Debian Xemacs21 vulnerabilities

7 known vulnerabilities affecting debian/xemacs21.

Total CVEs

7

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2LOW4

Vulnerabilities

Page 1 of 1

CVE-2022-45939HIGHCVSS 7.8fixed in emacs 1:28.2+1-8 (bookworm)2022

CVE-2022-45939 [HIGH] CVE-2022-45939: emacs - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharac... GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has c

CVE-2010-0825LOWCVSS 4.4fixed in xemacs21 21.4.22-3.1 (bookworm)2010

CVE-2010-0825 [MEDIUM] CVE-2010-0825: xemacs21 - lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, mo... lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. Scope: local bookworm: resolved (fixed in 21.4.22-3.1) bullseye: resolved (fixed in 21.4.22-3.1) sid: resolved (fixed in 21.4.22-3.1)

CVE-2009-2688LOWCVSS 10.0fixed in xemacs21 21.4.22-3 (bookworm)2009

CVE-2009-2688 [CRITICAL] CVE-2009-2688: xemacs21 - Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on... Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a craf

CVE-2008-3949LOWCVSS 7.22008

CVE-2008-3949 [HIGH] CVE-2008-3949: xemacs21 - emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from... emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file. Scope: local bookworm: resolved bullseye: resolved sid: resolved

CVE-2008-1694LOWCVSS 4.6fixed in xemacs21 21.4.21-4 (bookworm)2008

CVE-2008-1694 [MEDIUM] CVE-2008-1694: xemacs21 - vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to over... vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. Scope: local bookworm: resolved (fixed in 21.4.21-4) bullseye: resolved (fixed in 21.4.21-4) sid: resolved (fixed in 21.4.21-4)

CVE-2007-6109CRITICALCVSS 10.0fixed in xemacs21 21.4.21-4 (bookworm)2007

CVE-2007-6109 [CRITICAL] CVE-2007-6109: xemacs21 - Stack-based buffer overflow in emacs allows user-assisted attackers to cause a d... Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. Scope: local bookworm: resolved (fixed in 21.4.21-

CVE-2005-0100HIGHCVSS 7.5fixed in xemacs21 21.4.16-2 (bookworm)2005

CVE-2005-0100 [HIGH] CVE-2005-0100: xemacs21 - Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and... Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. Scope: local bookworm: resolved (fixed in 21.4.16-2) bullseye: resolved (fixed in 21.4.16-2) sid: resolved (fixed in 21.4.16-2)