14 matches found
EUVD-2023-31711
Malicious code in bioql PyPI...
📄 Malicious XDG Desktop File
This Metasploit module creates a malicious XDG Desktop .desktop file. On most modern systems, desktop files are not trusted by default. The user will receive a warning prompt that the file is not trusted when running the file, but may choose to run the file anyway. The default file manager...
Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-134)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-134 advisory. emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry...
Shell Command Injection
emacs is vulnerable to Shell Command Injection. An attacker can inject and execute malicious code through the crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification...
CVE-2023-27985
A flaw was found in the Emacs text editor. When opened with emacsclient-mail.desktop, a crafted mailto URI can result in shell command injection due to lack of compliance with the Desktop Entry Specification...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
Command injection
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
CVE-2023-27985 affects Emacs up to version 28.2, specifically emacsclient-mail.desktop, where a crafted mailto: URI enables shell command injections due to Desktop Entry Specification noncompliance. The issue is documented as fixed in Emacs 29.0.90. Affected products/versions inferred from multip...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...