12 matches found
Astra Linux - уязвимость в texlive-bin
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
EUVD-2023-36911
Malicious code in bioql PyPI...
EUVD-2023-36927
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-32668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket...
CVE-2023-32668
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
MGASA-2023-0233 Updated texlive packages fix security vulnerability
Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...
texlive: arbitrary code execution allows document complied with older version
An arbitrary code execution vulnerability was found in LuaTeX TeX Live that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled...
SUSE-SU-2023:2284-1 Security update for texlive
This update for texlive fixes the following issues: - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX bsc1211389...
CVE-2023-32700
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CVE-2023-32700
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
LuaTeX 安全漏洞
LuaTeX is an extended version of pdfTeX from LuaTeX, using Lua as the embedded scripting language. A security vulnerability exists in LuaTeX versions prior to 1.17.0, which arises from a vulnerability that allows execution of arbitrary shell commands when compiling TeX files obtained from untrust...
CVE-2023-32668
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...