Page 4 of 22 results (0.002 seconds)

CVSS: 7.8EPSS: 10%CPEs: 20EXPL: 0

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. Emacs 21 permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) a través de ciertas imágenes modificadas, como lo demostrado a través de imágenes GIF en el modo vm, relacionado con el cálculo del tamaño de la imagen. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408929 http://secunia.com/advisories/26987 http://www.debian.org/security/2007/dsa-1316 http://www.mandriva.com/security/advisories?name=MDKSA-2007:133 http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.securityfocus.com/bid/24570 http://www.securitytracker.com/id?1018277 http://www.ubuntu.com/usn/usn-504-1 https://issues.rpath.com/browse/RPL-1490 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. • http://marc.info/?l=bugtraq&m=110780416112719&w=2 http://www.debian.org/security/2005/dsa-670 http://www.debian.org/security/2005/dsa-671 http://www.debian.org/security/2005/dsa-685 http://www.mandriva.com/security/advisories?name=MDKSA-2005:038 http://www.redhat.com/support/errata/RHSA-2005-110.html http://www.redhat.com/support/errata/RHSA-2005-112.html http://www.redhat.com/support/errata/RHSA-2005-133.html http://www.securityfocus.com/archive/1/433928/3 •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. • https://www.exploit-db.com/exploits/26492 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183 http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html http://secunia.com&#x •

CVSS: 1.2EPSS: 0%CPEs: 2EXPL: 0

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. • http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 http://www.iss.net/security_center/static/11210.php •

CVSS: 3.6EPSS: 0%CPEs: 7EXPL: 0

The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. • http://www.securityfocus.com/bid/1126 http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de •