Search CVE reports
11 – 18 of 18 results
CVE-2014-9483
Negligible priorityEmacs 24.4 allows remote attackers to bypass security restrictions.
3 affected packages
emacs23, emacs24, emacs25
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs23 | — | — | — | Not in release | Not in release |
emacs24 | — | — | — | Not in release | Not affected |
emacs25 | — | — | — | Not affected | Not in release |
CVE-2014-3424
Medium prioritylisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
7 affected packages
emacs-snapshot, emacs22, emacs23, emacs24, emacs25...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs-snapshot | — | — | — | Not in release | Not in release |
emacs22 | — | — | — | Not in release | Not in release |
emacs23 | — | — | — | Not in release | Not in release |
emacs24 | — | — | — | Not in release | Not affected |
emacs25 | — | — | — | Not affected | Not in release |
xemacs21 | — | — | — | Not affected | Not affected |
xemacs21-packages | — | — | — | Not affected | Not affected |
CVE-2014-3423
Negligible prioritylisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
7 affected packages
emacs-snapshot, emacs22, emacs23, emacs24, emacs25...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs-snapshot | — | — | — | Not in release | Not in release |
emacs22 | — | — | — | Not in release | Not in release |
emacs23 | — | — | — | Not in release | Not in release |
emacs24 | — | — | — | Not in release | Not affected |
emacs25 | — | — | — | Not affected | Not in release |
xemacs21 | — | — | — | Not affected | Not affected |
xemacs21-packages | — | — | — | Not affected | Not affected |
CVE-2014-3422
Medium prioritylisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
7 affected packages
emacs-snapshot, emacs22, emacs23, emacs24, emacs25...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs-snapshot | — | — | — | Not in release | Not in release |
emacs22 | — | — | — | Not in release | Not in release |
emacs23 | — | — | — | Not in release | Not in release |
emacs24 | — | — | — | Not in release | Not affected |
emacs25 | — | — | — | Not affected | Not in release |
xemacs21 | — | — | — | Not affected | Not affected |
xemacs21-packages | — | — | — | Not affected | Not affected |
CVE-2014-3421
Medium prioritylisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
7 affected packages
emacs-snapshot, emacs22, emacs23, emacs24, emacs25...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
emacs22 | Not in release | Not in release | Not in release | Not in release | Not in release |
emacs23 | Not in release | Not in release | Not in release | Not in release | Not in release |
emacs24 | Not in release | Not in release | Not in release | Not in release | Not affected |
emacs25 | Not in release | Not in release | Not in release | Not affected | Not in release |
xemacs21 | Not affected | Not affected | Not affected | Not affected | Not affected |
xemacs21-packages | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2012-3479
Medium prioritySome fixes available 8 of 15
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute...
6 affected packages
emacs-snapshot, emacs21, emacs22, emacs23, emacs24, xemacs21
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs-snapshot | — | — | — | — | — |
emacs21 | — | — | — | — | — |
emacs22 | — | — | — | — | — |
emacs23 | — | — | — | — | — |
emacs24 | — | — | — | — | — |
xemacs21 | — | — | — | — | — |
CVE-2012-0035
Low prioritySome fixes available 2 of 7
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or...
3 affected packages
cedet, emacs22, emacs23
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cedet | — | — | — | — | — |
emacs22 | — | — | — | — | — |
emacs23 | — | — | — | — | — |
CVE-2010-0825
Medium prioritySome fixes available 15 of 25
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
4 affected packages
emacs21, emacs22, emacs23, xemacs21
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emacs21 | — | — | — | — | — |
emacs22 | — | — | — | — | — |
emacs23 | — | — | — | — | — |
xemacs21 | — | — | — | — | — |