Astra Linux - уязвимость в emacs

In Emacs versions before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbreviation even when it specifies an unsafe function, such as shell-command-to-string. This issue affects Org Mode before 9.7.5...

MiracleLinux 9 : emacs-27.2-10.el9_4 (AXSA:2024-8807:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8807:01 advisory. emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 Tenable has extracted the preceding description block directly from...

MiracleLinux 7 : emacs-24.3-23.1.0.3.el7.AXS7 (AXSA:2024-8951:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8951:05 advisory. CVE-2024-39331: do not expand link abbrevs that contain unsafe function CVEs: CVE-2024-39331 In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expan...

CLSA-2025-1752088235 emacs: Fix of CVE-2024-39331

CVE-2024-39331: fix org-link-expand-abbrev to not expand unsafe link abbreviations...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-2552)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Gnus treats inline MIME contents as trusted.CVE-2024-30203 In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands ...

AlmaLinux 8 : emacs (ALSA-2024:6987)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6987 advisory. emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: Org mode considers contents of remote files to be trusted CVE-2024-30205 emacs:...

Oracle Linux 8 : emacs (ELSA-2024-6987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6987 advisory. - org-file-contents: Consider all remote files unsafe CVE-2024-30205 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-393...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2024-2412)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2024:6510 Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 For mor...

Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 For mor...

Amazon Linux 2 : emacs (ALAS-2024-2608)

The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2608 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is...

Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2024-663)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-663 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. CVE-2024-30204 In Emacs befor...

[SECURITY] [DLA 3849-1] org-mode security update

Debian LTS Advisory DLA-3849-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton June 29, 2024 https://wiki.debian.org/LTS Package : emacs Version : emacs 1:26.1+1-3.2+deb10u6 CVE ID : CVE-2024-39331 Debian Bug : 1074136 A vulnerability was discovered in GNU Emacs, the...

CVE-2024-39331

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments. Mitigation Do not open Org mode files or...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

AZL-42868 CVE-2024-39331 affecting package emacs for versions less than 29.4-1

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

DEBIAN-CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...