Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-108)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-108 advisory. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation o...

Amazon Linux 2023 : cpio (ALAS2023-2023-021)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-021 advisory. GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is...

Amazon Linux 2023 : binutils, binutils-devel, binutils-gprofng (ALAS2023-2023-119)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-119 advisory. In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfdgetl32 when called from the stripmain function in strip-new via a crafted file. CVE-2022-38533 Tenable has extracted...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

CBL Mariner 2.0 Security Update: less (CVE-2022-46663)

The version of less installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46663 advisory. - In GNU Less before 609, crafted data can result in less -R not filtering ANSI escape sequences sent to the...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

Design/Logic Flaw

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

CVE-2023-28617 affects Org-Mode's ob-latex.el in GNU Emacs (pre-9.6.1) where org-babel-execute:latex can be triggered to run attacker-controlled commands if a file or directory name contains shell metacharacters. The issue is a code-injection path via shell metacharacters in filenames, leading to...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

Ubuntu 16.04 ESM : Emacs vulnerability (USN-5955-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5955-1 advisory. It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a...

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Fedora: Security Advisory for libindi (FEDORA-2023-a5e10b188a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for siril (FEDORA-2023-a5e10b188a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for containerd (FEDORA-2023-cd000ea847)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

...

SUSE SLES15 Security Update : emacs (SUSE-SU-2023:0675-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0675-1 advisory. - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

GNU Emacs 代码注入漏洞

GNU Emacs is a family of text editors in the American GNU community. A code injection vulnerability exists in GNU Emacs versions 28.1 through 28.2, which stems from the fact that emacsclient-mail.desktop is susceptible to Emacs Lisp code injection attacks...