emacs: LaTeX preview is enabled by default for e-mail attachments

A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service...

Element 安全漏洞

Element is a Matrix web collaboration client from Element Open Source. A security vulnerability exists in Element versions prior to 1.11.85, which stems from a failure to check the consistency of thumbnails for attachments, stickers, and images...

PT-2024-34880 · Element · Element Desktop +1

Name of the Vulnerable Software and Affected Versions: Element Web and Desktop versions prior to 1.11.85 Description: The issue concerns the handling of thumbnails for attachments, stickers, and images. Specifically, versions of Element Web and Desktop earlier than 1.11.85 do not check if these...

DEBIAN-CVE-2024-51747

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...

CVE-2024-8378

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

Mastodon 4.1.x < 4.1.3 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.9 or 4.0.x prior to 4.0.5 or 4.1.x prior to 4.1.3. It is, therefore, affected by multiples vulnerabilities : - Verified profile links can be formatted in a misleading way - Denial of...

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been...

WordPress Order Attachments for WooCommerce plugin 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload vulnerability

WordPress Order Attachments for WooCommerce plugin 2.0 - 2.4.1 - Missing Authorization to Authenticated Subscriber+ Limited Arbitrary File Upload vulnerability discovered by luckynoob in WordPress Plugin Order Attachments for WooCommerce versions 2.0 - 2.4.1...

CVE-2024-9756

The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoaaddattachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access...

WordPress plugin Order Attachments for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-9067

The CVE-2024-9067 entry concerns Youzify for WordPress. A missing capability check in the delete_attachment function across versions up to 1.3.0 allows authenticated users with Subscriber+ privileges to modify data by deleting arbitrary attachments. This is a Broken Access Control issue in Youzif...

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2024:0328-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0328-1 advisory. Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security...

OESA-2024-2129 exim security update

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

OESA-2024-2105 exim security update

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

EulerOS Virtualization 2.12.1 : emacs (EulerOS-SA-2024-2303)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 I...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2024-2303)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20240826-17

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service Vulnerability of...

EulerOS Virtualization 2.11.0 : emacs (EulerOS-SA-2024-2190)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 I...

EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2024-2165)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 I...