Search CVE reports

Toggle filters

331 – 340 of 1233 results

CVE-2023-28617

Medium priority

Some fixes available 5 of 33

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

7 affected packages

org-mode, xemacs21, xemacs21-packages, emacs, emacs23...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
org-mode Not affected Not affected Fixed Not affected Not affected
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Not affected Fixed Fixed Not in release
emacs23 Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Fixed
Show all 7 packages Show less packages

CVE-2023-27986

Medium priority
Needs evaluation

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

6 affected packages

xemacs21, xemacs21-packages, emacs, emacs24, emacs25, emacs23

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Not affected Not affected Not affected Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Not affected
emacs23 Not in release Not in release Not in release
Show less packages

CVE-2023-27985

Medium priority
Needs evaluation

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

6 affected packages

xemacs21, xemacs21-packages, emacs, emacs24, emacs25, emacs23

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Not affected Not affected Not affected Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Not affected
emacs23 Not in release Not in release Not in release
Show less packages

CVE-2023-27560

Medium priority
Needs evaluation

Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.

3 affected packages

php-phpseclib, php-phpseclib3, ldap-account-manager

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php-phpseclib Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
php-phpseclib3 Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-41727

Medium priority
Needs evaluation

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

1 affected package

golang-golang-x-image

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-image Not affected Not affected Needs evaluation Ignored Ignored
Show less packages

CVE-2022-41723

Medium priority

Some fixes available 23 of 38

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

20 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang, golang-1.6...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Not affected Fixed Not in release Not in release
google-guest-agent Fixed Fixed Fixed Fixed Fixed
containerd Not affected Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Not in release Vulnerable
golang-1.10 Not in release Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Not in release Vulnerable Not in release
golang-1.16 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Not in release Fixed Not in release Not in release
golang-1.18 Not in release Not in release Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not in release Not affected Not affected Not in release
golang-1.21 Not in release Not affected Not affected Not affected Not in release
adsys Not affected Not affected Not affected Fixed
golang-golang-x-net-dev Not in release Not in release Not in release Fixed Fixed
juju-core Not in release Not in release Not in release
lxd Not in release Not in release Not in release Not affected Fixed
Show all 20 packages Show less packages

CVE-2021-33367

Medium priority
Vulnerable

Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

1 affected package

freeimage

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freeimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-48339

Medium priority

Some fixes available 4 of 27

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not...

6 affected packages

xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Not affected Fixed Fixed Not in release
emacs23 Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Fixed
Show less packages

CVE-2022-48338

Medium priority

Some fixes available 1 of 24

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c...

6 affected packages

emacs, emacs23, emacs24, emacs25, xemacs21, xemacs21-packages

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
emacs Not affected Not affected Fixed Not affected Not in release
emacs23 Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Not affected
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-48337

Medium priority

Some fixes available 4 of 27

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For...

6 affected packages

emacs, xemacs21, emacs24, emacs25, xemacs21-packages, emacs23

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
emacs Not affected Not affected Fixed Fixed Not in release
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Fixed
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs23 Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 32
  3. 33
  4. 34
  5. 35
  6. 36
  7. Next page
Export to JSON