Gnu: Security Vulnerabilities
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVSS Score
2.8
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-03-25
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-02-29
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-02-06
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-02-06
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-02-06
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-02-05
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
CVSS Score
8.4
EPSS Score
0.229
Published
2024-01-31
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
CVSS Score
8.2
EPSS Score
0.006
Published
2024-01-31