Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tug vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1066
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
NA
CVE-2022-1070
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
6.8
CVSSv2
CVE-2007-5935
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and previous versions allows user-assisted malicious users to execute arbitrary code via a DVI file with a long href tag.
Tetex Tetex
Tug Texlive 2007
3.6
CVSSv2
CVE-2007-5936
dvips in teTeX and TeXlive 2007 and previous versions allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
Tetex Tetex
Tug Texlive 2007
NA
CVE-2022-26423
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
6.8
CVSSv2
CVE-2007-5937
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and previous versions might allow user-assisted malicious users to execute arbitrary code via a crafted DVI input file.
Tug Texlive 2007
Tetex Tetex
NA
CVE-2023-32668
LuaTeX prior to 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live prior to 2023 r66984 and MiK...
Tug Tex Live
Luatex Project Luatex
Miktex Miktex
NA
CVE-2023-32700
LuaTeX prior to 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live prior to 2023 r66984 and MiKTeX prior to 23.5.
Luatex Project Luatex
Miktex Miktex
Tug Tex Live
4.3
CVSSv2
CVE-2010-0829
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.
Jan-ake Larsson Dvipng 1.11
Jan-ake Larsson Dvipng 1.12
Tug Tetex
7.5
CVSSv2
CVE-2016-10243
TeX Live allows remote malicious users to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Fedoraproject Fedora 26
Fedoraproject Fedora 25
Tug Tex Live -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »