CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48338 – emacs: local command injection in ruby-mode.el
https://notcve.org/view.php?id=CVE-2022-48338
20 Feb 2023 — An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48339 – emacs: command injection vulnerability in htmlfontify.el
https://notcve.org/view.php?id=CVE-2022-48339
20 Feb 2023 — An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48337 – emacs: command execution via shell metacharacters
https://notcve.org/view.php?id=CVE-2022-48337
20 Feb 2023 — GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell met... • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-45939 – emacs: ctags local command execution vulnerability
https://notcve.org/view.php?id=CVE-2022-45939
28 Nov 2022 — GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. GNU Emacs hasta la versión 28.2 permite a los atacantes ejecutar comandos a través de metacaracteres d... • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000383
https://notcve.org/view.php?id=CVE-2017-1000383
31 Oct 2017 — GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. GNU Emacs en la versión 25.3.1 (y, muy probablemente, en otras versiones) ignora la máscara de usuario cuando se crea un archivo de guardado de copia de seguridad ("[ORIGINAL_FILENAME]~"), lo que da como resultado archivos que podrían ser legibles por c... • http://www.openwall.com/lists/oss-security/2017/10/31/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2017-14482 – emacs: command injection flaw within "enriched mode" handling
https://notcve.org/view.php?id=CVE-2017-14482
14 Sep 2017 — GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). GNU Emacs en... • http://www.debian.org/security/2017/dsa-3975 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 27EXPL: 0CVE-2014-3424 – Mandriva Linux Security Advisory 2015-117
https://notcve.org/view.php?id=CVE-2014-3424
08 May 2014 — lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. lisp/net/tramp-sh.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre un archivo /tmp/tramp.##### temporal. Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against use... • http://advisories.mageia.org/MGASA-2014-0250.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2014-3423 – Mandriva Linux Security Advisory 2014-118
https://notcve.org/view.php?id=CVE-2014-3423
08 May 2014 — lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. lisp/net/browse-url.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre un archivo /tmp/Mosaic.##### temporal. Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks again... • http://advisories.mageia.org/MGASA-2014-0250.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 27EXPL: 0CVE-2014-3421 – Mandriva Linux Security Advisory 2014-118
https://notcve.org/view.php?id=CVE-2014-3421
08 May 2014 — lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. lisp/gnus/gnus-fun.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre el archivo /tmp/gnus.face.ppm temporal. Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks aga... • http://advisories.mageia.org/MGASA-2014-0250.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2014-3422 – Mandriva Linux Security Advisory 2014-118
https://notcve.org/view.php?id=CVE-2014-3422
08 May 2014 — lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. lisp/emacs-lisp/find-gc.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre un archivo temporal bajo /tmp/esrc/. Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks ... • http://advisories.mageia.org/MGASA-2014-0250.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •