VYPR
Vendor

Emacs

Products
5
CVEs
10
Across products
10
Status
Private

Products

5

Recent CVEs

10
  • CVE-2024-39331Jun 23, 2024
    risk 0.00cvss epss 0.01

    In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

  • CVE-2024-30203Mar 25, 2024
    risk 0.00cvss epss 0.01

    In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

  • CVE-2024-30205Mar 25, 2024
    risk 0.00cvss epss 0.00

    In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

  • CVE-2024-30202Mar 25, 2024
    risk 0.00cvss epss 0.01

    In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

  • CVE-2023-28617Mar 19, 2023
    risk 0.00cvss epss 0.00

    org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

  • CVE-2008-4952Nov 5, 2008
    risk 0.00cvss epss 0.00

    emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.

  • CVE-2008-1694Apr 22, 2008
    risk 0.00cvss epss 0.00

    vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2007-5377Oct 12, 2007
    risk 0.00cvss epss 0.00

    The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2005-0100Feb 7, 2005
    risk 0.00cvss epss 0.04

    Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

  • CVE-2000-0270Apr 18, 2000
    risk 0.00cvss epss 0.00

    The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.