| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-23219 |
120 |
|
DoS Exec Code Overflow |
2022-01-14 |
2022-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. |
|
2 |
CVE-2022-23218 |
120 |
|
DoS Exec Code Overflow |
2022-01-14 |
2022-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. |
|
3 |
CVE-2021-43412 |
416 |
|
|
2021-11-07 |
2021-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. |
|
4 |
CVE-2021-33574 |
416 |
|
DoS |
2021-05-25 |
2022-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. |
|
5 |
CVE-2021-28237 |
787 |
|
Overflow |
2021-12-02 |
2021-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. |
|
6 |
CVE-2021-26937 |
88 |
|
DoS |
2021-02-09 |
2022-05-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. |
|
7 |
CVE-2021-20233 |
787 |
|
|
2021-03-03 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
8 |
CVE-2021-20232 |
416 |
|
Mem. Corr. |
2021-03-12 |
2021-05-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. |
|
9 |
CVE-2021-20231 |
416 |
|
Mem. Corr. |
2021-03-12 |
2021-06-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. |
|
10 |
CVE-2021-20225 |
787 |
|
|
2021-03-03 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
11 |
CVE-2021-3487 |
20 |
|
|
2021-04-15 |
2022-10-27 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. |
|
12 |
CVE-2020-27749 |
121 |
|
Exec Code Overflow |
2021-03-03 |
2022-05-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
13 |
CVE-2020-25647 |
787 |
|
Exec Code Mem. Corr. Bypass |
2021-03-03 |
2022-05-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
14 |
CVE-2020-25632 |
416 |
|
Exec Code Bypass |
2021-03-03 |
2022-05-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
15 |
CVE-2020-24240 |
416 |
|
|
2020-08-25 |
2020-09-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. |
|
16 |
CVE-2020-9366 |
787 |
|
Overflow |
2020-02-24 |
2022-01-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. |
|
17 |
CVE-2019-1010022 |
119 |
|
Overflow Bypass |
2019-07-15 |
2021-06-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." |
|
18 |
CVE-2019-25013 |
125 |
|
|
2021-01-04 |
2022-11-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. |
|
19 |
CVE-2019-20914 |
476 |
|
|
2020-07-16 |
2020-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec. |
|
20 |
CVE-2019-18276 |
273 |
|
Exec Code +Priv |
2019-11-28 |
2022-06-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. |
|
21 |
CVE-2019-18224 |
787 |
|
Overflow |
2019-10-21 |
2019-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. |
|
22 |
CVE-2019-9924 |
862 |
|
Exec Code |
2019-03-22 |
2022-04-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. |
|
23 |
CVE-2019-9169 |
125 |
|
|
2019-02-26 |
2022-06-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. |
|
24 |
CVE-2019-5953 |
787 |
|
Exec Code Overflow |
2019-05-17 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. |
|
25 |
CVE-2019-3697 |
59 |
|
|
2020-01-24 |
2021-09-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. |
|
26 |
CVE-2018-1000654 |
|
|
|
2018-08-20 |
2021-02-25 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. |
|
27 |
CVE-2018-1000001 |
787 |
|
Exec Code |
2018-01-31 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. |
|
28 |
CVE-2018-18751 |
415 |
|
|
2018-10-29 |
2020-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. |
|
29 |
CVE-2018-12699 |
787 |
|
DoS Overflow |
2018-06-23 |
2019-08-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. |
|
30 |
CVE-2018-11236 |
787 |
|
Exec Code Overflow |
2018-05-18 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. |
|
31 |
CVE-2018-6551 |
787 |
|
|
2018-02-02 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. |
|
32 |
CVE-2018-6485 |
787 |
|
Overflow |
2018-02-01 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. |
|
33 |
CVE-2017-1000408 |
772 |
|
|
2018-02-01 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. |
|
34 |
CVE-2017-1000366 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2020-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
|
35 |
CVE-2017-18201 |
415 |
|
|
2018-02-26 |
2018-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. |
|
36 |
CVE-2017-15804 |
119 |
|
Overflow |
2017-10-22 |
2018-06-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. |
|
37 |
CVE-2017-15670 |
119 |
|
Overflow |
2017-10-20 |
2018-06-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. |
|
38 |
CVE-2017-14930 |
772 |
|
DoS |
2017-09-30 |
2019-10-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. |
|
39 |
CVE-2017-14062 |
190 |
|
DoS Overflow |
2017-08-31 |
2020-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. |
|
40 |
CVE-2017-14061 |
190 |
|
DoS Overflow |
2017-08-31 |
2019-10-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. |
|
41 |
CVE-2017-13716 |
770 |
|
DoS |
2017-08-28 |
2019-10-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). |
|
42 |
CVE-2017-10685 |
134 |
|
Exec Code |
2017-06-29 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. |
|
43 |
CVE-2017-10684 |
119 |
|
Exec Code Overflow |
2017-06-29 |
2021-06-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. |
|
44 |
CVE-2017-9109 |
119 |
|
Overflow |
2020-06-18 |
2020-07-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. |
|
45 |
CVE-2017-9105 |
476 |
|
Exec Code |
2020-06-18 |
2020-07-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution. |
|
46 |
CVE-2017-9104 |
400 |
|
|
2020-06-18 |
2020-07-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. |
|
47 |
CVE-2017-9103 |
119 |
|
Overflow |
2020-06-18 |
2020-07-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. |
|
48 |
CVE-2017-8804 |
502 |
|
DoS |
2017-05-07 |
2020-08-26 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references] |
|
49 |
CVE-2017-8421 |
772 |
|
|
2017-05-02 |
2019-10-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. |
|
50 |
CVE-2017-7614 |
476 |
|
DoS |
2017-04-09 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. |
