UBUNTU-CVE-2024-55581

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...

USN-7306-1: GNU binutils vulnerabilities

It was discovered that GNU binutils in nm tool is affected by an incorrect access control. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. CVE-2024-57360 It was discovered that GNU binutils incorrectly...

USN-7306-1 binutils vulnerabilities

It was discovered that GNU binutils in nm tool is affected by an incorrect access control. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. CVE-2024-57360 It was discovered that GNU binutils incorrectly...

GNU elfutils Buffer Overflow Vulnerability

GNU elfutils is an open source toolset for working with binaries, target files and shared libraries in the ELF Executable and Linkable Format format. GNU elfutils suffers from a buffer overflow vulnerability that stems from improper handling of z/x parameters by the...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : GNU binutils vulnerabilities (USN-7306-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7306-1 advisory. It was discovered that GNU binutils in nm tool is affected by an incorrect access control. An attacker could possibly use...

Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2025-849)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-849 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that...

Siemens SIMATIC S7-1500 TM MFP BIOS Out-of-bounds Write (CVE-2020-10029)

The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to...

Low: gsl

Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: grub2

Issue Overview: GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Affected Packages: grub2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Siemens SIMATIC S7-1500 TM MFP BIOS Use After Free (CVE-2021-33574)

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

FreeBSD : Emacs -- Arbitrary code execution vulnerability (e60e538f-e795-4a00-b475-cc85a7546e00)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e60e538f-e795-4a00-b475-cc85a7546e00 advisory. A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes...

GNU Binutils ld libbfd.c bfd_putl64 memory corruption

...

OESA-2025-1181 elfutils security update

Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, elflint to check for well-formed ELF file...

Low: gsl

Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Issue Correction: Run dnf update gsl --releasever 2023.6.20250218...

Medium: grub2

Issue Overview: GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Affected Packages: grub2 Issue Correction: Run dnf update grub2 --releasever 2023.6.20250218 to update your system. New Packages: aarch64: ...

USN-7281-1: GnuTLS vulnerability

Bing Shi discovered that GnuTLS incorrectly handled decoding certain DER-encoded certificates. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, leading to a denial of service...

Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

...

CVE-2025-1371

A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handledynamicsymtab function in readelf.c. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ea...

CVE-2025-1372

A flaw was found in GNU elfutils. This vulnerability allows buffer overflow, potentially leading to arbitrary code execution or crashes via manipulation of the 'z/x' argument in the dumpdatasection/printstringsection function of readelf.c. Mitigation Mitigation for this issue is either not...

SUSE CVE-2025-1352

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function libdwthreadtail in the library libdwalloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. Th...