Search CVE reports


Toggle filters

11 – 20 of 21 results


CVE-2022-48339

Medium priority

Some fixes available 4 of 23

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-48338

Medium priority

Some fixes available 1 of 20

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Not affected Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not affected Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-48337

Medium priority

Some fixes available 4 of 23

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-45939

Medium priority

Some fixes available 4 of 23

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2017-1000383

Low priority
Ignored

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the...

3 affected packages

emacs23, emacs24, emacs25

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs23 Not in release Not in release
emacs24 Not in release Ignored
emacs25 Ignored Not in release
Show less packages

CVE-2017-14482

Medium priority

Some fixes available 3 of 4

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe...

3 affected packages

emacs23, emacs24, emacs25

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs23 Not in release Not in release
emacs24 Not in release Fixed
emacs25 Not affected Not in release
Show less packages

CVE-2014-9483

Negligible priority
Not affected

Emacs 24.4 allows remote attackers to bypass security restrictions.

3 affected packages

emacs23, emacs24, emacs25

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs23 Not in release Not in release
emacs24 Not in release Not affected
emacs25 Not affected Not in release
Show less packages

CVE-2014-3424

Medium priority
Ignored

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

7 affected packages

emacs22, emacs23, emacs24, emacs25, emacs-snapshot...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs22 Not in release Not in release
emacs23 Not in release Not in release
emacs24 Not in release Not affected
emacs25 Not affected Not in release
emacs-snapshot Not in release Not in release
xemacs21 Not affected Not affected
xemacs21-packages Not affected Not affected
Show all 7 packages Show less packages

CVE-2014-3423

Negligible priority
Ignored

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

7 affected packages

emacs22, emacs23, emacs24, emacs25, emacs-snapshot...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs22 Not in release Not in release
emacs23 Not in release Not in release
emacs24 Not in release Not affected
emacs25 Not affected Not in release
emacs-snapshot Not in release Not in release
xemacs21 Not affected Not affected
xemacs21-packages Not affected Not affected
Show all 7 packages Show less packages

CVE-2014-3422

Medium priority
Ignored

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

7 affected packages

emacs22, emacs23, emacs24, emacs25, emacs-snapshot...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs22 Not in release Not in release
emacs23 Not in release Not in release
emacs24 Not in release Not affected
emacs25 Not affected Not in release
emacs-snapshot Not in release Not in release
xemacs21 Not affected Not affected
xemacs21-packages Not affected Not affected
Show all 7 packages Show less packages