AlmaLinux 9 : tar (ALSA-2023:0959)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:0959 advisory. - GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of...

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function and bound to C-c C-f. Inside the function the external command gem is called through shell-command-to-string but the feature-name parameters are not escaped. Thus malicious Ruby source files may cause commands to be executed.

...

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function the parameter file and parameter srcdir come from external input and parameters are not escaped. If a file name or directory name contains shell metacharacters code may be executed.

...

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

FreeBSD : emacs -- multiple vulnerabilities (a75929bd-b6a4-11ed-bad6-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a75929bd-b6a4-11ed-bad6-080027f5fec9 advisory. - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the...

Debian DSA-5360-1 : emacs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5360 advisory. Xi Lu discovered that missing input sanitising in Emacs in etags, the Ruby mode and htmlfontify could result in the execution of arbitrary shell commands. For the...

DEBIAN-CVE-2022-3219

GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached, compressed down to just a few KB...

UBUNTU-CVE-2022-3219

GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached, compressed down to just a few KB...

Fedora: Security Advisory for golang-oras-2 (FEDORA-2023-4e2068ba5d)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

SUSE CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...

RLSA-2023:0842 Moderate: tar security update

The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 For more details about the security issues, including the impact, a CVSS score,...

tar security update

An update is available for tar. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GNU tar program can save multiple files in an archive and restore files from ...

Rocky Linux 8 : tar (RLSA-2023:0842)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0842 advisory. - GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of...

K15423: GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468

Security Advisory Description GNU Libtasn1 has been cited with the following vulnerabilities, which may be exploitable on some F5 products: CVE-2014-3467 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denia...

K11274054: GNU C Library vulnerability CVE-2018-6551

Security Advisory Description The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller...

K52494142: GNU C Library (glibc) vulnerability CVE-2016-10228

Security Advisory Description The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leadi...

K55031185: demangler in GNU Libiberty vulnerability CVE-2016-6131

Security Advisory Description The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of remembered mangled types. CVE-2016-6131 Impact There is no impact; F5 products are not affected by this...

K38481791: glibc vulnerability CVE-2020-10029

Security Advisory Description The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. Th...

K52513065: BinUtils vulnerabilities CVE-2018-6759 and CVE-2018-6872

Security Advisory Description CVE-2018-6759 The bfdgetdebuglinkinfo1 function in opncls.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service...