CVE-2024-27632

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...

CVE-2024-27630

Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...

CVE-2024-27631

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...

CVE-2024-27631

CVE-2024-27631 is a CSRF vulnerability in GNU Savane (versions 3.12 and earlier) that allows a remote attacker to escalate privileges via the siteadmin/usergroup.php endpoint. The Red Hat, CNVD, CNNVD, CVE List, and CNVD entries corroborate a CSRF flaw enabling privilege escalation; the issue is ...

PT-2024-21980

Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: An issue in GNU Savane allows a remote attacker to escalate privileges via the form id in the form header function. Recommendations: For GNU Savane versions 3.12 and earlier, as a temporary...

PT-2024-21979

Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: A Cross Site Request Forgery issue allows a remote attacker to escalate privileges via the "siteadmin/usergroup.php" endpoint. This can be exploited to gain unauthorized access. Recommendation...

GNU Savane 安全漏洞

GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...

CVE-2024-27630

CVE-2024-27630 affects GNU Savane v3.12 and earlier where an Insecure Direct Object Reference (IDOR) exists in the trackers_data_delete_file function, enabling remote deletion of arbitrary files. Exploitation details are not fully enumerated in the provided sources, but risk is described as remot...

ROS-20240408-10

GNU FriBidi library vulnerability is caused by a buffer overflow on the stack. Exploiting the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in the fribidicaprtltounicode function of the GNU FriBidi library is caused by a buffer overflow in dynamic...

CVE-2024-27632

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...

USN-6544-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS...

USN-6655-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use th...

USN-6541-1: GNU C Library vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that the GNU C Library was not properly handling certain memory operations. An attacker could possibly use this issue to cause a denial of...

Fedora: Security Advisory for ghc-isocline (FEDORA-2024-b458482d48)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-4e95f130fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-6065341780)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: cockpit-314-1.fc40

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code in the form of malicious .m4 files in the tarball distributions which have since been taken down. These malicious build files contain build instructions not present in the upstream repository...

[SECURITY] Fedora 40 Update: ghc-isocline-1.0.9-28.fc40

A Haskell wrapper around the Isocline C library alternative to GNU Readline. The Isocline library is included whole and there are no runtime dependencies...

Fedora: Security Advisory (FEDORA-2024-de10068888)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...