Emacs Security Vulnerabilities and Issues — Emacs CVE List

Lucene search

GnuEmacs

12 matches found

CVE•added 2023/02/20 11:15 p.m.•327 views

CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacte...

7.8CVSS8.4AI score0.00085EPSS

CVE•added 2022/11/28 6:15 a.m.•172 views

CVE-2022-45939

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags ...

7.8CVSS7.8AI score0.00037EPSS

CVE•added 2023/05/17 10:15 p.m.•135 views

CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise L...

7.8CVSS7.8AI score0.00063EPSS

CVE•added 2024/03/25 3:15 p.m.•118 views

CVE-2024-30205

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

7.1CVSS6.3AI score0.0003EPSS

CVE•added 2024/11/27 3:15 p.m.•88 views

CVE-2024-53920

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses t...

7.8CVSS8.8AI score0.00098EPSS

CVE•added 2023/02/20 11:15 p.m.•86 views

CVE-2022-48338

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through ...

7.3CVSS7.2AI score0.00119EPSS

CVE•added 2023/03/09 6:15 a.m.•86 views

CVE-2023-27986

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

7.8CVSS7.3AI score0.00065EPSS

CVE•added 2024/03/25 3:15 p.m.•85 views

CVE-2024-30202

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

7.8CVSS6.7AI score0.00039EPSS

CVE•added 2023/03/09 6:15 a.m.•83 views

CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

7.8CVSS7.3AI score0.00056EPSS

CVE•added 2005/02/08 5:0 a.m.•53 views

CVE-2005-0100

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

7.5CVSS7.2AI score0.02845EPSS

CVE•added 2007/06/21 8:30 p.m.•50 views

CVE-2007-2833

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

7.8CVSS6AI score0.01138EPSS

CVE•added 2017/08/28 3:29 p.m.•39 views

CVE-2014-9483

Emacs 24.4 allows remote attackers to bypass security restrictions.

7.5CVSS7.5AI score0.00234EPSS