cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6780,https://securityvulnerability.io/vulnerability/CVE-2023-6780,Glibc: integer overflow in __vsyslog_internal(),"An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.",Red Hat,"Glibc,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",5.3,MEDIUM,0.0009299999801442027,false,false,false,false,,false,false,2024-01-31T14:08:02.610Z,0
CVE-2023-6779,https://securityvulnerability.io/vulnerability/CVE-2023-6779,Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal(),"An off-by-one heap-based buffer overflow was identified in the __vsyslog_internal function within the glibc library. When the syslog and vsyslog functions are invoked with a message exceeding INT_MAX bytes, it leads to improper calculations of the buffer size allocated for the message. This flaw may cause application crashes and can potentially be exploited if the affected functions are manipulated. The vulnerability impacts glibc versions 2.37 and newer, necessitating immediate attention from system administrators and software developers utilizing this library.",Red Hat,"Glibc,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",7.5,HIGH,0.0015800000401213765,false,true,false,false,,false,false,2024-01-31T14:07:41.967Z,0
CVE-2023-6246,https://securityvulnerability.io/vulnerability/CVE-2023-6246,Heap-Based Buffer Overflow Vulnerability in glibc Library,"A heap-based buffer overflow vulnerability exists in the __vsyslog_internal function of the glibc library, which is crucial for logging system events through the syslog and vsyslog functionalities. The issue arises if the openlog function is not invoked or if it is invoked with a NULL ident argument, particularly when the program name exceeds 1024 bytes. This can lead to significant consequences, including application crashes and the potential for local privilege escalation, impacting systems using glibc version 2.36 and onward.",Red Hat,"Glibc,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",8.4,HIGH,0.015080000273883343,false,true,true,true,,true,false,2024-01-31T14:06:21.949Z,8944
CVE-2023-4911,https://securityvulnerability.io/vulnerability/CVE-2023-4911,Buffer Overflow in GNU C Library's Dynamic Loader ld.so Could Allow Local Attacker to Execute Code with Elevated Privileges,"The first article discusses two different critical vulnerabilities in the GNU C Library (glibc) that allow unprivileged attackers to gain root access on multiple major Linux distributions. The vulnerabilities are tracked as CVE-2023-4911 and CVE-2023-6246 and both can lead to local privilege escalation. CVE-2023-4911 was already exploited by ransomware groups to steal cloud service provider (CSP) credentials in Kinsing malware attacks. The second vulnerability, CVE-2023-6246, was found in glibc's __vsyslog_internal() function and allows any unprivileged user to escalate privileges to full root access on default installations of various Linux distributions. The impact of these vulnerabilities is significant due to the widespread use of the affected library, and organizations are urged to ensure their systems are secure against these vulnerabilities.",Red Hat,"glibc,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Virtualization 4 for Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora",7.8,HIGH,0.20633000135421753,true,true,true,true,true,false,false,2023-10-03T18:15:00.000Z,0
CVE-2020-1751,https://securityvulnerability.io/vulnerability/CVE-2020-1751,,"An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.",Red Hat,Glibc,5.1,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2020-04-17T18:32:44.000Z,0