CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48338 – emacs: local command injection in ruby-mode.el
https://notcve.org/view.php?id=CVE-2022-48338
20 Feb 2023 — An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48339 – emacs: command injection vulnerability in htmlfontify.el
https://notcve.org/view.php?id=CVE-2022-48339
20 Feb 2023 — An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48337 – emacs: command execution via shell metacharacters
https://notcve.org/view.php?id=CVE-2022-48337
20 Feb 2023 — GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell met... • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 1CVE-2023-0361 – gnutls: timing side-channel in the TLS RSA key exchange code
https://notcve.org/view.php?id=CVE-2023-0361
10 Feb 2023 — A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over tha... • https://access.redhat.com/security/cve/CVE-2023-0361 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46663 – less: crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal
https://notcve.org/view.php?id=CVE-2022-46663
07 Feb 2023 — In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. A vulnerability was found in less. This flaw allows crafted data to result in "less -R" not filtering ANSI escape sequences sent to the terminal. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4... • http://www.greenwoodsoftware.com/less/news.609.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0687
https://notcve.org/view.php?id=CVE-2023-0687
06 Feb 2023 — A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. • https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo%40yuriev.ru • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25139
https://notcve.org/view.php?id=CVE-2023-25139
03 Feb 2023 — sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. • http://www.openwall.com/lists/oss-security/2023/02/10/1 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-48303 – tar: heap buffer overflow at from_header() in list.c via specially crafted checksum
https://notcve.org/view.php?id=CVE-2022-48303
30 Jan 2023 — GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-4285 – binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault
https://notcve.org/view.php?id=CVE-2022-4285
27 Jan 2023 — An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. Se encontró una falla de acceso ilegal a la memoria en el paquete binutils. El parseo de un archivo ELF que contiene información de versión de símbolo corrupta puede resultar en una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2150768 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-3715 – bash: a heap-buffer-overflow in valid_parameter_transform
https://notcve.org/view.php?id=CVE-2022-3715
05 Jan 2023 — A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. Se encontró una falla en el paquete bash, donde puede ocurrir un desbordamiento del búfer de almacenamiento dinámico en el parámetro_transform válido. Este problema puede provocar problemas de memoria. A flaw was found in the bash package, where a heap-buffer overflow can occur in valid_parameter_transform. • https://bugzilla.redhat.com/show_bug.cgi?id=2126720 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •