Download
| Alert*
oval:org.secpod.oval:def:107041
emacs is installed oval:org.secpod.oval:def:1800585 emacs is installed oval:org.secpod.oval:def:1800827 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ... oval:org.secpod.oval:def:21809 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on the /tmp/gnus.face.ppm temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21811 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/Mosaic temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21812 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/tramp temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21810 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a temporary file under /tmp/esrc/. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:107040 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:89044776 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with Content-Type: text/enriched oval:org.secpod.oval:def:1300306 Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs . oval:org.secpod.oval:def:89044713 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with Content-Type: text/enriched oval:org.secpod.oval:def:204557 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tric ... oval:org.secpod.oval:def:113144 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:507684 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * emacs: ctags local command execution vulnerability For more details about the security issue, including ... oval:org.secpod.oval:def:507720 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * emacs: ctags local command execution vulnerability For more details about the security issue, including ... oval:org.secpod.oval:def:19500145 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command in a situation where the ... oval:org.secpod.oval:def:19500207 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections thr ... oval:org.secpod.oval:def:507627 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * emacs: command injection vulnerability in org-mode For more details about the security issue, including ... oval:org.secpod.oval:def:19500007 org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters oval:org.secpod.oval:def:507727 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux For more details about the sec ... oval:org.secpod.oval:def:1506740 [1:26.1-9] - Fix MH-E mail composition with GNU Mailutils [1:26.1-8] - Fix ctags local command execute vulnerability oval:org.secpod.oval:def:1506683 [1:27.2-8] - Use a 64KB page size for pdump [1:27.2-7] - Fix ctags local command execute vulnerability oval:org.secpod.oval:def:1506586 [1:26.1-10.2] - Bump release [1:26.1-10.1] - Bump release [1:26.1-10] - Fix ob-latex.el command injection vulnerability [1:26.1-9] - Fix MH-E mail composition with GNU Mailutils [1:26.1-8] - Fix ctags local command execute vulnerability oval:org.secpod.oval:def:1506529 [1:26.1-7.1] - Fix ob-latex.el command injection vulnerability oval:org.secpod.oval:def:89048016 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags . oval:org.secpod.oval:def:89048013 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags . oval:org.secpod.oval:def:89048011 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags . oval:org.secpod.oval:def:5800167 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * emacs: command injection vulnerability in org-mode For more details about the security issue, including ... oval:org.secpod.oval:def:1701281 org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters oval:org.secpod.oval:def:124836 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:3300654 SUSE Security Update: Security update for emacs oval:org.secpod.oval:def:4501409 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * emacs: command injection vulnerability in org-mode For more details about the security issue, including ... oval:org.secpod.oval:def:1701152 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command in a situation where the ... oval:org.secpod.oval:def:113188 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:1800584 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ... oval:org.secpod.oval:def:502138 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tric ... oval:org.secpod.oval:def:113228 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:113613 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:1600787 Command injection flaw within "enriched mode" handling:A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary ... oval:org.secpod.oval:def:1502010 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:19500029 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command in a situation where the ... oval:org.secpod.oval:def:126317 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:89048493 This update for emacs fixes the following issues: * CVE-2022-48337: Fixed etags local command injection vulnerability . * CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability . * CVE-2022-48338: Fixed ruby-mode.el local command injection vulnerability . oval:org.secpod.oval:def:1506598 [1:24.3-23.1] - Fix htmlfontify.el command injection vulnerability oval:org.secpod.oval:def:89048606 This update for emacs fixes the following issues: * CVE-2022-48337: Fixed etags local command injection vulnerability . * CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability . oval:org.secpod.oval:def:507685 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux * emacs: command execution via ... oval:org.secpod.oval:def:89048639 This update for emacs fixes the following issues: * CVE-2022-48337: Fixed etags local command injection vulnerability . * CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability . oval:org.secpod.oval:def:1701207 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command in a situation where ... oval:org.secpod.oval:def:126189 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:2501274 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. oval:org.secpod.oval:def:205502 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. The following packages have been upgraded to a later upstream version: ImageMagick . Security Fix: * ImageMagick: multiple security vulnerabilities For more details about t ... oval:org.secpod.oval:def:503627 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. The following packages have been upgraded to a later upstream version: ImageMagick . Security Fix: * ImageMagick: multiple security vulnerabilities For more details about t ... oval:org.secpod.oval:def:1504542 autotrace [0.31.1-38] - Resolves: #1765205 rebuild against new IM emacs [1:24.3-23] - Resolves: #1765208 rebuild against new IM ImageMagick [6.9.10.68-3] - Fixing freeze when svg file contains class="" [6.9.10.68-2] - Fixed ghostscript fonts, fixed multilib conflicts [6.9.10.68-1] - Rebase to 6.9.10 ... oval:org.secpod.oval:def:127467 Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. oval:org.secpod.oval:def:89051767 This update for emacs fixes the following issues: * CVE-2024-30203: Fixed denial of service via MIME contents * CVE-2024-30204: Fixed denial of service via LaTeX preview in e-mail attachments * CVE-2024-30205: Fixed Org mode considering contents of remote files as trusted oval:org.secpod.oval:def:89051756 This update for emacs fixes the following issues: * CVE-2024-30203: Fixed treating inline MIME contents as trusted * CVE-2024-30204: Fixed LaTeX preview enabled by default for e-mail attachments * CVE-2024-30205: Fixed Org mode considering contents of remote files as trusted |