CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2008-2142 – Mandriva Linux Security Advisory 2008-154
https://notcve.org/view.php?id=CVE-2008-2142
12 May 2008 — Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. Emacs versión 21 y XEmacs cargan y ejecutan automáticamente archivos .flc (fast lock) que están asociados con otros archivos que son editados en Emacs, lo que permite a los atacantes asistidos por el usuario ejecutar código arbitrario. Two vulnerabilities were found in GNU Emacs, possibly leading to user-a... • http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2005-0100 – Ubuntu Security Notice 76-1
https://notcve.org/view.php?id=CVE-2005-0100
07 Feb 2005 — Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. Max Vozeler discovered a format string vulnerability in the movemail utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user and the mail group. • http://marc.info/?l=bugtraq&m=110780416112719&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1301
https://notcve.org/view.php?id=CVE-2001-1301
07 Aug 2001 — rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. • http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2001-0191
https://notcve.org/view.php?id=CVE-2001-0191
03 May 2001 — gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. • http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •