Search CVE reports


Toggle filters

1 – 10 of 21 results


CVE-2024-53920

Medium priority
Needs evaluation

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to...

5 affected packages

emacs, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Needs evaluation Needs evaluation Needs evaluation
emacs24 Not in release Not in release Not in release Needs evaluation
emacs25 Not in release Not in release Not in release Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-39331

Medium priority

Some fixes available 5 of 27

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Fixed Fixed Fixed
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Not in release Fixed
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-30205

Medium priority

Some fixes available 4 of 26

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Not in release Fixed
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-30204

Medium priority

Some fixes available 4 of 19

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

5 affected packages

emacs, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Not in release Fixed
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-30203

Medium priority

Some fixes available 4 of 19

In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

5 affected packages

emacs, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Not in release Fixed
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-30202

Medium priority
Needs evaluation

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Needs evaluation Needs evaluation Needs evaluation
emacs24 Not in release Not in release Not in release Needs evaluation
emacs25 Not in release Not in release Not in release Needs evaluation
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-2491

Medium priority
Not affected

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Not affected Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not affected Not in release
xemacs21 Not affected Not affected Not affected Not affected
xemacs21-packages Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-28617

Medium priority

Some fixes available 4 of 34

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

7 affected packages

emacs, emacs23, emacs24, emacs25, org-mode...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-27986

Medium priority
Needs evaluation

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Not affected Not affected Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not affected Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-27985

Medium priority
Needs evaluation

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Not affected Not affected Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not affected Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages