Gnu: Security Vulnerabilities
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-05-06
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
CVSS Score
7.4
EPSS Score
0.002
Published
2024-05-06
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
CVSS Score
7.6
EPSS Score
0.052
Published
2024-04-11
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-03-27
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVSS Score
2.8
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-03-25
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-02-06
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-02-06