Astra Linux - уязвимость в texlive-bin

LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

Astra Linux - уязвимость в texlive-bin

LuaTeX prior to version 1.17.0 allowed the execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because the luatex-core.lua file allows access to the io.popen function. This issue also affects TeX Live prior to version 2023 r66984 and MiKT...

EUVD-2023-36911

Malicious code in bioql PyPI...

EUVD-2023-36927

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-32668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket...

NewStart CGSL MAIN 7.02 : texlive-base Vulnerability (NS-SA-2025-0137)

The remote NewStart CGSL host, running version MAIN 7.02, has texlive-base packages installed that are affected by a vulnerability: - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua...

TencentOS Server 3: texlive (TSSA-2023:0195)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0195 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2023-32668

LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

Alibaba Cloud Linux 3 : 0153: texlive (ALINUX3-SA-2023:0153)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0153 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-32700: LuaTeX before 1.17.0 allows executi...

Mageia: Security Advisory (MGASA-2024-0108)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated texlive-20220321 packages fix security vulnerabilities

LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

MGASA-2024-0108 Updated texlive-20220321 packages fix security vulnerabilities

LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : TeX Live vulnerabilities (USN-6695-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6695-1 advisory. It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possib...

openSUSE: Security Advisory for texlive (SUSE-SU-2023:2284-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : texlive-20200406-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the texlive-20200406-26.el9 build changelog. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs...

CentOS 8 : texlive (CESA-2023:3661)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:3661 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because...

Oracle Linux 7 : texlive (ELSA-2020-1036)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1036 advisory. 2:2012-45.20130427r30134 - Related: 1650521, buffer overflow in t1checkunusualcharstring function 2:2012-44.20130427r30134 - Resolves: 1650521, buffer overflow ...

openSUSE 15 Security Update : texlive (SUSE-SU-2023:2284-2)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2284-2 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because...

SUSE-SU-2023:2284-2 Security update for texlive

This update for texlive fixes the following issues: - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX bsc1211389...

Updated texlive packages fix security vulnerability

Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...