Search CVE reports
1 – 4 of 4 results
CVE-2024-39331
Medium prioritySome fixes available 5 of 27
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Fixed | Fixed | Fixed | — | — |
emacs24 | Not in release | Not in release | Not in release | — | Fixed |
emacs25 | Not in release | Not in release | Not in release | Fixed | — |
org-mode | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-30205
Medium prioritySome fixes available 4 of 26
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Fixed | Fixed | — | — |
emacs24 | Not in release | Not in release | Not in release | — | Fixed |
emacs25 | Not in release | Not in release | Not in release | Fixed | — |
org-mode | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-30202
Medium priorityIn Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
6 affected packages
emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
emacs24 | Not in release | Not in release | Not in release | — | Needs evaluation |
emacs25 | Not in release | Not in release | Not in release | Needs evaluation | — |
org-mode | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-28617
Medium prioritySome fixes available 4 of 34
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
7 affected packages
emacs, emacs23, emacs24, emacs25, org-mode...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs | Not affected | Fixed | Fixed | Not in release | Ignored |
emacs23 | — | Not in release | Not in release | Not in release | Not in release |
emacs24 | — | Not in release | Not in release | Not in release | Fixed |
emacs25 | — | Not in release | Not in release | Fixed | Not in release |
org-mode | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |