CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

The vulnerability in the set of development libraries for Intel Distribution for GDB software relates to an uncontrolled search path element, which allows a malicious actor to escalate their privileges.

The vulnerability in the set of development libraries for Intel Distribution for GDB software is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow an attacker to increase their privileges...

nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...

Low: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ROS-20241112-01

An implementation vulnerability in the Simple Authentication and Security Layer GNU SASL framework is related to reading outside the outside the allocated space on the GNU SASL libgsasl server side using a malicious authenticated GSS-API client. Exploitation of the vulnerability could allow an...

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE

GNU is vulnerable to command injection due to missing sanitization of filenames when the LESSCLOSE environment variable is set and invoked. This could allow an attacker to execute malicious commands within the privileges of the utility...

ALSA-2024:9325 Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

[SECURITY] [DSA 5805-1] guix security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5805-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2024 https://www.debian.org/security/faq -...

OESA-2024-2361 gsl security update

The GNU Scientific Library GSL is a collection of routines for numerical analysis, written in C. Security Fixes: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation...

PT-2024-35469 · Gnu Guix · Gnu Guix

Name of the Vulnerable Software and Affected Versions: GNU Guix versions before 5ab3c4c Description: A privilege escalation issue exists because build outputs are accessible by local users before file metadata concerns, such as for setuid and setgid programs, are properly addressed. This issue ca...

ABB Cylon Aspect 3.08.00 Off-By-One

ABB Cylon Aspect 3.08.00 logMix/YumLookup.php Off-by-One Error in Log Parsing Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy...

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.

...

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

...

Low: gdb

Issue Overview: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c. CVE-2023-39128 GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...

[SECURITY] Fedora 39 Update: libarchive-3.7.1-3.fc39

Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

Unspecified Vulnerability in GNU Scientific Library

GNU Scientific Library is an open source numerical computation library developed by the GNU organization , providing rich mathematical and scientific computing functions , support for C/C++ language development . A security vulnerability exists in GNU Scientific Library, which originates from an...

ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass

ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energ...

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credential Disclosure Vulnerability

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to disclose credentials in plain-text. ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credentials Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series,...