socket.c in GNU Screen through 4.9.0 when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD) allows local users to send a privileged SIGHUP signal to any PID causing a denial of service or disruption of the target process.

...

Important: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

Important: emacs

Issue Overview: org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. CVE-2023-28617 Affected Packages: emacs Note: This advisory is applicable to Amazon...

CVE-2020-29007

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...

Remote code execution

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...

CVE-2020-29007

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...

CVE-2020-29007

The CVE-2020-29007 entry concerns MediaWiki’s Score extension up to version 0.3.0, where the vulnerability arises from improper sandboxing of the GNU LilyPond executable. This allows any user with article-edit capability—potentially unauthenticated users—to trigger remote code execution by crafti...

CVE-2020-29007

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...

Security Bulletin: Vulnerability in GNU C Library affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-15670)

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following vulnerability in GNU C Library. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following...

Security Bulletin: Vulnerabilities in GNU C Library affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter systems have addressed the following vulnerabilities in GNU C Library. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter systems have addressed the following...

Security Bulletin: Vulnerabilities in GNU C library (glibc) affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-7547 CVE-2015-8776 CVE-2015-8777)

Summary Vulnerabilities in GNU C library glibc, including a stack-based buffer overflow in getaddrinfo, affect IBM BladeCenter Advanced Management Module AMM. Vulnerability Details Summary Vulnerabilities in GNU C library glibc, including a stack-based buffer overflow in getaddrinfo, affect IBM...

The vulnerabilities of the `stack_protect_prologue` and `stack_protect_epilogue` functions in the GNU Compiler Collection (GCC) for various programming languages allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerabilities of functions stackprotectprologue cfgexpand.c and stackprotectepilogue function.c are related to information leakage in error messages. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

SUSE CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...

GNU Binutils 缓冲区错误漏洞

GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A buffer overflow vulnerability exists in GNU Binutils, which stems from a...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...

CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...

AZL-26216 CVE-2023-24626 affecting package screen for versions less than 4.9.1-1

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...

DEBIAN-CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...

ALPINE-CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...