A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
Max CVSS
3.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-03-11
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-14
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-14
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-16
Updated
2024-03-05
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Max CVSS
7.5
EPSS Score
0.61%
Published
2024-01-16
Updated
2024-03-05
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-14
Updated
2023-09-15
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-08-14
Updated
2024-01-02
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-25
Updated
2023-08-03
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-25
Updated
2023-08-03
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-25
Updated
2023-08-03
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-23
Updated
2023-06-27
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-23
Updated
2023-06-27
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-23
Updated
2023-06-27
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-23
Updated
2023-06-27
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-04-14
Updated
2024-01-31
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-19
Updated
2023-10-12
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-09
Updated
2023-06-09
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-09
Updated
2023-06-09
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
Max CVSS
5.9
EPSS Score
0.09%
Published
2023-02-28
Updated
2023-03-31
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-02
Updated
2024-01-08
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-14
Updated
2023-11-04
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-14
Updated
2023-11-04
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-14
Updated
2023-11-04
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
Max CVSS
7.1
EPSS Score
0.05%
Published
2023-09-14
Updated
2024-02-23
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
Max CVSS
8.8
EPSS Score
0.15%
Published
2023-03-01
Updated
2023-03-10
914 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!