org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

...

MiniDVBLinux 5.4 - Arbitrary File Read

Exploit Title: MiniDVBLinux 5.4 - Arbitrary File Read Exploit Author: LiquidWorm !/usr/bin/env python3 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers ...

[SECURITY] Fedora 38 Update: tar-1.34-8.fc38

The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive...

Fedora: Security Advisory for tar (FEDORA-2023-f72d3caf36)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : tar (2023-f72d3caf36)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f72d3caf36 advisory. Fix for CVE-2022-48303 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-1582)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-1572)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...

[SECURITY] Fedora 37 Update: tar-1.34-6.fc37

The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive...

Fedora 37 : tar (2023-123778d70d)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-123778d70d advisory. Fix for CVE-2022-48303 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2023-1582)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for tar (FEDORA-2023-123778d70d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : cpp, gcc, gcc-c++ (ALAS2023-2023-145)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-145 advisory. libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangleconst, as demonstrated by nm-new. CVE-2022-27943 Tenable has extracted the preceding description block directly from the...

Important: gzip

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command...

Important: xz

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Medium: cpio

Issue Overview: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the ...

Amazon Linux AMI : tar (ALAS-2023-1704)

The version of tar installed on the remote host is prior to 1.26-31.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1704 advisory. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitati...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

Amazon Linux 2023 : less (ALAS2023-2023-123)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-123 advisory. 2024-02-29: CVE-2022-48624 was added to this advisory. In GNU Less before 609, crafted data can result in less -R not filtering ANSI escape sequences sent to the terminal. CVE-2022-46663...

Amazon Linux 2023 : xz, xz-devel, xz-libs (ALAS2023-2023-042)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-042 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...