Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tug vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-1070
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
6.1
CVSSv3
CVE-2022-1059
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
8.2
CVSSv3
CVE-2022-1066
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
Aethon Tug Home Base Server
1 Article
NA
CVE-2007-5935
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and previous versions allows user-assisted malicious users to execute arbitrary code via a DVI file with a long href tag.
Tetex Tetex
Tug Texlive 2007
NA
CVE-2007-5936
dvips in teTeX and TeXlive 2007 and previous versions allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
Tetex Tetex
Tug Texlive 2007
NA
CVE-2007-5937
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and previous versions might allow user-assisted malicious users to execute arbitrary code via a crafted DVI input file.
Tug Texlive 2007
Tetex Tetex
5.5
CVSSv3
CVE-2023-32668
LuaTeX prior to 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live prior to 2023 r66984 and MiK...
Tug Tex Live
Luatex Project Luatex
Miktex Miktex
7.8
CVSSv3
CVE-2023-32700
LuaTeX prior to 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live prior to 2023 r66984 and MiKTeX prior to 23.5.
Luatex Project Luatex
Miktex Miktex
Tug Tex Live
NA
CVE-2010-0829
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.
Jan-ake Larsson Dvipng 1.11
Jan-ake Larsson Dvipng 1.12
Tug Tetex
9.8
CVSSv3
CVE-2016-10243
TeX Live allows remote malicious users to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Fedoraproject Fedora 26
Fedoraproject Fedora 25
Tug Tex Live -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »