Gnu

Emacs

34 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2012-3479

  • EPSS 2.29%
  • Published 25.08.2012 10:29:51
  • Last modified 11.04.2025 00:51:21

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code vi...

9.3

CVE-2012-0035

  • EPSS 4.03%
  • Published 19.01.2012 15:55:00
  • Last modified 11.04.2025 00:51:21

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, ...

4.4

CVE-2010-0825

  • EPSS 0.12%
  • Published 05.04.2010 15:30:01
  • Last modified 11.04.2025 00:51:21

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

6.8

CVE-2008-2142

Exploit
  • EPSS 4.36%
  • Published 12.05.2008 19:20:00
  • Last modified 09.04.2025 00:30:58

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

4.6

CVE-2008-1694

  • EPSS 0.07%
  • Published 22.04.2008 04:41:00
  • Last modified 09.04.2025 00:30:58

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

10

CVE-2007-6109

  • EPSS 3.13%
  • Published 07.12.2007 11:46:00
  • Last modified 09.04.2025 00:30:58

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, ...

6.3

CVE-2007-5795

  • EPSS 1.01%
  • Published 02.11.2007 22:46:00
  • Last modified 09.04.2025 00:30:58

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify cri...

7.8

CVE-2007-2833

  • EPSS 1.34%
  • Published 21.06.2007 20:30:00
  • Last modified 09.04.2025 00:30:58

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

7.5

CVE-2005-0100

  • EPSS 2.85%
  • Published 07.02.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

5.1

CVE-2003-1232

  • EPSS 6.48%
  • Published 31.12.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.