938 matches found
Important: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme CVE-2025-1244 For...
Important: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme CVE-2025-1244 For...
[slackware-security] emacs
New emacs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/emacs-30.1-i586-1slack15.0.txz: Upgraded. This update fixes two security issues: Fix shell injection vulnerability in man.el...
FreeBSD : Emacs -- Arbitrary code execution vulnerability (e60e538f-e795-4a00-b475-cc85a7546e00)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e60e538f-e795-4a00-b475-cc85a7546e00 advisory. A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes...
Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
...
Security update for emacs
This update for emacs fixes the following issues: CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. bsc1237091 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for emacs
This update for emacs fixes the following issues: CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. bsc1237091 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
CVE-2025-1244 Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
CVE-2025-1244 Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
Emacs -- Arbitrary code execution vulnerability
Problem Description A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes. Impact Initially considered low severity, as it required user interaction with local files, it was later discovered that an attacker could exploit this vulnerability by...
CVE-2024-41815
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...
Emacs -- Shell injection vulnerability
Problem Description: An Emacs user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable...
PT-2024-35222 · Openai · Openai Gpt-4
Name of the Vulnerable Software and Affected Versions: Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation versions n/a through 2.4.9 Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a we...
CVE-2024-47608 Logicytics vulnerable to shell injections
Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2...
CVE-2024-47608
CVE-2024-47608 applies to Logicytics, a data-harvesting/forensic-analysis tool. Connected sources confirm a shell/OS command injection vulnerability in versions prior to 2.3.2, with the root cause being shell injection points that could allow arbitrary command execution on compromised devices. Th...
CVE-2024-47608 Logicytics vulnerable to shell injections
Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2...
Logicytics 操作系统命令注入漏洞
Logicytics is a tool from Shahm Najeeb's personal developer. Designed to carefully gather and collect large amounts of Windows system data for forensic analysis. Logicytics 2.3.1 and earlier versions suffer from an operating system command injection vulnerability that stems from the presence of a...
PT-2024-32669 · Unknown · Logicytics
Name of the Vulnerable Software and Affected Versions: Logicytics versions prior to 2.3.2 Description: Logicytics is designed to harvest and collect data for forensic analysis. It has a basic vulnerability affecting compromised devices from shell injections. Recommendations: For versions prior to...
PT-2024-27087 · Kaon · Kaon Ar2140
Name of the Vulnerable Software and Affected Versions: KAON AR2140 routers versions prior to 4.2.16 Description: The issue is related to a shell command injection vulnerability. It can be exploited by sending a crafted request to one of the endpoints, but access to the administrative portal of th...
CVE-2024-39227
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This...