| 0 |
| url |
VCID-1a9z-jmth-nkf7 |
| vulnerability_id |
VCID-1a9z-jmth-nkf7 |
| summary |
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0537 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0795 |
| scoring_system |
epss |
| scoring_elements |
0.92204 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0795 |
| scoring_system |
epss |
| scoring_elements |
0.92216 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0795 |
| scoring_system |
epss |
| scoring_elements |
0.92214 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0795 |
| scoring_system |
epss |
| scoring_elements |
0.92212 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0795 |
| scoring_system |
epss |
| scoring_elements |
0.92213 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0795 |
| scoring_system |
epss |
| scoring_elements |
0.92227 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0537 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-0537
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1a9z-jmth-nkf7 |
|
| 1 |
| url |
VCID-1eux-3h1u-4fdt |
| vulnerability_id |
VCID-1eux-3h1u-4fdt |
| summary |
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3480 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52733 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52793 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52799 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52782 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52756 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.5278 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3480 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3480
|
| risk_score |
null |
| exploitability |
2.0 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1eux-3h1u-4fdt |
|
| 2 |
| url |
VCID-1f1a-9n19-73hd |
| vulnerability_id |
VCID-1f1a-9n19-73hd |
| summary |
glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4438 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00066 |
| scoring_system |
epss |
| scoring_elements |
0.20503 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00066 |
| scoring_system |
epss |
| scoring_elements |
0.20606 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00066 |
| scoring_system |
epss |
| scoring_elements |
0.20563 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00066 |
| scoring_system |
epss |
| scoring_elements |
0.20495 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00066 |
| scoring_system |
epss |
| scoring_elements |
0.20618 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4438 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4438
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1f1a-9n19-73hd |
|
| 3 |
| url |
VCID-1haz-2bf8-aufd |
| vulnerability_id |
VCID-1haz-2bf8-aufd |
| summary |
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1751 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00244 |
| scoring_system |
epss |
| scoring_elements |
0.47891 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00244 |
| scoring_system |
epss |
| scoring_elements |
0.47954 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00244 |
| scoring_system |
epss |
| scoring_elements |
0.47958 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00244 |
| scoring_system |
epss |
| scoring_elements |
0.4794 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00244 |
| scoring_system |
epss |
| scoring_elements |
0.47911 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00244 |
| scoring_system |
epss |
| scoring_elements |
0.47923 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1751 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1751
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1haz-2bf8-aufd |
|
| 4 |
| url |
VCID-1nqc-41uz-7kb2 |
| vulnerability_id |
VCID-1nqc-41uz-7kb2 |
| summary |
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23218 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00515 |
| scoring_system |
epss |
| scoring_elements |
0.66977 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00515 |
| scoring_system |
epss |
| scoring_elements |
0.67011 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00515 |
| scoring_system |
epss |
| scoring_elements |
0.67017 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00515 |
| scoring_system |
epss |
| scoring_elements |
0.67026 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00515 |
| scoring_system |
epss |
| scoring_elements |
0.6701 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00515 |
| scoring_system |
epss |
| scoring_elements |
0.66994 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23218 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23218
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1nqc-41uz-7kb2 |
|
| 5 |
| url |
VCID-1pjr-hryf-yyff |
| vulnerability_id |
VCID-1pjr-hryf-yyff |
| summary |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6485 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01095 |
| scoring_system |
epss |
| scoring_elements |
0.78331 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01095 |
| scoring_system |
epss |
| scoring_elements |
0.78357 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01095 |
| scoring_system |
epss |
| scoring_elements |
0.78365 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01095 |
| scoring_system |
epss |
| scoring_elements |
0.78355 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01095 |
| scoring_system |
epss |
| scoring_elements |
0.78343 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01095 |
| scoring_system |
epss |
| scoring_elements |
0.7836 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6485 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6485
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1pjr-hryf-yyff |
|
| 6 |
| url |
VCID-1ss6-n2ge-37ds |
| vulnerability_id |
VCID-1ss6-n2ge-37ds |
| summary |
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2004-1382 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25001 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25096 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25085 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25032 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.24973 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.24981 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2004-1382 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2004-1382
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1ss6-n2ge-37ds |
|
| 7 |
| url |
VCID-1sv5-vd6m-pqce |
| vulnerability_id |
VCID-1sv5-vd6m-pqce |
| summary |
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1659 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02476 |
| scoring_system |
epss |
| scoring_elements |
0.85556 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.02476 |
| scoring_system |
epss |
| scoring_elements |
0.85578 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.02476 |
| scoring_system |
epss |
| scoring_elements |
0.85583 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.02476 |
| scoring_system |
epss |
| scoring_elements |
0.8558 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.02476 |
| scoring_system |
epss |
| scoring_elements |
0.85566 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1659 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1659
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1sv5-vd6m-pqce |
|
| 8 |
| url |
VCID-2arb-j977-ubae |
| vulnerability_id |
VCID-2arb-j977-ubae |
| summary |
Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-4424 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.701 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70141 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70149 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.7013 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70119 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70142 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-4424 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-4424
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2arb-j977-ubae |
|
| 9 |
| url |
VCID-2bey-vr5a-d7h5 |
| vulnerability_id |
VCID-2bey-vr5a-d7h5 |
| summary |
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7309 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4429 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44359 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44367 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44343 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44306 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44318 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7309 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7309
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2bey-vr5a-d7h5 |
|
| 10 |
| url |
VCID-2r5c-pbpj-27ex |
| vulnerability_id |
VCID-2r5c-pbpj-27ex |
| summary |
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-5155 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01348 |
| scoring_system |
epss |
| scoring_elements |
0.80417 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01348 |
| scoring_system |
epss |
| scoring_elements |
0.80442 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01348 |
| scoring_system |
epss |
| scoring_elements |
0.80444 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01348 |
| scoring_system |
epss |
| scoring_elements |
0.80441 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01348 |
| scoring_system |
epss |
| scoring_elements |
0.80436 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01348 |
| scoring_system |
epss |
| scoring_elements |
0.80457 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-5155 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-5155
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2r5c-pbpj-27ex |
|
| 11 |
| url |
VCID-2s3w-wmnq-67gf |
| vulnerability_id |
VCID-2s3w-wmnq-67gf |
| summary |
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7424 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00831 |
| scoring_system |
epss |
| scoring_elements |
0.7492 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00831 |
| scoring_system |
epss |
| scoring_elements |
0.74949 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00831 |
| scoring_system |
epss |
| scoring_elements |
0.74953 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00831 |
| scoring_system |
epss |
| scoring_elements |
0.74945 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00831 |
| scoring_system |
epss |
| scoring_elements |
0.7493 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00831 |
| scoring_system |
epss |
| scoring_elements |
0.74956 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7424 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-7424
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2s3w-wmnq-67gf |
|
| 12 |
| url |
VCID-2tb2-6nh9-hkhw |
| vulnerability_id |
VCID-2tb2-6nh9-hkhw |
| summary |
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1095 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33799 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33905 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33919 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33884 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.3385 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33876 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1095 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1095
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2tb2-6nh9-hkhw |
|
| 13 |
| url |
VCID-31wu-1jtq-pybp |
| vulnerability_id |
VCID-31wu-1jtq-pybp |
| summary |
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11237 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00797 |
| scoring_system |
epss |
| scoring_elements |
0.7436 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00797 |
| scoring_system |
epss |
| scoring_elements |
0.74393 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00797 |
| scoring_system |
epss |
| scoring_elements |
0.74398 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00797 |
| scoring_system |
epss |
| scoring_elements |
0.74385 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00797 |
| scoring_system |
epss |
| scoring_elements |
0.74368 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00797 |
| scoring_system |
epss |
| scoring_elements |
0.74394 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11237 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-11237
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-31wu-1jtq-pybp |
|
| 14 |
| url |
VCID-37cs-3vcz-2fgp |
| vulnerability_id |
VCID-37cs-3vcz-2fgp |
| summary |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1781 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04751 |
| scoring_system |
epss |
| scoring_elements |
0.89619 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.04751 |
| scoring_system |
epss |
| scoring_elements |
0.89636 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.04751 |
| scoring_system |
epss |
| scoring_elements |
0.89635 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.04751 |
| scoring_system |
epss |
| scoring_elements |
0.89637 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.04751 |
| scoring_system |
epss |
| scoring_elements |
0.89652 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1781 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1781
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-37cs-3vcz-2fgp |
|
| 15 |
| url |
VCID-3aka-ejja-bkbs |
| vulnerability_id |
VCID-3aka-ejja-bkbs |
| summary |
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10739 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12551 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12553 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12603 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12522 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12634 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12637 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10739 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10739
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3aka-ejja-bkbs |
|
| 16 |
| url |
VCID-3ddr-p92v-1yhd |
| vulnerability_id |
VCID-3ddr-p92v-1yhd |
| summary |
The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-5702 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52803 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52821 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52804 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52778 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52814 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-5702 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-5702
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3ddr-p92v-1yhd |
|
| 17 |
|
| 18 |
| url |
VCID-3nx1-uj3q-ubfm |
| vulnerability_id |
VCID-3nx1-uj3q-ubfm |
| summary |
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4788 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0756 |
| scoring_system |
epss |
| scoring_elements |
0.91976 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0756 |
| scoring_system |
epss |
| scoring_elements |
0.91988 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0756 |
| scoring_system |
epss |
| scoring_elements |
0.91989 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0756 |
| scoring_system |
epss |
| scoring_elements |
0.91987 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.0756 |
| scoring_system |
epss |
| scoring_elements |
0.92001 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4788 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4788
|
| risk_score |
0.2 |
| exploitability |
2.0 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3nx1-uj3q-ubfm |
|
| 19 |
| url |
VCID-3x6x-9d4r-bqhy |
| vulnerability_id |
VCID-3x6x-9d4r-bqhy |
| summary |
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-29562 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16513 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16483 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16594 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16591 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.1655 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16469 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-29562 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-29562
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3x6x-9d4r-bqhy |
|
| 20 |
| url |
VCID-4r7b-ugfd-8baf |
| vulnerability_id |
VCID-4r7b-ugfd-8baf |
| summary |
glibc: glibc: Incorrect DNS response parsing via crafted DNS server response |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4437 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00089 |
| scoring_system |
epss |
| scoring_elements |
0.25281 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00089 |
| scoring_system |
epss |
| scoring_elements |
0.2538 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00089 |
| scoring_system |
epss |
| scoring_elements |
0.25331 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00089 |
| scoring_system |
epss |
| scoring_elements |
0.25272 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00089 |
| scoring_system |
epss |
| scoring_elements |
0.25396 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4437 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4437
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4r7b-ugfd-8baf |
|
| 21 |
| url |
VCID-53vn-9uvh-wfa5 |
| vulnerability_id |
VCID-53vn-9uvh-wfa5 |
| summary |
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2207 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21852 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21756 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21864 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21784 |
| published_at |
2026-06-04T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21806 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21748 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2207 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2207
|
| risk_score |
1.0 |
| exploitability |
0.5 |
| weighted_severity |
2.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-53vn-9uvh-wfa5 |
|
| 22 |
| url |
VCID-56t2-kbu9-y7bf |
| vulnerability_id |
VCID-56t2-kbu9-y7bf |
| summary |
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-2961
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-56t2-kbu9-y7bf |
|
| 23 |
| url |
VCID-5vpr-3tfy-1ubj |
| vulnerability_id |
VCID-5vpr-3tfy-1ubj |
| summary |
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6040 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07187 |
| scoring_system |
epss |
| scoring_elements |
0.91734 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.07187 |
| scoring_system |
epss |
| scoring_elements |
0.91746 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.07187 |
| scoring_system |
epss |
| scoring_elements |
0.91749 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.07187 |
| scoring_system |
epss |
| scoring_elements |
0.91744 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.07187 |
| scoring_system |
epss |
| scoring_elements |
0.91743 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.07187 |
| scoring_system |
epss |
| scoring_elements |
0.91757 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6040 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6040
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5vpr-3tfy-1ubj |
|
| 24 |
|
| 25 |
| url |
VCID-6ad4-gvjc-ruf5 |
| vulnerability_id |
VCID-6ad4-gvjc-ruf5 |
| summary |
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-0395 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21792 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21902 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.2189 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21843 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21785 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-0395 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-0395
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6ad4-gvjc-ruf5 |
|
| 26 |
| url |
VCID-6fhy-sjud-6fbn |
| vulnerability_id |
VCID-6fhy-sjud-6fbn |
| summary |
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-6246 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.26964 |
| scoring_system |
epss |
| scoring_elements |
0.9648 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.26964 |
| scoring_system |
epss |
| scoring_elements |
0.9647 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.26964 |
| scoring_system |
epss |
| scoring_elements |
0.96474 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.26964 |
| scoring_system |
epss |
| scoring_elements |
0.96475 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-6246 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-6246
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6fhy-sjud-6fbn |
|
| 27 |
| url |
VCID-6gn9-gajv-a3f5 |
| vulnerability_id |
VCID-6gn9-gajv-a3f5 |
| summary |
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5156 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.17061 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.17057 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18326 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18377 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18306 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5156 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-5156
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gn9-gajv-a3f5 |
|
| 28 |
| url |
VCID-6qf6-au8n-9ue5 |
| vulnerability_id |
VCID-6qf6-au8n-9ue5 |
| summary |
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-4052 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09951 |
| scoring_system |
epss |
| scoring_elements |
0.93169 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.09951 |
| scoring_system |
epss |
| scoring_elements |
0.9318 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.09951 |
| scoring_system |
epss |
| scoring_elements |
0.93177 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.09951 |
| scoring_system |
epss |
| scoring_elements |
0.93175 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.09951 |
| scoring_system |
epss |
| scoring_elements |
0.93183 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-4052 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-4052
|
| risk_score |
0.2 |
| exploitability |
2.0 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6qf6-au8n-9ue5 |
|
| 29 |
| url |
VCID-6rs6-58ex-wuav |
| vulnerability_id |
VCID-6rs6-58ex-wuav |
| summary |
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2004-1453 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00078 |
| scoring_system |
epss |
| scoring_elements |
0.23259 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00078 |
| scoring_system |
epss |
| scoring_elements |
0.23342 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00078 |
| scoring_system |
epss |
| scoring_elements |
0.23328 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00078 |
| scoring_system |
epss |
| scoring_elements |
0.23283 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00078 |
| scoring_system |
epss |
| scoring_elements |
0.23228 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00078 |
| scoring_system |
epss |
| scoring_elements |
0.23232 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2004-1453 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2004-1453
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6rs6-58ex-wuav |
|
| 30 |
| url |
VCID-6xsd-kexk-s3b2 |
| vulnerability_id |
VCID-6xsd-kexk-s3b2 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27645 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11463 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11545 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11549 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11444 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11431 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11512 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27645 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27645
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6xsd-kexk-s3b2 |
|
| 31 |
| url |
VCID-73cu-9h8r-vuhq |
| vulnerability_id |
VCID-73cu-9h8r-vuhq |
| summary |
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-5320 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18953 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.19027 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.19026 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18984 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18912 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18933 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-5320 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-5320
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-73cu-9h8r-vuhq |
|
| 32 |
| url |
VCID-7aea-v1x1-nkd7 |
| vulnerability_id |
VCID-7aea-v1x1-nkd7 |
| summary |
ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-5064 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00091 |
| scoring_system |
epss |
| scoring_elements |
0.25618 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00091 |
| scoring_system |
epss |
| scoring_elements |
0.25719 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00091 |
| scoring_system |
epss |
| scoring_elements |
0.2571 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00091 |
| scoring_system |
epss |
| scoring_elements |
0.25664 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00091 |
| scoring_system |
epss |
| scoring_elements |
0.25605 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00091 |
| scoring_system |
epss |
| scoring_elements |
0.25613 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-5064 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-5064
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7aea-v1x1-nkd7 |
|
| 33 |
| url |
VCID-7g2v-4wjg-f3hz |
| vulnerability_id |
VCID-7g2v-4wjg-f3hz |
| summary |
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6551 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00416 |
| scoring_system |
epss |
| scoring_elements |
0.62059 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00416 |
| scoring_system |
epss |
| scoring_elements |
0.62108 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00416 |
| scoring_system |
epss |
| scoring_elements |
0.62115 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00416 |
| scoring_system |
epss |
| scoring_elements |
0.62103 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00416 |
| scoring_system |
epss |
| scoring_elements |
0.62089 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00416 |
| scoring_system |
epss |
| scoring_elements |
0.62106 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6551 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6551
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7g2v-4wjg-f3hz |
|
| 34 |
| url |
VCID-7kcq-qfgc-vkae |
| vulnerability_id |
VCID-7kcq-qfgc-vkae |
| summary |
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4043 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01643 |
| scoring_system |
epss |
| scoring_elements |
0.82297 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01643 |
| scoring_system |
epss |
| scoring_elements |
0.82326 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.01643 |
| scoring_system |
epss |
| scoring_elements |
0.82325 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01643 |
| scoring_system |
epss |
| scoring_elements |
0.82319 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.01643 |
| scoring_system |
epss |
| scoring_elements |
0.82333 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4043 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-4043
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7kcq-qfgc-vkae |
|
| 35 |
| url |
VCID-7nbj-u4gt-27g8 |
| vulnerability_id |
VCID-7nbj-u4gt-27g8 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12132 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00602 |
| scoring_system |
epss |
| scoring_elements |
0.69955 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00602 |
| scoring_system |
epss |
| scoring_elements |
0.69944 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.00602 |
| scoring_system |
epss |
| scoring_elements |
0.69932 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.00602 |
| scoring_system |
epss |
| scoring_elements |
0.69908 |
| published_at |
2026-06-04T12:55:00Z |
|
| 4 |
| value |
0.00602 |
| scoring_system |
epss |
| scoring_elements |
0.69948 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.00602 |
| scoring_system |
epss |
| scoring_elements |
0.69957 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12132 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-12132
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7nbj-u4gt-27g8 |
|
| 36 |
| url |
VCID-7w8v-q4ar-6ye1 |
| vulnerability_id |
VCID-7w8v-q4ar-6ye1 |
| summary |
privilege escalation |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-1000366 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06438 |
| scoring_system |
epss |
| scoring_elements |
0.91244 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.06438 |
| scoring_system |
epss |
| scoring_elements |
0.91233 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.06438 |
| scoring_system |
epss |
| scoring_elements |
0.91229 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.06438 |
| scoring_system |
epss |
| scoring_elements |
0.91236 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.08874 |
| scoring_system |
epss |
| scoring_elements |
0.92716 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.08874 |
| scoring_system |
epss |
| scoring_elements |
0.92704 |
| published_at |
2026-06-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-1000366 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-1000366
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7w8v-q4ar-6ye1 |
|
| 37 |
| url |
VCID-81ca-6n5b-8qd8 |
| vulnerability_id |
VCID-81ca-6n5b-8qd8 |
| summary |
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10228 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59665 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59708 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.5971 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.5969 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59715 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59718 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10228 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10228
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-81ca-6n5b-8qd8 |
|
| 38 |
| url |
VCID-82cv-69hj-53cg |
| vulnerability_id |
VCID-82cv-69hj-53cg |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43396 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69803 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69753 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69792 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69781 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69793 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69801 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43396 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43396
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-82cv-69hj-53cg |
|
| 39 |
| url |
VCID-84mp-fxcw-hkb4 |
| vulnerability_id |
VCID-84mp-fxcw-hkb4 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15671 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00231 |
| scoring_system |
epss |
| scoring_elements |
0.45968 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00231 |
| scoring_system |
epss |
| scoring_elements |
0.46006 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00231 |
| scoring_system |
epss |
| scoring_elements |
0.46041 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00231 |
| scoring_system |
epss |
| scoring_elements |
0.4602 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00231 |
| scoring_system |
epss |
| scoring_elements |
0.45994 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00231 |
| scoring_system |
epss |
| scoring_elements |
0.46037 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15671 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15671
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84mp-fxcw-hkb4 |
|
| 40 |
| url |
VCID-8g5p-9tpu-jubz |
| vulnerability_id |
VCID-8g5p-9tpu-jubz |
| summary |
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-27618 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15982 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15947 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16065 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16055 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16011 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15925 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-27618 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-27618
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8g5p-9tpu-jubz |
|
| 41 |
| url |
VCID-8nrq-v1ub-fkh9 |
| vulnerability_id |
VCID-8nrq-v1ub-fkh9 |
| summary |
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7423 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03151 |
| scoring_system |
epss |
| scoring_elements |
0.87159 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.03151 |
| scoring_system |
epss |
| scoring_elements |
0.87163 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.03151 |
| scoring_system |
epss |
| scoring_elements |
0.87161 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.03151 |
| scoring_system |
epss |
| scoring_elements |
0.87139 |
| published_at |
2026-06-04T12:55:00Z |
|
| 4 |
| value |
0.03151 |
| scoring_system |
epss |
| scoring_elements |
0.87155 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.03151 |
| scoring_system |
epss |
| scoring_elements |
0.87152 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7423 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-7423
|
| risk_score |
0.7 |
| exploitability |
0.5 |
| weighted_severity |
1.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8nrq-v1ub-fkh9 |
|
| 42 |
| url |
VCID-9h4x-29ew-j7d2 |
| vulnerability_id |
VCID-9h4x-29ew-j7d2 |
| summary |
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-6096 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04398 |
| scoring_system |
epss |
| scoring_elements |
0.89184 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.04398 |
| scoring_system |
epss |
| scoring_elements |
0.89218 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.04398 |
| scoring_system |
epss |
| scoring_elements |
0.89201 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.04398 |
| scoring_system |
epss |
| scoring_elements |
0.89202 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-6096 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-6096
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9h4x-29ew-j7d2 |
|
| 43 |
| url |
VCID-a2cw-fv3h-9qe3 |
| vulnerability_id |
VCID-a2cw-fv3h-9qe3 |
| summary |
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19126 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03241 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03251 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.0326 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03217 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03198 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03172 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19126 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-19126
|
| risk_score |
1.3 |
| exploitability |
0.5 |
| weighted_severity |
2.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a2cw-fv3h-9qe3 |
|
| 44 |
| url |
VCID-acms-1wyf-2kc9 |
| vulnerability_id |
VCID-acms-1wyf-2kc9 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33574 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0013 |
| scoring_system |
epss |
| scoring_elements |
0.31942 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0013 |
| scoring_system |
epss |
| scoring_elements |
0.31938 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.0013 |
| scoring_system |
epss |
| scoring_elements |
0.31946 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.0013 |
| scoring_system |
epss |
| scoring_elements |
0.31915 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.0013 |
| scoring_system |
epss |
| scoring_elements |
0.32014 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.0013 |
| scoring_system |
epss |
| scoring_elements |
0.31984 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33574 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33574
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-acms-1wyf-2kc9 |
|
| 45 |
| url |
VCID-afed-ypyc-vuh5 |
| vulnerability_id |
VCID-afed-ypyc-vuh5 |
| summary |
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1752 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35164 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35271 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.3528 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35244 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35204 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35224 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1752 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1752
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-afed-ypyc-vuh5 |
|
| 46 |
| url |
VCID-apgy-4uh6-kuaf |
| vulnerability_id |
VCID-apgy-4uh6-kuaf |
| summary |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15804 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00207 |
| scoring_system |
epss |
| scoring_elements |
0.43053 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00207 |
| scoring_system |
epss |
| scoring_elements |
0.43089 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00207 |
| scoring_system |
epss |
| scoring_elements |
0.43113 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00207 |
| scoring_system |
epss |
| scoring_elements |
0.43078 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00207 |
| scoring_system |
epss |
| scoring_elements |
0.43126 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.00207 |
| scoring_system |
epss |
| scoring_elements |
0.43135 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15804 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15804
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-apgy-4uh6-kuaf |
|
| 47 |
| url |
VCID-azfr-cppp-eudd |
| vulnerability_id |
VCID-azfr-cppp-eudd |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3999 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.7525 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.75214 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.75243 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.75246 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.75238 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.75224 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3999 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3999
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-azfr-cppp-eudd |
|
| 48 |
| url |
VCID-b9qk-mwfn-bye8 |
| vulnerability_id |
VCID-b9qk-mwfn-bye8 |
| summary |
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11236 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00893 |
| scoring_system |
epss |
| scoring_elements |
0.75955 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00893 |
| scoring_system |
epss |
| scoring_elements |
0.75981 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00893 |
| scoring_system |
epss |
| scoring_elements |
0.7598 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00893 |
| scoring_system |
epss |
| scoring_elements |
0.75972 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00893 |
| scoring_system |
epss |
| scoring_elements |
0.75958 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00893 |
| scoring_system |
epss |
| scoring_elements |
0.75983 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11236 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-11236
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b9qk-mwfn-bye8 |
|
| 49 |
| url |
VCID-bakc-7ut6-c7f9 |
| vulnerability_id |
VCID-bakc-7ut6-c7f9 |
| summary |
The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-5745 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.49052 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.49086 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.49069 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.49039 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.49076 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-5745 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-5745
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bakc-7ut6-c7f9 |
|
| 50 |
| url |
VCID-bere-mqmy-wyf7 |
| vulnerability_id |
VCID-bere-mqmy-wyf7 |
| summary |
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-25013 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00805 |
| scoring_system |
epss |
| scoring_elements |
0.74525 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00805 |
| scoring_system |
epss |
| scoring_elements |
0.74489 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00805 |
| scoring_system |
epss |
| scoring_elements |
0.74522 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00805 |
| scoring_system |
epss |
| scoring_elements |
0.74527 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00805 |
| scoring_system |
epss |
| scoring_elements |
0.74498 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00805 |
| scoring_system |
epss |
| scoring_elements |
0.74516 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-25013 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-25013
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bere-mqmy-wyf7 |
|
| 51 |
| url |
VCID-bsxa-qtjz-1yhy |
| vulnerability_id |
VCID-bsxa-qtjz-1yhy |
| summary |
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5229 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.77376 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.77377 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.77366 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.77337 |
| published_at |
2026-06-04T12:55:00Z |
|
| 4 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.77365 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.77356 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5229 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5229
|
| risk_score |
1.0 |
| exploitability |
0.5 |
| weighted_severity |
2.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bsxa-qtjz-1yhy |
|
| 52 |
| url |
VCID-bxej-s2de-7bcx |
| vulnerability_id |
VCID-bxej-s2de-7bcx |
| summary |
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2005-3590 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00426 |
| scoring_system |
epss |
| scoring_elements |
0.62572 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00426 |
| scoring_system |
epss |
| scoring_elements |
0.62617 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00426 |
| scoring_system |
epss |
| scoring_elements |
0.62626 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00426 |
| scoring_system |
epss |
| scoring_elements |
0.62615 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.00426 |
| scoring_system |
epss |
| scoring_elements |
0.62601 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2005-3590 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2005-3590
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bxej-s2de-7bcx |
|
| 53 |
| url |
VCID-bym2-2yfa-cuew |
| vulnerability_id |
VCID-bym2-2yfa-cuew |
| summary |
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-1367
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bym2-2yfa-cuew |
|
| 54 |
| url |
VCID-c2nw-cnbx-wfge |
| vulnerability_id |
VCID-c2nw-cnbx-wfge |
| summary |
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5180 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70469 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70446 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70425 |
| published_at |
2026-06-04T12:55:00Z |
|
| 3 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70467 |
| published_at |
2026-06-05T12:55:00Z |
|
| 4 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70476 |
| published_at |
2026-06-06T12:55:00Z |
|
| 5 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70458 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5180 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5180
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nw-cnbx-wfge |
|
| 55 |
| url |
VCID-cbj9-1a8p-pbh9 |
| vulnerability_id |
VCID-cbj9-1a8p-pbh9 |
| summary |
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-3075 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12185 |
| scoring_system |
epss |
| scoring_elements |
0.93964 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.12185 |
| scoring_system |
epss |
| scoring_elements |
0.93973 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.12185 |
| scoring_system |
epss |
| scoring_elements |
0.93972 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.12185 |
| scoring_system |
epss |
| scoring_elements |
0.93978 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-3075 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-3075
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cbj9-1a8p-pbh9 |
|
| 56 |
| url |
VCID-cc6k-sdsc-rkhv |
| vulnerability_id |
VCID-cc6k-sdsc-rkhv |
| summary |
nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-33601 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00309 |
| scoring_system |
epss |
| scoring_elements |
0.54391 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00309 |
| scoring_system |
epss |
| scoring_elements |
0.54395 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00309 |
| scoring_system |
epss |
| scoring_elements |
0.54404 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00309 |
| scoring_system |
epss |
| scoring_elements |
0.54393 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00309 |
| scoring_system |
epss |
| scoring_elements |
0.5437 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-33601 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-33601
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cc6k-sdsc-rkhv |
|
| 57 |
|
| 58 |
| url |
VCID-d6t6-2367-sybe |
| vulnerability_id |
VCID-d6t6-2367-sybe |
| summary |
glibc: glibc: Denial of Service via iconv() function with specific character sets |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4046 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.2382 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24422 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24526 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.2447 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24411 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4046 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4046
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d6t6-2367-sybe |
|
| 59 |
| url |
VCID-d7xc-3pn9-57ca |
| vulnerability_id |
VCID-d7xc-3pn9-57ca |
| summary |
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3404 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.69978 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70019 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70028 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70015 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70003 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70027 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3404 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3404
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d7xc-3pn9-57ca |
|
| 60 |
| url |
VCID-dktf-ugy5-uyfx |
| vulnerability_id |
VCID-dktf-ugy5-uyfx |
| summary |
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-4412 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.18703 |
| scoring_system |
epss |
| scoring_elements |
0.95403 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.18703 |
| scoring_system |
epss |
| scoring_elements |
0.9541 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.18703 |
| scoring_system |
epss |
| scoring_elements |
0.95413 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.18703 |
| scoring_system |
epss |
| scoring_elements |
0.95415 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.18703 |
| scoring_system |
epss |
| scoring_elements |
0.95416 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.18703 |
| scoring_system |
epss |
| scoring_elements |
0.9542 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-4412 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-4412
|
| risk_score |
0.4 |
| exploitability |
2.0 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dktf-ugy5-uyfx |
|
| 61 |
| url |
VCID-dssa-k6r1-qbcs |
| vulnerability_id |
VCID-dssa-k6r1-qbcs |
| summary |
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-3847 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12375 |
| scoring_system |
epss |
| scoring_elements |
0.94021 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.12375 |
| scoring_system |
epss |
| scoring_elements |
0.9403 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.12375 |
| scoring_system |
epss |
| scoring_elements |
0.94029 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.12375 |
| scoring_system |
epss |
| scoring_elements |
0.94031 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.12375 |
| scoring_system |
epss |
| scoring_elements |
0.94035 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-3847 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-3847
|
| risk_score |
0.2 |
| exploitability |
2.0 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dssa-k6r1-qbcs |
|
| 62 |
| url |
VCID-dv2c-j553-affy |
| vulnerability_id |
VCID-dv2c-j553-affy |
| summary |
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-17426 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58279 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58327 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58336 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58326 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58311 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5833 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-17426 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-17426
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dv2c-j553-affy |
|
| 63 |
| url |
VCID-dz7p-tfgn-jqbk |
| vulnerability_id |
VCID-dz7p-tfgn-jqbk |
| summary |
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2004-0968 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22073 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22157 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22143 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22095 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22039 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22049 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2004-0968 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2004-0968
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dz7p-tfgn-jqbk |
|
| 64 |
| url |
VCID-dzc2-p6yt-qbc1 |
| vulnerability_id |
VCID-dzc2-p6yt-qbc1 |
| summary |
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9984 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.005 |
| scoring_system |
epss |
| scoring_elements |
0.66298 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.005 |
| scoring_system |
epss |
| scoring_elements |
0.66347 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.005 |
| scoring_system |
epss |
| scoring_elements |
0.66342 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.005 |
| scoring_system |
epss |
| scoring_elements |
0.66329 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.005 |
| scoring_system |
epss |
| scoring_elements |
0.66349 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.005 |
| scoring_system |
epss |
| scoring_elements |
0.66357 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9984 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-9984
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dzc2-p6yt-qbc1 |
|
| 65 |
| url |
VCID-e7su-s12u-g3hj |
| vulnerability_id |
VCID-e7su-s12u-g3hj |
| summary |
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1089 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25031 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25127 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25115 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25062 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25005 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25014 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1089 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1089
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e7su-s12u-g3hj |
|
| 66 |
| url |
VCID-ebp1-kx62-cua3 |
| vulnerability_id |
VCID-ebp1-kx62-cua3 |
| summary |
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5277 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27528 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27594 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27543 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27505 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27456 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27463 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5277 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5277
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ebp1-kx62-cua3 |
|
| 67 |
| url |
VCID-emca-vpvn-4udy |
| vulnerability_id |
VCID-emca-vpvn-4udy |
| summary |
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8985 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00198 |
| scoring_system |
epss |
| scoring_elements |
0.41871 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.00198 |
| scoring_system |
epss |
| scoring_elements |
0.41816 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00198 |
| scoring_system |
epss |
| scoring_elements |
0.41861 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00198 |
| scoring_system |
epss |
| scoring_elements |
0.41785 |
| published_at |
2026-06-04T12:55:00Z |
|
| 4 |
| value |
0.00198 |
| scoring_system |
epss |
| scoring_elements |
0.41842 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00198 |
| scoring_system |
epss |
| scoring_elements |
0.41807 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8985 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8985
|
| risk_score |
1.2 |
| exploitability |
0.5 |
| weighted_severity |
2.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-emca-vpvn-4udy |
|
| 68 |
| url |
VCID-eytx-2cgx-h7dq |
| vulnerability_id |
VCID-eytx-2cgx-h7dq |
| summary |
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9402 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.087 |
| scoring_system |
epss |
| scoring_elements |
0.9263 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.087 |
| scoring_system |
epss |
| scoring_elements |
0.92643 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.087 |
| scoring_system |
epss |
| scoring_elements |
0.92639 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.087 |
| scoring_system |
epss |
| scoring_elements |
0.92634 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.087 |
| scoring_system |
epss |
| scoring_elements |
0.92633 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.087 |
| scoring_system |
epss |
| scoring_elements |
0.92651 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9402 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-9402
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eytx-2cgx-h7dq |
|
| 69 |
| url |
VCID-fghb-r6dz-4bgq |
| vulnerability_id |
VCID-fghb-r6dz-4bgq |
| summary |
glibc: Integer overflow in memalign leads to heap corruption |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-0861 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01788 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01805 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.0181 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01806 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01796 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-0861 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-0861
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fghb-r6dz-4bgq |
|
| 70 |
| url |
VCID-fj14-vpgu-hueq |
| vulnerability_id |
VCID-fj14-vpgu-hueq |
| summary |
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0242 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02113 |
| scoring_system |
epss |
| scoring_elements |
0.84425 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.02113 |
| scoring_system |
epss |
| scoring_elements |
0.84449 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.02113 |
| scoring_system |
epss |
| scoring_elements |
0.84452 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.02113 |
| scoring_system |
epss |
| scoring_elements |
0.84444 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.02113 |
| scoring_system |
epss |
| scoring_elements |
0.84432 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.02113 |
| scoring_system |
epss |
| scoring_elements |
0.84446 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0242 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-0242
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fj14-vpgu-hueq |
|
| 71 |
| url |
VCID-fp49-gns3-fucs |
| vulnerability_id |
VCID-fp49-gns3-fucs |
| summary |
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4813 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.54 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56855 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56848 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56843 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56828 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4813 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-4813
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fp49-gns3-fucs |
|
| 72 |
| url |
VCID-fsh6-jzwp-ffgv |
| vulnerability_id |
VCID-fsh6-jzwp-ffgv |
| summary |
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-1000409 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00883 |
| scoring_system |
epss |
| scoring_elements |
0.75783 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00883 |
| scoring_system |
epss |
| scoring_elements |
0.7581 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00883 |
| scoring_system |
epss |
| scoring_elements |
0.75807 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00883 |
| scoring_system |
epss |
| scoring_elements |
0.75798 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00883 |
| scoring_system |
epss |
| scoring_elements |
0.75785 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-1000409 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-1000409
|
| risk_score |
8.4 |
| exploitability |
2.0 |
| weighted_severity |
4.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fsh6-jzwp-ffgv |
|
| 73 |
| url |
VCID-g3cq-r59a-mkb1 |
| vulnerability_id |
VCID-g3cq-r59a-mkb1 |
| summary |
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-7817 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00158 |
| scoring_system |
epss |
| scoring_elements |
0.36326 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00158 |
| scoring_system |
epss |
| scoring_elements |
0.36419 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00158 |
| scoring_system |
epss |
| scoring_elements |
0.36428 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00158 |
| scoring_system |
epss |
| scoring_elements |
0.36392 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00158 |
| scoring_system |
epss |
| scoring_elements |
0.36356 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00158 |
| scoring_system |
epss |
| scoring_elements |
0.36367 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-7817 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-7817
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g3cq-r59a-mkb1 |
|
| 74 |
| url |
VCID-g3x3-cbdh-bkbt |
| vulnerability_id |
VCID-g3x3-cbdh-bkbt |
| summary |
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-6779 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00654 |
| scoring_system |
epss |
| scoring_elements |
0.71349 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00654 |
| scoring_system |
epss |
| scoring_elements |
0.71355 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00654 |
| scoring_system |
epss |
| scoring_elements |
0.71362 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00654 |
| scoring_system |
epss |
| scoring_elements |
0.7134 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00654 |
| scoring_system |
epss |
| scoring_elements |
0.71325 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-6779 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-6779
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g3x3-cbdh-bkbt |
|
| 75 |
| url |
VCID-gafg-4bmz-53g7 |
| vulnerability_id |
VCID-gafg-4bmz-53g7 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3998 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34692 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3467 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34704 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3474 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34723 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34626 |
| published_at |
2026-06-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3998 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3998
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gafg-4bmz-53g7 |
|
| 76 |
| url |
VCID-gzgv-8us3-n3cy |
| vulnerability_id |
VCID-gzgv-8us3-n3cy |
| summary |
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0235 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.8487 |
| scoring_system |
epss |
| scoring_elements |
0.9936 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.8487 |
| scoring_system |
epss |
| scoring_elements |
0.99361 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.8487 |
| scoring_system |
epss |
| scoring_elements |
0.99363 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.8487 |
| scoring_system |
epss |
| scoring_elements |
0.99362 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0235 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-0235
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gzgv-8us3-n3cy |
|
| 77 |
| url |
VCID-h47h-um3s-mfe6 |
| vulnerability_id |
VCID-h47h-um3s-mfe6 |
| summary |
glibc: glibc: Information disclosure via zero-valued network query |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-0915 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06743 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06795 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06783 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.0674 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06791 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-0915 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-0915
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h47h-um3s-mfe6 |
|
| 78 |
| url |
VCID-h94s-jccg-fka8 |
| vulnerability_id |
VCID-h94s-jccg-fka8 |
| summary |
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01645 |
| scoring_system |
epss |
| scoring_elements |
0.82311 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01645 |
| scoring_system |
epss |
| scoring_elements |
0.82341 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01645 |
| scoring_system |
epss |
| scoring_elements |
0.8234 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.01645 |
| scoring_system |
epss |
| scoring_elements |
0.82334 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.01645 |
| scoring_system |
epss |
| scoring_elements |
0.82347 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4332 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4332
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h94s-jccg-fka8 |
|
| 79 |
| url |
VCID-h9ms-69tu-dfas |
| vulnerability_id |
VCID-h9ms-69tu-dfas |
| summary |
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4527 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.29315 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.2937 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.29335 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.29301 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.29405 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4527 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-4527
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h9ms-69tu-dfas |
|
| 80 |
| url |
VCID-hxh7-dm6e-s7hf |
| vulnerability_id |
VCID-hxh7-dm6e-s7hf |
| summary |
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-5029 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02765 |
| scoring_system |
epss |
| scoring_elements |
0.863 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.02765 |
| scoring_system |
epss |
| scoring_elements |
0.86321 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.02765 |
| scoring_system |
epss |
| scoring_elements |
0.86323 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.02765 |
| scoring_system |
epss |
| scoring_elements |
0.86319 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.02765 |
| scoring_system |
epss |
| scoring_elements |
0.86307 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-5029 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-5029
|
| risk_score |
null |
| exploitability |
2.0 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hxh7-dm6e-s7hf |
|
| 81 |
| url |
VCID-hz55-3fhh-fkc7 |
| vulnerability_id |
VCID-hz55-3fhh-fkc7 |
| summary |
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-38604 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27476 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27542 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27608 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27558 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27519 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.27469 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-38604 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-38604
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hz55-3fhh-fkc7 |
|
| 82 |
| url |
VCID-j2vs-cs9y-rff9 |
| vulnerability_id |
VCID-j2vs-cs9y-rff9 |
| summary |
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3405 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.71631 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.71675 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.71681 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.71657 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.71643 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.71665 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3405 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3405
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j2vs-cs9y-rff9 |
|
| 83 |
| url |
VCID-jaz3-28r8-hkem |
| vulnerability_id |
VCID-jaz3-28r8-hkem |
| summary |
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8779 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03578 |
| scoring_system |
epss |
| scoring_elements |
0.87947 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03578 |
| scoring_system |
epss |
| scoring_elements |
0.87968 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.03578 |
| scoring_system |
epss |
| scoring_elements |
0.87972 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.03578 |
| scoring_system |
epss |
| scoring_elements |
0.87973 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.03578 |
| scoring_system |
epss |
| scoring_elements |
0.87986 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8779 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8779
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jaz3-28r8-hkem |
|
| 84 |
| url |
VCID-jm7d-y58k-uffb |
| vulnerability_id |
VCID-jm7d-y58k-uffb |
| summary |
The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6488 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35141 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35239 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35252 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35216 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.3518 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35201 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6488 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6488
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7d-y58k-uffb |
|
| 85 |
| url |
VCID-jsgc-nmz7-xfe9 |
| vulnerability_id |
VCID-jsgc-nmz7-xfe9 |
| summary |
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6656 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01184 |
| scoring_system |
epss |
| scoring_elements |
0.7912 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01184 |
| scoring_system |
epss |
| scoring_elements |
0.79146 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01184 |
| scoring_system |
epss |
| scoring_elements |
0.79152 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01184 |
| scoring_system |
epss |
| scoring_elements |
0.79143 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01184 |
| scoring_system |
epss |
| scoring_elements |
0.79132 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01184 |
| scoring_system |
epss |
| scoring_elements |
0.7915 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6656 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-6656
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jsgc-nmz7-xfe9 |
|
| 86 |
| url |
VCID-k3dm-nwqb-87ht |
| vulnerability_id |
VCID-k3dm-nwqb-87ht |
| summary |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-3706 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02478 |
| scoring_system |
epss |
| scoring_elements |
0.85559 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.02478 |
| scoring_system |
epss |
| scoring_elements |
0.85581 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.02478 |
| scoring_system |
epss |
| scoring_elements |
0.85586 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.02478 |
| scoring_system |
epss |
| scoring_elements |
0.85582 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.02478 |
| scoring_system |
epss |
| scoring_elements |
0.85568 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-3706 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-3706
|
| risk_score |
1.2 |
| exploitability |
0.5 |
| weighted_severity |
2.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k3dm-nwqb-87ht |
|
| 87 |
| url |
VCID-k8qs-j3ym-z7cp |
| vulnerability_id |
VCID-k8qs-j3ym-z7cp |
| summary |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4911 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.60911 |
| scoring_system |
epss |
| scoring_elements |
0.9833 |
| published_at |
2026-06-07T12:55:00Z |
|
| 1 |
| value |
0.62198 |
| scoring_system |
epss |
| scoring_elements |
0.98383 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
0.6505 |
| scoring_system |
epss |
| scoring_elements |
0.98497 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.6505 |
| scoring_system |
epss |
| scoring_elements |
0.98496 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.71554 |
| scoring_system |
epss |
| scoring_elements |
0.98749 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4911 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-4911
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8qs-j3ym-z7cp |
|
| 88 |
| url |
VCID-kbz7-rjq7-dkh1 |
| vulnerability_id |
VCID-kbz7-rjq7-dkh1 |
| summary |
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-33602 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72996 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72993 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.73001 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72984 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72971 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-33602 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-33602
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kbz7-rjq7-dkh1 |
|
| 89 |
| url |
VCID-kgtk-hhsx-akdn |
| vulnerability_id |
VCID-kgtk-hhsx-akdn |
| summary |
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-20109 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.09494 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.0951 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.09539 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.0948 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.09537 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.09557 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-20109 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-20109
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgtk-hhsx-akdn |
|
| 90 |
| url |
VCID-kvqk-3qrf-bkb9 |
| vulnerability_id |
VCID-kvqk-3qrf-bkb9 |
| summary |
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01266 |
| scoring_system |
epss |
| scoring_elements |
0.79793 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01266 |
| scoring_system |
epss |
| scoring_elements |
0.79819 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01266 |
| scoring_system |
epss |
| scoring_elements |
0.79824 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01266 |
| scoring_system |
epss |
| scoring_elements |
0.7982 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01266 |
| scoring_system |
epss |
| scoring_elements |
0.79809 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01266 |
| scoring_system |
epss |
| scoring_elements |
0.79828 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1234 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-1234
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kvqk-3qrf-bkb9 |
|
| 91 |
| url |
VCID-kwce-1b4n-v3e1 |
| vulnerability_id |
VCID-kwce-1b4n-v3e1 |
| summary |
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8777 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.21228 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.21307 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.21293 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.21246 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.21182 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.21191 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8777 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8777
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kwce-1b4n-v3e1 |
|
| 92 |
| url |
VCID-m6hh-h5w1-a7cg |
| vulnerability_id |
VCID-m6hh-h5w1-a7cg |
| summary |
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2002-0684 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03647 |
| scoring_system |
epss |
| scoring_elements |
0.88064 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03647 |
| scoring_system |
epss |
| scoring_elements |
0.88085 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.03647 |
| scoring_system |
epss |
| scoring_elements |
0.88088 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.03647 |
| scoring_system |
epss |
| scoring_elements |
0.88087 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.03647 |
| scoring_system |
epss |
| scoring_elements |
0.88089 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.03647 |
| scoring_system |
epss |
| scoring_elements |
0.88103 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2002-0684 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2002-0684
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m6hh-h5w1-a7cg |
|
| 93 |
| url |
VCID-mbpn-2qcw-kyeu |
| vulnerability_id |
VCID-mbpn-2qcw-kyeu |
| summary |
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7547
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mbpn-2qcw-kyeu |
|
| 94 |
| url |
VCID-mfgv-kmpw-n3aq |
| vulnerability_id |
VCID-mfgv-kmpw-n3aq |
| summary |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4458 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01201 |
| scoring_system |
epss |
| scoring_elements |
0.79252 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01201 |
| scoring_system |
epss |
| scoring_elements |
0.79278 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01201 |
| scoring_system |
epss |
| scoring_elements |
0.79284 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01201 |
| scoring_system |
epss |
| scoring_elements |
0.79276 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01201 |
| scoring_system |
epss |
| scoring_elements |
0.79265 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01201 |
| scoring_system |
epss |
| scoring_elements |
0.79283 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4458 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4458
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mfgv-kmpw-n3aq |
|
| 95 |
| url |
VCID-mktr-7p6g-3kfz |
| vulnerability_id |
VCID-mktr-7p6g-3kfz |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15670 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44325 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44354 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44402 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44378 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44343 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44394 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15670 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15670
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mktr-7p6g-3kfz |
|
| 96 |
| url |
VCID-n4nj-7v35-j3en |
| vulnerability_id |
VCID-n4nj-7v35-j3en |
| summary |
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2002-1146 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10184 |
| scoring_system |
epss |
| scoring_elements |
0.93262 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.10184 |
| scoring_system |
epss |
| scoring_elements |
0.93273 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.10184 |
| scoring_system |
epss |
| scoring_elements |
0.93271 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.10184 |
| scoring_system |
epss |
| scoring_elements |
0.93269 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.10184 |
| scoring_system |
epss |
| scoring_elements |
0.93277 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2002-1146 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2002-1146
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n4nj-7v35-j3en |
|
| 97 |
| url |
VCID-n8su-p17r-37eh |
| vulnerability_id |
VCID-n8su-p17r-37eh |
| summary |
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9761 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01513 |
| scoring_system |
epss |
| scoring_elements |
0.81542 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01513 |
| scoring_system |
epss |
| scoring_elements |
0.8157 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01513 |
| scoring_system |
epss |
| scoring_elements |
0.81572 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01513 |
| scoring_system |
epss |
| scoring_elements |
0.81571 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01513 |
| scoring_system |
epss |
| scoring_elements |
0.81564 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01513 |
| scoring_system |
epss |
| scoring_elements |
0.8158 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9761 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-9761
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n8su-p17r-37eh |
|
| 98 |
| url |
VCID-ncbm-qsm4-3uav |
| vulnerability_id |
VCID-ncbm-qsm4-3uav |
| summary |
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3508 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16151 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16235 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16226 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16183 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16098 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16121 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3508 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-3508
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ncbm-qsm4-3uav |
|
| 99 |
| url |
VCID-nhbt-chwf-7feb |
| vulnerability_id |
VCID-nhbt-chwf-7feb |
| summary |
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8983 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00525 |
| scoring_system |
epss |
| scoring_elements |
0.67389 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.00525 |
| scoring_system |
epss |
| scoring_elements |
0.67377 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00525 |
| scoring_system |
epss |
| scoring_elements |
0.67381 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00525 |
| scoring_system |
epss |
| scoring_elements |
0.6734 |
| published_at |
2026-06-04T12:55:00Z |
|
| 4 |
| value |
0.00525 |
| scoring_system |
epss |
| scoring_elements |
0.67378 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00525 |
| scoring_system |
epss |
| scoring_elements |
0.67361 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8983 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8983
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbt-chwf-7feb |
|
| 100 |
| url |
VCID-ny2u-wfzd-xbgh |
| vulnerability_id |
VCID-ny2u-wfzd-xbgh |
| summary |
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1472 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03056 |
| scoring_system |
epss |
| scoring_elements |
0.86954 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03056 |
| scoring_system |
epss |
| scoring_elements |
0.86977 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.03056 |
| scoring_system |
epss |
| scoring_elements |
0.86974 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.03056 |
| scoring_system |
epss |
| scoring_elements |
0.86969 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.03056 |
| scoring_system |
epss |
| scoring_elements |
0.8696 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.03056 |
| scoring_system |
epss |
| scoring_elements |
0.86971 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1472 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1472
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ny2u-wfzd-xbgh |
|
| 101 |
| url |
VCID-nybp-rf51-7fh9 |
| vulnerability_id |
VCID-nybp-rf51-7fh9 |
| summary |
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-0122 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01722 |
| scoring_system |
epss |
| scoring_elements |
0.82746 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01722 |
| scoring_system |
epss |
| scoring_elements |
0.82771 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01722 |
| scoring_system |
epss |
| scoring_elements |
0.8277 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01722 |
| scoring_system |
epss |
| scoring_elements |
0.82768 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01722 |
| scoring_system |
epss |
| scoring_elements |
0.82761 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01722 |
| scoring_system |
epss |
| scoring_elements |
0.82774 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-0122 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-0122
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nybp-rf51-7fh9 |
|
| 102 |
| url |
VCID-p17s-aese-fbcy |
| vulnerability_id |
VCID-p17s-aese-fbcy |
| summary |
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4840 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01408 |
| scoring_system |
epss |
| scoring_elements |
0.80823 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01408 |
| scoring_system |
epss |
| scoring_elements |
0.8085 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01408 |
| scoring_system |
epss |
| scoring_elements |
0.80852 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01408 |
| scoring_system |
epss |
| scoring_elements |
0.80849 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01408 |
| scoring_system |
epss |
| scoring_elements |
0.80845 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01408 |
| scoring_system |
epss |
| scoring_elements |
0.80864 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4840 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-4840
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p17s-aese-fbcy |
|
| 103 |
| url |
VCID-pedx-t3ee-q7hd |
| vulnerability_id |
VCID-pedx-t3ee-q7hd |
| summary |
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2856 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00684 |
| scoring_system |
epss |
| scoring_elements |
0.72063 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00684 |
| scoring_system |
epss |
| scoring_elements |
0.72104 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00684 |
| scoring_system |
epss |
| scoring_elements |
0.72111 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00684 |
| scoring_system |
epss |
| scoring_elements |
0.72088 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00684 |
| scoring_system |
epss |
| scoring_elements |
0.72075 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00684 |
| scoring_system |
epss |
| scoring_elements |
0.72099 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2856 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2856
|
| risk_score |
null |
| exploitability |
2.0 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pedx-t3ee-q7hd |
|
| 104 |
| url |
VCID-pjtk-9q7b-1yg4 |
| vulnerability_id |
VCID-pjtk-9q7b-1yg4 |
| summary |
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4429 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01265 |
| scoring_system |
epss |
| scoring_elements |
0.79783 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01265 |
| scoring_system |
epss |
| scoring_elements |
0.79808 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.01265 |
| scoring_system |
epss |
| scoring_elements |
0.79816 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.01265 |
| scoring_system |
epss |
| scoring_elements |
0.79813 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.01265 |
| scoring_system |
epss |
| scoring_elements |
0.79797 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4429 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-4429
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pjtk-9q7b-1yg4 |
|
| 105 |
| url |
VCID-pn4v-xu2f-nqcr |
| vulnerability_id |
VCID-pn4v-xu2f-nqcr |
| summary |
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2702 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03354 |
| scoring_system |
epss |
| scoring_elements |
0.87549 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03354 |
| scoring_system |
epss |
| scoring_elements |
0.87569 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.03354 |
| scoring_system |
epss |
| scoring_elements |
0.87568 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.03354 |
| scoring_system |
epss |
| scoring_elements |
0.87567 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.03354 |
| scoring_system |
epss |
| scoring_elements |
0.87579 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2702 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2702
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pn4v-xu2f-nqcr |
|
| 106 |
| url |
VCID-pt1g-bsa8-nkeq |
| vulnerability_id |
VCID-pt1g-bsa8-nkeq |
| summary |
glibc: nscd client crash on x86_64 under high nscd load |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-3904 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03964 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03992 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03988 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03976 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03949 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-3904 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3904
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pt1g-bsa8-nkeq |
|
| 107 |
| url |
VCID-qfp1-rdeb-qkd7 |
| vulnerability_id |
VCID-qfp1-rdeb-qkd7 |
| summary |
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8121 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02531 |
| scoring_system |
epss |
| scoring_elements |
0.85714 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.02531 |
| scoring_system |
epss |
| scoring_elements |
0.85736 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.02531 |
| scoring_system |
epss |
| scoring_elements |
0.85739 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.02531 |
| scoring_system |
epss |
| scoring_elements |
0.8572 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.02531 |
| scoring_system |
epss |
| scoring_elements |
0.85735 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8121 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8121
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qfp1-rdeb-qkd7 |
|
| 108 |
| url |
VCID-quga-hwmb-p7d4 |
| vulnerability_id |
VCID-quga-hwmb-p7d4 |
| summary |
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1391 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.19061 |
| scoring_system |
epss |
| scoring_elements |
0.95454 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.19061 |
| scoring_system |
epss |
| scoring_elements |
0.95462 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.19061 |
| scoring_system |
epss |
| scoring_elements |
0.95465 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.19061 |
| scoring_system |
epss |
| scoring_elements |
0.95467 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.19061 |
| scoring_system |
epss |
| scoring_elements |
0.95468 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.19061 |
| scoring_system |
epss |
| scoring_elements |
0.95471 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1391 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1391
|
| risk_score |
0.4 |
| exploitability |
2.0 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-quga-hwmb-p7d4 |
|
| 109 |
| url |
VCID-quud-q7ad-bqac |
| vulnerability_id |
VCID-quud-q7ad-bqac |
| summary |
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8984 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00756 |
| scoring_system |
epss |
| scoring_elements |
0.73622 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00756 |
| scoring_system |
epss |
| scoring_elements |
0.73658 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00756 |
| scoring_system |
epss |
| scoring_elements |
0.73663 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00756 |
| scoring_system |
epss |
| scoring_elements |
0.73649 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00756 |
| scoring_system |
epss |
| scoring_elements |
0.73635 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00756 |
| scoring_system |
epss |
| scoring_elements |
0.73661 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8984 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8984
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-quud-q7ad-bqac |
|
| 110 |
| url |
VCID-qzyp-tgvz-33bz |
| vulnerability_id |
VCID-qzyp-tgvz-33bz |
| summary |
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-3856 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0894 |
| scoring_system |
epss |
| scoring_elements |
0.9274 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0894 |
| scoring_system |
epss |
| scoring_elements |
0.92753 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0894 |
| scoring_system |
epss |
| scoring_elements |
0.92748 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0894 |
| scoring_system |
epss |
| scoring_elements |
0.92743 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0894 |
| scoring_system |
epss |
| scoring_elements |
0.92741 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0894 |
| scoring_system |
epss |
| scoring_elements |
0.92756 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-3856 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-3856
|
| risk_score |
0.2 |
| exploitability |
2.0 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qzyp-tgvz-33bz |
|
| 111 |
| url |
VCID-r1ng-6g8f-6uen |
| vulnerability_id |
VCID-r1ng-6g8f-6uen |
| summary |
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0475 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00782 |
| scoring_system |
epss |
| scoring_elements |
0.7408 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00782 |
| scoring_system |
epss |
| scoring_elements |
0.74113 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00782 |
| scoring_system |
epss |
| scoring_elements |
0.74117 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00782 |
| scoring_system |
epss |
| scoring_elements |
0.74103 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00782 |
| scoring_system |
epss |
| scoring_elements |
0.74086 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00782 |
| scoring_system |
epss |
| scoring_elements |
0.74112 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0475 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-0475
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r1ng-6g8f-6uen |
|
| 112 |
| url |
VCID-ruh4-v4wr-1kev |
| vulnerability_id |
VCID-ruh4-v4wr-1kev |
| summary |
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8776 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03617 |
| scoring_system |
epss |
| scoring_elements |
0.88001 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03617 |
| scoring_system |
epss |
| scoring_elements |
0.88022 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.03617 |
| scoring_system |
epss |
| scoring_elements |
0.88025 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.03617 |
| scoring_system |
epss |
| scoring_elements |
0.88024 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.03617 |
| scoring_system |
epss |
| scoring_elements |
0.88026 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.03617 |
| scoring_system |
epss |
| scoring_elements |
0.8804 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8776 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8776
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ruh4-v4wr-1kev |
|
| 113 |
| url |
VCID-s7ey-87wh-cyca |
| vulnerability_id |
VCID-s7ey-87wh-cyca |
| summary |
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2003-0689 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00891 |
| scoring_system |
epss |
| scoring_elements |
0.75912 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00891 |
| scoring_system |
epss |
| scoring_elements |
0.75938 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00891 |
| scoring_system |
epss |
| scoring_elements |
0.7593 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00891 |
| scoring_system |
epss |
| scoring_elements |
0.75916 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00891 |
| scoring_system |
epss |
| scoring_elements |
0.75941 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2003-0689 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2003-0689
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s7ey-87wh-cyca |
|
| 114 |
| url |
VCID-s7m6-x9tu-w7e6 |
| vulnerability_id |
VCID-s7m6-x9tu-w7e6 |
| summary |
|
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-25139 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.35668 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.35771 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00163 |
| scoring_system |
epss |
| scoring_elements |
0.3702 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00163 |
| scoring_system |
epss |
| scoring_elements |
0.37053 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00163 |
| scoring_system |
epss |
| scoring_elements |
0.36994 |
| published_at |
2026-06-09T12:55:00Z |
|
| 5 |
| value |
0.00163 |
| scoring_system |
epss |
| scoring_elements |
0.36981 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-25139 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-25139
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s7m6-x9tu-w7e6 |
|
| 115 |
| url |
VCID-se8u-v1se-2bef |
| vulnerability_id |
VCID-se8u-v1se-2bef |
| summary |
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0015 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01544 |
| scoring_system |
epss |
| scoring_elements |
0.81717 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01544 |
| scoring_system |
epss |
| scoring_elements |
0.81747 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.01544 |
| scoring_system |
epss |
| scoring_elements |
0.81748 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.01544 |
| scoring_system |
epss |
| scoring_elements |
0.81742 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.01544 |
| scoring_system |
epss |
| scoring_elements |
0.81756 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0015 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0015
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-se8u-v1se-2bef |
|
| 116 |
| url |
VCID-shsv-21rq-bkg8 |
| vulnerability_id |
VCID-shsv-21rq-bkg8 |
| summary |
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-8058 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00027 |
| scoring_system |
epss |
| scoring_elements |
0.08116 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.00027 |
| scoring_system |
epss |
| scoring_elements |
0.08061 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
0.00027 |
| scoring_system |
epss |
| scoring_elements |
0.08111 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00027 |
| scoring_system |
epss |
| scoring_elements |
0.08127 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00029 |
| scoring_system |
epss |
| scoring_elements |
0.08826 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-8058 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-8058
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-shsv-21rq-bkg8 |
|
| 117 |
| url |
VCID-sjjq-vbug-tudh |
| vulnerability_id |
VCID-sjjq-vbug-tudh |
| summary |
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38302 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38258 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38346 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38349 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38322 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38292 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3326 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3326
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sjjq-vbug-tudh |
|
| 118 |
| url |
VCID-sk3n-sd56-pbhs |
| vulnerability_id |
VCID-sk3n-sd56-pbhs |
| summary |
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2002-0391 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08258 |
| scoring_system |
epss |
| scoring_elements |
0.92398 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.08258 |
| scoring_system |
epss |
| scoring_elements |
0.9239 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.08258 |
| scoring_system |
epss |
| scoring_elements |
0.92385 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.08258 |
| scoring_system |
epss |
| scoring_elements |
0.92381 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.08258 |
| scoring_system |
epss |
| scoring_elements |
0.9238 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.08258 |
| scoring_system |
epss |
| scoring_elements |
0.92375 |
| published_at |
2026-06-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2002-0391 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A |
| reference_id |
20020801-01-A |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-08T19:26:07Z/ |
|
|
| url |
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A |
|
| 9 |
| reference_url |
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P |
| reference_id |
20020801-01-P |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-08T19:26:07Z/ |
|
|
| url |
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt |
| reference_id |
CSSA-2002-055.0.txt |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-08T19:26:07Z/ |
|
|
| url |
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc |
| reference_id |
NetBSD-SA2002-011.txt.asc |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-08T19:26:07Z/ |
|
|
| url |
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
|
| aliases |
CVE-2002-0391
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sk3n-sd56-pbhs |
|
| 119 |
| url |
VCID-sz7b-s9wr-87eq |
| vulnerability_id |
VCID-sz7b-s9wr-87eq |
| summary |
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-0577 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01775 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.0178 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01763 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01777 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01767 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-0577 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-0577
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sz7b-s9wr-87eq |
|
| 120 |
| url |
VCID-t1s8-8pp4-wfex |
| vulnerability_id |
VCID-t1s8-8pp4-wfex |
| summary |
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5417 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01185 |
| scoring_system |
epss |
| scoring_elements |
0.79126 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01185 |
| scoring_system |
epss |
| scoring_elements |
0.79152 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01185 |
| scoring_system |
epss |
| scoring_elements |
0.79158 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01185 |
| scoring_system |
epss |
| scoring_elements |
0.79149 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01185 |
| scoring_system |
epss |
| scoring_elements |
0.79138 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01185 |
| scoring_system |
epss |
| scoring_elements |
0.79157 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5417 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5417
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t1s8-8pp4-wfex |
|
| 121 |
| url |
VCID-t2za-66ud-aqhk |
| vulnerability_id |
VCID-t2za-66ud-aqhk |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-35942 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01407 |
| scoring_system |
epss |
| scoring_elements |
0.80816 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01407 |
| scoring_system |
epss |
| scoring_elements |
0.80844 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.01407 |
| scoring_system |
epss |
| scoring_elements |
0.80843 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.01407 |
| scoring_system |
epss |
| scoring_elements |
0.80857 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.01407 |
| scoring_system |
epss |
| scoring_elements |
0.80838 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01407 |
| scoring_system |
epss |
| scoring_elements |
0.80842 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-35942 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-35942
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t2za-66ud-aqhk |
|
| 122 |
| url |
VCID-t86v-geqg-g3ay |
| vulnerability_id |
VCID-t86v-geqg-g3ay |
| summary |
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-7254 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13163 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13239 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13243 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13203 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13128 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13158 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-7254 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-7254
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t86v-geqg-g3ay |
|
| 123 |
| url |
VCID-tcxv-j2tr-1yhb |
| vulnerability_id |
VCID-tcxv-j2tr-1yhb |
| summary |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2003-0028
|
| risk_score |
0.2 |
| exploitability |
0.5 |
| weighted_severity |
0.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tcxv-j2tr-1yhb |
|
| 124 |
| url |
VCID-tfsm-9p1a-2kbb |
| vulnerability_id |
VCID-tfsm-9p1a-2kbb |
| summary |
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19591 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01775 |
| scoring_system |
epss |
| scoring_elements |
0.83045 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.01775 |
| scoring_system |
epss |
| scoring_elements |
0.83019 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.01775 |
| scoring_system |
epss |
| scoring_elements |
0.83046 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01775 |
| scoring_system |
epss |
| scoring_elements |
0.83042 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01775 |
| scoring_system |
epss |
| scoring_elements |
0.83034 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19591 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://usn.ubuntu.com/4416-1/ |
| reference_id |
4416-1 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:12:51Z/ |
|
|
| url |
https://usn.ubuntu.com/4416-1/ |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19591
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tfsm-9p1a-2kbb |
|
| 125 |
| url |
VCID-tzwf-n7kf-nbhg |
| vulnerability_id |
VCID-tzwf-n7kf-nbhg |
| summary |
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0296 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00117 |
| scoring_system |
epss |
| scoring_elements |
0.30046 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00117 |
| scoring_system |
epss |
| scoring_elements |
0.30118 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00117 |
| scoring_system |
epss |
| scoring_elements |
0.30082 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00117 |
| scoring_system |
epss |
| scoring_elements |
0.3005 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00117 |
| scoring_system |
epss |
| scoring_elements |
0.30023 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00117 |
| scoring_system |
epss |
| scoring_elements |
0.30036 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0296 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0296
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tzwf-n7kf-nbhg |
|
| 126 |
| url |
VCID-u5jn-2p1b-kqh3 |
| vulnerability_id |
VCID-u5jn-2p1b-kqh3 |
| summary |
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-6780 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45844 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45873 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45877 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45856 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.4583 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-6780 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-6780
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u5jn-2p1b-kqh3 |
|
| 127 |
| url |
VCID-uj76-n8wc-1qac |
| vulnerability_id |
VCID-uj76-n8wc-1qac |
| summary |
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39046 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.72068 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.72109 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.72116 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.72094 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.7208 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.72105 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39046 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-39046
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uj76-n8wc-1qac |
|
| 128 |
| url |
VCID-umyg-5uvv-p7gb |
| vulnerability_id |
VCID-umyg-5uvv-p7gb |
| summary |
manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-1999-0199 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00793 |
| scoring_system |
epss |
| scoring_elements |
0.74281 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00793 |
| scoring_system |
epss |
| scoring_elements |
0.74314 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00793 |
| scoring_system |
epss |
| scoring_elements |
0.74319 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00793 |
| scoring_system |
epss |
| scoring_elements |
0.74305 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00793 |
| scoring_system |
epss |
| scoring_elements |
0.74287 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-1999-0199 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-1999-0199
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-umyg-5uvv-p7gb |
|
| 129 |
| url |
VCID-urru-js4h-nfen |
| vulnerability_id |
VCID-urru-js4h-nfen |
| summary |
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0536 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60374 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60421 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60424 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60412 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60396 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60411 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0536 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0536
|
| risk_score |
null |
| exploitability |
2.0 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-urru-js4h-nfen |
|
| 130 |
| url |
VCID-uy3j-pjj2-uyc3 |
| vulnerability_id |
VCID-uy3j-pjj2-uyc3 |
| summary |
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8778 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04466 |
| scoring_system |
epss |
| scoring_elements |
0.89277 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.04466 |
| scoring_system |
epss |
| scoring_elements |
0.89295 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.04466 |
| scoring_system |
epss |
| scoring_elements |
0.89296 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.04466 |
| scoring_system |
epss |
| scoring_elements |
0.89312 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8778 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8778
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uy3j-pjj2-uyc3 |
|
| 131 |
| url |
VCID-vt99-czxz-nucc |
| vulnerability_id |
VCID-vt99-czxz-nucc |
| summary |
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4881 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.69978 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70019 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70028 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70015 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70003 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00604 |
| scoring_system |
epss |
| scoring_elements |
0.70027 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4881 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-4881
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vt99-czxz-nucc |
|
| 132 |
| url |
VCID-w1qv-9vpq-8qby |
| vulnerability_id |
VCID-w1qv-9vpq-8qby |
| summary |
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8982 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0131 |
| scoring_system |
epss |
| scoring_elements |
0.80173 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.0131 |
| scoring_system |
epss |
| scoring_elements |
0.80181 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.0131 |
| scoring_system |
epss |
| scoring_elements |
0.80169 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.0131 |
| scoring_system |
epss |
| scoring_elements |
0.80144 |
| published_at |
2026-06-04T12:55:00Z |
|
| 4 |
| value |
0.0131 |
| scoring_system |
epss |
| scoring_elements |
0.80168 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.0131 |
| scoring_system |
epss |
| scoring_elements |
0.8016 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8982 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8982
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w1qv-9vpq-8qby |
|
| 133 |
| url |
VCID-w7sn-36vw-ayec |
| vulnerability_id |
VCID-w7sn-36vw-ayec |
| summary |
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23219 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.69082 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.69131 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.69128 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.69108 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.69122 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.69124 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23219 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23219
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w7sn-36vw-ayec |
|
| 134 |
| url |
VCID-wjbg-dqyp-duea |
| vulnerability_id |
VCID-wjbg-dqyp-duea |
| summary |
init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2005-0403 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15867 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15951 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.1594 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15899 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15812 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15834 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2005-0403 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2005-0403
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wjbg-dqyp-duea |
|
| 135 |
| url |
VCID-wp19-p2du-13gc |
| vulnerability_id |
VCID-wp19-p2du-13gc |
| summary |
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-4051 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04658 |
| scoring_system |
epss |
| scoring_elements |
0.89497 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.04658 |
| scoring_system |
epss |
| scoring_elements |
0.89516 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.04658 |
| scoring_system |
epss |
| scoring_elements |
0.89515 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.04658 |
| scoring_system |
epss |
| scoring_elements |
0.89513 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.04658 |
| scoring_system |
epss |
| scoring_elements |
0.89531 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-4051 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-4051
|
| risk_score |
null |
| exploitability |
2.0 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wp19-p2du-13gc |
|
| 136 |
| url |
VCID-wvxq-b3fb-kqcf |
| vulnerability_id |
VCID-wvxq-b3fb-kqcf |
| summary |
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-5119 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.21511 |
| scoring_system |
epss |
| scoring_elements |
0.9582 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.21511 |
| scoring_system |
epss |
| scoring_elements |
0.95824 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.21511 |
| scoring_system |
epss |
| scoring_elements |
0.95827 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.21511 |
| scoring_system |
epss |
| scoring_elements |
0.95831 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-5119 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-5119
|
| risk_score |
0.4 |
| exploitability |
2.0 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wvxq-b3fb-kqcf |
|
| 137 |
| url |
VCID-x26s-daj9-hkhh |
| vulnerability_id |
VCID-x26s-daj9-hkhh |
| summary |
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4237 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01052 |
| scoring_system |
epss |
| scoring_elements |
0.77898 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01052 |
| scoring_system |
epss |
| scoring_elements |
0.77925 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01052 |
| scoring_system |
epss |
| scoring_elements |
0.77932 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01052 |
| scoring_system |
epss |
| scoring_elements |
0.77922 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01052 |
| scoring_system |
epss |
| scoring_elements |
0.77912 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01052 |
| scoring_system |
epss |
| scoring_elements |
0.7793 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4237 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4237
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x26s-daj9-hkhh |
|
| 138 |
| url |
VCID-x92x-xy79-43ev |
| vulnerability_id |
VCID-x92x-xy79-43ev |
| summary |
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-18269 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01109 |
| scoring_system |
epss |
| scoring_elements |
0.78467 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01109 |
| scoring_system |
epss |
| scoring_elements |
0.78493 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01109 |
| scoring_system |
epss |
| scoring_elements |
0.78502 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01109 |
| scoring_system |
epss |
| scoring_elements |
0.78491 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01109 |
| scoring_system |
epss |
| scoring_elements |
0.78479 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01109 |
| scoring_system |
epss |
| scoring_elements |
0.78497 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-18269 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-18269
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x92x-xy79-43ev |
|
| 139 |
| url |
VCID-xfxe-afga-87d5 |
| vulnerability_id |
VCID-xfxe-afga-87d5 |
| summary |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1914 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03104 |
| scoring_system |
epss |
| scoring_elements |
0.87054 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03104 |
| scoring_system |
epss |
| scoring_elements |
0.87077 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.03104 |
| scoring_system |
epss |
| scoring_elements |
0.87075 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.03104 |
| scoring_system |
epss |
| scoring_elements |
0.87069 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.03104 |
| scoring_system |
epss |
| scoring_elements |
0.87063 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1914 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1914
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xfxe-afga-87d5 |
|
| 140 |
| url |
VCID-xhu3-e5t7-p3av |
| vulnerability_id |
VCID-xhu3-e5t7-p3av |
| summary |
nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-33600 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00667 |
| scoring_system |
epss |
| scoring_elements |
0.71677 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00667 |
| scoring_system |
epss |
| scoring_elements |
0.71687 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00667 |
| scoring_system |
epss |
| scoring_elements |
0.71693 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00667 |
| scoring_system |
epss |
| scoring_elements |
0.71669 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00667 |
| scoring_system |
epss |
| scoring_elements |
0.71654 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-33600 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-33600
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xhu3-e5t7-p3av |
|
| 141 |
| url |
VCID-xjw9-w27c-1udn |
| vulnerability_id |
VCID-xjw9-w27c-1udn |
| summary |
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1473 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00449 |
| scoring_system |
epss |
| scoring_elements |
0.63911 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00449 |
| scoring_system |
epss |
| scoring_elements |
0.63954 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00449 |
| scoring_system |
epss |
| scoring_elements |
0.63961 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00449 |
| scoring_system |
epss |
| scoring_elements |
0.63952 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00449 |
| scoring_system |
epss |
| scoring_elements |
0.63939 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00449 |
| scoring_system |
epss |
| scoring_elements |
0.6396 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1473 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1473
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xjw9-w27c-1udn |
|
| 142 |
| url |
VCID-xy8e-x8ry-w3hv |
| vulnerability_id |
VCID-xy8e-x8ry-w3hv |
| summary |
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-29573 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.36671 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.3671 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.36736 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.36699 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.36764 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.36772 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-29573 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-29573
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xy8e-x8ry-w3hv |
|
| 143 |
| url |
VCID-y3bp-pzhb-bkcw |
| vulnerability_id |
VCID-y3bp-pzhb-bkcw |
| summary |
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1071 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06775 |
| scoring_system |
epss |
| scoring_elements |
0.91467 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.06775 |
| scoring_system |
epss |
| scoring_elements |
0.9148 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.06775 |
| scoring_system |
epss |
| scoring_elements |
0.91482 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.06775 |
| scoring_system |
epss |
| scoring_elements |
0.91477 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.06775 |
| scoring_system |
epss |
| scoring_elements |
0.91491 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1071 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1071
|
| risk_score |
0.2 |
| exploitability |
2.0 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y3bp-pzhb-bkcw |
|
| 144 |
| url |
VCID-y5cz-cvdp-83eh |
| vulnerability_id |
VCID-y5cz-cvdp-83eh |
| summary |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-16997 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78685 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78716 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78709 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78699 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78711 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78718 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-16997 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-16997
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y5cz-cvdp-83eh |
|
| 145 |
| url |
VCID-y6td-2fxp-9kaa |
| vulnerability_id |
VCID-y6td-2fxp-9kaa |
| summary |
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4806 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.83579 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.83577 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.83574 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.83565 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.83576 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4806 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-4806
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y6td-2fxp-9kaa |
|
| 146 |
| url |
VCID-ygaz-qyts-eugh |
| vulnerability_id |
VCID-ygaz-qyts-eugh |
| summary |
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-4802 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13472 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13563 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13569 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13527 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13441 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-4802 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-4802
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ygaz-qyts-eugh |
|
| 147 |
| url |
VCID-yr5s-39k9-93eb |
| vulnerability_id |
VCID-yr5s-39k9-93eb |
| summary |
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-1000408 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73792 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73829 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73833 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.7382 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73803 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73831 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-1000408 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-1000408
|
| risk_score |
6.0 |
| exploitability |
2.0 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yr5s-39k9-93eb |
|
| 148 |
| url |
VCID-yycn-74ew-v7gp |
| vulnerability_id |
VCID-yycn-74ew-v7gp |
| summary |
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2002-0651 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0762 |
| scoring_system |
epss |
| scoring_elements |
0.92009 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0762 |
| scoring_system |
epss |
| scoring_elements |
0.92021 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.0762 |
| scoring_system |
epss |
| scoring_elements |
0.92023 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0762 |
| scoring_system |
epss |
| scoring_elements |
0.92022 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.0762 |
| scoring_system |
epss |
| scoring_elements |
0.92036 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2002-0651 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2002-0651
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yycn-74ew-v7gp |
|
| 149 |
| url |
VCID-z2ez-c8x9-x7et |
| vulnerability_id |
VCID-z2ez-c8x9-x7et |
| summary |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6323 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.7869 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78715 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78723 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78714 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78704 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01133 |
| scoring_system |
epss |
| scoring_elements |
0.78721 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6323 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-6323
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z2ez-c8x9-x7et |
|
| 150 |
| url |
VCID-z3sn-973p-h7av |
| vulnerability_id |
VCID-z3sn-973p-h7av |
| summary |
glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-15281 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0009 |
| scoring_system |
epss |
| scoring_elements |
0.25399 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.0009 |
| scoring_system |
epss |
| scoring_elements |
0.25495 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.0009 |
| scoring_system |
epss |
| scoring_elements |
0.25448 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.0009 |
| scoring_system |
epss |
| scoring_elements |
0.25389 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.0009 |
| scoring_system |
epss |
| scoring_elements |
0.25509 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-15281 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-15281
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z3sn-973p-h7av |
|
| 151 |
|
| 152 |
| url |
VCID-zdc3-9u3x-9bda |
| vulnerability_id |
VCID-zdc3-9u3x-9bda |
| summary |
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4880 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12962 |
| scoring_system |
epss |
| scoring_elements |
0.94202 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.12962 |
| scoring_system |
epss |
| scoring_elements |
0.9421 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
0.12962 |
| scoring_system |
epss |
| scoring_elements |
0.94209 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.12962 |
| scoring_system |
epss |
| scoring_elements |
0.94216 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4880 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-4880
|
| risk_score |
0.2 |
| exploitability |
2.0 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zdc3-9u3x-9bda |
|
| 153 |
| url |
VCID-zefm-dmfz-tyc3 |
| vulnerability_id |
VCID-zefm-dmfz-tyc3 |
| summary |
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10029 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16073 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16157 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16147 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16102 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16016 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.16039 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10029 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10029
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zefm-dmfz-tyc3 |
|
| 154 |
| url |
VCID-znv5-34gt-5ba2 |
| vulnerability_id |
VCID-znv5-34gt-5ba2 |
| summary |
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-33599
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-znv5-34gt-5ba2 |
|
| 155 |
| url |
VCID-zpvq-khg5-zbdd |
| vulnerability_id |
VCID-zpvq-khg5-zbdd |
| summary |
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0830 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06292 |
| scoring_system |
epss |
| scoring_elements |
0.91099 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.06292 |
| scoring_system |
epss |
| scoring_elements |
0.91112 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.06292 |
| scoring_system |
epss |
| scoring_elements |
0.91111 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.06292 |
| scoring_system |
epss |
| scoring_elements |
0.91109 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.06292 |
| scoring_system |
epss |
| scoring_elements |
0.91105 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.06292 |
| scoring_system |
epss |
| scoring_elements |
0.91121 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0830 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0830
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zpvq-khg5-zbdd |
|
| 156 |
| url |
VCID-zrda-zujs-ckdn |
| vulnerability_id |
VCID-zrda-zujs-ckdn |
| summary |
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3406 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75534 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75562 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75566 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75556 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75543 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75568 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3406 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3406
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zrda-zujs-ckdn |
|