In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

...

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump

...

Astra Linux – Vulnerability in nano

A vulnerability was discovered in GNU Nano, which allows for potential privilege escalation through an insecure temporary file. If Nano is terminated while editing, a file that it saves to an emergency file, with permissions set to those of the running user, creates an opportunity for attackers t...

Gnu Guix Elevation of Privilege Vulnerability

Gnu Guix is an open source, cross-platform package manager for the GNU community. Gnu Guix suffers from an elevation of privilege vulnerability that stems from allowing privilege escalation, where a local user can access the build output. No details of the vulnerability are provided at this time...

GNU Wget Code Problem Vulnerability

GNU Wget is a set of free software from the American GNU community for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A code issue vulnerability exists in GNU Wget that stems from an application using Wget to access...

[SECURITY] [DLA 3959-1] guix security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3959-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk November 19, 2024 https://wiki.debian.org/LTS -...

RLSA-2024:9302 Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: LaTeX preview is enabled...

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

CVE-2024-10524

CVE-2024-10524 affects GNU Wget. The flaw allows SSRF: when using shorthand URLs and passing arbitrary credentials in the URL, an attacker can induce Wget to access an arbitrary host. Public advisories and vendor pages indicate patches are released (e.g., newer Wget builds like 1.21.2-4 and distr...

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

GNU Wget 代码问题漏洞

GNU Wget is a set of free software from the American GNU community for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A code issue vulnerability exists in GNU Wget that stems from an application using Wget to access...

The vulnerability of the “Simple Authentication and Security Layer” GNU SASL implementation, which arises from reading beyond the allocated buffer in memory, allows attackers to gain access to confidential information.

The vulnerability of the “Simple Authentication and Security Layer” GNU SASL implementation lies in reading data beyond the bounds of the allocated buffer in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential information...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-52867

Summary: CVE-2024-52867 affects GNU Guix, specifically the guix-daemon prior to 5ab3c4c. Local users can escalate privileges because build outputs may be accessible before file metadata concerns for setuid/setgid programs are addressed. Affected component: guix-daemon (GNU Guix) before the refere...

GNU Guix 安全漏洞

Gnu Guix is an open source, cross-platform package manager for the GNU community. Gnu Guix suffers from an elevation of privilege vulnerability that stems from allowing privilege escalation, where a local user can access the build output. No details of the vulnerability are provided at this time...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

The vulnerability in the set of development libraries for Intel Distribution for GDB software relates to an uncontrolled search path element, which allows a malicious actor to escalate their privileges.

The vulnerability in the set of development libraries for Intel Distribution for GDB software is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow an attacker to increase their privileges...