4 results (0.027 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. Emacs versión 21 y XEmacs cargan y ejecutan automáticamente archivos .flc (fast lock) que están asociados con otros archivos que son editados en Emacs, lo que permite a los atacantes asistidos por el usuario ejecutar código arbitrario. • http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/30199 http://secunia.com/advisories/30216 http://secunia.com/advisories/30303 http://secunia.com/advisories/30581 http://secunia.com/advisories/30827 http://secunia.com/advisories/34004 http://security.gentoo.org/glsa/glsa-200902-06.xml http://thread.gmane.org/gmane.emacs.devel/96903 http://tracker.xemac •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. • http://marc.info/?l=bugtraq&m=110780416112719&w=2 http://www.debian.org/security/2005/dsa-670 http://www.debian.org/security/2005/dsa-671 http://www.debian.org/security/2005/dsa-685 http://www.mandriva.com/security/advisories?name=MDKSA-2005:038 http://www.redhat.com/support/errata/RHSA-2005-110.html http://www.redhat.com/support/errata/RHSA-2005-112.html http://www.redhat.com/support/errata/RHSA-2005-133.html http://www.securityfocus.com/archive/1/433928/3 •

CVSS: 1.2EPSS: 0%CPEs: 2EXPL: 0

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. • http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 http://www.iss.net/security_center/static/11210.php •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. • http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3 http://www.redhat.com/support/errata/RHSA-2001-010.html http://www.redhat.com/support/errata/RHSA-2001-011.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6056 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •