Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Emacs
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2000-04-18 | CVE-2000-0270 | The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. | Emacs | N/A | ||
| 2000-04-18 | CVE-2000-0269 | Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess. | Emacs | N/A | ||
| 2017-09-14 | CVE-2017-14482 | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). | Debian_linux, Emacs | 8.8 | ||
| 2017-10-31 | CVE-2017-1000383 | GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. | Emacs | 5.5 | ||
| 2017-08-28 | CVE-2014-9483 | Emacs 24.4 allows remote attackers to bypass security restrictions. | Emacs | 7.5 | ||
| 2014-05-08 | CVE-2014-3424 | lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | Emacs, Mageia | N/A | ||
| 2014-05-08 | CVE-2014-3423 | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | Emacs, Mageia | N/A | ||
| 2014-05-08 | CVE-2014-3422 | lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | Emacs, Mageia | N/A | ||
| 2014-05-08 | CVE-2014-3421 | lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | Emacs, Mageia | N/A | ||
| 2012-08-25 | CVE-2012-3479 | lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. | Emacs | N/A |