Security update for emacs

This update for emacs fixes the following issues: CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. bsc1237091 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:0574-1 Security update for emacs

This update for emacs fixes the following issues: - CVE-2025-1244: improper handling of custom 'man' URI schemes allow for shell command injections. bsc1237091...

GNU Emacs OS Command Injection Vulnerability

GNU Emacs is a family of text editors in the American GNU community. GNU Emacs suffers from an operating system command injection vulnerability that stems from mishandling of the custom "man" URI scheme, which can be exploited to execute arbitrary shell commands...

USN-7268-1: Apache ActiveMQ vulnerabilities

It was discovered that Apache ActiveMQ incorrectly handled authentication. A remote attacker could possibly use this issue to run arbitrary code. CVE-2022-41678 It was discovered that Apache ActiveMQ incorrectly handled deserialization. A remote attacker could possibly use this issue to run...

[SECURITY] [DLA 4047-1] sssd security update

Debian LTS Advisory DLA-4047-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 09, 2025 https://wiki.debian.org/LTS Package : sssd Version : 2.4.1-2+deb11u1 CVE ID : CVE-2021-3621 CVE-2023-3758 Debian Bug : 992710 1070369 Vulnerabilities were found in sssd...

CVE-2022-32534

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands...

CVE-2024-1881

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...

CVE-2024-42360

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...

CVE-2024-42502

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system...

CVE-2024-48419

The CVE-2024-48419 entry concerns the Edimax BR-6476AC router (version 1.06) with a Command Injection vulnerability in /bin/goahead. The issue can be triggered via /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd, allowing an attacker with web interface access to...

PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2

Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...

Exploit for CVE-2024-42327

Zabbix-CVE-2024-42327 RCE PoC...

Exploit for Cross-site Scripting in Melapress Wp_Activity_Log

CVE-2024-10793 PoC Set this lines to your hosts file:...

ABB Cylon Aspect 3.08.01 (servicesUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated blind OS...

CVE-2024-53992 unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload

unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This...

CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...

Joplin 代码注入漏洞

Joplin is an open source note-taking and to-do list application from the individual developer Laurent Cozic. A code injection vulnerability exists in Joplin version 3.0, which stems from improper cleanup of tag attributes that can execute untrusted HTML content within an Electron window, resultin...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-2552)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Gnus treats inline MIME contents as trusted.CVE-2024-30203 In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands ...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...