224 matches found
Astra Linux – Vulnerability in Wireshark
The LISP dissector’s large loop in Wireshark versions 4.0.0 to 4.0.4, and 3.6.0 to 3.6.12 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in emacs
In elisp-mode.el of GNU Emacs prior to version 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion, allowing attackers to execute arbitrary code. This unsafe expansion also occurs if a user...
EUVD-2026-32968
SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked...
CLSA-2026-1779356802 vim: Fix of 21 CVEs
CVE-2022-0572: heap overflow on vcol-overflow in :retab upstream vim 8.2.4359 - CVE-2022-0368: illegal memory access when undo makes Visual area invalid upstream vim 8.2.4217 - CVE-2022-0685: crash on multi-byte char in unixexpandpath upstream vim 8.2.4418 - CVE-2022-2125: heap overflow in...
Malicious code in @atlisp/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...
MAL-2026-4365 Malicious code in @atlisp/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...
SandboxJS has a sandbox escape via Function.caller leakage of internal call op
Summary Sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function...
CLSA-2026-1777662046 vim: Fix of CVE-2022-2183
CVE-2022-2183: fix out-of-bounds read in getlispindent src/indent.c by guarding the that++; amount++; advance with if that != NUL so the lisp auto-indent pointer does not walk past the line's NUL terminator...
CLSA-2026-1777460138 vim: Fix of CVE-2022-2183
CVE-2022-2183: fix out-of-bounds read in getlispindent src/indent.c by guarding the that++; amount++; advance with if that != NUL so the lisp auto-indent pointer does not walk past the line's NUL terminator...
CLSA-2026-1777444367 vim: Fix of 9 CVEs
CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...
CLSA-2026-1777389760 vim: Fix of 9 CVEs
CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...
Emacs Extension Persistence
This module adds a lisp based malicious extension to the emacs configuration file. When emacs is opened, the extension will be loaded and the payload will be executed. Tested against emacs 29.3 build 1 on Ubuntu Desktop 24.04. Module Options msf use exploit/linux/persistence/emacsextension msf...
Ubuntu: Security Advisory (USN-8011-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-8011-1 emacs vulnerabilities
It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...
MiracleLinux 8 : emacs-26.1-15.el8_10 (AXSA:2025-10587:06)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10587:06 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 9 : emacs-27.2-14.el9_6.2 (AXSA:2025-10583:05)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10583:05 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 9 : emacs-27.2-11.el9_5.2 (AXSA:2025-9922:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9922:03 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the MiracleLinux...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: emacs (UTSA-2025-991095)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991095 advisory. In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger...
OESA-2025-2760 emacs security update
Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a proje...
TencentOS Server 4: emacs (TSSA-2024:0619)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0619 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...