Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu emacs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-3479
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote malicious users to execute arbitrary Emacs Lisp code via a crafted file.
Gnu Emacs 23.2
Gnu Emacs 23.3
Gnu Emacs 23.4
Gnu Emacs 24.1
NA
CVE-2005-0100
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and previous versions, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
Gnu Emacs 21.3
Gnu Emacs
Gnu Xemacs
NA
CVE-2008-2142
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted malicious users to execute arbitrary code.
Gnu Emacs 21.3.1
Gnu Xemacs
7.8
CVSSv3
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 up to and including 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
Gnu Emacs
7.8
CVSSv3
CVE-2023-27986
emacsclient-mail.desktop in Emacs 28.1 up to and including 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
Gnu Emacs
5.5
CVSSv3
CVE-2017-1000383
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
Gnu Emacs
NA
CVE-2007-5795
The hack-local-variables function in Emacs prior to 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted malicious users to bypass intended restrictions and modify critical program variable...
Gnu Emacs
1 EDB exploit
NA
CVE-2007-6109
Stack-based buffer overflow in emacs allows user-assisted malicious users to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a ce...
Gnu Emacs
7.3
CVSSv3
CVE-2022-48338
An issue exists in GNU Emacs up to and including 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command...
Gnu Emacs
7.8
CVSSv3
CVE-2022-48339
An issue exists in GNU Emacs up to and including 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name cont...
Gnu Emacs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »