PT-2024-37048

Name of the Vulnerable Software and Affected Versions GNU GRUB aka GRUB2 versions 2.12 and earlier Description The issue is related to the use of a non-constant time algorithm for grub crypto memcmp, which allows side-channel attacks. This means that an attacker could potentially exploit the...

CVE-2024-56737

GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...

CVE-2024-56737

The CVE-2024-56737 issue affects GNU GRUB (GRUB2) up to version 2.12, with a heap-based buffer overflow in fs/hfs.c triggered by crafted sblock data on an HFS filesystem. Connected advisories reiter the flaw in grub2 and reference patched packages across platforms (e.g., grub2 2.06-14/61 notes in...

CVE-2024-56737

GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...

CVE-2024-56737

GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

PT-2024-9919 · Gnu Grub +3 · Gnu Grub +3

Name of the Vulnerable Software and Affected Versions: GNU GRUB aka GRUB2 versions through 2.12 Description: The issue is a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. This can allow a remote attacker to impact the confidentiality, integrity, and...

Mageia: Security Advisory (MGASA-2024-0397)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0397 Updated emacs packages fix security vulnerability

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user choose...

[SECURITY] Fedora 41 Update: icecat-115.18.0-2.rh2.fc41

GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. JShelter: Mitigates potential threats from JavaScript, including...

[SECURITY] Fedora 40 Update: icecat-115.18.0-2.rh2.fc40

GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. JShelter: Mitigates potential threats from JavaScript, including...

The vulnerability of the getrandom() function in the system library glibc, which allows a hacker to trigger a denial-of-service attack

The vulnerability of the getrandom function in the glibc system library is related to incomplete recognition of internal state. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

GNU objdump Buffer Overflow Vulnerability

GNU objdump is a command-line program from the American GNU community for displaying various information about target files on Unix-like operating systems. A buffer overflow vulnerability exists in GNU objdump, which stems from the failure to properly validate the length of input data in the BFD...

glibc 安全漏洞

glibc GNU C Library is a C standard library implemented by a GNU project of the GNU community. A security vulnerability exists in glibc version 2.40-12.fc41, which stems from a bug in the implementation of the getrandom function on the ppc64le architecture, resulting in an inability to generate a...

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated blind OS...

CVE-2022-48063

...

[SECURITY] [DLA 3985-1] gsl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3985-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk December 07, 2024 https://wiki.debian.org/LTS -...

CVE-2024-53589

A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. During format identification, the vulnerability occurs in the Binary File Descriptor BFD library’s tekhex parser. A specially crafted tekhex file, when processed by objdump, may trigger an...

GNU Emacs Code Execution Vulnerability

GNU Emacs is a family of text editors in the American GNU community. A code execution vulnerability exists in GNU Emacs, which stems from the fact that a user who chooses to call elisp-completion-at-point on untrusted source code may trigger an insecure macro expansion that can be exploited by an...

DEBIAN-CVE-2024-53589

GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD Binary File Descriptor library's handling of tekhex format files...