CVE search results

1 – 10 of 12 results

Detailed view

Sort by:

CVE-2014-3424

Medium priority

Ignored

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

7 affected packages

emacs-snapshot, emacs22, emacs23, emacs24, emacs25...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs-snapshot	—	—	—	Not in release	Not in release
emacs22	—	—	—	Not in release	Not in release
emacs23	—	—	—	Not in release	Not in release
emacs24	—	—	—	Not in release	Not affected
emacs25	—	—	—	Not affected	Not in release
xemacs21	—	—	—	Not affected	Not affected
xemacs21-packages	—	—	—	Not affected	Not affected

CVE-2014-3423

Negligible priority

Ignored

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

7 affected packages

emacs-snapshot, emacs22, emacs23, emacs24, emacs25...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs-snapshot	—	—	—	Not in release	Not in release
emacs22	—	—	—	Not in release	Not in release
emacs23	—	—	—	Not in release	Not in release
emacs24	—	—	—	Not in release	Not affected
emacs25	—	—	—	Not affected	Not in release
xemacs21	—	—	—	Not affected	Not affected
xemacs21-packages	—	—	—	Not affected	Not affected

CVE-2014-3422

Medium priority

Ignored

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

7 affected packages

emacs-snapshot, emacs22, emacs23, emacs24, emacs25...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs-snapshot	—	—	—	Not in release	Not in release
emacs22	—	—	—	Not in release	Not in release
emacs23	—	—	—	Not in release	Not in release
emacs24	—	—	—	Not in release	Not affected
emacs25	—	—	—	Not affected	Not in release
xemacs21	—	—	—	Not affected	Not affected
xemacs21-packages	—	—	—	Not affected	Not affected

CVE-2014-3421

Medium priority

Vulnerable

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.

7 affected packages

emacs-snapshot, emacs22, emacs23, emacs24, emacs25...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs-snapshot	Not in release	Not in release	Not in release	Not in release	Not in release
emacs22	Not in release	Not in release	Not in release	Not in release	Not in release
emacs23	Not in release	Not in release	Not in release	Not in release	Not in release
emacs24	Not in release	Not in release	Not in release	Not in release	Not affected
emacs25	Not in release	Not in release	Not in release	Not affected	Not in release
xemacs21	Not affected	Not affected	Not affected	Not affected	Not affected
xemacs21-packages	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2012-3479

Medium priority

Some fixes available 8 of 15

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute...

6 affected packages

emacs-snapshot, emacs21, emacs22, emacs23, emacs24, xemacs21

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs-snapshot	—	—	—	—	—
emacs21	—	—	—	—	—
emacs22	—	—	—	—	—
emacs23	—	—	—	—	—
emacs24	—	—	—	—	—
xemacs21	—	—	—	—	—

CVE-2012-0035

Low priority

Some fixes available 2 of 7

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or...

3 affected packages

cedet, emacs22, emacs23

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cedet	—	—	—	—	—
emacs22	—	—	—	—	—
emacs23	—	—	—	—	—

CVE-2010-0825

Medium priority

Some fixes available 15 of 25

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

4 affected packages

emacs21, emacs22, emacs23, xemacs21

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs21	—	—	—	—	—
emacs22	—	—	—	—	—
emacs23	—	—	—	—	—
xemacs21	—	—	—	—	—

CVE-2008-3949

Low priority

Ignored

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

2 affected packages

emacs21, emacs22

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs21	—	—	—	—	—
emacs22	—	—	—	—	—

CVE-2008-2142

Low priority

Ignored

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

3 affected packages

emacs21, emacs22, xemacs21-packages

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs21	—	—	—	—	—
emacs22	—	—	—	—	—
xemacs21-packages	—	—	—	—	—

CVE-2008-1694

Low priority

Fixed

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

3 affected packages

emacs21, emacs22, xemacs21

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emacs21	—	—	—	—	—
emacs22	—	—	—	—	—
xemacs21	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports