Search CVE reports
21 – 29 of 29 results
Some fixes available 15 of 25
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
4 affected packages
emacs21, emacs22, emacs23, xemacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs21 | — | — | — | — |
| emacs22 | — | — | — | — |
| emacs23 | — | — | — | — |
| xemacs21 | — | — | — | — |
Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a...
1 affected package
xemacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xemacs21 | — | — | — | — |
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
2 affected packages
emacs21, emacs22
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs21 | — | — | — | — |
| emacs22 | — | — | — | — |
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
3 affected packages
emacs21, emacs22, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs21 | — | — | — | — |
| emacs22 | — | — | — | — |
| xemacs21-packages | — | — | — | — |
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
3 affected packages
emacs21, emacs22, xemacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs21 | — | — | — | — |
| emacs22 | — | — | — | — |
| xemacs21 | — | — | — | — |
Some fixes available 5 of 6
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to...
3 affected packages
emacs21, emacs22, xemacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs21 | — | — | — | — |
| emacs22 | — | — | — | — |
| xemacs21 | — | — | — | — |
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended...
2 affected packages
emacs21, emacs22
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs21 | — | — | — | — |
| emacs22 | — | — | — | — |
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
1 affected package
emacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs21 | — | — | — | — |
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
2 affected packages
emacs21, xemacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs21 | — | — | — | — |
| xemacs21 | — | — | — | — |