Search CVE reports


Toggle filters

1 – 4 of 4 results


CVE-2024-39331

Medium priority

Some fixes available 10 of 26

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Fixed Fixed Fixed
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Not in release Fixed
org-mode Fixed Fixed Fixed Fixed Fixed
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-30205

Medium priority

Some fixes available 8 of 24

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Not in release Fixed
org-mode Fixed Fixed Fixed Fixed Not affected
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-30202

Medium priority

Some fixes available 2 of 24

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Needs evaluation Needs evaluation Needs evaluation
emacs24 Not in release Not in release Not in release Needs evaluation
emacs25 Not in release Not in release Not in release Needs evaluation
org-mode Fixed Fixed Not affected Not affected Not affected
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-28617

Medium priority

Some fixes available 5 of 29

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

7 affected packages

emacs, emacs23, emacs24, emacs25, org-mode...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
org-mode Not affected Fixed Not affected Not affected Not affected
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages