16955 matches found
GNU GRUB2 Post-Release Reuse Vulnerability
GNU GRUB2 is a Linux system bootloader from the American GNU community. GNU GRUB2 suffers from a post-release reuse vulnerability that originates from a confusion in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to cause a program crash,...
GNU Savane Elevation of Privilege Vulnerability
GNU Savane is a collaborative software development management system developed by the GNU community for project management, code hosting and community collaboration. GNU Savane suffers from an elevation of privilege vulnerability, which originates in the formid in the formheader function and can ...
ROS-20240410-08
A vulnerability in the function bfdmachogetsyntheticsymtab match-o.c of the GNU software development tool Binutils is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service or other impact...
ROS-20240409-17
Vulnerability of linebytessplit function src/split.c of GNU Core Utilities GNU Coreutils is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...
CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...
CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...
CVE-2024-27630
Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...
CVE-2024-27630
Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...
CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...
CVE-2024-27630
Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...
CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...
PT-2024-21980
Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: An issue in GNU Savane allows a remote attacker to escalate privileges via the form id in the form header function. Recommendations: For GNU Savane versions 3.12 and earlier, as a temporary...
PT-2024-21979
Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: A Cross Site Request Forgery issue allows a remote attacker to escalate privileges via the "siteadmin/usergroup.php" endpoint. This can be exploited to gain unauthorized access. Recommendation...
GNU Savane 安全漏洞
GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...
CVE-2024-27630
CVE-2024-27630 affects GNU Savane v3.12 and earlier where an Insecure Direct Object Reference (IDOR) exists in the trackers_data_delete_file function, enabling remote deletion of arbitrary files. Exploitation details are not fully enumerated in the provided sources, but risk is described as remot...
CVE-2024-27631
CVE-2024-27631 is a CSRF vulnerability in GNU Savane (versions 3.12 and earlier) that allows a remote attacker to escalate privileges via the siteadmin/usergroup.php endpoint. The Red Hat, CNVD, CNNVD, CVE List, and CNVD entries corroborate a CSRF flaw enabling privilege escalation; the issue is ...
CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...
ROS-20240408-10
GNU FriBidi library vulnerability is caused by a buffer overflow on the stack. Exploiting the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in the fribidicaprtltounicode function of the GNU FriBidi library is caused by a buffer overflow in dynamic...
USN-6655-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use th...