In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-25
Updated
2024-03-25
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-03-09
Updated
2023-06-09
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-03-09
Updated
2023-06-09
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-17
Updated
2023-05-25
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-02-20
Updated
2023-10-14
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-02-20
Updated
2023-10-14
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
Max CVSS
9.8
EPSS Score
0.19%
Published
2023-02-20
Updated
2023-10-14
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-11-28
Updated
2023-03-01
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-31
Updated
2017-11-27
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
Max CVSS
8.8
EPSS Score
3.13%
Published
2017-09-14
Updated
2019-10-03
Emacs 24.4 allows remote attackers to bypass security restrictions.
Max CVSS
7.5
EPSS Score
0.25%
Published
2017-08-28
Updated
2017-09-08
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
Max CVSS
6.8
EPSS Score
1.31%
Published
2012-08-25
Updated
2013-12-13
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
Max CVSS
9.3
EPSS Score
0.15%
Published
2012-01-19
Updated
2018-12-07
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
Max CVSS
4.4
EPSS Score
0.04%
Published
2010-04-05
Updated
2017-08-17
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
Max CVSS
6.8
EPSS Score
0.38%
Published
2008-05-12
Updated
2018-10-11
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-04-22
Updated
2018-10-03
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
Max CVSS
10.0
EPSS Score
1.01%
Published
2007-12-07
Updated
2018-10-03
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
Max CVSS
6.3
EPSS Score
0.09%
Published
2007-11-02
Updated
2017-07-29