Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tug vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2010-0827
Integer overflow in dvips in TeX Live 2009 and previous versions, and teTeX, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Tug Tex Live 1996
Tug Tex Live 1998
Tug Tex Live 2007
Tug Tex Live 2008
Tug Tex Live 2001
Tug Tex Live 2002
Tug Tex Live 1999
Tug Tex Live 2000
Tug Tex Live
Tug Tex Live 2003
Tug Tex Live 2004
Tug Tex Live 2005
Tug Tetex
6.8
CVSSv2
CVE-2010-1440
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and previous versions, and teTeX, allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) pr...
Tug Tex Live 2007
Tug Tetex
Tug Tex Live 2008
Tug Tex Live 2004
Tug Tex Live
Tug Tex Live 2002
Tug Tex Live 1996
Tug Tex Live 2001
Tug Tex Live 1999
Tug Tex Live 2005
Tug Tex Live 1998
Tug Tex Live 2000
Tug Tex Live 2003
5.6
CVSSv2
CVE-2015-5700
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
Tug Texlive 20100722
Tug Texlive 20120701
Tug Texlive 20110705
Tug Texlive 20140525
Tug Texlive 20130530
5.6
CVSSv2
CVE-2015-5701
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
Tug Texlive 20140525
Tug Texlive 20130530
Tug Texlive 20120701
Tug Texlive 20100722
Tug Texlive 20110705
6.8
CVSSv2
CVE-2010-0739
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote malicious users to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtain...
Tug Tetex
Tug Tex Live
1.2
CVSSv2
CVE-2015-0296
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
Tug Texlive 6.20131226 R32488.fc20
Tug Texlive 3.1.20140525 R34255.fc21
4.6
CVSSv2
CVE-2007-5940
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
Tug Texlive 2007
6.8
CVSSv2
CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote malicious users to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, t...
Tug Tex Live
6.8
CVSSv2
CVE-2007-5935
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and previous versions allows user-assisted malicious users to execute arbitrary code via a DVI file with a long href tag.
Tetex Tetex
Tug Texlive 2007
3.6
CVSSv2
CVE-2007-5936
dvips in teTeX and TeXlive 2007 and previous versions allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
Tetex Tetex
Tug Texlive 2007
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »