Org Mode
Monthly
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.