Vulnerabilities > GNU > Emacs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-17 | CVE-2023-2491 | Command Injection vulnerability in multiple products A flaw was found in the Emacs text editor. | 7.8 |
| 2023-03-09 | CVE-2023-27985 | OS Command Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. | 7.8 |
| 2023-03-09 | CVE-2023-27986 | Code Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. | 7.8 |
| 2023-02-20 | CVE-2022-48338 | Command Injection vulnerability in GNU Emacs An issue was discovered in GNU Emacs through 28.2. | 7.3 |
| 2023-02-20 | CVE-2022-48339 | Improper Encoding or Escaping of Output vulnerability in GNU Emacs An issue was discovered in GNU Emacs through 28.2. | 7.8 |
| 2022-11-28 | CVE-2022-45939 | OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. | 7.8 |
| 2007-06-21 | CVE-2007-2833 | Remote Denial of Service vulnerability in GNU Emacs Image Processing Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | 7.8 |
| 2005-02-07 | CVE-2005-0100 | Remote Format String vulnerability in GNU Emacs and Xemacs Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | 7.5 |