Search CVE reports

11 – 20 of 29 results

Detailed view

Sort by:

CVE-2023-2491

Medium priority

Not affected

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs	—	Not affected	Not affected	Not in release
emacs23	—	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release
emacs25	—	Not in release	Not in release	Not affected
xemacs21	—	Not affected	Not affected	Not affected
xemacs21-packages	—	Not affected	Not affected	Not affected

CVE-2022-48339

Medium priority

Some fixes available 4 of 25

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not...

6 affected packages

emacs, xemacs21, xemacs21-packages, emacs23, emacs24, emacs25

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs	Not affected	Fixed	Fixed	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emacs23	—	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release
emacs25	—	Not in release	Not in release	Fixed

CVE-2022-48338

Medium priority

Some fixes available 1 of 22

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c...

6 affected packages

emacs, xemacs21, xemacs21-packages, emacs23, emacs24, emacs25

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs	Not affected	Fixed	Not affected	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emacs23	—	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release
emacs25	—	Not in release	Not in release	Not affected

CVE-2022-48337

Medium priority

Some fixes available 4 of 25

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For...

6 affected packages

emacs, xemacs21, xemacs21-packages, emacs24, emacs25, emacs23

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs	Not affected	Fixed	Fixed	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emacs24	—	Not in release	Not in release	Not in release
emacs25	—	Not in release	Not in release	Fixed
emacs23	—	Not in release	Not in release	Not in release

CVE-2022-45939

Medium priority

Some fixes available 4 of 25

6 affected packages

emacs, xemacs21, xemacs21-packages, emacs23, emacs24, emacs25

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs	Not affected	Fixed	Fixed	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emacs23	—	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release
emacs25	—	Not in release	Not in release	Fixed

CVE-2014-3424

Medium priority

Ignored

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

7 affected packages

emacs-snapshot, emacs22, emacs23, emacs24, emacs25...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs-snapshot	—	—	—	Not in release
emacs22	—	—	—	Not in release
emacs23	—	—	—	Not in release
emacs24	—	—	—	Not in release
emacs25	—	—	—	Not affected
xemacs21	—	—	—	Not affected
xemacs21-packages	—	—	—	Not affected

CVE-2014-3423

Negligible priority

Ignored

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

7 affected packages

emacs22, emacs-snapshot, emacs23, emacs24, emacs25...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs22	—	—	—	Not in release
emacs-snapshot	—	—	—	Not in release
emacs23	—	—	—	Not in release
emacs24	—	—	—	Not in release
emacs25	—	—	—	Not affected
xemacs21	—	—	—	Not affected
xemacs21-packages	—	—	—	Not affected

CVE-2014-3422

Medium priority

Ignored

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

7 affected packages

emacs-snapshot, emacs22, emacs23, emacs24, emacs25...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs-snapshot	—	—	—	Not in release
emacs22	—	—	—	Not in release
emacs23	—	—	—	Not in release
emacs24	—	—	—	Not in release
emacs25	—	—	—	Not affected
xemacs21	—	—	—	Not affected
xemacs21-packages	—	—	—	Not affected

CVE-2014-3421

Medium priority

Vulnerable

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.

7 affected packages

emacs23, emacs24, xemacs21-packages, xemacs21, emacs22...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs23	Not in release	Not in release	Not in release	Not in release
emacs24	Not in release	Not in release	Not in release	Not in release
xemacs21-packages	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xemacs21	Not affected	Not affected	Not affected	Not affected
emacs22	Not in release	Not in release	Not in release	Not in release
emacs-snapshot	Not in release	Not in release	Not in release	Not in release
emacs25	Not in release	Not in release	Not in release	Not affected

CVE-2012-3479

Medium priority

Some fixes available 8 of 15

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute...

6 affected packages

emacs-snapshot, emacs21, emacs22, emacs23, emacs24, xemacs21

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emacs-snapshot	—	—	—	—
emacs21	—	—	—	—
emacs22	—	—	—	—
emacs23	—	—	—	—
emacs24	—	—	—	—
xemacs21	—	—	—	—

Export to JSON

Results by page: