Emacs
Products
5- 4 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39331 | 0.00 | — | 0.01 | Jun 23, 2024 | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. | |||
| CVE-2024-30203 | 0.00 | — | 0.01 | Mar 25, 2024 | In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | |||
| CVE-2024-30205 | 0.00 | — | 0.00 | Mar 25, 2024 | In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | |||
| CVE-2024-30202 | 0.00 | — | 0.01 | Mar 25, 2024 | In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | |||
| CVE-2023-28617 | 0.00 | — | 0.00 | Mar 19, 2023 | org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | |||
| CVE-2008-4952 | 0.00 | — | 0.00 | Nov 5, 2008 | emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file. | |||
| CVE-2008-1694 | 0.00 | — | 0.00 | Apr 22, 2008 | vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2007-5377 | 0.00 | — | 0.00 | Oct 12, 2007 | The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2005-0100 | 0.00 | — | 0.04 | Feb 7, 2005 | Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | |||
| CVE-2000-0270 | 0.00 | — | 0.00 | Apr 18, 2000 | The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. |
- CVE-2024-39331Jun 23, 2024risk 0.00cvss —epss 0.01
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
- CVE-2024-30203Mar 25, 2024risk 0.00cvss —epss 0.01
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
- CVE-2024-30205Mar 25, 2024risk 0.00cvss —epss 0.00
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
- CVE-2024-30202Mar 25, 2024risk 0.00cvss —epss 0.01
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
- CVE-2023-28617Mar 19, 2023risk 0.00cvss —epss 0.00
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
- CVE-2008-4952Nov 5, 2008risk 0.00cvss —epss 0.00
emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.
- CVE-2008-1694Apr 22, 2008risk 0.00cvss —epss 0.00
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2007-5377Oct 12, 2007risk 0.00cvss —epss 0.00
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2005-0100Feb 7, 2005risk 0.00cvss —epss 0.04
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
- CVE-2000-0270Apr 18, 2000risk 0.00cvss —epss 0.00
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.