The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2863 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has a package installed that is affected by a vulnerability as referenced in the USN-5820-1 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2863 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of ctags installed on the remote host is prior to 5.8-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2343 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3254 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0224-1 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0225-1 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of ctags installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4515 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2863 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2863 advisory.

  - ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
176309	Oracle Linux 8 : ctags (ELSA-2023-2863)	Nessus	Oracle Linux Local Security Checks	5/24/2023	5/24/2023	high
170473	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : exuberant-ctags vulnerability (USN-5820-1)	Nessus	Ubuntu Local Security Checks	1/24/2023	10/16/2023	high
176178	AlmaLinux 8 : ctags (ALSA-2023:2863)	Nessus	Alma Linux Local Security Checks	5/21/2023	5/21/2023	high
185785	Amazon Linux 2 : ctags (ALAS-2023-2343)	Nessus	Amazon Linux Local Security Checks	11/15/2023	11/16/2023	high
169439	Debian DLA-3254-1 : exuberant-ctags - LTS security update	Nessus	Debian Local Security Checks	12/31/2022	9/11/2023	high
170943	SUSE SLES12 Security Update : ctags (SUSE-SU-2023:0224-1)	Nessus	SuSE Local Security Checks	2/2/2023	7/14/2023	high
170945	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ctags (SUSE-SU-2023:0225-1)	Nessus	SuSE Local Security Checks	2/2/2023	7/14/2023	high
172947	CBL Mariner 2.0 Security Update: ctags (CVE-2022-4515)	Nessus	MarinerOS Local Security Checks	3/20/2023	8/29/2023	high
175886	CentOS 8 : ctags (CESA-2023:2863)	Nessus	CentOS Local Security Checks	5/16/2023	5/16/2023	high
175903	RHEL 8 : ctags (RHSA-2023:2863)	Nessus	Red Hat Local Security Checks	5/17/2023	4/28/2024	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high