Vulnerabilities > GNU > Emacs > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-14 | CVE-2017-14482 | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. | 6.8 |
2017-08-28 | CVE-2014-9483 | Information Exposure vulnerability in GNU Emacs 24.4 Emacs 24.4 allows remote attackers to bypass security restrictions. | 5.0 |
2012-09-25 | CVE-2012-1103 | Improper Input Validation vulnerability in Notmuchmail Notmuch emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. | 4.3 |
2012-08-25 | CVE-2012-3479 | Remote Code Execution vulnerability in GNU Emacs 'enable-local-variables' lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. network gnu | 6.8 |
2010-04-05 | CVE-2010-0825 | Permissions, Privileges, and Access Controls vulnerability in GNU Emacs lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. | 4.4 |
2008-05-12 | CVE-2008-2142 | Unspecified vulnerability in GNU Emacs and Xemacs Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. network gnu | 6.8 |
2008-04-22 | CVE-2008-1694 | Link Following vulnerability in GNU Emacs and Sccs vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
2007-11-02 | CVE-2007-5795 | Local Variable Handling Code Execution vulnerability in GNU Emacs The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | 6.3 |
2003-12-31 | CVE-2003-1232 | Local Variable Arbitrary Command Execution vulnerability in GNU Emacs 21.2.1 Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | 5.1 |