Linux Distros Unpatched Vulnerability : CVE-2023-38745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the...

Fedora 40 : ghc-base64 / ghc-hakyll / ghc-isocline / ghc-toml-parser / gitit / etc (2024-7d83cbccb6)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-7d83cbccb6 advisory. Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: - backport fixes for CVE-2023-35936 and CVE-2023-38745 pandoc-cli: - new package for pand...

Fedora: Security Advisory for ghc-hakyll (FEDORA-2024-6ad6b9f417)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for ghc-base64 (FEDORA-2024-b458482d48)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for pandoc-cli (FEDORA-2024-7d83cbccb6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for ghc-base64 (FEDORA-2024-7d83cbccb6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

[SECURITY] [DLA 3507-1] pandoc security update

Debian LTS Advisory DLA-3507-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 25, 2023 https://wiki.debian.org/LTS Package : pandoc Version : 2.2.1-3+deb10u1 CVE ID : CVE-2023-35936 CVE-2023-38745 Debian Bug : 1041976 Arbitrary file write vulnerabilities were...

CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

CVE-2023-38745

Pandoc-era vulnerability set affects Pandoc up to 3.1.6. CVE-2023-38745: before 3.1.6, an arbitrary file write is possible when processing crafted image elements with --extract-media or PDF output, depending on process privileges. Root cause ties to an incomplete/adjusted handling of paths and do...