Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
emacs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30202
In Emacs prior to 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode prior to 9.6.23.
NA
CVE-2024-30203
In Emacs prior to 29.3, Gnus treats inline MIME contents as trusted.
NA
CVE-2024-30204
In Emacs prior to 29.3, LaTeX preview is enabled by default for e-mail attachments.
NA
CVE-2024-30205
In Emacs prior to 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode prior to 9.6.23.
7.8
CVSSv3
CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs pa...
Gnu Emacs 26.1-9.el8
Gnu Emacs 27.2-8.el9
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Server Tus 8.8
Redhat Enterprise Linux Server Aus 8.8
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
7.8
CVSSv3
CVE-2023-28617
org-babel-execute:latex in ob-latex.el in Org Mode up to and including 9.6.1 for GNU Emacs allows malicious users to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Gnu Org Mode
7.8
CVSSv3
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 up to and including 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Gnu Emacs
7.8
CVSSv3
CVE-2023-27986
emacsclient-mail.desktop in Emacs 28.1 up to and including 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Gnu Emacs
7.3
CVSSv3
CVE-2022-48338
An issue exists in GNU Emacs up to and including 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command...
Gnu Emacs
7.8
CVSSv3
CVE-2022-48339
An issue exists in GNU Emacs up to and including 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name cont...
Gnu Emacs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »