Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu emacs vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2007-6109
Stack-based buffer overflow in emacs allows user-assisted malicious users to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a ce...
Gnu Emacs
9.3
CVSSv2
CVE-2012-0035
Untrusted search path vulnerability in EDE in CEDET prior to 1.0.1, as used in GNU Emacs prior to 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
Eric M Ludlam Cedet 1.0
Gnu Emacs 20.1
Gnu Emacs 20.2
Gnu Emacs 21.3
Gnu Emacs 22.1
Gnu Emacs 23.1
Gnu Emacs 23.2
Gnu Emacs 20.0
Gnu Emacs 21
Gnu Emacs 21.2.1
Gnu Emacs 22.2
Gnu Emacs 22.3
Eric M Ludlam Cedet
Gnu Emacs 20.5
Gnu Emacs 20.6
Gnu Emacs 21.3.1
Gnu Emacs 21.4
Gnu Emacs 20.3
Gnu Emacs 20.4
Gnu Emacs 20.7
Gnu Emacs 21.1
Gnu Emacs 21.2
7.8
CVSSv2
CVE-2007-2833
Emacs 21 allows user-assisted malicious users to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
Debian Debian Linux 4.0
Gnu Emacs 21
7.5
CVSSv2
CVE-2005-0100
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and previous versions, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
Gnu Emacs 21.3
Gnu Emacs
Gnu Xemacs
6.9
CVSSv2
CVE-2007-5377
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Gnu Tramp 2.1.10
6.8
CVSSv2
CVE-2012-3479
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote malicious users to execute arbitrary Emacs Lisp code via a crafted file.
Gnu Emacs 23.2
Gnu Emacs 23.3
Gnu Emacs 23.4
Gnu Emacs 24.1
6.8
CVSSv2
CVE-2008-2142
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted malicious users to execute arbitrary code.
Gnu Emacs 21.3.1
Gnu Xemacs
6.3
CVSSv2
CVE-2007-5795
The hack-local-variables function in Emacs prior to 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted malicious users to bypass intended restrictions and modify critical program variable...
Gnu Emacs
1 EDB exploit
5.1
CVSSv2
CVE-2003-1232
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted malicious users to execute arbitrary commands, as demonstrated using the mode-name variable.
Gnu Emacs 21.2.1
1 EDB exploit
5
CVSSv2
CVE-2014-9483
Emacs 24.4 allows remote malicious users to bypass security restrictions.
Gnu Emacs 24.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »