Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu emacs vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-48337
GNU Emacs up to and including 28.2 allows malicious users to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "...
Gnu Emacs
Debian Debian Linux 11.0
7.8
CVSSv3
CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs pa...
Gnu Emacs 26.1-9.el8
Gnu Emacs 27.2-8.el9
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Server Tus 8.8
Redhat Enterprise Linux Server Aus 8.8
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
7.8
CVSSv3
CVE-2023-28617
org-babel-execute:latex in ob-latex.el in Org Mode up to and including 9.6.1 for GNU Emacs allows malicious users to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Gnu Org Mode
7.8
CVSSv3
CVE-2023-27986
emacsclient-mail.desktop in Emacs 28.1 up to and including 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Gnu Emacs
7.8
CVSSv3
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 up to and including 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Gnu Emacs
7.8
CVSSv3
CVE-2022-48339
An issue exists in GNU Emacs up to and including 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name cont...
Gnu Emacs
7.8
CVSSv3
CVE-2022-45939
GNU Emacs up to and including 28.2 allows malicious users to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "...
Gnu Emacs
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2014-9483
Emacs 24.4 allows remote malicious users to bypass security restrictions.
Gnu Emacs 24.4
7.3
CVSSv3
CVE-2022-48338
An issue exists in GNU Emacs up to and including 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command...
Gnu Emacs
5.5
CVSSv3
CVE-2017-1000383
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
Gnu Emacs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »