ISHACK AI BOT

Alma Linux: CVE-2022-48339: Moderate: emacs security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. Solution(s) alma-upgrade-emacs alma-upgrade-emacs-common alma-upgrade-emacs-filesystem alma-upgrade-emacs-lucid alma-upgrade-emacs-nox alma-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2022-48339 CVE - 2022-48339 https://errata.almalinux.org/8/ALSA-2023-7083.html https://errata.almalinux.org/9/ALSA-2023-2626.html

Alma Linux: CVE-2022-48337: Moderate: emacs security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/30/2025 Description GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. Solution(s) alma-upgrade-emacs alma-upgrade-emacs-common alma-upgrade-emacs-filesystem alma-upgrade-emacs-lucid alma-upgrade-emacs-nox alma-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2022-48337 CVE - 2022-48337 https://errata.almalinux.org/8/ALSA-2023-7083.html https://errata.almalinux.org/9/ALSA-2023-2626.html

Huawei EulerOS: CVE-2022-48337: emacs security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. Solution(s) huawei-euleros-2_0_sp8-upgrade-emacs-common huawei-euleros-2_0_sp8-upgrade-emacs-filesystem huawei-euleros-2_0_sp8-upgrade-emacs-nox References https://attackerkb.com/topics/cve-2022-48337 CVE - 2022-48337 EulerOS-SA-2023-3124

Alma Linux: CVE-2023-0616: Important: thunderbird security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/30/2025 Description If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. Solution(s) alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-0616 CVE - 2023-0616 https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-0767: Important: nss security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-nspr alma-upgrade-nspr-devel alma-upgrade-nss alma-upgrade-nss-devel alma-upgrade-nss-softokn alma-upgrade-nss-softokn-devel alma-upgrade-nss-softokn-freebl alma-upgrade-nss-softokn-freebl-devel alma-upgrade-nss-sysinit alma-upgrade-nss-tools alma-upgrade-nss-util alma-upgrade-nss-util-devel alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/8/ALSA-2023-1252.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html https://errata.almalinux.org/9/ALSA-2023-1368.html View more

Alma Linux: CVE-2023-25746: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25746 CVE - 2023-25746 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-25744: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25744 CVE - 2023-25744 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-25743: Important: firefox security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25743 CVE - 2023-25743 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-25742: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25742 CVE - 2023-25742 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-25739: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25739 CVE - 2023-25739 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-25737: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25737 CVE - 2023-25737 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-25735: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25735 CVE - 2023-25735 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-25732: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25732 CVE - 2023-25732 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-25730: Important: firefox security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25730 CVE - 2023-25730 https://errata.almalinux.org/8/ALSA-2023-0808.html https://errata.almalinux.org/8/ALSA-2023-0821.html https://errata.almalinux.org/9/ALSA-2023-0810.html https://errata.almalinux.org/9/ALSA-2023-0824.html

Alma Linux: CVE-2023-24998: Moderate: tomcat security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. Solution(s) alma-upgrade-tomcat alma-upgrade-tomcat-admin-webapps alma-upgrade-tomcat-docs-webapp alma-upgrade-tomcat-el-3.0-api alma-upgrade-tomcat-jsp-2.3-api alma-upgrade-tomcat-lib alma-upgrade-tomcat-servlet-4.0-api alma-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-24998 CVE - 2023-24998 https://errata.almalinux.org/8/ALSA-2023-7065.html https://errata.almalinux.org/9/ALSA-2023-6570.html

Oracle Linux: CVE-2023-27561: ELSA-2023-6380:runc security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 02/20/2023 Created 07/21/2023 Added 07/20/2023 Modified 01/07/2025 Description runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2023-27561 CVE - 2023-27561 ELSA-2023-6380 ELSA-2023-6938 ELSA-2023-12579 ELSA-2023-12578 ELSA-2023-6939

CentOS Linux: CVE-2023-0616: Important: thunderbird security update (CESA-2023:0817) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. Solution(s) centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-0616

Oracle Linux: CVE-2023-24998: ELSA-2023-6570:tomcat security and bug fix update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/20/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/28/2024 Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform. Solution(s) oracle-linux-upgrade-tomcat oracle-linux-upgrade-tomcat-admin-webapps oracle-linux-upgrade-tomcat-docs-webapp oracle-linux-upgrade-tomcat-el-3-0-api oracle-linux-upgrade-tomcat-jsp-2-3-api oracle-linux-upgrade-tomcat-lib oracle-linux-upgrade-tomcat-servlet-4-0-api oracle-linux-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-24998 CVE - 2023-24998 ELSA-2023-6570 ELSA-2023-7065

IBM WebSphere Application Server: CVE-2023-24998: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. Solution(s) ibm-was-install-8-5-0-0-ph50863 ibm-was-install-9-0-0-0-ph50863 ibm-was-upgrade-8-5-0-0-8-5-5-24 ibm-was-upgrade-8-5-23-0-0-4-liberty ibm-was-upgrade-9-0-0-0-9-0-5-16 References https://attackerkb.com/topics/cve-2023-24998 CVE - 2023-24998

Huawei EulerOS: CVE-2022-48339: emacs security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. Solution(s) huawei-euleros-2_0_sp9-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2022-48339 CVE - 2022-48339 EulerOS-SA-2023-1865

Huawei EulerOS: CVE-2022-48337: emacs security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/30/2025 Description GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. Solution(s) huawei-euleros-2_0_sp9-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2022-48337 CVE - 2022-48337 EulerOS-SA-2023-1865

SUSE: CVE-2023-25732: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-25732 CVE - 2023-25732

Huawei EulerOS: CVE-2023-24998: tomcat security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. Solution(s) huawei-euleros-2_0_sp8-upgrade-tomcat huawei-euleros-2_0_sp8-upgrade-tomcat-admin-webapps huawei-euleros-2_0_sp8-upgrade-tomcat-el-3.0-api huawei-euleros-2_0_sp8-upgrade-tomcat-jsp-2.3-api huawei-euleros-2_0_sp8-upgrade-tomcat-lib huawei-euleros-2_0_sp8-upgrade-tomcat-servlet-4.0-api References https://attackerkb.com/topics/cve-2023-24998 CVE - 2023-24998 EulerOS-SA-2023-1612

Huawei EulerOS: CVE-2022-48339: emacs security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. Solution(s) huawei-euleros-2_0_sp11-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2022-48339 CVE - 2022-48339 EulerOS-SA-2023-2288

Red Hat: CVE-2023-25739: ~ScriptLoadContext (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-25739 RHSA-2023:0805 RHSA-2023:0807 RHSA-2023:0808 RHSA-2023:0809 RHSA-2023:0810 RHSA-2023:0812 RHSA-2023:0817 RHSA-2023:0820 RHSA-2023:0821 RHSA-2023:0822 RHSA-2023:0823 RHSA-2023:0824 View more