FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-03-23 09:27:53 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e60e538f-e795-4a00-b475-cc85a7546e00	Emacs -- Arbitrary code execution vulnerability Problem Description A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes. Impact Initially considered low severity, as it required user interaction with local files, it was later discovered that an attacker could exploit this vulnerability by tricking a user into visiting a specially crafted website or an HTTP URL with a redirect, leading to arbitrary shell command execution without further user action. Discovery 2025-02-11 Entry 2025-02-24 Modified 2025-02-25 emacs emacs-canna emacs-nox emacs-wayland < 30.1,3 emacs-devel emacs-devel-nox < 30.0.50.20240115,3 CVE-2025-1244 https://nvd.nist.gov/vuln/detail/CVE-2025-1244
7ba6c085-1590-491a-98ce-5452646b196f	Emacs -- Shell injection vulnerability Problem Description: An Emacs user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code. Discovery 2024-11-27 Entry 2025-02-24 emacs emacs-canna emacs-nox emacs-wayland < 30.1,3 emacs-devel emacs-devel-nox < 31.0.50.20250101,3 CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920

VuXML ID

Description

e60e538f-e795-4a00-b475-cc85a7546e00

Emacs -- Arbitrary code execution vulnerability

Problem Description

A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes.

Impact

Initially considered low severity, as it required user interaction with local files, it was later discovered that an attacker could exploit this vulnerability by tricking a user into visiting a specially crafted website or an HTTP URL with a redirect, leading to arbitrary shell command execution without further user action.

Discovery 2025-02-11
Entry 2025-02-24
Modified 2025-02-25
emacs
emacs-canna
emacs-nox
emacs-wayland

< 30.1,3

emacs-devel
emacs-devel-nox

< 30.0.50.20240115,3

CVE-2025-1244
https://nvd.nist.gov/vuln/detail/CVE-2025-1244

7ba6c085-1590-491a-98ce-5452646b196f

Emacs -- Shell injection vulnerability

Problem Description:

An Emacs user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.

Discovery 2024-11-27
Entry 2025-02-24
emacs
emacs-canna
emacs-nox
emacs-wayland

< 30.1,3

emacs-devel
emacs-devel-nox

< 31.0.50.20250101,3

CVE-2024-53920
https://nvd.nist.gov/vuln/detail/CVE-2024-53920