Important: Red Hat Security Advisory: emacs security and bug fix update

An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

MongoDB Shell 注入漏洞

MongoDB Shell mongosh is an interactive database manipulation tool from the American company MongoDB. It is used to interact with the MongoDB database, execute commands and manipulate data. A security vulnerability exists in MongoDB Shell versions prior to 2.3.9 that stems from control character...

RHEL 9 : emacs (RHSA-2025:1915)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1915 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...

Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme CVE-2025-1244 For...

ALSA-2025:1915 Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme CVE-2025-1244 For...

ALSA-2025:1917 Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme CVE-2025-1244 For...

Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme CVE-2025-1244 For...

emacs security update

1:26.1-13 - Fix man.el shell injection vulnerability RHEL-79016...

RHEL 8 : emacs (RHSA-2025:1917)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1917 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...

Oracle Linux 8 : emacs (ELSA-2025-1917)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1917 advisory. 1:26.1-13 - Fix man.el shell injection vulnerability RHEL-79016 Tenable has extracted the preceding description block directly from the Oracle Linux security...

[slackware-security] emacs

New emacs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/emacs-30.1-i586-1slack15.0.txz: Upgraded. This update fixes two security issues: Fix shell injection vulnerability in man.el...

FreeBSD : Emacs -- Arbitrary code execution vulnerability (e60e538f-e795-4a00-b475-cc85a7546e00)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e60e538f-e795-4a00-b475-cc85a7546e00 advisory. A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes...

Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

...

Security update for emacs

This update for emacs fixes the following issues: CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. bsc1237091 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for emacs

This update for emacs fixes the following issues: CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. bsc1237091 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2025-1244 Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...

CVE-2025-1244 Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...

Emacs -- Arbitrary code execution vulnerability

Problem Description A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes. Impact Initially considered low severity, as it required user interaction with local files, it was later discovered that an attacker could exploit this vulnerability by...

CVE-2024-41815

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

Emacs -- Shell injection vulnerability

Problem Description: An Emacs user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable...