Search CVE reports


Toggle filters

21 – 30 of 34 results


CVE-2014-3421

Medium priority
Vulnerable

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.

7 affected packages

emacs-snapshot, emacs22, emacs23, emacs24, emacs25...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs-snapshot Not in release Not in release Not in release Not in release Not in release
emacs22 Not in release Not in release Not in release Not in release Not in release
emacs23 Not in release Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not in release Not affected Not in release
xemacs21 Not affected Not affected Not affected Not affected Not affected
xemacs21-packages Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show all 7 packages Show less packages

CVE-2012-3479

Medium priority

Some fixes available 8 of 15

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute...

6 affected packages

emacs-snapshot, emacs21, emacs22, emacs23, emacs24, xemacs21

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs-snapshot
emacs21
emacs22
emacs23
emacs24
xemacs21
Show less packages

CVE-2012-0035

Low priority

Some fixes available 2 of 7

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or...

3 affected packages

cedet, emacs22, emacs23

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cedet
emacs22
emacs23
Show less packages

CVE-2010-0825

Medium priority

Some fixes available 15 of 25

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

4 affected packages

emacs21, emacs22, emacs23, xemacs21

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs21
emacs22
emacs23
xemacs21
Show less packages

CVE-2009-2688

Medium priority
Ignored

Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a...

1 affected package

xemacs21

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xemacs21
Show less packages

CVE-2008-4952

Low priority
Ignored

emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.

1 affected package

emacs-jabber

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs-jabber
Show less packages

CVE-2008-4191

Low priority
Ignored

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.

1 affected package

emacspeak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacspeak
Show less packages

CVE-2008-3949

Low priority
Ignored

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

2 affected packages

emacs21, emacs22

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs21
emacs22
Show less packages

CVE-2008-2142

Low priority
Ignored

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

3 affected packages

emacs21, emacs22, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs21
emacs22
xemacs21-packages
Show less packages

CVE-2008-1694

Low priority
Fixed

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

3 affected packages

emacs21, emacs22, xemacs21

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs21
emacs22
xemacs21
Show less packages