A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
Max CVSS
3.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-03-21
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-09-13
Updated
2024-02-19
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Max CVSS
4.3
EPSS Score
0.35%
Published
2021-10-21
Updated
2021-11-05
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
Max CVSS
2.5
EPSS Score
0.05%
Published
2021-02-24
Updated
2022-11-04
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
Max CVSS
3.3
EPSS Score
0.05%
Published
2022-03-10
Updated
2024-01-16
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Max CVSS
4.5
EPSS Score
0.05%
Published
2022-07-06
Updated
2023-09-13
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
Max CVSS
4.3
EPSS Score
0.10%
Published
2020-12-27
Updated
2022-04-26
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
Max CVSS
4.8
EPSS Score
0.25%
Published
2020-12-04
Updated
2021-03-19
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
Max CVSS
4.3
EPSS Score
0.63%
Published
2020-06-24
Updated
2021-11-30
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-11-19
Updated
2022-11-08
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
Max CVSS
4.7
EPSS Score
0.04%
Published
2018-12-26
Updated
2021-11-30
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Max CVSS
4.7
EPSS Score
0.04%
Published
2018-01-04
Updated
2018-01-19
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
Max CVSS
4.0
EPSS Score
0.16%
Published
2017-07-26
Updated
2018-04-12
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.
Max CVSS
4.4
EPSS Score
0.16%
Published
2017-02-24
Updated
2017-07-28
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Max CVSS
3.6
EPSS Score
0.04%
Published
2015-06-02
Updated
2018-10-30
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Max CVSS
3.6
EPSS Score
0.04%
Published
2015-06-02
Updated
2016-12-07
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Max CVSS
4.3
EPSS Score
92.39%
Published
2015-05-12
Updated
2018-10-30
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
Max CVSS
4.7
EPSS Score
0.04%
Published
2017-09-20
Updated
2017-09-27
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-02-12
Updated
2018-10-30
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-02-19
Updated
2023-12-27
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
Max CVSS
4.3
EPSS Score
0.30%
Published
2015-01-21
Updated
2018-10-30
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
Max CVSS
3.6
EPSS Score
0.04%
Published
2014-12-09
Updated
2017-07-01
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Max CVSS
4.3
EPSS Score
0.12%
Published
2015-08-14
Updated
2023-02-13
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Max CVSS
4.6
EPSS Score
0.06%
Published
2014-11-24
Updated
2023-02-13
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
134 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!