T14:00:12.091Z,0
CVE-2025-1147,https://securityvulnerability.io/vulnerability/CVE-2025-1147,Buffer Overflow in GNU Binutils nm Component from GNU,"A vulnerability exists in the GNU Binutils 2.43 within the nm component, specifically in the __sanitizer::internal_strlen function. This issue can lead to a buffer overflow due to improper handling of the input argument, allowing potential attackers to execute remote attacks. While the complexity of launching such an attack is notably high, the exploitation possibilities have been publicly disclosed, raising concerns for users relying on this product.",Gnu,Binutils,2.3,LOW,0.0006000000284984708,false,,false,false,true,2025-02-10T13:31:07.000Z,true,false,false,,2025-02-10T13:31:07.649Z,0
CVE-2025-0840,https://securityvulnerability.io/vulnerability/CVE-2025-0840,Stack-Based Buffer Overflow in GNU Binutils Affects Remote Functionality,"A vulnerability has been identified in GNU Binutils versions up to 2.43, specifically in the disassemble_bytes function located within the objdump.c file. This issue arises from improper manipulation of the argument buffer, leading to a stack-based buffer overflow. Attackers may exploit this vulnerability remotely, although the complexity of executing the attack is relatively high. Public disclosure of the exploit has occurred, highlighting the urgency for potential mitigation. Users are advised to upgrade to version 2.44 or later to resolve this security concern. For more details, reference the patch identified by baac6c221e9d69335bf41366a1c7d87d8ab2f893.",Gnu,Binutils,6.3,MEDIUM,0.0007300000288523734,false,,false,false,true,2025-01-29T20:00:11.000Z,true,false,false,,2025-01-29T20:00:11.944Z,0
CVE-2024-2961,https://securityvulnerability.io/vulnerability/CVE-2024-2961,Buffer Overflow Vulnerability in GNU C Library's iconv() Function,"The iconv() function in the GNU C Library (glibc) has a vulnerability that can cause a buffer overflow when converting strings to the ISO-2022-CN-EXT character set. This flaw occurs due to the function's failure to adequately check the size of the output buffer, allowing it to overflow by up to 4 bytes. Exploitation of this vulnerability could lead to unintended behavior in applications, such as crashing or overwriting adjacent memory locations. Applications utilizing glibc versions 2.39 and older are particularly at risk, highlighting the importance of updating to secure versions to mitigate potential attacks.",The Gnu C Library,Glibc,7.3,HIGH,0.0007099999929778278,false,,true,true,true,2024-05-27T17:30:06.000Z,true,true,false,,2024-04-17T17:27:40.541Z,5081
CVE-2024-29399,https://securityvulnerability.io/vulnerability/CVE-2024-29399,Remote Code Execution and Privilege Escalation Vulnerability in GNU Savane,"A vulnerability exists in GNU Savane versions 3.13 and earlier that allows remote attackers to execute arbitrary code. This is achieved through the upload.php component, where crafted files can be uploaded, leading to potential privilege escalation. The flaw highlights the importance of securing file upload functionalities to prevent unauthorized access and control.",GNU Savane,,,,0.0004299999854993075,false,,false,false,true,2024-04-09T08:03:04.000Z,true,false,false,,2024-04-11T00:00:00.000Z,0
CVE-2024-27631,https://securityvulnerability.io/vulnerability/CVE-2024-27631,Cross Site Request Forgery in GNU Savane by GNU,"A Cross Site Request Forgery (CSRF) vulnerability exists in GNU Savane versions 3.12 and earlier, which may allow a remote attacker to escalate privileges. By exploiting this vulnerability through the siteadmin/usergroup.php page, an unauthorized user can perform actions on behalf of an authenticated user without their consent, potentially compromising the security and integrity of the application. It is crucial for users and administrators to apply necessary patches to mitigate this security risk.",GNU,GNU Savane,,,0.00044999999227002263,false,,false,false,true,2024-04-07T08:30:01.000Z,true,false,false,,2024-04-08T00:00:00.000Z,0