Search CVE reports


Toggle filters

1 – 4 of 4 results


CVE-2024-39331

Medium priority

Some fixes available 10 of 28

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

6 affected packages

emacs, xemacs21, xemacs21-packages, emacs24, emacs25, org-mode

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
emacs Fixed Fixed Fixed
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Not in release Fixed
org-mode Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-30205

Medium priority

Some fixes available 8 of 26

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

6 affected packages

emacs, xemacs21, xemacs21-packages, emacs24, emacs25, org-mode

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
emacs Not affected Fixed Fixed
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Not in release Fixed
org-mode Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-30202

Medium priority

Some fixes available 2 of 27

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

6 affected packages

emacs, xemacs21, xemacs21-packages, emacs24, emacs25, org-mode

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
emacs Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Not in release Needs evaluation
org-mode Fixed Fixed Not affected Not affected
Show less packages

CVE-2023-28617

Medium priority

Some fixes available 5 of 31

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

7 affected packages

org-mode, xemacs21, xemacs21-packages, emacs, emacs23...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
org-mode Not affected Fixed Not affected Not affected
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Fixed Fixed Not in release
emacs23 Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Fixed
Show all 7 packages Show less packages