MiracleLinux 9 : emacs-27.2-10.el9_4 (AXSA:2024-8807:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8807:01 advisory. emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 Tenable has extracted the preceding description block directly from...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-2552)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Gnus treats inline MIME contents as trusted.CVE-2024-30203 In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands ...

AlmaLinux 8 : emacs (ALSA-2024:6987)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6987 advisory. emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: Org mode considers contents of remote files to be trusted CVE-2024-30205 emacs:...

Oracle Linux 8 : emacs (ELSA-2024-6987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6987 advisory. - org-file-contents: Consider all remote files unsafe CVE-2024-30205 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-393...

ALSA-2024:6510 Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 For mor...

Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 For mor...

Amazon Linux 2 : emacs (ALAS-2024-2608)

The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2608 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is...

Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2024-663)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-663 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. CVE-2024-30204 In Emacs befor...

[SECURITY] [DLA 3849-1] org-mode security update

Debian LTS Advisory DLA-3849-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton June 29, 2024 https://wiki.debian.org/LTS Package : emacs Version : emacs 1:26.1+1-3.2+deb10u6 CVE ID : CVE-2024-39331 Debian Bug : 1074136 A vulnerability was discovered in GNU Emacs, the...

CVE-2024-39331

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments. Mitigation Do not open Org mode files or...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

CVE-2024-39331 affects Emacs (Org Mode), where org-link-expand-abbrev can execute unsafe Elisp via a %(...) link abbrev. This occurs in Emacs before 29.4 and Org Mode before 9.7.5, due to evaluating unsafe functions (e.g., shell-command-to-string) during link expansion. The CVSS/impact in the pri...