Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 18 results


CVE-2023-2491

Medium priority
Not affected

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Not affected Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not affected Not in release
xemacs21 Not affected Not affected Not affected Not affected
xemacs21-packages Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-28617

Medium priority

Some fixes available 4 of 34

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

7 affected packages

emacs, emacs23, emacs24, emacs25, org-mode...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
org-mode Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-27986

Medium priority
Needs evaluation

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Not affected Not affected Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not affected Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-27985

Medium priority
Needs evaluation

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Not affected Not affected Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not affected Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-48339

Medium priority

Some fixes available 4 of 23

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-48338

Medium priority

Some fixes available 1 of 20

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Not affected Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Not affected
emacs25 Not in release Not in release Not affected Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-48337

Medium priority

Some fixes available 4 of 23

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-45939

Medium priority

Some fixes available 4 of 23

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs Not affected Fixed Fixed Not in release Ignored
emacs23 Not in release Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release Fixed
emacs25 Not in release Not in release Fixed Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2017-1000383

Low priority
Ignored

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the...

3 affected packages

emacs23, emacs24, emacs25

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs23 Not in release Not in release
emacs24 Not in release Ignored
emacs25 Ignored Not in release
Show less packages

CVE-2017-14482

Medium priority

Some fixes available 3 of 4

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe...

3 affected packages

emacs23, emacs24, emacs25

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emacs23 Not in release Not in release
emacs24 Not in release Fixed
emacs25 Not affected Not in release
Show less packages