100 matches found
Command Injection
emacs is vulnerable to Command Injection. An attacker can inject and execute malicious commands via shell metacharacters in the name of a source-code file because etags.c uses the system C library function to implement the etags program...
CVE-2022-48337
A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file...
CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...
CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...
CVE-2022-48337
CVE-2022-48337 affects GNU Emacs up to 28.2. The issue arises from the etags implementation in lib-src/etags.c, which uses the system C library function and does not sanitize input, enabling command execution via shell metacharacters in source-file names (for example, using etags -u * in a direct...
SUSE CVE-2022-4885
A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The...
EulerOS 2.0 SP10 : emacs (EulerOS-SA-2023-1382)
According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...
Updated emacs packages fix security vulnerability
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
MGASA-2022-0457 Updated emacs packages fix security vulnerability
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
emacs -- arbitary shell command execution vulnerability of ctags
lu4nx reports: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggeste...
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
CVE-2022-43255
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gfodfnewiod at odf/odfcode.c...
ALPINE-CVE-2022-25310
A segmentation fault SEGV flaw was found in the Fribidi package and affects the fribidiremovebidimarks function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service...
CVE-2021-44967
A Remote Code Execution RCE vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be...
LimeSurvey 代码问题漏洞
LimeSurvey PHPSurveyor is an open source online questionnaire program from the LimeSurvey team that supports survey program development, survey posting, and data collection. LimeSurvey 5.2.4 suffers from a code issue vulnerability that allows remote malicious users to upload arbitrary PHP code...
CVE-2021-44967
A Remote Code Execution RCE vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be...
CVE-2021-44967
LimeSurvey 5.2.4 is affected by a Remote Code Execution (RCE) via the Upload & Install Plugins function. The vulnerability allows a remote authenticated user to upload an arbitrary PHP code file and execute it on the server (e.g., a reverse shell), as demonstrated by multiple PoCs/exploits linked...
CVE-2021-39596
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function codeparse located in code.c. It allows an attacker to cause Denial of Service...
CVE-2021-39587
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swfDumpABC located in abc.c. It allows an attacker to cause Denial of Service...