Vulnerabilities > GNU > Emacs > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-17 CVE-2023-2491 Command Injection vulnerability in multiple products
A flaw was found in the Emacs text editor.
local
low complexity
gnu redhat CWE-77
7.8
2023-03-09 CVE-2023-27985 OS Command Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI.
local
low complexity
gnu CWE-78
7.8
2023-03-09 CVE-2023-27986 Code Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
local
low complexity
gnu CWE-94
7.8
2023-02-20 CVE-2022-48338 Command Injection vulnerability in GNU Emacs
An issue was discovered in GNU Emacs through 28.2.
local
low complexity
gnu CWE-77
7.3
2023-02-20 CVE-2022-48339 Improper Encoding or Escaping of Output vulnerability in GNU Emacs
An issue was discovered in GNU Emacs through 28.2.
local
low complexity
gnu CWE-116
7.8
2022-11-28 CVE-2022-45939 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program.
local
low complexity
gnu debian fedoraproject CWE-78
7.8
2017-09-14 CVE-2017-14482 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el.
network
low complexity
gnu debian
8.8
2017-08-28 CVE-2014-9483 Information Exposure vulnerability in GNU Emacs 24.4
Emacs 24.4 allows remote attackers to bypass security restrictions.
network
low complexity
gnu CWE-200
7.5