Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tug vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-0827
Integer overflow in dvips in TeX Live 2009 and previous versions, and teTeX, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Tug Tex Live 1996
Tug Tex Live 1998
Tug Tex Live 2007
Tug Tex Live 2008
Tug Tex Live 2001
Tug Tex Live 2002
Tug Tex Live 1999
Tug Tex Live 2000
Tug Tex Live
Tug Tex Live 2003
Tug Tex Live 2004
Tug Tex Live 2005
Tug Tetex
NA
CVE-2010-1440
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and previous versions, and teTeX, allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) pr...
Tug Tex Live 2007
Tug Tetex
Tug Tex Live 2008
Tug Tex Live 2004
Tug Tex Live
Tug Tex Live 2002
Tug Tex Live 1996
Tug Tex Live 2001
Tug Tex Live 1999
Tug Tex Live 2005
Tug Tex Live 1998
Tug Tex Live 2000
Tug Tex Live 2003
6.1
CVSSv3
CVE-2015-5701
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
Tug Texlive 20140525
Tug Texlive 20130530
Tug Texlive 20120701
Tug Texlive 20100722
Tug Texlive 20110705
6.1
CVSSv3
CVE-2015-5700
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
Tug Texlive 20100722
Tug Texlive 20120701
Tug Texlive 20110705
Tug Texlive 20140525
Tug Texlive 20130530
NA
CVE-2010-0739
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote malicious users to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtain...
Tug Tetex
Tug Tex Live
4.7
CVSSv3
CVE-2015-0296
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
Tug Texlive 6.20131226 R32488.fc20
Tug Texlive 3.1.20140525 R34255.fc21
NA
CVE-2007-5940
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
Tug Texlive 2007
8.8
CVSSv3
CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote malicious users to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, t...
Tug Tex Live
5.4
CVSSv3
CVE-2022-27494
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
6.1
CVSSv3
CVE-2022-1059
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »