16 matches found
CentOS 8 : emacs (CESA-2023:1930)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:1930 advisory. - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory nam...
EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2023-2721)
According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a...
EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-2681)
According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or...
Oracle Linux 8 : emacs (ELSA-2023-3104)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3104 advisory. 1:26.1-10.2 - Bump release 1:26.1-10.1 - Bump release 1:26.1-10 - Fix ob-latex.el command injection vulnerability 2180586 1:26.1-9 - Fix MH-E mail composition...
AlmaLinux 8 : emacs (ALSA-2023:3104)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3104 advisory. - A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the org- babel-execute:latex function in ob-latex.el can result in...
CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...
CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...
EulerOS 2.0 SP10 : emacs (EulerOS-SA-2023-1801)
According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or...
Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2023-1801)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Rocky Linux 9 : emacs (RLSA-2023:2074)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:2074 advisory. - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name...
emacs security update
1:26.1-7.1 - Fix ob-latex.el command injection vulnerability 2180585...
RHEL 8 : emacs (RHSA-2023:1915)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1915 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...
Ubuntu 16.04 ESM : Emacs vulnerability (USN-6003-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6003-1 advisory. Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands. Tenable has extracted...
Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-147)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-147 advisory. org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...
Design/Logic Flaw
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...
CVE-2023-28617
CVE-2023-28617 affects Org-Mode's ob-latex.el in GNU Emacs (pre-9.6.1) where org-babel-execute:latex can be triggered to run attacker-controlled commands if a file or directory name contains shell metacharacters. The issue is a code-injection path via shell metacharacters in filenames, leading to...