VYPR

Emacs

by GNU

Source repositories

CVEs (33)

  • CVE-2012-3479Aug 25, 2012
    risk 0.00cvss epss 0.04

    lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.

  • CVE-2012-0035Jan 19, 2012
    risk 0.00cvss epss 0.03

    Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

  • CVE-2010-0825Apr 5, 2010
    risk 0.00cvss epss 0.00

    lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

  • CVE-2008-3949Sep 22, 2008
    risk 0.00cvss epss 0.01

    emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

  • CVE-2008-2142May 12, 2008
    risk 0.00cvss epss 0.04

    Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

  • CVE-2008-1694Apr 22, 2008
    risk 0.00cvss epss 0.00

    vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2007-6109Dec 7, 2007
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain…

  • CVE-2007-2833Jun 21, 2007
    risk 0.00cvss epss 0.02

    Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

  • CVE-2005-0100Feb 7, 2005
    risk 0.00cvss epss 0.04

    Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

  • CVE-2001-1301Aug 7, 2001
    risk 0.00cvss epss 0.00

    rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.

  • CVE-2000-0271Apr 18, 2000
    risk 0.00cvss epss 0.00

    read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.

  • CVE-2000-0269Apr 18, 2000
    risk 0.00cvss epss 0.00

    Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.

  • CVE-2000-0270Apr 18, 2000
    risk 0.00cvss epss 0.00

    The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.

Page 2 of 2