High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-31	CVE-2023-6246	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. local low complexity gnu fedoraproject CWE-787	7.8
2024-01-31	CVE-2023-6779	Out-of-bounds Write vulnerability in multiple products An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. network low complexity gnu fedoraproject CWE-787	7.5
2023-10-03	CVE-2023-4911	Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. local low complexity gnu fedoraproject redhat debian canonical CWE-787	7.8
2023-09-25	CVE-2023-5156	Memory Leak vulnerability in multiple products A flaw was found in the GNU C Library. network low complexity gnu redhat CWE-401	7.5
2022-08-24	CVE-2021-3998	Out-of-bounds Read vulnerability in multiple products A flaw was found in glibc. network low complexity gnu netapp CWE-125	7.5
2022-08-24	CVE-2021-3999	Off-by-one Error vulnerability in multiple products A flaw was found in glibc. local low complexity gnu debian netapp CWE-193	7.8
2021-11-04	CVE-2021-43396	In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. network low complexity gnu oracle	7.5
2021-08-12	CVE-2021-38604	NULL Pointer Dereference vulnerability in multiple products In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. network low complexity gnu fedoraproject oracle CWE-476	7.5
2021-01-27	CVE-2021-3326	Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. network low complexity gnu netapp oracle fujitsu debian CWE-617	7.5
2020-12-06	CVE-2020-29573	Out-of-bounds Write vulnerability in multiple products sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. network low complexity gnu redhat netapp CWE-787	7.5