Lucene search
K

169 matches found

CVE
CVE
added 2026/01/20 1:22 p.m.91 views

CVE-2025-15281

CVE-2025-15281 concerns the GNU C Library (glibc). The issue arises when wordexp is used with WRDE_REUSE together with WRDE_APPEND, which can cause we_wordv to be returned with uninitialized memory. On subsequent wordfree calls this memory state may trigger a process abort. The CVE is reflected i...

7.5CVSS5.3AI score0.00286EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/01/20 1:22 p.m.4 views

CVE-2025-15281

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the wewordv member, which on subsequent calls to wordfree may abort the process...

7.5CVSS7.1AI score0.00286EPSS
Exploits0
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.4 views

GNU C Library security vulnerabilities

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions 2.0 through 2.42 of the GNU C Library contained security vulnerabilities; these vulnerabilities stemmed from the possibility of returning uninitialized memory when...

7.5CVSS7.1AI score0.00286EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : glibc-2.17-326.3.0.1.el7.AXS7 (AXSA:2024-8594:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8594:08 advisory. CVE-2021-3999: getcwd - Set errno to ERANGE for size == 1 CVE-2021-35942: wordexp - handle overflow in positional parameter number CVE-2022-23218:...

9.8CVSS8.2AI score0.04729EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.5 views

CVE-2023-25607

An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 throug...

7.8CVSS7.6AI score0.01498EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-22577

Malware in sbrugna...

9.1CVSS7.6AI score0.02678EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-35942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an...

9.1CVSS7.3AI score0.02678EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.8 views

PT-2026-3558

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.0 through 2.42 Description Using the wordexp function with WRDE REUSE and WRDE APPEND together in the GNU C Library can lead to the function returning uninitialized memory in the we wordv member. Subsequent calls to...

8.4CVSS5.1AI score0.00564EPSS
Exploits3References87
BDU FSTEC
BDU FSTEC
added 2024/12/02 12:0 a.m.4 views

The vulnerability of the wordexp() function in the tinygltf library, a programming language, allows attackers to execute arbitrary code.

The vulnerability of the wordexp function in the tinygltf programming language library is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted commands...

10CVSS8.1AI score0.02809EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2024/07/03 5:20 p.m.4 views

CLSA-2024-1720027216 glibc: Fix of 4 CVEs

CVE-2021-3999: getcwd - Set errno to ERANGE for size == 1 - CVE-2021-35942: wordexp - handle overflow in positional parameter number - CVE-2022-23218: Buffer overflow in sunrpc svcunixcreate - CVE-2022-23219: Buffer overflow in sunrpc clntcreate for "unix"...

9.8CVSS6.8AI score0.04729EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 5 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: noexec bypass via wordexp CVE-2016-7076 - sudo before 1.8.12 does not ensure that the TZ environmen...

7.8CVSS6.9AI score0.03295EPSS
Exploits6References7
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.29 views

RHEL 5 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: noexec bypass via wordexp CVE-2016-7076 - sudo: symbolic link attack in SELinux-enabled sudoedit...

7.3AI score0.03295EPSS
Exploits2References7
OSV
OSV
added 2023/10/10 5:15 p.m.2 views

CVE-2023-25607

An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 throug...

7.8CVSS6AI score0.01498EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/10 4:51 p.m.12 views

CVE-2023-25607

An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 throug...

7.8CVSS7.7AI score0.01498EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.19 views

Debian: Security Advisory (DLA-97-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.8AI score0.06564EPSS
Exploits2References2
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.51 views

K98121587: glibc vulnerability CVE-2021-35942

Security Advisory Description The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs...

9.1CVSS7.9AI score0.02678EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.3 views

SUSE CVE-2014-7817

The wordexp function in GNU C Library aka glibc 2.21 does not enforce the WRDENOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$..."...

4.6CVSS7.5AI score0.00578EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:58 a.m.3 views

SUSE CVE-2016-7076

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to...

7.8CVSS8.2AI score0.00493EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.3 views

SUSE CVE-2021-35942

The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but...

5.1CVSS7.7AI score0.02678EPSS
Exploits0References95
Tenable Nessus
Tenable Nessus
added 2022/10/26 12:0 a.m.27 views

Ubuntu 16.04 ESM : GNU C Library vulnerabilities (USN-5699-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5699-1 advisory. Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could...

9.1CVSS7AI score0.03093EPSS
Exploits0References3
Rows per page
Query Builder