Filtered by vendor Gnu Subscriptions
Filtered by product Emacs Subscriptions
Total 30 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-1694 1 Gnu 2 Emacs, Sccs 2024-11-21 N/A
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2007-6109 1 Gnu 1 Emacs 2024-11-21 N/A
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
CVE-2007-5795 2 Debian, Gnu 2 Debian Linux, Emacs 2024-11-21 N/A
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
CVE-2007-2833 3 Debian, Gnu, Mandrakesoft 4 Debian Linux, Emacs, Mandrake Linux and 1 more 2024-11-21 N/A
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
CVE-2005-0100 2 Gnu, Redhat 3 Emacs, Xemacs, Enterprise Linux 2024-11-21 N/A
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
CVE-2003-1232 1 Gnu 1 Emacs 2024-11-21 N/A
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
CVE-2001-1301 2 Gnu, Xemacs 2 Emacs, Xemacs 2024-11-21 N/A
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
CVE-2000-0271 1 Gnu 1 Emacs 2024-11-21 N/A
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
CVE-2000-0270 1 Gnu 1 Emacs 2024-11-21 N/A
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
CVE-2000-0269 1 Gnu 1 Emacs 2024-11-21 N/A
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.