cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0395,https://securityvulnerability.io/vulnerability/CVE-2025-0395,Buffer Overflow Vulnerability in GNU C Library Affecting Multiple Versions,"The GNU C Library's assert() function in versions 2.13 to 2.40 has a flaw in its handling of assertion failure messages. When this function fails, it inadequately allocates space for both the message string and its associated size information. This can lead to a buffer overflow condition if the size of the failure message aligns with the page size, potentially allowing attackers to write outside the bounds of allocated memory, leading to exploitability and instability.",The Gnu C Library,Glibc,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-22T13:11:30.406Z,276
CVE-2024-57360,https://securityvulnerability.io/vulnerability/CVE-2024-57360,Incorrect Access Control in GNU Binutils nm Tool,"The GNU Binutils nm tool, specifically versions 2.43 and later, is affected by a significant security vulnerability that stems from improper access control within its functionality. This issue can be exploited locally, particularly through the `nm --without-symbol-version` operation. Attackers leveraging this flaw may gain unauthorized access to sensitive data, compromising system integrity and security.",GNU,Binutils,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T00:00:00.000Z,0
CVE-2024-56737,https://securityvulnerability.io/vulnerability/CVE-2024-56737,Heap-Based Buffer Overflow in GNU GRUB2 Affected by Malicious HFS Filesystem Data,"A vulnerability exists in GNU GRUB2 (version 2.12) that is triggered by a heap-based buffer overflow. This flaw can be exploited if an attacker uses specially crafted sblock data within an HFS filesystem. Such an exploitation may lead to unauthorized access or corruption of memory, impacting the stability and security of systems utilizing this bootloader. Addressing this issue promptly is crucial for maintaining system integrity and protecting against potential threats.",Gnu,Grub2,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-29T00:00:00.000Z,0
CVE-2024-52867,https://securityvulnerability.io/vulnerability/CVE-2024-52867,Privilege Escalation Vulnerability in GNU Guix's guix-daemon,"The guix-daemon in GNU Guix prior to commit 5ab3c4c allows local users to escalate privileges through unaddressed build output access. This vulnerability pertains to the inadequate handling of file metadata, particularly for setuid and setgid programs. To mitigate this vulnerability, users are advised to perform specific pull, reconfiguration, and restart actions. The fixes in both commits 5ab3c4c and 5582241 are necessary to secure the system against this issue.",GNU Guix,,8.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-17T00:00:00.000Z,0
CVE-2024-38428,https://securityvulnerability.io/vulnerability/CVE-2024-38428,GNU Wget vulnerable to URL mishandling,"A vulnerability exists in GNU Wget versions up to 1.24.5 that affects how semicolons are handled in the userinfo subcomponent of a URI. This mishandling can lead to an insecure scenario where data that should be classified within the userinfo subcomponent is incorrectly interpreted as part of the host subcomponent. This unintended behavior can pose security risks, including exposure of sensitive information or improper URI parsing, necessitating urgent attention for users relying on this tool for secure data transfers.",GNU,Wget,9.1,CRITICAL,0.0009699999936856329,false,,false,false,false,,,false,false,,2024-06-16T00:00:00.000Z,0
CVE-2024-33602,https://securityvulnerability.io/vulnerability/CVE-2024-33602,nscd netgroup cache corruption vulnerability,"The Name Service Cache Daemon (nscd) is affected by a memory corruption vulnerability due to improper handling of NSS callback strings in the netgroup cache functionality. This weakness, introduced in glibc version 2.15, arises when not all strings are correctly stored within the designated buffer during callback operations. As a result, this could lead to unstable behavior and potential exploitation of the affected binary. Ensuring that your systems are updated to versions beyond the vulnerable ones is critical for maintaining security.",The Gnu C Library,Glibc,7.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-06T19:22:12.383Z,0
CVE-2024-33601,https://securityvulnerability.io/vulnerability/CVE-2024-33601,nscd: netgroup cache may terminate daemon on memory allocation failure,"The Name Service Cache Daemon (nscd) is susceptible to a Denial of Service issue due to improper memory management. Specifically, the netgroup cache implementation utilizes xmalloc or xrealloc functions, which can lead to unexpected termination of the daemon in the event of a memory allocation failure. This flaw, introduced in glibc 2.15 when the netgroup cache was added, poses significant risks as it can disrupt service for clients relying on nscd. It is critical for users of affected glibc versions to apply updates to safeguard against potential service disruptions.",The Gnu C Library,Glibc,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-06T19:22:07.763Z,0
CVE-2024-2961,https://securityvulnerability.io/vulnerability/CVE-2024-2961,Buffer Overflow Vulnerability in GNU C Library's iconv() Function,"The iconv() function in the GNU C Library (glibc) has a vulnerability that can cause a buffer overflow when converting strings to the ISO-2022-CN-EXT character set. This flaw occurs due to the function's failure to adequately check the size of the output buffer, allowing it to overflow by up to 4 bytes. Exploitation of this vulnerability could lead to unintended behavior in applications, such as crashing or overwriting adjacent memory locations. Applications utilizing glibc versions 2.39 and older are particularly at risk, highlighting the importance of updating to secure versions to mitigate potential attacks.",The Gnu C Library,Glibc,7.3,HIGH,0.0007099999929778278,false,,true,true,true,2024-05-27T17:30:06.000Z,true,true,false,,2024-04-17T17:27:40.541Z,5081
CVE-2023-4911,https://securityvulnerability.io/vulnerability/CVE-2023-4911,Buffer Overflow in GNU C Library's Dynamic Loader ld.so Could Allow Local Attacker to Execute Code with Elevated Privileges,"The first article discusses two different critical vulnerabilities in the GNU C Library (glibc) that allow unprivileged attackers to gain root access on multiple major Linux distributions. The vulnerabilities are tracked as CVE-2023-4911 and CVE-2023-6246 and both can lead to local privilege escalation. CVE-2023-4911 was already exploited by ransomware groups to steal cloud service provider (CSP) credentials in Kinsing malware attacks. The second vulnerability, CVE-2023-6246, was found in glibc's __vsyslog_internal() function and allows any unprivileged user to escalate privileges to full root access on default installations of various Linux distributions. The impact of these vulnerabilities is significant due to the widespread use of the affected library, and organizations are urged to ensure their systems are secure against these vulnerabilities.",Gnu,",Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.8,HIGH,0.24763000011444092,true,2023-11-21T00:00:00.000Z,true,true,true,2023-10-03T21:36:45.000Z,true,false,false,,2023-10-03T18:15:00.000Z,0
CVE-2022-44840,https://securityvulnerability.io/vulnerability/CVE-2022-44840,Heap Buffer Overflow in Binutils Readelf Affects Sourceware,"A heap buffer overflow vulnerability exists in Binutils Readelf prior to version 2.40. This issue arises from the function find_section_in_set in readelf.c, which may allow an attacker to exploit memory corruption. Proper handling of dynamic memory allocation is crucial to prevent potential impacts on system integrity and security. Implementing updates and patches is essential to mitigate this risk.",Gnu,Binutils,7.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2022-47673,https://securityvulnerability.io/vulnerability/CVE-2022-47673,Out-of-Bounds Read Vulnerability in Binutils by GNU,"A vulnerability has been identified in Binutils addr2line prior to version 2.39.3, located in the function parse_module. This issue involves multiple out-of-bounds reads which may lead to a denial of service or result in other unspecified impacts, thereby compromising system stability and security. Users of the affected versions are urged to update to mitigate potential risks and ensure system integrity.",Gnu,Binutils,7.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2020-19726,https://securityvulnerability.io/vulnerability/CVE-2020-19726,Memory Manipulation Vulnerability in Binutils from Sourceware,"A significant vulnerability has been identified in the Binutils software, specifically within libbfd.c version 2.36. This issue can allow attackers to exploit auxiliary symbol data, potentially enabling them to read from or write to system memory. This could lead to unauthorized access or manipulation of sensitive data and may result in denial of service, impacting system stability and availability.",Gnu,Binutils,8.8,HIGH,0.00203999993391335,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2022-47696,https://securityvulnerability.io/vulnerability/CVE-2022-47696,Denial of Service Vulnerability in Binutils Objdump by Sourceware,"A vulnerability has been identified in Binutils objdump versions prior to 2.39.3, which allows attackers to exploit the function compare_symbols. This exploitation can lead to denial of service or other unspecified impacts, potentially disrupting services that rely on this tool.",Gnu,Binutils,7.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2021-46174,https://securityvulnerability.io/vulnerability/CVE-2021-46174,Heap-based Buffer Overflow in Binutils Objdump by GNU,"A heap-based buffer overflow vulnerability exists in the bfd_getl32 function of Binutils objdump 3.37. This vulnerability allows an attacker to potentially manipulate memory allocation, leading to possible data corruption or denial of service. Users of the affected versions should apply appropriate security measures to mitigate risks.",Gnu,Binutils,7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2022-47695,https://securityvulnerability.io/vulnerability/CVE-2022-47695,Denial of Service Vulnerability in Binutils Objdump by Sourceware,"A vulnerability in Binutils objdump versions prior to 2.39.3 allows an attacker to trigger a denial of service. The flaw is located in the function 'bfd_mach_o_get_synthetic_symtab' within match-o.c, which can possibly lead to issues that disrupt normal operations. This vulnerability raises concerns for users relying on the affected versions of Binutils for processing object files.",Gnu,Binutils,7.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2022-45703,https://securityvulnerability.io/vulnerability/CVE-2022-45703,Heap Buffer Overflow in Readelf Tool from GNU Binutils,"A heap buffer overflow vulnerability exists in the readelf utility of GNU Binutils prior to version 2.40. This issue is caused by improper handling in the display_debug_section function within the readelf.c source file. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on affected systems, thereby compromising the security of applications using the binutils suite.",Gnu,Binutils,7.8,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2020-35342,https://securityvulnerability.io/vulnerability/CVE-2020-35342,Uninitialized Heap Vulnerability in GNU Binutils Affects Information Security,"An uninitialized heap vulnerability exists in the GNU Binutils prior to version 2.34, specifically in the tic4x_print_cond function within the opcodes/tic4x-dis.c file. This flaw could potentially allow attackers to exploit the state of heap memory, leading to unauthorized information disclosure. Attackers may leverage this weakness to obtain sensitive data that should remain inaccessible, highlighting the need for timely updates and mitigation measures.",Gnu,Binutils,7.5,HIGH,0.001990000018849969,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2023-40303,https://securityvulnerability.io/vulnerability/CVE-2023-40303,Privilege Escalation Vulnerability in GNU Inetutils Products,"GNU Inetutils, through version 2.4, contains a vulnerability that allows for privilege escalation due to the lack of validation on the return values of the set*id() family of functions within several components such as ftpd, rcp, rlogin, rsh, rshd, and uucpd. This issue can be exploited when a process attempts to drop privileges, as failures in the setuid system call could lead to situations where an ordinary user inadvertently gains control over the process, leading to potential unauthorized actions.",Gnu,Inetutils,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-08-14T05:15:00.000Z,0
CVE-2022-28734,https://securityvulnerability.io/vulnerability/CVE-2022-28734,Out-of-bounds write when handling split HTTP headers,"An out-of-bounds write vulnerability exists in the GRUB2 bootloader when it processes split HTTP headers. This flaw is due to the misalignment of the internal data buffer pointer, resulting in potential memory corruption. An attacker can exploit this vulnerability through crafted HTTP requests, leading to unintended modifications in GRUB2's internal memory metadata. Such exploitation can compromise the stability and security of systems reliant on GRUB2 for boot functionality.",Gnu Project,Gnu Grub,8.1,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-07-20T01:15:00.000Z,0
CVE-2022-28733,https://securityvulnerability.io/vulnerability/CVE-2022-28733,Integer underflow in grub_net_recv_ip4_packets,"An integer underflow vulnerability exists in GRUB's `grub_net_recv_ip4_packets` function, which can be exploited through maliciously crafted IP packets. When such a packet is received, the function may mistakenly interpret the total length value, causing it to wrap around to a smaller integer. This miscalculation can result in incorrect memory allocation, allowing attackers to write data beyond the allocated buffer, potentially leading to various security implications such as data corruption or unauthorized access.",Gnu Project,Gnu Grub,8.1,HIGH,0.00171999994199723,false,,false,false,false,,,false,false,,2023-07-20T00:20:02.458Z,0
CVE-2023-36272,https://securityvulnerability.io/vulnerability/CVE-2023-36272,Heap Buffer Overflow in LibreDWG Affects Multiple Versions,"A heap buffer overflow has been identified in LibreDWG v0.12.5, specifically within the function bit_utf8_to_TU in bits.c. This vulnerability could potentially allow an attacker to execute arbitrary code or crash the application when processing specially crafted input.",Gnu,Libredwg,8.8,HIGH,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-06-23T00:00:00.000Z,0
CVE-2023-36273,https://securityvulnerability.io/vulnerability/CVE-2023-36273,Heap Buffer Overflow in LibreDWG Affects LibreDWG v0.12.5,"LibreDWG v0.12.5 contains a vulnerability that allows attackers to exploit a heap buffer overflow through the function bit_calc_CRC in the bits.c source file. This flaw can potentially lead to arbitrary code execution, making it crucial for users to update to the latest version to mitigate risks associated with this vulnerability.",Gnu,Libredwg,8.8,HIGH,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-06-23T00:00:00.000Z,0
CVE-2023-36274,https://securityvulnerability.io/vulnerability/CVE-2023-36274,Heap Buffer Overflow in LibreDWG Software by LibreDWG,"LibreDWG v0.12.5 has been identified to have a vulnerability that allows for a heap buffer overflow. This issue arises specifically in the function bit_write_TF located in the bits.c file, which could be exploited to manipulate memory inappropriately, potentially leading to unexpected application behavior or system compromise. Users of this version are advised to take action to mitigate possible risks.",Gnu,Libredwg,8.8,HIGH,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-06-23T00:00:00.000Z,0
CVE-2023-36271,https://securityvulnerability.io/vulnerability/CVE-2023-36271,Heap Buffer Overflow in LibreDWG Affects Multiple Versions,"LibreDWG v0.12.5 is affected by a heap buffer overflow vulnerability identified in the function bit_wcs2nlen within bits.c. This flaw can potentially allow an attacker to exploit certain input conditions, leading to unexpected behavior or data corruption. It is critical for users of this version to assess the risk and apply necessary patches or mitigation strategies as they become available.",Gnu,Libredwg,8.8,HIGH,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-06-23T00:00:00.000Z,0
CVE-2023-2789,https://securityvulnerability.io/vulnerability/CVE-2023-2789,GNU cflow parser.c parse_variable_declaration denial of service,"In GNU cflow version 1.7, a vulnerability has been identified in the `func_body/parse_variable_declaration` function within the `parser.c` file. This vulnerability can be exploited to induce a denial of service, affecting the availability of the application. The issue has been publicly disclosed, and the vendor was notified prior to this disclosure but did not provide a response. Users are advised to pay attention to potential exposure to this vulnerability.",GNU,cflow,7.5,HIGH,0.0018500000005587935,false,,false,false,false,,,false,false,,2023-05-18T13:15:00.000Z,0