A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-16
Updated
2024-03-05
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Max CVSS
7.5
EPSS Score
0.82%
Published
2024-01-16
Updated
2024-03-25
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-08-14
Updated
2024-01-02
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-23
Updated
2023-06-27
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-23
Updated
2023-06-27
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-23
Updated
2023-06-27
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-23
Updated
2023-06-27
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-04-14
Updated
2024-01-31
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-19
Updated
2023-10-12
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-09
Updated
2023-06-09
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-09
Updated
2023-06-09
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-02
Updated
2024-01-08
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
Max CVSS
7.1
EPSS Score
0.05%
Published
2023-09-14
Updated
2024-02-23
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
Max CVSS
8.8
EPSS Score
0.15%
Published
2023-03-01
Updated
2023-03-10
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.
Max CVSS
9.8
EPSS Score
0.12%
Published
2023-02-03
Updated
2023-03-02
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
Max CVSS
8.2
EPSS Score
0.14%
Published
2024-01-31
Updated
2024-02-27
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
Max CVSS
8.4
EPSS Score
0.77%
Published
2024-01-31
Updated
2024-02-16
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-09-25
Updated
2024-02-23
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
Max CVSS
8.1
EPSS Score
0.04%
Published
2023-11-10
Updated
2023-11-20

CVE-2023-4911

Known exploited
Public exploit
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Max CVSS
7.8
EPSS Score
1.88%
Published
2023-10-03
Updated
2024-02-22
CISA KEV Added
2023-11-21
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-25
Updated
2024-03-08
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
Max CVSS
7.1
EPSS Score
0.06%
Published
2023-09-25
Updated
2023-09-26
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-05-18
Updated
2024-03-21
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-17
Updated
2023-05-25
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-04-03
Updated
2023-09-30
517 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!