CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...

CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...

Exploit for Command Injection in Sophos Web_Appliance

Сve-2023-1671 How does cve-2023-1671https://vulners.com/c...

OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT

Overview Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed by an authenticat...

CVE-2023-2491

The CVE-2023-2491 entry covers a local-privilege style flaw in GNU Emacs affecting org-babel-execute:latex in ob-latex.el (Org Mode). Attackers could trigger arbitrary command execution via specially crafted file/directory names containing shell metacharacters, stemming from a security regression...

CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...

PT-2023-23231 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.0.0p36 Checkmk versions prior to 2.1.0p28 Checkmk versions prior to 2.2.0b8 Description: The issue is related to the improper neutralization of livestatus command delimiters in the RestAPI, allowing arbitrary...

Snap One OvrC Pro 安全漏洞

Snap One OvrC is a free cloud-based remote management and monitoring platform from Snap One USA. A security vulnerability exists in Snap One OvrC Pro prior to version 7.3, which stems from a vulnerability that could allow a user to execute arbitrary commands on a hub device when logged in as a...

CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...

emacs: ctags local command execution vulnerability

A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags...

ctags: arbitrary command execution via a tag file with a crafted filename

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

Moderate: Red Hat Security Advisory: ctags security update

An update for ctags is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2023-31856

Summary: CVE-2023-31856 affects TOTOLINK CP300+ firmware V5.2cu.7594_B20200910. The issue is a command-injection in the hostTime parameter of the function NTPSyncWithHost, exploitable via a crafted HTTP packet. This can allow an attacker to execute arbitrary commands remotely with no user interac...

CentOS 8 : ctags (CESA-2023:2863)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2863 advisory. - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag filename. A crafted tag filename specified in the comma...

PT-2023-7454 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue is related to vulnerabilities in the command line interface of the Aruba EdgeConnect Enterprise platform. These vulnerabilities allow remote authenticated use...

Aruba Networks EdgeConnect 安全漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect Enterprise. An attacker exploiting this vulnerability could run arbitrary commands on the underlying host...

Moderate: ctags security update

Ctags is a C programming language indexing and cross-reference tool. Security Fixes: ctags: arbitrary command execution via a tag file with a crafted filename CVE-2022-4515 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

ALSA-2023:2863 Moderate: ctags security update

Ctags is a C programming language indexing and cross-reference tool. Security Fixes: ctags: arbitrary command execution via a tag file with a crafted filename CVE-2022-4515 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Aruba Networks EdgeConnect Enterprise 安全漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect Enterprise. An attacker exploiting this vulnerability could run arbitrary commands on the underlying host...

Tenda AC23 Command Injection Vulnerability

Tenda AC23 is a dual-band Gigabit wireless router from Tenda China. Tenda AC23 suffers from a command injection vulnerability, which stems from the parameter v2 of the file /bin/ate failing to correctly filter construct command special characters, commands, etc. An attacker can exploit this...