Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
emacs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30202
In Emacs prior to 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode prior to 9.6.23.
NA
CVE-2024-30203
In Emacs prior to 29.3, Gnus treats inline MIME contents as trusted.
NA
CVE-2024-30204
In Emacs prior to 29.3, LaTeX preview is enabled by default for e-mail attachments.
NA
CVE-2024-30205
In Emacs prior to 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode prior to 9.6.23.
NA
CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs pa...
Gnu Emacs 26.1-9.el8
Gnu Emacs 27.2-8.el9
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Server Tus 8.8
Redhat Enterprise Linux Server Aus 8.8
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
NA
CVE-2023-28617
org-babel-execute:latex in ob-latex.el in Org Mode up to and including 9.6.1 for GNU Emacs allows malicious users to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Gnu Org Mode
NA
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 up to and including 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Gnu Emacs
NA
CVE-2023-27986
emacsclient-mail.desktop in Emacs 28.1 up to and including 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Gnu Emacs
NA
CVE-2022-48337
GNU Emacs up to and including 28.2 allows malicious users to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "...
Gnu Emacs
Debian Debian Linux 11.0
NA
CVE-2022-48338
An issue exists in GNU Emacs up to and including 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command...
Gnu Emacs
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »