A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NDebian
OSDebian11.0Gnome Yelp
APPGnome42.2-8Red Hat Codeready Linux Builder
APPRedhat8.09.0Red Hat Codeready Linux Builder For Arm64
APPRedhat8.0_aarch649.0_aarch64Red Hat Codeready Linux Builder For Arm64 Eus
APPRedhat8.8_aarch649.2_aarch649.4_aarch649.6_aarch64Red Hat Codeready Linux Builder For Eus
APPRedhat8.89.29.4Red Hat Codeready Linux Builder For IBM Z Systems
APPRedhat8.0_s390x9.0_s390xRed Hat Codeready Linux Builder For IBM Z Systems Eus
APPRedhat8.8_s390x9.2_s390x9.4_s390x9.6_s390xRed Hat Codeready Linux Builder For Power Little Endian
APPRedhat8.0_ppc64le9.0_ppc64leRed Hat Codeready Linux Builder For Power Little Endian Eus
APPRedhat8.8_ppc64le9.2_ppc64le9.4_ppc64le9.6_ppc64leRed Hat Enterprise Linux
OSRedhat8.09.0Red Hat Enterprise Linux Eus
OSRedhat9.29.49.6Red Hat Enterprise Linux For Arm 64
OSRedhat8.08.8_aarch649.0_aarch649.2_aarch64Red Hat Enterprise Linux For Arm 64 Eus
OSRedhat9.4_aarch649.6_aarch64Red Hat Enterprise Linux For IBM Z Systems
OSRedhat8.0_s390x9.0_s390xRed Hat Enterprise Linux For IBM Z Systems Eus
OSRedhat8.8_s390x9.2_s390x9.4_s390x9.6_s390xRed Hat Enterprise Linux For Power Little Endian
OSRedhat8.0_ppc64le9.0_ppc64leRed Hat Enterprise Linux For Power Little Endian Eus
OSRedhat8.8_ppc64le9.2_ppc64le9.4_ppc64le9.6_ppc64leRed Hat Enterprise Linux Server Aus
OSRedhat8.28.48.69.29.49.6Red Hat Enterprise Linux Server Tus
OSRedhat8.48.68.8Red Hat Enterprise Linux Update Services For Sap Solutions
OSRedhat8.48.68.89.09.29.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Referencje
Powiązane podatności
CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki