Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command...

The vulnerability of the sprintf function in the GNU C library (glibc) allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sprintf function in the GNU C library glibc is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : emacs (SUSE-SU-2023:0598-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0598-1 advisory. - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the na...

SUSE SLES12 Security Update : emacs (SUSE-SU-2023:0597-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0597-1 advisory. - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

MGASA-2023-0079 Updated tar packages fix security vulnerability

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...

Updated tar packages fix security vulnerability

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...

CVE-2023-25222

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bitreadRC function at bits.c...

CVE-2023-25222

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bitreadRC function at bits.c...

Heap overflow

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bitreadRC function at bits.c...

OESA-2023-1131 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

CVE-2023-27371

An out-of-bounds flaw was found in GNU's libmicrohttpd due to improper parsing of a multipart/form-data boundary in the MHDcreatepostprocessor method in postprocessor.c. This flaw allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a...

CVE-2023-25222

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bitreadRC function at bits.c...

CVE-2023-25222

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bitreadRC function at bits.c...

GNU LibreDWG 缓冲区错误漏洞

GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A security vulnerability exists in GNU LibreDWG version v0.12.5, which stems from a heap-based buffer overflow in the bitreadRC function in bits.c. The vulnerability is caused by a heap-based buffer overflo...

CVE-2023-25222

The CVE-2023-25222 entry concerns GNU LibreDWG v0.12.5, where a heap-based buffer overflow is reported in the bit_read_RC function of bits.c. Several connected sources (Red Hat, SUSE, OSV, NVD, CVE List, CNNVD, etc.) corroborate a heap-based overflow in this exact component/version. Documented im...

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

Out-of-bounds

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

Moderate: Red Hat Security Advisory: tar security update

An update for tar is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

...