Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 4 of 4 results


CVE-2024-39331

Medium priority

Some fixes available 5 of 27

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Fixed Fixed Fixed
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Not in release Fixed
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-30205

Medium priority

Some fixes available 4 of 26

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Not in release Fixed
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-30202

Medium priority
Needs evaluation

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

6 affected packages

emacs, emacs24, emacs25, org-mode, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Needs evaluation Needs evaluation Needs evaluation
emacs24 Not in release Not in release Not in release Needs evaluation
emacs25 Not in release Not in release Not in release Needs evaluation
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-28617

Medium priority

Some fixes available 4 of 34

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

7 affected packages

emacs, emacs23, emacs24, emacs25, org-mode...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages