6 matches found
CVE-2014-3422
CVE-2014-3422 affects GNU Emacs 24.3 and earlier. The vulnerability allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Public documents (OpenVAS/Nessus/EulerOS advisories) confirm the existence and nature of the issue but do not specify a ve...
CVE-2014-3421
CVE-2014-3421 affects GNU Emacs 24.3 and earlier. The vulnerability is in lisp/gnus/gnus-fun.el, enabling local users to overwrite arbitrary files via a symlink attack on /tmp/gnus.face.ppm. Connected sources (EMACS advisories) confirm the affected versions and the symlink-based overwrite vector;...
CVE-2014-3423
CVE-2014-3423 affects GNU Emacs 24.3 and earlier, where lisp/net/browse-url.el allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic temporary file. The connected sources confirm this local-privilege issue and describe the exact path and file involved, but do not p...
CVE-2007-2833
CVE-2007-2833 affects GNU Emacs 21; user-assisted attackers could crash Emacs by crafting GIF images in VM mode due to an image-size calculation issue. Mitigations are available via vendor advisories (Debian DSA-1316-1, Ubuntu USN-504-1, SUSE patches, Mandriva MDKSA-2007:133, etc.). OpenVAS/Red H...
CVE-2012-0035
CVE-2012-0035 is an untrusted search path vulnerability in EDE (CEDET) that allows a local user to escalate privileges by crafting a Project.ede file loaded from a project directory. The issue affects CEDET’s EDE in Emacs contexts (notably Emacs 23.x with CEDET before 1.0.1); analysis from Gentoo...
CVE-2014-3424
CVE-2014-3424 affects GNU Emacs 24.3 and earlier. The vulnerability is in lisp/net/tramp-sh.el, where a symlink attack on a /tmp/tramp-XXXXX temporary file allows a local user to overwrite arbitrary files. CVSSv2 from NVD shows base score 3.3 (AV:L, AC:M, I:P, A:P; no confidentiality impact). Con...