CVE-2024-30203

CVE-2024-30203 affects GNU Emacs prior to 29.3, where Gnus treats inline MIME contents as trusted. Public advisories from multiple sources (e.g., ALAS/ALAS2) recommend upgrading Emacs to a newer version (29.3 or later) to apply the fix. The issue is limited to Emacs/Gnus handling of inline MIME; ...

CVE-2024-30204

CVE-2024-30204 (Emacs) affects Emacs before 29.3, where LaTeX preview is enabled by default for e‑mail attachments, potentially enabling denial of service. Connected advisories from multiple vendors confirm the issue and recommend upgrading Emacs to a version including the fix (≥29.3). In practic...

CVE-2023-28617

CVE-2023-28617 affects Org-Mode's ob-latex.el in GNU Emacs (pre-9.6.1) where org-babel-execute:latex can be triggered to run attacker-controlled commands if a file or directory name contains shell metacharacters. The issue is a code-injection path via shell metacharacters in filenames, leading to...

CVE-2024-30205

CVE-2024-30205 affects Emacs prior to 29.3 where Org mode trusts contents of remote files (Org mode before 9.6.23). CVSS indicates HIGH severity with LOCAL exploitability and USER INTERACTION required. Affected distributions document remediation via updating Emacs/Org-mode to fixed versions (e.g....

CVE-2024-30202

CVE-2024-30202 (Emacs/Org Mode) : In Emacs versions before 29.3, turning on Org mode evaluates arbitrary Lisp code, enabling code execution in Org Mode before 9.6.23. This has been confirmed across multiple security advisories (e.g., Astra Linux, Gentoo GLSA, Debian tracking, AWS ALAS) as a vulne...