Skip to main content

Org Mode

5 CVEs product

Monthly

CVE-2024-30205 HIGH PATCH This Week

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Emacs Org Mode Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-30204 LOW PATCH Monitor

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Emacs Org Mode Debian Linux
NVD
CVSS 3.1
2.8
EPSS
0.5%
CVE-2024-30203 MEDIUM PATCH This Month

In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Emacs Org Mode Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-30202 HIGH PATCH This Week

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Emacs Org Mode
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-28617 HIGH PATCH This Week

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Org Mode
NVD
CVSS 3.1
7.8
EPSS
0.5%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Emacs Org Mode +1
NVD
EPSS 0% CVSS 2.8
LOW PATCH Monitor

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Emacs Org Mode +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Emacs Org Mode +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Emacs +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Org Mode
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy