Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-30202 (GCVE-0-2024-30202)
Vulnerability from cvelistv5 – Published: 2024-03-25 00:00 – Updated: 2024-11-13 17:54
VLAI
EPSS
Summary
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
5 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T21:03:07.717634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:54:10.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:03.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb"
},
{
"name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"
},
{
"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:08:01.531Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"
},
{
"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9"
},
{
"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb"
},
{
"name": "[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"
},
{
"name": "[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30202",
"datePublished": "2024-03-25T00:00:00.000Z",
"dateReserved": "2024-03-25T00:00:00.000Z",
"dateUpdated": "2024-11-13T17:54:10.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-30202",
"date": "2026-06-05",
"epss": "0.00054",
"percentile": "0.17121"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-30202\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-03-25T15:15:52.427\",\"lastModified\":\"2025-05-01T14:33:59.357\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.\"},{\"lang\":\"es\",\"value\":\"En Emacs anterior a 29.3, el c\u00f3digo Lisp arbitrario se eval\u00faa como parte de activar el modo Org. Esto afecta al modo de organizaci\u00f3n anterior a la versi\u00f3n 9.6.23.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"29.3\",\"matchCriteriaId\":\"33B7CDB1-3230-40DE-9425-EE9F469E5C5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:org_mode:*:*:*:*:*:gnu_emacs:*:*\",\"versionEndExcluding\":\"9.6.23\",\"matchCriteriaId\":\"4EB86482-347A-4F21-86A8-1DADB475E29C\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/25/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/08/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/25/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/08/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/25/2\", \"name\": \"[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/08/6\", \"name\": \"[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:25:03.372Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30202\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-01T21:03:07.717634Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T21:03:13.091Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29\"}, {\"url\": \"https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9\"}, {\"url\": \"https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/25/2\", \"name\": \"[oss-security] 20240325 Re: GNU emacs 29.3 released to fix security issues\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/08/6\", \"name\": \"[oss-security] 20240408 Re: Is CVE-2024-30203 bogus? (Emacs)\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-01T18:08:01.531Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-30202\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-13T17:54:10.866Z\", \"dateReserved\": \"2024-03-25T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-03-25T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Gnu emacs存在未明漏洞(CNVD-2025-15364)
Description
Gnu emacs是美国GNU社区的一个文本编辑器家族。
Gnu emacs存在安全漏洞,该漏洞源于任意Lisp代码都会作为打开Org模式的一部分进行评估。目前没有详细的漏洞细节提供。
Severity
中
Patch Name
Gnu emacs存在未明漏洞(CNVD-2025-15364)的补丁
Patch Description
Gnu emacs是美国GNU社区的一个文本编辑器家族。
Gnu emacs存在安全漏洞,该漏洞源于任意Lisp代码都会作为打开Org模式的一部分进行评估。目前没有详细的漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-30202
Impacted products
| Name | Gnu emacs <29.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-30202",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-30202"
}
},
"description": "Gnu emacs\u662f\u7f8e\u56fdGNU\u793e\u533a\u7684\u4e00\u4e2a\u6587\u672c\u7f16\u8f91\u5668\u5bb6\u65cf\u3002\n\nGnu emacs\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4efb\u610fLisp\u4ee3\u7801\u90fd\u4f1a\u4f5c\u4e3a\u6253\u5f00Org\u6a21\u5f0f\u7684\u4e00\u90e8\u5206\u8fdb\u884c\u8bc4\u4f30\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-15364",
"openTime": "2025-07-09",
"patchDescription": "Gnu emacs\u662f\u7f8e\u56fdGNU\u793e\u533a\u7684\u4e00\u4e2a\u6587\u672c\u7f16\u8f91\u5668\u5bb6\u65cf\u3002\r\n\r\nGnu emacs\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4efb\u610fLisp\u4ee3\u7801\u90fd\u4f1a\u4f5c\u4e3a\u6253\u5f00Org\u6a21\u5f0f\u7684\u4e00\u90e8\u5206\u8fdb\u884c\u8bc4\u4f30\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Gnu emacs\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2025-15364\uff09\u7684\u8865\u4e01",
"products": {
"product": "Gnu emacs \u003c29.3"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-30202",
"serverity": "\u4e2d",
"submitTime": "2024-03-27",
"title": "Gnu emacs\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2025-15364\uff09"
}
FKIE_CVE-2024-30202
Vulnerability from fkie_nvd - Published: 2024-03-25 15:15 - Updated: 2025-05-01 14:33
Severity
Summary
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B7CDB1-3230-40DE-9425-EE9F469E5C5A",
"versionEndExcluding": "29.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:org_mode:*:*:*:*:*:gnu_emacs:*:*",
"matchCriteriaId": "4EB86482-347A-4F21-86A8-1DADB475E29C",
"versionEndExcluding": "9.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23."
},
{
"lang": "es",
"value": "En Emacs anterior a 29.3, el c\u00f3digo Lisp arbitrario se eval\u00faa como parte de activar el modo Org. Esto afecta al modo de organizaci\u00f3n anterior a la versi\u00f3n 9.6.23."
}
],
"id": "CVE-2024-30202",
"lastModified": "2025-05-01T14:33:59.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-25T15:15:52.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-8R8F-V2FJ-H7CP
Vulnerability from github – Published: 2024-03-25 15:30 – Updated: 2024-11-14 21:31
VLAI
Details
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2024-30202"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-25T15:15:52Z",
"severity": "HIGH"
},
"details": "In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.",
"id": "GHSA-8r8f-v2fj-h7cp",
"modified": "2024-11-14T21:31:56Z",
"published": "2024-03-25T15:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30202"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/04/08/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2024-30202
Vulnerability from gsd - Updated: 2024-04-03 05:02Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-30202"
],
"id": "GSD-2024-30202",
"modified": "2024-04-03T05:02:29.149909Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-30202",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23."
}
],
"id": "CVE-2024-30202",
"lastModified": "2024-03-25T16:43:06.137",
"metrics": {},
"published": "2024-03-25T15:15:52.427",
"references": [
{
"source": "cve@mitre.org",
"url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb"
},
{
"source": "cve@mitre.org",
"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"
},
{
"source": "cve@mitre.org",
"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
MSRC_CVE-2024-30202
Vulnerability from csaf_microsoft - Published: 2024-03-02 08:00 - Updated: 2024-11-15 00:00Summary
In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17382-17086 | — | ||
| Unresolved product id: 17776-17084 | — | ||
| Unresolved product id: 20109-17086 | — | ||
| Unresolved product id: 19239-17084 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30202 In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-30202.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.",
"tracking": {
"current_release_date": "2024-11-15T00:00:00.000Z",
"generator": {
"date": "2025-12-18T08:05:01.210Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-30202",
"initial_release_date": "2024-03-02T08:00:00.000Z",
"revision_history": [
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-11-15T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added emacs to CBL-Mariner 2.0\nAdded emacs to Azure Linux 3.0"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 emacs 29.3-1",
"product": {
"name": "\u003ccbl2 emacs 29.3-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 emacs 29.3-1",
"product": {
"name": "cbl2 emacs 29.3-1",
"product_id": "17382"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 emacs 29.3-1",
"product": {
"name": "\u003cazl3 emacs 29.3-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 emacs 29.3-1",
"product": {
"name": "azl3 emacs 29.3-1",
"product_id": "17776"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 emacs 28.2-6",
"product": {
"name": "\u003ccbl2 emacs 28.2-6",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 emacs 28.2-6",
"product": {
"name": "cbl2 emacs 28.2-6",
"product_id": "20109"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 emacs 29.1-1",
"product": {
"name": "\u003cazl3 emacs 29.1-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 emacs 29.1-1",
"product": {
"name": "azl3 emacs 29.1-1",
"product_id": "19239"
}
}
],
"category": "product_name",
"name": "emacs"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 emacs 29.3-1 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 emacs 29.3-1 as a component of CBL Mariner 2.0",
"product_id": "17382-17086"
},
"product_reference": "17382",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 emacs 29.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 emacs 29.3-1 as a component of Azure Linux 3.0",
"product_id": "17776-17084"
},
"product_reference": "17776",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 emacs 28.2-6 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 emacs 28.2-6 as a component of CBL Mariner 2.0",
"product_id": "20109-17086"
},
"product_reference": "20109",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 emacs 29.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 emacs 29.1-1 as a component of Azure Linux 3.0",
"product_id": "19239-17084"
},
"product_reference": "19239",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30202",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17382-17086",
"17776-17084",
"20109-17086",
"19239-17084"
],
"known_affected": [
"17086-4",
"17084-3",
"17086-1",
"17084-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30202 In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-30202.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-30T07:00:00.000Z",
"details": "29.3-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-4",
"17084-3",
"17086-1",
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17086-4",
"17084-3",
"17086-1",
"17084-2"
]
}
],
"title": "In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23."
}
]
}
WID-SEC-W-2024-0708
Vulnerability from csaf_certbund - Published: 2024-03-25 23:00 - Updated: 2025-02-27 23:00Summary
GNU Emacs: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: GNU Emacs ist Texteditor, welcher durch eine Programmierschnittstelle in der Programmiersprache Emacs Lisp mit beliebigen Erweiterungen ausgestattet werden kann.
Angriff: Ein Angreifer kann mehrere Schwachstellen in GNU Emacs ausnutzen, um beliebigen Programmcode auszuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Open Source GNU Emacs <29.3
Open Source / GNU Emacs
|
<29.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
RESF Rocky Linux <9.5
RESF / Rocky Linux
|
<9.5 | ||
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Open Source GNU Emacs <29.3
Open Source / GNU Emacs
|
<29.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
RESF Rocky Linux <9.5
RESF / Rocky Linux
|
<9.5 | ||
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Open Source GNU Emacs <29.3
Open Source / GNU Emacs
|
<29.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
RESF Rocky Linux <9.5
RESF / Rocky Linux
|
<9.5 | ||
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Open Source GNU Emacs <29.3
Open Source / GNU Emacs
|
<29.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
RESF Rocky Linux <9.5
RESF / Rocky Linux
|
<9.5 | ||
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM Cognos Analytics <11.2.4 IF4
IBM / Cognos Analytics
|
<11.2.4 IF4 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Cognos Analytics <12.0.4 IF2
IBM / Cognos Analytics
|
<12.0.4 IF2 |
References
24 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "GNU Emacs ist Texteditor, welcher durch eine Programmierschnittstelle in der Programmiersprache Emacs Lisp mit beliebigen Erweiterungen ausgestattet werden kann.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in GNU Emacs ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0708 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0708.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0708 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0708"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-25",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30202"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-25",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30203"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-25",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30204"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-25",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30205"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2024-03-25",
"url": "https://github.com/advisories/GHSA-8r8f-v2fj-h7cp"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1294-1 vom 2024-04-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018359.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1317-1 vom 2024-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018371.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3801 vom 2024-04-29",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3802 vom 2024-04-30",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-08 vom 2024-07-01",
"url": "https://security.gentoo.org/glsa/202407-08"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2297-1 vom 2024-07-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018866.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7027-1 vom 2024-09-19",
"url": "https://ubuntu.com/security/notices/USN-7027-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6987 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:6987"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6987 vom 2024-09-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-6987.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7443 vom 2024-10-01",
"url": "https://access.redhat.com/errata/RHSA-2024:7443"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7323 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7323"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9302 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9302"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:9302 vom 2024-11-19",
"url": "https://errata.build.resf.org/RLSA-2024:9302"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7183676 vom 2025-02-27",
"url": "https://www.ibm.com/support/pages/node/7183676"
}
],
"source_lang": "en-US",
"title": "GNU Emacs: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-02-27T23:00:00.000+00:00",
"generator": {
"date": "2025-02-28T09:17:48.400+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0708",
"initial_release_date": "2024-03-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-09-19T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-07T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "15",
"summary": "Pr\u00fcfung Produkteintragung"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.0.4 IF2",
"product": {
"name": "IBM Cognos Analytics \u003c12.0.4 IF2",
"product_id": "T041469"
}
},
{
"category": "product_version",
"name": "12.0.4 IF2",
"product": {
"name": "IBM Cognos Analytics 12.0.4 IF2",
"product_id": "T041469-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:12.0.4_if2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.2.4 IF4",
"product": {
"name": "IBM Cognos Analytics \u003c11.2.4 IF4",
"product_id": "T041470"
}
},
{
"category": "product_version",
"name": "11.2.4 IF4",
"product": {
"name": "IBM Cognos Analytics 11.2.4 IF4",
"product_id": "T041470-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:11.2.4_if4"
}
}
}
],
"category": "product_name",
"name": "Cognos Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c29.3",
"product": {
"name": "Open Source GNU Emacs \u003c29.3",
"product_id": "T033648"
}
},
{
"category": "product_version",
"name": "29.3",
"product": {
"name": "Open Source GNU Emacs 29.3",
"product_id": "T033648-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gnu:emacs:29.3"
}
}
}
],
"category": "product_name",
"name": "GNU Emacs"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.5",
"product": {
"name": "RESF Rocky Linux \u003c9.5",
"product_id": "T039268"
}
},
{
"category": "product_version",
"name": "9.5",
"product": {
"name": "RESF Rocky Linux 9.5",
"product_id": "T039268-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:9.5"
}
}
}
],
"category": "product_name",
"name": "Rocky Linux"
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30202",
"product_status": {
"known_affected": [
"T028053",
"T033648",
"67646",
"T012167",
"T004914",
"T038741",
"T039268",
"T014381",
"T041470",
"2951",
"T002207",
"T000126",
"T024663",
"T041469"
]
},
"release_date": "2024-03-25T23:00:00.000+00:00",
"title": "CVE-2024-30202"
},
{
"cve": "CVE-2024-30203",
"product_status": {
"known_affected": [
"T028053",
"T033648",
"67646",
"T012167",
"T004914",
"T038741",
"T039268",
"T014381",
"T041470",
"2951",
"T002207",
"T000126",
"T024663",
"T041469"
]
},
"release_date": "2024-03-25T23:00:00.000+00:00",
"title": "CVE-2024-30203"
},
{
"cve": "CVE-2024-30204",
"product_status": {
"known_affected": [
"T028053",
"T033648",
"67646",
"T012167",
"T004914",
"T038741",
"T039268",
"T014381",
"T041470",
"2951",
"T002207",
"T000126",
"T024663",
"T041469"
]
},
"release_date": "2024-03-25T23:00:00.000+00:00",
"title": "CVE-2024-30204"
},
{
"cve": "CVE-2024-30205",
"product_status": {
"known_affected": [
"T028053",
"T033648",
"67646",
"T012167",
"T004914",
"T038741",
"T039268",
"T014381",
"T041470",
"2951",
"T002207",
"T000126",
"T024663",
"T041469"
]
},
"release_date": "2024-03-25T23:00:00.000+00:00",
"title": "CVE-2024-30205"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…