Search CVE reports
1 – 10 of 35 results
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a...
5 affected packages
emacs, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Needs evaluation | Needs evaluation | Needs evaluation | — |
| emacs24 | Not in release | Not in release | Not in release | — |
| emacs25 | Not in release | Not in release | Not in release | Needs evaluation |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute...
5 affected packages
emacs, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Needs evaluation | Needs evaluation | Needs evaluation | — |
| emacs24 | Not in release | Not in release | Not in release | — |
| emacs25 | Not in release | Not in release | Not in release | Needs evaluation |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 10 of 28
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Fixed | Fixed | Fixed | — |
| emacs24 | Not in release | Not in release | Not in release | — |
| emacs25 | Not in release | Not in release | Not in release | Fixed |
| org-mode | Fixed | Fixed | Fixed | Fixed |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 8 of 26
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Not affected | Fixed | Fixed | — |
| emacs24 | Not in release | Not in release | Not in release | — |
| emacs25 | Not in release | Not in release | Not in release | Fixed |
| org-mode | Fixed | Fixed | Fixed | Fixed |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 21
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
5 affected packages
emacs, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Not affected | Fixed | Fixed | — |
| emacs24 | Not in release | Not in release | Not in release | — |
| emacs25 | Not in release | Not in release | Not in release | Fixed |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 21
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
5 affected packages
emacs, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Not affected | Fixed | Fixed | — |
| emacs24 | Not in release | Not in release | Not in release | — |
| emacs25 | Not in release | Not in release | Not in release | Fixed |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 27
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Needs evaluation | Needs evaluation | Needs evaluation | — |
| emacs24 | Not in release | Not in release | Not in release | — |
| emacs25 | Not in release | Not in release | Not in release | Needs evaluation |
| org-mode | Fixed | Fixed | Not affected | Not affected |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of...
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | — | Not affected | Not affected | Not in release |
| emacs23 | — | Not in release | Not in release | Not in release |
| emacs24 | — | Not in release | Not in release | Not in release |
| emacs25 | — | Not in release | Not in release | Not affected |
| xemacs21 | — | Not affected | Not affected | Not affected |
| xemacs21-packages | — | Not affected | Not affected | Not affected |
Some fixes available 5 of 31
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
7 affected packages
emacs, emacs23, emacs24, emacs25, org-mode...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Not affected | Fixed | Fixed | Not in release |
| emacs23 | — | Not in release | Not in release | Not in release |
| emacs24 | — | Not in release | Not in release | Not in release |
| emacs25 | — | Not in release | Not in release | Fixed |
| org-mode | Not affected | Fixed | Not affected | Not affected |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emacs | Not affected | Not affected | Not affected | Not in release |
| emacs23 | — | Not in release | Not in release | Not in release |
| emacs24 | — | Not in release | Not in release | Not in release |
| emacs25 | — | Not in release | Not in release | Not affected |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |