Vulnerabilities > GNU > Emacs > 18.50
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-20 | CVE-2022-48337 | OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. | 9.8 |
2023-02-20 | CVE-2022-48338 | Command Injection vulnerability in GNU Emacs An issue was discovered in GNU Emacs through 28.2. | 7.3 |
2023-02-20 | CVE-2022-48339 | Improper Encoding or Escaping of Output vulnerability in GNU Emacs An issue was discovered in GNU Emacs through 28.2. | 7.8 |
2022-11-28 | CVE-2022-45939 | OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. | 7.8 |
2017-10-31 | CVE-2017-1000383 | Information Exposure vulnerability in GNU Emacs GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. | 2.1 |
2017-09-14 | CVE-2017-14482 | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. | 6.8 |
2014-05-08 | CVE-2014-3424 | Link Following vulnerability in multiple products lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | 3.3 |
2014-05-08 | CVE-2014-3423 | Link Following vulnerability in multiple products lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | 3.3 |
2014-05-08 | CVE-2014-3422 | Link Following vulnerability in multiple products lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | 3.3 |
2014-05-08 | CVE-2014-3421 | Link Following vulnerability in multiple products lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | 3.3 |