Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
CVSS Score
5.1
EPSS Score
0.065
Published
2003-12-31
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
CVSS Score
1.2
EPSS Score
0.001
Published
2001-08-07
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
CVSS Score
2.1
EPSS Score
0.001
Published
2000-04-18
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
CVSS Score
3.6
EPSS Score
0.001
Published
2000-04-18
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-04-18
Page 4