cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-56737,https://securityvulnerability.io/vulnerability/CVE-2024-56737,Heap-Based Buffer Overflow in GNU GRUB2 Affected by Malicious HFS Filesystem Data,"A vulnerability exists in GNU GRUB2 (version 2.12) that is triggered by a heap-based buffer overflow. This flaw can be exploited if an attacker uses specially crafted sblock data within an HFS filesystem. Such an exploitation may lead to unauthorized access or corruption of memory, impacting the stability and security of systems utilizing this bootloader. Addressing this issue promptly is crucial for maintaining system integrity and protecting against potential threats.",Gnu,Grub2,8.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2024-12-29T00:00:00.000Z,0 CVE-2024-56738,https://securityvulnerability.io/vulnerability/CVE-2024-56738,Side-Channel Vulnerability in GNU GRUB Affects Multiple Versions,"The vulnerability in GNU GRUB affects versions prior to 2.12 due to the use of a non-constant-time algorithm in the grub_crypto_memcmp function. This imperfection opens the door for potential side-channel attacks, where attackers might exploit differences in processing time to infer sensitive information. Such vulnerabilities can significantly compromise the security of boot processes and the overall integrity of systems relying on GRUB for initialization.",Gnu,Grub2,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2024-12-29T00:00:00.000Z,0 CVE-2024-10524,https://securityvulnerability.io/vulnerability/CVE-2024-10524,Wget Vulnerability Affects Applications Using Shorthand URLs,Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.,Gnu,Wget,6.5,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2024-11-19T14:23:09.718Z,0 CVE-2024-52867,https://securityvulnerability.io/vulnerability/CVE-2024-52867,Privilege Escalation Vulnerability in GNU Guix's guix-daemon,"The guix-daemon in GNU Guix prior to commit 5ab3c4c allows local users to escalate privileges through unaddressed build output access. This vulnerability pertains to the inadequate handling of file metadata, particularly for setuid and setgid programs. To mitigate this vulnerability, users are advised to perform specific pull, reconfiguration, and restart actions. The fixes in both commits 5ab3c4c and 5582241 are necessary to secure the system against this issue.",GNU Guix,,8.1,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-11-17T00:00:00.000Z,0 CVE-2024-50610,https://securityvulnerability.io/vulnerability/CVE-2024-50610,Integer signedness error in gsl_siman_solve_many affects memory allocation,"GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.",GSL (GNU Scientific Library),,,,0.00044999999227002263,false,false,false,false,,false,false,2024-10-27T00:00:00.000Z,0 CVE-2024-43370,https://securityvulnerability.io/vulnerability/CVE-2024-43370,Cross-Site Scripting Vulnerability in GNU Gettext Port for Node and Browser,"gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.",GNU,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-08-16T02:15:00.000Z,0 CVE-2024-38428,https://securityvulnerability.io/vulnerability/CVE-2024-38428,GNU Wget vulnerable to URL mishandling,"A vulnerability exists in GNU Wget versions up to 1.24.5 that affects how semicolons are handled in the userinfo subcomponent of a URI. This mishandling can lead to an insecure scenario where data that should be classified within the userinfo subcomponent is incorrectly interpreted as part of the host subcomponent. This unintended behavior can pose security risks, including exposure of sensitive information or improper URI parsing, necessitating urgent attention for users relying on this tool for secure data transfers.",GNU,Wget,9.1,CRITICAL,0.0009699999936856329,false,false,false,false,,false,false,2024-06-16T00:00:00.000Z,0 CVE-2024-38448,https://securityvulnerability.io/vulnerability/CVE-2024-38448,Untrusted dbpath execution vulnerability in GNU Global through 6.6.12,"htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used.",GNU,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-06-16T00:00:00.000Z,0 CVE-2024-33602,https://securityvulnerability.io/vulnerability/CVE-2024-33602,nscd netgroup cache corruption vulnerability,"nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. ",The Gnu C Library,Glibc,,,0.00044999999227002263,false,false,false,false,,false,false,2024-05-06T19:22:12.383Z,0 CVE-2024-33601,https://securityvulnerability.io/vulnerability/CVE-2024-33601,nscd: netgroup cache may terminate daemon on memory allocation failure,"nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. ",The Gnu C Library,Glibc,,,0.00044999999227002263,false,false,false,false,,false,false,2024-05-06T19:22:07.763Z,0 CVE-2024-33600,https://securityvulnerability.io/vulnerability/CVE-2024-33600,Null pointer crashes after notfound response,"nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. ",The Gnu C Library,Glibc,,,0.00044999999227002263,false,false,false,false,,false,false,2024-05-06T19:22:02.726Z,0 CVE-2024-33599,https://securityvulnerability.io/vulnerability/CVE-2024-33599,Stack-based buffer overflow in netgroup cache,"nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. ",The Gnu C Library,Glibc,,,0.00044999999227002263,false,false,false,false,,false,false,2024-05-06T19:21:54.314Z,0 CVE-2024-2961,https://securityvulnerability.io/vulnerability/CVE-2024-2961,Buffer Overflow Vulnerability in GNU C Library's iconv() Function,"The iconv() function in the GNU C Library (glibc) has a vulnerability that can cause a buffer overflow when converting strings to the ISO-2022-CN-EXT character set. This flaw occurs due to the function's failure to adequately check the size of the output buffer, allowing it to overflow by up to 4 bytes. Exploitation of this vulnerability could lead to unintended behavior in applications, such as crashing or overwriting adjacent memory locations. Applications utilizing glibc versions 2.39 and older are particularly at risk, highlighting the importance of updating to secure versions to mitigate potential attacks.",The Gnu C Library,Glibc,,,0.0007099999929778278,false,true,true,true,true,true,false,2024-04-17T17:27:40.541Z,5081 CVE-2024-29399,https://securityvulnerability.io/vulnerability/CVE-2024-29399,Remote Code Execution and Privilege Escalation Vulnerability in GNU Savane,"A vulnerability exists in GNU Savane versions 3.13 and earlier that allows remote attackers to execute arbitrary code. This is achieved through the upload.php component, where crafted files can be uploaded, leading to potential privilege escalation. The flaw highlights the importance of securing file upload functionalities to prevent unauthorized access and control.",GNU Savane,,,,0.0004299999854993075,false,false,false,true,true,false,false,2024-04-11T00:00:00.000Z,0 CVE-2024-27632,https://securityvulnerability.io/vulnerability/CVE-2024-27632,Privilege Escalation Vulnerability in GNU Savane,"An identified vulnerability in GNU Savane versions up to 3.12 permits remote attackers to escalate their privileges. This exploit arises from improper handling of the form_id parameter within the form_header() function, allowing unauthorized actions that could compromise the integrity and security of the application. Effective mitigations and timely updates are essential to safeguard against potential exploitation by malicious actors.",GNU,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-04-08T00:00:00.000Z,0 CVE-2023-45925,https://securityvulnerability.io/vulnerability/CVE-2023-45925,NULL Pointer Dereference in Midnight Commander Could Lead to X Operation Silently Failing,"The vulnerability identified in GNU Midnight Commander highlights a NULL pointer dereference occurring within the x_error_handler() function located in tty/x11conn.c. This issue may lead to silent failures in X operations, impacting the usability of the application without providing any indication of errors. Although this vulnerability is contested as a usability concern rather than a security vulnerability, it still poses questions regarding the robustness and user experience associated with this popular terminal file manager.",GNU,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-03-27T00:00:00.000Z,0 CVE-2023-39804,https://securityvulnerability.io/vulnerability/CVE-2023-39804,GNU tar vulnerability could lead to application crash,"In versions of GNU Tar prior to 1.35, there exists a vulnerability that arises from the improper handling of extension attributes in PAX archives. This flaw in the xheader.c file can lead to application crashes, posing a risk to system stability and data integrity. Maliciously crafted PAX archives may exploit this vulnerability, emphasizing the importance of updating to the latest version to mitigate potential threats.",GNU,,,,0.00044999999227002263,false,false,false,false,,false,false,2024-03-27T00:00:00.000Z,0 CVE-2023-26157,https://securityvulnerability.io/vulnerability/CVE-2023-26157,Denial of Service Vulnerability in LibreDWG Library,"A vulnerability exists in the LibreDWG library that can lead to Denial of Service due to an out-of-bounds read condition found in the decode_r2007.c file. This flaw can result in unintended behavior, potentially causing service disruptions when users attempt to process certain types of data. It is essential for users of the affected versions to apply the necessary patches and updates to mitigate any risks associated with this vulnerability.",Gnu,Libredwg,5.5,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2024-01-02T05:15:00.000Z,0 CVE-2022-47007,https://securityvulnerability.io/vulnerability/CVE-2022-47007,,"An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.",Gnu,Binutils,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-08-22T00:00:00.000Z,0 CVE-2020-19190,https://securityvulnerability.io/vulnerability/CVE-2020-19190,,Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.,Gnu,Ncurses,6.5,MEDIUM,0.011269999668002129,false,false,false,false,,false,false,2023-08-22T00:00:00.000Z,0 CVE-2022-47673,https://securityvulnerability.io/vulnerability/CVE-2022-47673,Out-of-Bounds Read Vulnerability in Binutils by GNU,"A vulnerability has been identified in Binutils addr2line prior to version 2.39.3, located in the function parse_module. This issue involves multiple out-of-bounds reads which may lead to a denial of service or result in other unspecified impacts, thereby compromising system stability and security. Users of the affected versions are urged to update to mitigate potential risks and ensure system integrity.",Gnu,Binutils,7.8,HIGH,0.0007800000021234155,false,false,false,false,,false,false,2023-08-22T00:00:00.000Z,0 CVE-2020-19724,https://securityvulnerability.io/vulnerability/CVE-2020-19724,,A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.,Gnu,Binutils,5.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2023-08-22T00:00:00.000Z,0 CVE-2020-19189,https://securityvulnerability.io/vulnerability/CVE-2020-19189,,Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.,Gnu,Ncurses,6.5,MEDIUM,0.006779999937862158,false,false,false,false,,false,false,2023-08-22T00:00:00.000Z,0 CVE-2020-21490,https://securityvulnerability.io/vulnerability/CVE-2020-21490,,An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.,Gnu,Binutils,5.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2023-08-22T00:00:00.000Z,0 CVE-2022-48064,https://securityvulnerability.io/vulnerability/CVE-2022-48064,,GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.,Gnu,Binutils,5.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-08-22T00:00:00.000Z,0