Search CVE reports

1 – 10 of 18 results

Detailed view

Sort by:

CVE-2023-2491

Medium priority

Not affected

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs	—	Not affected	Not affected	Not in release	Ignored
emacs23	—	Not in release	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release	Not affected
emacs25	—	Not in release	Not in release	Not affected	Not in release
xemacs21	—	Not affected	Not affected	Not affected	Not affected
xemacs21-packages	—	Not affected	Not affected	Not affected	Not affected

CVE-2023-28617

Medium priority

Some fixes available 4 of 31

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

7 affected packages

emacs, emacs23, emacs24, emacs25, org-mode...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs	Not affected	Fixed	Fixed	Not in release	Ignored
emacs23	—	Not in release	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release	Fixed
emacs25	—	Not in release	Not in release	Fixed	Not in release
org-mode	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-27986

Medium priority

Needs evaluation

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs	Not affected	Not affected	Not affected	Not in release	Ignored
emacs23	—	Not in release	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release	Not affected
emacs25	—	Not in release	Not in release	Not affected	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-27985

Medium priority

Needs evaluation

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs	Not affected	Not affected	Not affected	Not in release	Ignored
emacs23	—	Not in release	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release	Not affected
emacs25	—	Not in release	Not in release	Not affected	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-48339

Medium priority

Some fixes available 4 of 21

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs	Not affected	Fixed	Fixed	Not in release	Ignored
emacs23	—	Not in release	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release	Fixed
emacs25	—	Not in release	Not in release	Fixed	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-48338

Medium priority

Some fixes available 1 of 18

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs	Not affected	Fixed	Not affected	Not in release	Ignored
emacs23	—	Not in release	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release	Not affected
emacs25	—	Not in release	Not in release	Not affected	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-48337

Medium priority

Some fixes available 4 of 21

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs	Not affected	Fixed	Fixed	Not in release	Ignored
emacs23	—	Not in release	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release	Fixed
emacs25	—	Not in release	Not in release	Fixed	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-45939

Medium priority

Some fixes available 4 of 21

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs	Not affected	Fixed	Fixed	Not in release	Ignored
emacs23	—	Not in release	Not in release	Not in release	Not in release
emacs24	—	Not in release	Not in release	Not in release	Fixed
emacs25	—	Not in release	Not in release	Fixed	Not in release
xemacs21	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xemacs21-packages	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2017-1000383

Low priority

Ignored

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the...

3 affected packages

emacs23, emacs24, emacs25

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs23	—	—	—	Not in release	Not in release
emacs24	—	—	—	Not in release	Ignored
emacs25	—	—	—	Ignored	Not in release

CVE-2017-14482

Medium priority

Some fixes available 3 of 4

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe...

3 affected packages

emacs23, emacs24, emacs25

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs23	—	—	—	Not in release	Not in release
emacs24	—	—	—	Not in release	Fixed
emacs25	—	—	—	Not affected	Not in release

Export to JSON

Results by page: