CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0395 – Ubuntu Security Notice USN-7259-1
https://notcve.org/view.php?id=CVE-2025-0395
22 Jan 2025 — When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. USN-7259-1 fixed a vulnerability in GNU C Library. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that GNU C Library incorrectly handled memory when using the assert function. An attacker could possibly use this iss... • https://sourceware.org/bugzilla/show_bug.cgi?id=32582 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56737
https://notcve.org/view.php?id=CVE-2024-56737
29 Dec 2024 — GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. • https://savannah.gnu.org/bugs/?66599 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56738
https://notcve.org/view.php?id=CVE-2024-56738
29 Dec 2024 — GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. • https://savannah.gnu.org/bugs/?66603 • CWE-208: Observable Timing Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53920
https://notcve.org/view.php?id=CVE-2024-53920
27 Nov 2024 — In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) • https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10524 – GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
https://notcve.org/view.php?id=CVE-2024-10524
19 Nov 2024 — Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. • https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2024-39331 – emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
https://notcve.org/view.php?id=CVE-2024-39331
23 Jun 2024 — In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. En Emacs anterior a 29.4, org-link-expand-abbrev en lisp/ol.el expande una abreviatura de enlace %(...) incluso cuando especifica una función no segura, como shell-command-to-string. Esto afecta al modo de organización anterior a 9.7.5. A flaw was found in Emacs. • https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38448
https://notcve.org/view.php?id=CVE-2024-38448
16 Jun 2024 — htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. htags en GNU Global hasta 6.6.12 permite la ejecución de código en situaciones en las que dbpath (también conocido como -d) no es de confianza, porque se pueden usar metacaracteres de shell. • https://cvs.savannah.gnu.org/viewvc/global/global/htags/htags.c?revision=1.236&view=markup • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 0%CPEs: 23EXPL: 0CVE-2024-38428 – wget: Misinterpretation of input may lead to improper behavior
https://notcve.org/view.php?id=CVE-2024-38428
16 Jun 2024 — url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. url.c en GNU Wget hasta 1.24.5 maneja mal los puntos y comas en el subcomponente de información de usuario de un URI y, por lo tanto, puede haber un comportamiento inseguro en el que los datos que se suponía que estaban en el subcomponente de información d... • https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace • CWE-115: Misinterpretation of Input CWE-436: Interpretation Conflict •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36600 – Ubuntu Security Notice USN-6855-1
https://notcve.org/view.php?id=CVE-2024-36600
14 Jun 2024 — Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. La vulnerabilidad de desbordamiento de búfer en libcdio v2.1.0 permite a un atacante ejecutar código arbitrario a través de un archivo de imagen ISO 9660 manipulado. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or po... • https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2024-5742 – Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
https://notcve.org/view.php?id=CVE-2024-5742
12 Jun 2024 — A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. Se encontró una vulnerabilidad en GNU Nano que permite una posible escalada de privilegios a través de un archivo temporal inseguro. Si Nano muere mientras edita, un archivo que guarda... • https://access.redhat.com/security/cve/CVE-2024-5742 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •