2.33

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-18	CVE-2023-4527	Out-of-bounds Read vulnerability in multiple products A flaw was found in glibc. network high complexity gnu redhat fedoraproject netapp CWE-125	6.5
2023-09-18	CVE-2023-4806	Use After Free vulnerability in multiple products A flaw was found in glibc. network high complexity gnu redhat fedoraproject CWE-416	5.9
2023-09-12	CVE-2023-4813	Use After Free vulnerability in multiple products A flaw was found in glibc. network high complexity gnu redhat fedoraproject netapp CWE-416	5.9
2023-02-06	CVE-2023-0687	Classic Buffer Overflow vulnerability in GNU Glibc A vulnerability was found in GNU C Library 2.38. network low complexity gnu CWE-120 critical	9.8
2022-08-24	CVE-2021-3998	Out-of-bounds Read vulnerability in multiple products A flaw was found in glibc. network low complexity gnu netapp CWE-125	7.5
2022-01-14	CVE-2022-23218	Classic Buffer Overflow vulnerability in multiple products The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. network low complexity gnu oracle debian CWE-120 critical	9.8
2022-01-14	CVE-2022-23219	Classic Buffer Overflow vulnerability in multiple products The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. network low complexity gnu oracle debian CWE-120 critical	9.8
2021-08-12	CVE-2021-38604	NULL Pointer Dereference vulnerability in multiple products In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. network low complexity gnu fedoraproject oracle CWE-476	7.5
2021-05-25	CVE-2021-33574	Use After Free vulnerability in multiple products The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. network low complexity gnu fedoraproject netapp debian CWE-416 critical	9.8
2021-02-24	CVE-2021-27645	Double Free vulnerability in multiple products The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. local high complexity gnu fedoraproject debian CWE-415	2.5