CVSS: 9.3EPSS: 0%CPEs: 32EXPL: 0CVE-2012-0035 – Gentoo Linux Security Advisory 201401-31
https://notcve.org/view.php?id=CVE-2012-0035
19 Jan 2012 — Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. Una vulnerabilidad de ruta de búsqueda no confiable en EDE en CEDET antes de v1.0.1, tal como se utiliza en GNU Emacs antes de v23.4 y otros productos, permite a usuarios locales conseguir privilegios a través de una expresión Lisp modificada ... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2007-5795 – GNU Emacs 22.1 - Local Variable Handling Code Execution
https://notcve.org/view.php?id=CVE-2007-5795
02 Nov 2007 — The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. La función hack-local-variables en el Emacs anterior al 22.2, cuando el enable-local-variables está establecido a :safe, no busca correctamente las listas de las variables no seguras o ... • https://www.exploit-db.com/exploits/30736 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0100
https://notcve.org/view.php?id=CVE-2005-0100
07 Feb 2005 — Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. • http://marc.info/?l=bugtraq&m=110780416112719&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2000-0270
https://notcve.org/view.php?id=CVE-2000-0270
18 Apr 2000 — The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. • http://www.securityfocus.com/bid/1126 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2000-0269
https://notcve.org/view.php?id=CVE-2000-0269
18 Apr 2000 — Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess. • http://www.securityfocus.com/bid/1125 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2000-0271
https://notcve.org/view.php?id=CVE-2000-0271
18 Apr 2000 — read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords. • http://www.securityfocus.com/bid/1125 •