Astra Linux - уязвимость в emacs

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

MiracleLinux 7 : emacs-24.3-23.1.0.2.el7.AXS7 (AXSA:2024-8928:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8928:04 advisory. CVE-2022-45939: fix ctags local command injection vulnerability CVEs: CVE-2022-45939 GNU Emacs through 28.2 allows attackers to execute commands via shell...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should...

SUSE-SU-2025:1126-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update to Tomcat 9.0.102 Fixes: + launch with java 17 bsc1239676 Catalina + Fix: Weak etags in the If-Range header should not match as...

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

UBUNTU-CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CLSA-2024-1727287647 emacs: Fix of CVE-2024-48337

CVE-2024-48337: fix etags local command injection vulnerability...

Spring Framework DoS via conditional HTTP request

Description Applications that parse ETags from If-Match or If-None-Match request headers are vulnerable to DoS attack. Affected Spring Products and Versions org.springframework:spring-web in versions 6.1.0 through 6.1.11 6.0.0 through 6.0.22 5.3.0 through 5.3.37 Older, unsupported versions are al...

VMware Spring Framework < 5.3.38, 6.0.x < 6.0.23, 6.1.x < 6.1.12 DoS Vulnerability - Windows

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

emacs: ctags local command execution vulnerability

A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags...

RHEL 8 : emacs (RHSA-2024:1103)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1103 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp,...

Oracle Linux 8 : emacs (ELSA-2023-7083)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7083 advisory. 1:26.1-11 - Bump version Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2023-2068)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

emacs: ctags local command execution vulnerability

A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags...

emacs: ctags local command execution vulnerability

A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command...

SUSE-SU-2023:0675-1 Security update for emacs

This update for emacs fixes the following issues: - CVE-2022-48337: Fixed etags local command injection vulnerability bsc1208515. - CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability bsc1208512...

OESA-2023-1148 emacs security update

Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing,including a project...