CVE-2024-38448

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath aka -d is untrusted, because shell metacharacters may be used...

GNU Global 安全漏洞

GNU Global is a free code tagging system for the US GNU community. A code execution vulnerability exists in GNU Global that stems from the use of shell metacharacters, no details of the vulnerability are provided at this time...

GNU Wget Security Vulnerability

GNU Wget is a suite of free software from the US GNU community for making downloads over the network, which supports downloads over the three most common TCP/IP protocols, HTTP, HTTPS, and FTP. A security vulnerability exists in GNU Wget version 1.24.5, which stems from url.c incorrectly handling...

CVE-2024-38448

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath aka -d is untrusted, because shell metacharacters may be used...

CVE-2024-38448

CVE-2024-38448 affects GNU Global htags up to 6.6.12, allowing code execution when dbpath (-d) is untrusted due to shell metacharacters. OpenSUSE advisories indicate a fix in global-6.6.13-1 (and related updates); apply the vendor patch to mitigate. No exploitation details are provided in the con...

PT-2024-28008 · Gnu +1 · Gnu Global +1

Name of the Vulnerable Software and Affected Versions: GNU Global versions 6.6.12 and earlier Description: The issue allows code execution in situations where dbpath also known as -d is untrusted, because shell metacharacters may be used. This can lead to execution of code when dbpath is not...

CVE-2024-38428

CVE-2024-38428 affects GNU Wget up to 1.24.5 and is caused by improper handling of semicolons in the userinfo subcomponent of a URI, which can cause data intended for userinfo to be misinterpreted as part of the host. The Connected documents confirm multiple advisories (Brocade SANnav/SANnav v2.x...

CVE-2024-38428

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

CVE-2024-38428

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

CVE-2024-38448

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath aka -d is untrusted, because shell metacharacters may be used...

MGASA-2024-0223 Updated nano packages fix security vulnerability

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...

Updated nano packages fix security vulnerability

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...

OPENSUSE-SU-2024:13954-1 gnu-recutils-1.9-1.1 on GA media

These are all security issues fixed in the gnu-recutils-1.9-1.1 package on the GA media of openSUSE Tumbleweed...

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...

RLSA-2024:3667 Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: command injection when deleting a sosreport with a crafted...

GNU libcdio 安全漏洞

GNU libcdio is a library developed by the GNU Project for accessing CD-ROMs and CD images, and is mainly used to handle CD-ROM file system reading, directory structure parsing and other functions. A buffer overflow vulnerability exists in GNU libcdio, which can be exploited by an attacker to...

CVE-2023-52750

In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPUBIGENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly byte-swap NOP when compiling for big-endian, and the resulting series of bytes happened to match...

CVE-2024-36699

A flaw was found in GNU Debugger in versions 8.2 through 14.2. This issue contains a buffer overflow via the gdb.selectedinferior.readmemory component at utils.c...

CVE-2024-36699

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-36699

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...