Search CVE reports
11 – 20 of 27 results
CVE-2022-48338
Medium prioritySome fixes available 1 of 18
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c...
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs | Not affected | Fixed | Not affected | Not in release | Ignored |
| emacs23 | — | Not in release | Not in release | Not in release | Not in release |
| emacs24 | — | Not in release | Not in release | Not in release | Not affected |
| emacs25 | — | Not in release | Not in release | Not affected | Not in release |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-48337
Medium prioritySome fixes available 4 of 21
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For...
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs | Not affected | Fixed | Fixed | Not in release | Ignored |
| emacs23 | — | Not in release | Not in release | Not in release | Not in release |
| emacs24 | — | Not in release | Not in release | Not in release | Fixed |
| emacs25 | — | Not in release | Not in release | Fixed | Not in release |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-45939
Medium prioritySome fixes available 4 of 21
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For...
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs | Not affected | Fixed | Fixed | Not in release | Ignored |
| emacs23 | — | Not in release | Not in release | Not in release | Not in release |
| emacs24 | — | Not in release | Not in release | Not in release | Fixed |
| emacs25 | — | Not in release | Not in release | Fixed | Not in release |
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2014-3424
Medium prioritylisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
7 affected packages
emacs-snapshot, emacs22, emacs23, emacs24, emacs25...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs-snapshot | — | — | — | Not in release | Not in release |
| emacs22 | — | — | — | Not in release | Not in release |
| emacs23 | — | — | — | Not in release | Not in release |
| emacs24 | — | — | — | Not in release | Not affected |
| emacs25 | — | — | — | Not affected | Not in release |
| xemacs21 | — | — | — | Not affected | Not affected |
| xemacs21-packages | — | — | — | Not affected | Not affected |
CVE-2014-3423
Negligible prioritylisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
7 affected packages
emacs-snapshot, emacs22, emacs23, emacs24, emacs25...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs-snapshot | — | — | — | Not in release | Not in release |
| emacs22 | — | — | — | Not in release | Not in release |
| emacs23 | — | — | — | Not in release | Not in release |
| emacs24 | — | — | — | Not in release | Not affected |
| emacs25 | — | — | — | Not affected | Not in release |
| xemacs21 | — | — | — | Not affected | Not affected |
| xemacs21-packages | — | — | — | Not affected | Not affected |
CVE-2014-3422
Medium prioritylisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
7 affected packages
emacs-snapshot, emacs22, emacs23, emacs24, emacs25...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs-snapshot | — | — | — | Not in release | Not in release |
| emacs22 | — | — | — | Not in release | Not in release |
| emacs23 | — | — | — | Not in release | Not in release |
| emacs24 | — | — | — | Not in release | Not affected |
| emacs25 | — | — | — | Not affected | Not in release |
| xemacs21 | — | — | — | Not affected | Not affected |
| xemacs21-packages | — | — | — | Not affected | Not affected |
CVE-2014-3421
Medium prioritylisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
7 affected packages
emacs-snapshot, emacs22, emacs23, emacs24, emacs25...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
| emacs22 | Not in release | Not in release | Not in release | Not in release | Not in release |
| emacs23 | Not in release | Not in release | Not in release | Not in release | Not in release |
| emacs24 | Not in release | Not in release | Not in release | Not in release | Not affected |
| emacs25 | Not in release | Not in release | Not in release | Not affected | Not in release |
| xemacs21 | Not affected | Not affected | Not affected | Not affected | Not affected |
| xemacs21-packages | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2012-3479
Medium prioritySome fixes available 8 of 15
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute...
6 affected packages
emacs-snapshot, emacs21, emacs22, emacs23, emacs24, xemacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs-snapshot | — | — | — | — | — |
| emacs21 | — | — | — | — | — |
| emacs22 | — | — | — | — | — |
| emacs23 | — | — | — | — | — |
| emacs24 | — | — | — | — | — |
| xemacs21 | — | — | — | — | — |
CVE-2010-0825
Medium prioritySome fixes available 15 of 25
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
4 affected packages
emacs21, emacs22, emacs23, xemacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| emacs21 | — | — | — | — | — |
| emacs22 | — | — | — | — | — |
| emacs23 | — | — | — | — | — |
| xemacs21 | — | — | — | — | — |
CVE-2009-2688
Medium priorityMultiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a...
1 affected packages
xemacs21
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xemacs21 | — | — | — | — | — |