Search CVE reports
1 – 10 of 21 results
CVE-2024-39331
Medium prioritySome fixes available 5 of 24
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Fixed | Fixed | Fixed | — | — |
emacs24 | Not in release | Not in release | Not in release | — | Fixed |
emacs25 | Not in release | Not in release | Not in release | Fixed | — |
org-mode | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-30205
Medium prioritySome fixes available 4 of 23
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Fixed | Fixed | — | — |
emacs24 | Not in release | Not in release | Not in release | — | Fixed |
emacs25 | Not in release | Not in release | Not in release | Fixed | — |
org-mode | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-30204
Medium prioritySome fixes available 4 of 17
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
5 affected packages
emacs, emacs24, emacs25, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Fixed | Fixed | — | — |
emacs24 | Not in release | Not in release | Not in release | — | Fixed |
emacs25 | Not in release | Not in release | Not in release | Fixed | — |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-30203
Medium prioritySome fixes available 4 of 17
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
5 affected packages
emacs, emacs24, emacs25, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Fixed | Fixed | — | — |
emacs24 | Not in release | Not in release | Not in release | — | Fixed |
emacs25 | Not in release | Not in release | Not in release | Fixed | — |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-30202
Medium priorityIn Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
emacs24 | Not in release | Not in release | Not in release | — | Needs evaluation |
emacs25 | Not in release | Not in release | Not in release | Needs evaluation | — |
org-mode | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-2491
Medium priorityA flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of...
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | — | Not affected | Not affected | Not in release | Ignored |
emacs23 | — | Not in release | Not in release | Not in release | Not in release |
emacs24 | — | Not in release | Not in release | Not in release | Not affected |
emacs25 | — | Not in release | Not in release | Not affected | Not in release |
xemacs21 | — | Not affected | Not affected | Not affected | Not affected |
xemacs21-packages | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-28617
Medium prioritySome fixes available 4 of 31
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
7 affected packages
emacs, emacs23, emacs24, emacs25, org-mode...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Fixed | Fixed | Not in release | Ignored |
emacs23 | — | Not in release | Not in release | Not in release | Not in release |
emacs24 | — | Not in release | Not in release | Not in release | Fixed |
emacs25 | — | Not in release | Not in release | Fixed | Not in release |
org-mode | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-27986
Medium priorityemacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Not affected | Not affected | Not in release | Ignored |
emacs23 | — | Not in release | Not in release | Not in release | Not in release |
emacs24 | — | Not in release | Not in release | Not in release | Not affected |
emacs25 | — | Not in release | Not in release | Not affected | Not in release |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-27985
Medium priorityemacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Not affected | Not affected | Not in release | Ignored |
emacs23 | — | Not in release | Not in release | Not in release | Not in release |
emacs24 | — | Not in release | Not in release | Not in release | Not affected |
emacs25 | — | Not in release | Not in release | Not affected | Not in release |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-48339
Medium prioritySome fixes available 4 of 21
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not...
6 affected packages
emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Fixed | Fixed | Not in release | Ignored |
emacs23 | — | Not in release | Not in release | Not in release | Not in release |
emacs24 | — | Not in release | Not in release | Not in release | Fixed |
emacs25 | — | Not in release | Not in release | Fixed | Not in release |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |