EUVD-2022-51039

Malicious code in bioql PyPI...

emacs: command injection vulnerability in htmlfontify.el

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed...

Moderate: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 8 : emacs (RHSA-2024:1103)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1103 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp,...

emacs: command injection vulnerability in htmlfontify.el

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed...

CentOS 7 : emacs (RHSA-2023:3481)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3481 advisory. - An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter fil...

EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2023-2068)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

Moderate: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

emacs: command injection vulnerability in htmlfontify.el

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed...

EulerOS Virtualization 2.9.1 : emacs (EulerOS-SA-2023-1995)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

Oracle Linux 9 : emacs (ELSA-2023-2626)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2626 advisory. 1:27.2-8.1 - Fix etags local command injection vulnerability 2184369 - Fix htmlfontify.el command injection vulnerability 2184368 - Fix ruby-mode.el...

EulerOS 2.0 SP9 : emacs (EulerOS-SA-2023-1840)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...

RHEL 9 : emacs (RHSA-2023:2626)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2626 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp,...

emacs: command injection vulnerability in htmlfontify.el

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed...

Amazon Linux AMI : emacs (ALAS-2023-1712)

The version of emacs installed on the remote host is prior to 24.3-20.25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1712 advisory. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file,...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggest...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command...

Debian DSA-5360-1 : emacs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5360 advisory. Xi Lu discovered that missing input sanitising in Emacs in etags, the Ruby mode and htmlfontify could result in the execution of arbitrary shell commands. For the...

CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...

Command injection

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...