CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48338 – emacs: local command injection in ruby-mode.el
https://notcve.org/view.php?id=CVE-2022-48338
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK https://www.debian.org/security/2023/dsa-5360 https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48339 – emacs: command injection vulnerability in htmlfontify.el
https://notcve.org/view.php?id=CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK https://www.debian.org/security/2023/dsa-5360 https://access.redhat.com/security/cve/CVE-2022-48339 https://bugzill • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48337 – emacs: command execution via shell metacharacters
https://notcve.org/view.php?id=CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK https://www.debian.org/security/2023/dsa-5360 https://access.redhat.com/security/cve/CVE-2022-48337 https://bugzill • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 1CVE-2023-0361 – gnutls: timing side-channel in the TLS RSA key exchange code
https://notcve.org/view.php?id=CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. • https://access.redhat.com/security/cve/CVE-2023-0361 https://github.com/tlsfuzzer/tlsfuzzer/pull/679 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ https://lists.fedoraproject.org/archives/list/package& • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46663 – less: crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal
https://notcve.org/view.php?id=CVE-2022-46663
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. A vulnerability was found in less. This flaw allows crafted data to result in "less -R" not filtering ANSI escape sequences sent to the terminal. • http://www.greenwoodsoftware.com/less/news.609.html http://www.openwall.com/lists/oss-security/2023/02/07/7 https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LR7AUWB34JD4PCW3HHASBEDGGHFWPAQP https://security.gentoo.org/glsa/202310-11 https://www.openwall.com/lists/oss-security/2023/02/07/7 https://access.redhat.com/security/cve/CVE-2022-46663 https://bugzilla.redhat.com/show_bug&# •