Shodan
Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
CVE-2024-2312
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.
CVSS Score
6.7
EPSS Score
0.004
Published
2024-04-05
CVE-2023-39804
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
CVSS Score
6.2
EPSS Score
0.003
Published
2024-03-27
CVE-2024-30202
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
CVSS Score
7.8
EPSS Score
0.011
Published
2024-03-25
CVE-2024-30203
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
CVSS Score
5.5
EPSS Score
0.006
Published
2024-03-25
CVE-2024-30204
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVSS Score
2.8
EPSS Score
0.005
Published
2024-03-25
CVE-2024-30205
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
CVSS Score
7.1
EPSS Score
0.005
Published
2024-03-25
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
CVSS Score
4.9
EPSS Score
0.009
Published
2024-02-29
CVE-2024-1048
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
CVSS Score
3.3
EPSS Score
0.003
Published
2024-02-06
CVE-2024-0911
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
CVSS Score
5.5
EPSS Score
0.003
Published
2024-02-06
CVE-2024-0684
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
CVSS Score
5.5
EPSS Score
0.005
Published
2024-02-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved