Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2021-1828
HistoryJul 02, 2021 - 4:39 p.m.

Advisory ROSA-SA-2021-1828

2021-07-0216:39:27
ROSA LAB
abf.rosalinux.ru
21
advisory
rosa-sa-2021-1828
gnu emacs
security vulnerabilities
critical
medium
overwrite files
execute code
unauthorized access
data compromise

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.031

Percentile

91.1%

JSON

Software: emacs 24.3
OS: Cobalt 7.9

CVE-ID: CVE-2014-3421
CVE-Crit: CRITICAL
CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3422
CVE-Crit: CRITICAL
CVE-DESC: lisp / emacs-lisp / find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on a temporary file in / tmp / esrc /.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3423
CVE-Crit: CRITICAL
CVE-DESC: lisp / net / browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/Mosaic.#####.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3424
CVE-Crit: CRITICAL
CVE-DESC: lisp / net / tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/tramp.#####.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-1000383
CVE-Crit: MEDIUM
CVE-DESC: GNU Emacs version 25.3.1 (and likely other versions) ignores umask when creating a backup save file (“[ORIGINAL_FILENAME] ~”), resulting in files that can be read-only to all or otherwise accessed in ways not intended by the user running the emacs binary.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-14482
CVE-Crit: HIGH
CVE-DESC: GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with generated Content-Type: text / enriched data containing an x-display XML element that defines the execution of shell commands associated with the insecure text / enriched extension in lisp / textmodes / enriched.el and insecure Gnus support for the embedded MIME objects enriched and richtext in lisp / gnus / mm-view.el. In particular, an Emacs user could be instantly compromised by reading an e-mail message (or Usenet news article) that was created.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchemacs< 24.3UNKNOWN

Related

nessus 35
kaspersky 1
openvas 44
fedora 26
mageia 2
securityvulns 1
osv 5
prion 6
ubuntucve 6
redhatcve 2
cvelist 6
cve 6
nvd 6
suse 3
ubuntu 2
canvas 1
debian 2
debiancve 5
gentoo 1
amazon 1
ibm 2
oraclelinux 1
centos 1
redhat 1
nessus
nessus
RHEL 6 : emacs (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : emacs (Unpatched Vulnerability)
2024-06-03 00:00:00
Mandriva Linux Security Advisory : emacs (MDVSA-2015:117)
2015-03-30 00:00:00
kaspersky
kaspersky
KLA10169 WLF vulnerability in Emacs
2014-05-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0834-1)
2021-06-09 00:00:00
Fedora Update for emacs FEDORA-2014-6554
2014-06-02 00:00:00
Mageia: Security Advisory (MGASA-2014-0250)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: emacs-24.3-17.fc20
2014-05-29 23:29:06
[SECURITY] Fedora 25 Update: vips-8.4.4-1.fc25.1
2017-09-19 15:25:23
[SECURITY] Fedora 25 Update: rss-glx-0.9.1.p-27.fc25.1
2017-09-19 15:25:20
mageia
mageia
Updated emacs packages fix CVE-2014-3421-4
2014-06-06 09:47:18
Updated emacs packages fix security vulnerability
2017-12-31 03:10:15
securityvulns
securityvulns
GNU Emacs
2014-05-10 00:00:00
osv
osv
emacs-25.1-1.1 on GA media
2024-06-15 00:00:00
CVE-2017-14482
2017-09-14 16:29:00
emacs24 - security update
2017-09-12 00:00:00
prion
prion
Design/Logic Flaw
2017-10-31 20:29:00
Arbitrary file deletion
2014-05-08 10:55:00
Design/Logic Flaw
2017-09-14 16:29:00
ubuntucve
ubuntucve
CVE-2017-1000383
2017-10-31 00:00:00
CVE-2017-14482
2017-09-14 00:00:00
CVE-2014-3423
2014-05-08 00:00:00
redhatcve
redhatcve
CVE-2017-1000383
2017-11-02 09:19:35
CVE-2017-14482
2017-09-15 07:48:36
cvelist
cvelist
CVE-2017-1000383
2017-10-31 20:00:00
CVE-2014-3423
2014-05-08 10:00:00
CVE-2017-14482
2017-09-14 16:00:00
cve
cve
CVE-2017-1000383
2017-10-31 20:29:00
CVE-2014-3423
2014-05-08 10:55:05
CVE-2017-14482
2017-09-14 16:29:00
nvd
nvd
CVE-2017-1000383
2017-10-31 20:29:00
CVE-2017-14482
2017-09-14 16:29:00
CVE-2014-3423
2014-05-08 10:55:05
suse
suse
Security update for emacs (important)
2017-09-21 03:07:15
Security update for emacs (important)
2017-09-20 18:09:19
Security update for emacs (important)
2017-09-20 15:08:02
ubuntu
ubuntu
Emacs vulnerability
2017-09-21 00:00:00
Emacs vulnerability
2017-09-21 00:00:00
canvas
canvas
Immunity Canvas: EMACS_ENRICHED
2017-09-14 16:29:00
debian
debian
[SECURITY] [DLA 1101-1] emacs23 security update
2017-09-21 19:50:29
[SECURITY] [DSA 3975-1] emacs25 security update
2017-09-15 21:21:38
debiancve
debiancve
CVE-2017-14482
2017-09-14 16:29:00
CVE-2014-3423
2014-05-08 10:55:05
CVE-2014-3421
2014-05-08 10:55:00
gentoo
gentoo
GNU Emacs: Command injection
2018-01-07 00:00:00
amazon
amazon
Important: emacs
2017-10-12 20:38:00
ibm
ibm
Security Bulletin: A vulnerability in emacs affects PowerKVM
2018-06-18 01:38:34
Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway
2024-07-11 18:02:29
oraclelinux
oraclelinux
emacs security update
2017-09-19 00:00:00
centos
centos
emacs security update
2017-09-20 12:06:23
redhat
redhat
(RHSA-2017:2771) Important: emacs security update
2017-09-19 17:47:10

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.031

Percentile

91.1%

JSON
Related for ROSA-SA-2021-1828
nessus35kaspersky1openvas44fedora26mageia2securityvulns1osv5prion6ubuntucve6redhatcve2cvelist6cve6nvd6suse3ubuntu2canvas1debian2debiancve5gentoo1amazon1ibm2oraclelinux1centos1redhat1