Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tug vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-10243
TeX Live allows remote malicious users to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Fedoraproject Fedora 26
Fedoraproject Fedora 25
Tug Tex Live -
8.8
CVSSv3
CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote malicious users to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, t...
Tug Tex Live
8.2
CVSSv3
CVE-2022-1066
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
8.1
CVSSv3
CVE-2022-1070
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
7.8
CVSSv3
CVE-2023-32700
LuaTeX prior to 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live prior to 2023 r66984 and MiKTeX prior to 23.5.
Luatex Project Luatex
Miktex Miktex
Tug Tex Live
7.8
CVSSv3
CVE-2018-17407
An issue exists in t1_check_unusual_charstring functions in writet1.c files in TeX Live prior to 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, ...
Tug Tex Live
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 9.0
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2022-26423
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
6.1
CVSSv3
CVE-2022-1059
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
6.1
CVSSv3
CVE-2015-5700
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
Tug Texlive 20100722
Tug Texlive 20120701
Tug Texlive 20110705
Tug Texlive 20140525
Tug Texlive 20130530
6.1
CVSSv3
CVE-2015-5701
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
Tug Texlive 20140525
Tug Texlive 20130530
Tug Texlive 20120701
Tug Texlive 20100722
Tug Texlive 20110705
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »