16957 matches found
CVE-2024-53920
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to...
In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
...
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump
...
Astra Linux – Vulnerability in nano
A vulnerability was discovered in GNU Nano, which allows for potential privilege escalation through an insecure temporary file. If Nano is terminated while editing, a file that it saves to an emergency file, with permissions set to those of the running user, creates an opportunity for attackers t...
Astra Linux – Vulnerability in GSL
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing input data that is maliciously crafted for the gslstatsquantilefromsorteddata function of this library may result in unexpected application...
GNU Wget Code Problem Vulnerability
GNU Wget is a set of free software from the American GNU community for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A code issue vulnerability exists in GNU Wget that stems from an application using Wget to access...
Gnu Guix Elevation of Privilege Vulnerability
Gnu Guix is an open source, cross-platform package manager for the GNU community. Gnu Guix suffers from an elevation of privilege vulnerability that stems from allowing privilege escalation, where a local user can access the build output. No details of the vulnerability are provided at this time...
[SECURITY] [DLA 3959-1] guix security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3959-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk November 19, 2024 https://wiki.debian.org/LTS -...
RLSA-2024:9302 Moderate: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: LaTeX preview is enabled...
CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...
CVE-2024-10524
CVE-2024-10524 affects GNU Wget. The flaw allows SSRF: when using shorthand URLs and passing arbitrary credentials in the URL, an attacker can induce Wget to access an arbitrary host. Public advisories and vendor pages indicate patches are released (e.g., newer Wget builds like 1.21.2-4 and distr...
CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...
GNU Wget 代码问题漏洞
GNU Wget is a set of free software from the American GNU community for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A code issue vulnerability exists in GNU Wget that stems from an application using Wget to access...
The vulnerability of the “Simple Authentication and Security Layer” GNU SASL implementation, which arises from reading beyond the allocated buffer in memory, allows attackers to gain access to confidential information.
The vulnerability of the “Simple Authentication and Security Layer” GNU SASL implementation lies in reading data beyond the bounds of the allocated buffer in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential information...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-52867
Summary: CVE-2024-52867 affects GNU Guix, specifically the guix-daemon prior to 5ab3c4c. Local users can escalate privileges because build outputs may be accessible before file metadata concerns for setuid/setgid programs are addressed. Affected component: guix-daemon (GNU Guix) before the refere...
GNU Guix 安全漏洞
Gnu Guix is an open source, cross-platform package manager for the GNU community. Gnu Guix suffers from an elevation of privilege vulnerability that stems from allowing privilege escalation, where a local user can access the build output. No details of the vulnerability are provided at this time...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...