Lucene search
K

7 matches found

CVE
CVE
added 2024/03/25 12:0 a.m.3944 views

CVE-2024-30203

CVE-2024-30203 affects GNU Emacs prior to 29.3, where Gnus treats inline MIME contents as trusted. Public advisories from multiple sources (e.g., ALAS/ALAS2) recommend upgrading Emacs to a newer version (29.3 or later) to apply the fix. The issue is limited to Emacs/Gnus handling of inline MIME; ...

5.5CVSS6.3AI score0.00584EPSS
CVE
CVE
added 2024/03/25 12:0 a.m.164 views

CVE-2024-30204

CVE-2024-30204 (Emacs) affects Emacs before 29.3, where LaTeX preview is enabled by default for e‑mail attachments, potentially enabling denial of service. Connected advisories from multiple vendors confirm the issue and recommend upgrading Emacs to a version including the fix (≥29.3). In practic...

2.8CVSS6.4AI score0.00475EPSS
CVE
CVE
added 2024/11/27 12:0 a.m.146 views

CVE-2024-53920

In GNU Emacs (elisp-mode.el) prior to 30.1, invoking elisp-completion-at-point on untrusted Emacs Lisp can trigger unsafe Lisp macro expansion, enabling arbitrary code execution. This also occurs if on-the-fly diagnosis causes byte compilation of untrusted code. Root cause: unsafe macro expansion...

7.8CVSS8.8AI score0.00526EPSS
CVE
CVE
added 2024/03/25 12:0 a.m.145 views

CVE-2024-30205

CVE-2024-30205 affects Emacs prior to 29.3 where Org mode trusts contents of remote files (Org mode before 9.6.23). CVSS indicates HIGH severity with LOCAL exploitability and USER INTERACTION required. Affected distributions document remediation via updating Emacs/Org-mode to fixed versions (e.g....

7.1CVSS6.3AI score0.00486EPSS
CVE
CVE
added 2024/06/23 12:0 a.m.140 views

CVE-2024-39331

CVE-2024-39331 affects Emacs (Org Mode), where org-link-expand-abbrev can execute unsafe Elisp via a %(...) link abbrev. This occurs in Emacs before 29.4 and Org Mode before 9.7.5, due to evaluating unsafe functions (e.g., shell-command-to-string) during link expansion. The CVSS/impact in the pri...

9.8CVSS6.9AI score0.01323EPSS
CVE
CVE
added 2024/03/25 12:0 a.m.112 views

CVE-2024-30202

CVE-2024-30202 (Emacs/Org Mode) : In Emacs versions before 29.3, turning on Org mode evaluates arbitrary Lisp code, enabling code execution in Org Mode before 9.6.23. This has been confirmed across multiple security advisories (e.g., Astra Linux, Gentoo GLSA, Debian tracking, AWS ALAS) as a vulne...

7.8CVSS6.7AI score0.01108EPSS
CVE
CVE
added 2007/12/07 11:0 a.m.82 views

CVE-2007-6109

CVE-2007-6109 describes a stack-based buffer overflow in Emacs triggered by a large precision value in an integer format specifier to the format function, leading to denial of service (crash) and potentially other impacts. Concrete references in connected docs indicate the vulnerability affects E...

10CVSS9.7AI score0.02987EPSS