EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2023-2068)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

Oracle Linux 9 : emacs (ELSA-2023-2626)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2626 advisory. 1:27.2-8.1 - Fix etags local command injection vulnerability 2184369 - Fix htmlfontify.el command injection vulnerability 2184368 - Fix ruby-mode.el...

RHEL 9 : emacs (RHSA-2023:2626)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2626 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp,...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command...

Debian DSA-5360-1 : emacs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5360 advisory. Xi Lu discovered that missing input sanitising in Emacs in etags, the Ruby mode and htmlfontify could result in the execution of arbitrary shell commands. For the...

CVE-2022-48338

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...

Command injection

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...

CVE-2022-48338

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...

CVE-2022-48338

CVE-2022-48338 affects GNU Emacs up to version 28.2, via ruby-mode.el’s function ruby-find-library-file . The vulnerability is a local command injection: the function is interactive and calls external command gem through shell-command-to-string without escaping feature-name parameters, enabling a...

CVE-2022-48338

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...