Page 3 of 15 results (0.009 seconds)

CVSS: 9.3EPSS: 0%CPEs: 32EXPL: 0

CVE-2012-0035

https://notcve.org/view.php?id=CVE-2012-0035

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. Una vulnerabilidad de ruta de búsqueda no confiable en EDE en CEDET antes de v1.0.1, tal como se utiliza en GNU Emacs antes de v23.4 y otros productos, permite a usuarios locales conseguir privilegios a través de una expresión Lisp modificada en un archivo Project.ede en el directorio, o en el directorio padre, de un archivo abierto. • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html http://openwall.com/lists/oss-security/2012/01/10/2 http://openwall.com/lists/oss-security/2012/01/10/4 http://secunia.com/advisories/47311 http://secunia.com/advisories/47515 http://secunia.com/advisories/50801 http://sourceforge.net/mailarchive/mess •

CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0

CVE-2008-1694

https://notcve.org/view.php?id=CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. vcdiff en Emacs 20.7 a 22.1.50, cuando es utilizado con SCCS, permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque symlink en ficheros temporales. • http://bugs.gentoo.org/show_bug.cgi?id=216880 http://secunia.com/advisories/29905 http://secunia.com/advisories/29926 http://secunia.com/advisories/30109 http://www.mandriva.com/security/advisories?name=MDVSA-2008:096 http://www.securityfocus.com/bid/28857 http://www.securitytracker.com/id?1019909 http://www.vupen.com/english/advisories/2008/1309/references http://www.vupen.com/english/advisories/2008/1310/references https://bugzilla.redhat.com/show_bug.cgi?id=208483 https:&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2007-5795 – GNU Emacs 22.1 - Local Variable Handling Code Execution

https://notcve.org/view.php?id=CVE-2007-5795

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. La función hack-local-variables en el Emacs anterior al 22.2, cuando el enable-local-variables está establecido a :safe, no busca correctamente las listas de las variables no seguras o de riesgo, lo que permite a permite a atacantes con la intervención del usuario evitar las restricciones y modificar variables de programa críticas a través de un fichero que contiene declaraciones de variables Locales. • https://www.exploit-db.com/exploits/30736 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008 http://bugs.gentoo.org/show_bug.cgi?id=197958 http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/42060 http://secunia.com/advisories/27508 http://secunia.com/advisories/27627 http:& •

CVSS: 7.8EPSS: 10%CPEs: 20EXPL: 0

CVE-2007-2833

https://notcve.org/view.php?id=CVE-2007-2833

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. Emacs 21 permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) a través de ciertas imágenes modificadas, como lo demostrado a través de imágenes GIF en el modo vm, relacionado con el cálculo del tamaño de la imagen. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408929 http://secunia.com/advisories/26987 http://www.debian.org/security/2007/dsa-1316 http://www.mandriva.com/security/advisories?name=MDKSA-2007:133 http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.securityfocus.com/bid/24570 http://www.securitytracker.com/id?1018277 http://www.ubuntu.com/usn/usn-504-1 https://issues.rpath.com/browse/RPL-1490 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2005-0100

https://notcve.org/view.php?id=CVE-2005-0100

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. • http://marc.info/?l=bugtraq&m=110780416112719&w=2 http://www.debian.org/security/2005/dsa-670 http://www.debian.org/security/2005/dsa-671 http://www.debian.org/security/2005/dsa-685 http://www.mandriva.com/security/advisories?name=MDKSA-2005:038 http://www.redhat.com/support/errata/RHSA-2005-110.html http://www.redhat.com/support/errata/RHSA-2005-112.html http://www.redhat.com/support/errata/RHSA-2005-133.html http://www.securityfocus.com/archive/1/433928/3 •