CVE-2022-48337 – emacs: command execution via shell metacharacters
https://notcve.org/view.php?id=CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK https://www.debian.org/security/2023/dsa-5360 https://access.redhat.com/security/cve/CVE-2022-48337 https://bugzill • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-45939 – emacs: ctags local command execution vulnerability
https://notcve.org/view.php?id=CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. GNU Emacs hasta la versión 28.2 permite a los atacantes ejecutar comandos a través de metacaracteres de shell en el nombre de un archivo de código fuente, porque lib-src/etags.c utiliza la función de librería C del sistema en su implementación del programa ctags. Por ejemplo, una víctima puede utilizar el comando "ctags *" (sugerido en la documentación de ctags) en una situación en la que el directorio de trabajo actual tiene contenidos que dependen de entradas que no son de confianza. A flaw was found in Etags, the Ctags implementation of Emacs. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 https://lists.debian.org/debian-lts-announce/2022/12/msg00046.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOSK3J7BBAEI4IITW2DRUKLQYUZYKH6Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOXIH2FDEQJEAARE52C3GHTLGQFBYPIB https://www.debian.org/security/2023/dsa-5314 https://access.redhat.com/security/cve/CVE-2022-45939 https://bugzill • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-1000383
https://notcve.org/view.php?id=CVE-2017-1000383
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. GNU Emacs en la versión 25.3.1 (y, muy probablemente, en otras versiones) ignora la máscara de usuario cuando se crea un archivo de guardado de copia de seguridad ("[ORIGINAL_FILENAME]~"), lo que da como resultado archivos que podrían ser legibles por cualquier usuario o accesibles de formas no planeadas por el usuario que ejecuta el binario de emacs. • http://www.openwall.com/lists/oss-security/2017/10/31/1 http://www.securityfocus.com/bid/101671 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-14482 – emacs: command injection flaw within "enriched mode" handling
https://notcve.org/view.php?id=CVE-2017-14482
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). GNU Emacs en versiones anteriores a la 25.3 permite que atacantes remotos ejecuten código arbitrario por email con datos "Content-Type: text/enriched" manipulados que contienen un elemento x-display XML que especifica la ejecución de comandos shell. Esto está relacionado con una extensión text/enriched no segura en lisp/textmodes/enriched.el, así como con un soporte Gnus inseguro para objetos MIME "enriched" y "richtext" en lisp/gnus/mm-view.el. Concretamente, es posible que un usuario de Emacs quede comprometido instantáneamente leyendo un mensaje de correo electrónico manipulado (o un artículo de noticias de Usenet). • http://www.debian.org/security/2017/dsa-3975 http://www.openwall.com/lists/oss-security/2017/09/11/1 https://access.redhat.com/errata/RHSA-2017:2771 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350 https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70 https://security.gentoo.org/glsa/201801-07 https://www.debian.org/security/2017/dsa-3970 https://www.gnu.org/software/emacs/index.html#Releases https://access.redhat. • CWE-20: Improper Input Validation •
CVE-2014-9483
https://notcve.org/view.php?id=CVE-2014-9483
Emacs 24.4 allows remote attackers to bypass security restrictions. Emacs 24.4 permite a los atacantes remotos que omitan las restricciones de seguridad • http://www.openwall.com/lists/oss-security/2015/01/03/15 https://bugzilla.redhat.com/show_bug.cgi?id=1181599 https://exchange.xforce.ibmcloud.com/vulnerabilities/99688 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •