CPE-0A23C7E8-95C3-47A4-B3A2-735173AF08E2 Detail

CPE Details

GNU Emacs 25.3

Vendor

gnu

Product

emacs

Version

25.3

Created

2019-11-21
16h21 +00:00

Modified

2019-11-21
16h21 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:gnu:emacs:25.3:::::::*

Informations

Vendor

gnu

Product

emacs

Version

25.3

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-48337	2023-02-20 00h00 +00:00	GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.	9.8	Critical
CVE-2022-48338	2023-02-20 00h00 +00:00	An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.	7.3	High
CVE-2022-48339	2023-02-20 00h00 +00:00	An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.	7.8	High
CVE-2022-45939	2022-11-27 23h00 +00:00	GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.	7.8	High
CVE-2017-1000383	2017-10-31 19h00 +00:00	GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.	5.5	Medium
CVE-2007-6109	2007-12-07 10h00 +00:00	Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.	10

GNU Emacs 25.3

CPE Details

CPE Name: cpe:2.3:a:gnu:emacs:25.3:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:gnu:emacs:25.3:::::::*