Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lilypond lilypond vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-29007
The Score extension up to and including 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execut...
Mediawiki Score
5 Github repositories
9.8
CVSSv3
CVE-2020-17353
scm/define-stencil-commands.scm in LilyPond up to and including 2.20.0, and 2.21.x up to and including 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
Lilypond Lilypond
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
Opensuse Leap 15.2
Opensuse Backports Sle 15.0
1 Github repository
9.8
CVSSv3
CVE-2018-10992
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote malicious users to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argu...
Lilypond Lilypond 2.19.80
8.8
CVSSv3
CVE-2017-17523
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote malicious users to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argu...
Lilypond Lilypond 2.19.80
8.6
CVSSv3
CVE-2020-17354
LilyPond prior to 2.24 allows malicious users to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2....
Lilypond Lilypond
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started