A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-16
Updated
2024-03-05
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Max CVSS
7.5
EPSS Score
0.82%
Published
2024-01-16
Updated
2024-03-25
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-08-14
Updated
2024-01-02
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-04-14
Updated
2024-01-31
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-19
Updated
2023-10-12
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-09
Updated
2023-06-09
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-09
Updated
2023-06-09
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-02
Updated
2024-01-08
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
Max CVSS
7.1
EPSS Score
0.05%
Published
2023-09-14
Updated
2024-02-23
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-09-25
Updated
2024-02-23

CVE-2023-4911

Known exploited
Public exploit
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Max CVSS
7.8
EPSS Score
1.88%
Published
2023-10-03
Updated
2024-02-22
CISA KEV Added
2023-11-21
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-25
Updated
2024-03-08
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
Max CVSS
7.1
EPSS Score
0.06%
Published
2023-09-25
Updated
2023-09-26
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-05-18
Updated
2024-03-21
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-17
Updated
2023-05-25
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-04-03
Updated
2023-09-30
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Max CVSS
7.4
EPSS Score
0.15%
Published
2023-02-15
Updated
2023-07-25
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-02-20
Updated
2023-10-14
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-02-20
Updated
2023-10-14
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
Max CVSS
7.5
EPSS Score
0.15%
Published
2023-02-07
Updated
2023-11-01
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-11-28
Updated
2023-03-01
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-10-06
344 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!