Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for yelp by gnome

    CVE-2025-3155 (GCVE-0-2025-3155)

    Vulnerability from nvd – Published: 2025-04-03 13:34 – Updated: 2026-06-29 20:36
    VLAI
    Title
    Yelp: arbitrary file read
    Summary
    A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 42.2-8 (rpm)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 2:3.28.1-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.28.0-2.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 2:3.28.1-3.el8_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 2:3.28.1-3.el8_8.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:40.3-2.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 2:40.3-2.el9_0.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 2:40.3-2.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/a:redhat:rhel_eus:9.2::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 2:40.3-2.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3155",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T12:58:45.628086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T12:59:45.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-28T20:03:22.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/04/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/yelp/",
              "defaultStatus": "unaffected",
              "packageName": "yelp",
              "versions": [
                {
                  "lessThan": "42.2-8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.28.0-2.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_0.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/a:redhat:rhel_eus:9.2::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:36:07.629Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4450",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4450"
            },
            {
              "name": "RHSA-2025:4451",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4451"
            },
            {
              "name": "RHSA-2025:4455",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4455"
            },
            {
              "name": "RHSA-2025:4456",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4456"
            },
            {
              "name": "RHSA-2025:4457",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4457"
            },
            {
              "name": "RHSA-2025:4505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4505"
            },
            {
              "name": "RHSA-2025:4532",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4532"
            },
            {
              "name": "RHSA-2025:7430",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7430"
            },
            {
              "name": "RHSA-2025:7569",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7569"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-3155"
            },
            {
              "name": "RHBZ#2357091",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357091"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/yelp/-/issues/221"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:57:56.192Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Yelp: arbitrary file read",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-3155",
        "datePublished": "2025-04-03T13:34:18.878Z",
        "dateReserved": "2025-04-03T02:00:30.674Z",
        "dateUpdated": "2026-06-29T20:36:07.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2008-3533 (GCVE-0-2008-3533)

    Vulnerability from nvd – Published: 2008-08-18 17:15 – Updated: 2024-08-07 09:45
    VLAI
    Summary
    Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugzilla.gnome.org/attachment.cgi?id=115890 x_refsource_CONFIRM
    http://secunia.com/advisories/31465 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/30690 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/31620 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-638-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32629 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://bugs.launchpad.net/ubuntu/+source/yelp/+b… x_refsource_CONFIRM
    http://secunia.com/advisories/31834 third-party-advisoryx_refsource_SECUNIA
    http://bugzilla.gnome.org/show_bug.cgi?id=546364 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/2393 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2008-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:45:18.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"
              },
              {
                "name": "31465",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31465"
              },
              {
                "name": "30690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30690"
              },
              {
                "name": "SUSE-SR:2008:024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"
              },
              {
                "name": "31620",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31620"
              },
              {
                "name": "USN-638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-638-1"
              },
              {
                "name": "32629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32629"
              },
              {
                "name": "yelp-uri-format-string(44449)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"
              },
              {
                "name": "31834",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31834"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"
              },
              {
                "name": "ADV-2008-2393",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2393"
              },
              {
                "name": "FEDORA-2008-7293",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"
              },
              {
                "name": "MDVSA-2008:175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"
            },
            {
              "name": "31465",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31465"
            },
            {
              "name": "30690",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30690"
            },
            {
              "name": "SUSE-SR:2008:024",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"
            },
            {
              "name": "31620",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31620"
            },
            {
              "name": "USN-638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-638-1"
            },
            {
              "name": "32629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32629"
            },
            {
              "name": "yelp-uri-format-string(44449)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"
            },
            {
              "name": "31834",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31834"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"
            },
            {
              "name": "ADV-2008-2393",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2393"
            },
            {
              "name": "FEDORA-2008-7293",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"
            },
            {
              "name": "MDVSA-2008:175",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2008-3533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugzilla.gnome.org/attachment.cgi?id=115890",
                  "refsource": "CONFIRM",
                  "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"
                },
                {
                  "name": "31465",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31465"
                },
                {
                  "name": "30690",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30690"
                },
                {
                  "name": "SUSE-SR:2008:024",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"
                },
                {
                  "name": "31620",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31620"
                },
                {
                  "name": "USN-638-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-638-1"
                },
                {
                  "name": "32629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32629"
                },
                {
                  "name": "yelp-uri-format-string(44449)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"
                },
                {
                  "name": "31834",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31834"
                },
                {
                  "name": "http://bugzilla.gnome.org/show_bug.cgi?id=546364",
                  "refsource": "CONFIRM",
                  "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"
                },
                {
                  "name": "ADV-2008-2393",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2393"
                },
                {
                  "name": "FEDORA-2008-7293",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"
                },
                {
                  "name": "MDVSA-2008:175",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2008-3533",
        "datePublished": "2008-08-18T17:15:00.000Z",
        "dateReserved": "2008-08-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:45:18.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3155 (GCVE-0-2025-3155)

    Vulnerability from cvelistv5 – Published: 2025-04-03 13:34 – Updated: 2026-06-29 20:36
    VLAI
    Title
    Yelp: arbitrary file read
    Summary
    A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 42.2-8 (rpm)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 2:3.28.1-3.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.28.0-2.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 2:3.28.1-3.el8_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 2:3.28.1-3.el8_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 2:3.28.1-3.el8_6.1 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 2:3.28.1-3.el8_8.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/a:redhat:rhel_eus:8.8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:40.3-2.el9_6.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 2:40.3-2.el9_0.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 2:40.3-2.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
        cpe:/a:redhat:rhel_eus:9.2::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 2:40.3-2.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2025-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3155",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T12:58:45.628086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T12:59:45.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-28T20:03:22.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/04/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/yelp/",
              "defaultStatus": "unaffected",
              "packageName": "yelp",
              "versions": [
                {
                  "lessThan": "42.2-8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.28.0-2.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/a:redhat:rhel_eus:8.8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:3.28.1-3.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_6.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_0.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream",
                "cpe:/a:redhat:rhel_eus:9.2::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:40.3-2.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "yelp-xsl",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:36:07.629Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:4450",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4450"
            },
            {
              "name": "RHSA-2025:4451",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4451"
            },
            {
              "name": "RHSA-2025:4455",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4455"
            },
            {
              "name": "RHSA-2025:4456",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4456"
            },
            {
              "name": "RHSA-2025:4457",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4457"
            },
            {
              "name": "RHSA-2025:4505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4505"
            },
            {
              "name": "RHSA-2025:4532",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4532"
            },
            {
              "name": "RHSA-2025:7430",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7430"
            },
            {
              "name": "RHSA-2025:7569",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7569"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-3155"
            },
            {
              "name": "RHBZ#2357091",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357091"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/yelp/-/issues/221"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T01:57:56.192Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Yelp: arbitrary file read",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-3155",
        "datePublished": "2025-04-03T13:34:18.878Z",
        "dateReserved": "2025-04-03T02:00:30.674Z",
        "dateUpdated": "2026-06-29T20:36:07.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2008-3533 (GCVE-0-2008-3533)

    Vulnerability from cvelistv5 – Published: 2008-08-18 17:15 – Updated: 2024-08-07 09:45
    VLAI
    Summary
    Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugzilla.gnome.org/attachment.cgi?id=115890 x_refsource_CONFIRM
    http://secunia.com/advisories/31465 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/30690 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/31620 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-638-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32629 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://bugs.launchpad.net/ubuntu/+source/yelp/+b… x_refsource_CONFIRM
    http://secunia.com/advisories/31834 third-party-advisoryx_refsource_SECUNIA
    http://bugzilla.gnome.org/show_bug.cgi?id=546364 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/2393 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2008-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:45:18.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"
              },
              {
                "name": "31465",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31465"
              },
              {
                "name": "30690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30690"
              },
              {
                "name": "SUSE-SR:2008:024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"
              },
              {
                "name": "31620",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31620"
              },
              {
                "name": "USN-638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-638-1"
              },
              {
                "name": "32629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32629"
              },
              {
                "name": "yelp-uri-format-string(44449)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"
              },
              {
                "name": "31834",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31834"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"
              },
              {
                "name": "ADV-2008-2393",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2393"
              },
              {
                "name": "FEDORA-2008-7293",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"
              },
              {
                "name": "MDVSA-2008:175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"
            },
            {
              "name": "31465",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31465"
            },
            {
              "name": "30690",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30690"
            },
            {
              "name": "SUSE-SR:2008:024",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"
            },
            {
              "name": "31620",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31620"
            },
            {
              "name": "USN-638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-638-1"
            },
            {
              "name": "32629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32629"
            },
            {
              "name": "yelp-uri-format-string(44449)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"
            },
            {
              "name": "31834",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31834"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"
            },
            {
              "name": "ADV-2008-2393",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2393"
            },
            {
              "name": "FEDORA-2008-7293",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"
            },
            {
              "name": "MDVSA-2008:175",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2008-3533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugzilla.gnome.org/attachment.cgi?id=115890",
                  "refsource": "CONFIRM",
                  "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"
                },
                {
                  "name": "31465",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31465"
                },
                {
                  "name": "30690",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30690"
                },
                {
                  "name": "SUSE-SR:2008:024",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"
                },
                {
                  "name": "31620",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31620"
                },
                {
                  "name": "USN-638-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-638-1"
                },
                {
                  "name": "32629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32629"
                },
                {
                  "name": "yelp-uri-format-string(44449)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"
                },
                {
                  "name": "31834",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31834"
                },
                {
                  "name": "http://bugzilla.gnome.org/show_bug.cgi?id=546364",
                  "refsource": "CONFIRM",
                  "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"
                },
                {
                  "name": "ADV-2008-2393",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2393"
                },
                {
                  "name": "FEDORA-2008-7293",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"
                },
                {
                  "name": "MDVSA-2008:175",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2008-3533",
        "datePublished": "2008-08-18T17:15:00.000Z",
        "dateReserved": "2008-08-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:45:18.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }