17 matches found
Astra Linux - уязвимость в texlive-bin
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
USN-7985-1: TeX Live vulnerabilities
Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly handled memory when decoding certain data streams. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 L...
CVE-2025-14793
CVE-2025-14793 affects the DK PDF – WordPress PDF Generator plugin for WordPress (versions up to 2.3.0). It enables Server-Side Request Forgery via addContentToMpdf, exploitable by authenticated users at author level+. Impact could include querying or modifying internal service data. Wordfence no...
PT-2026-2849
Name of the Vulnerable Software and Affected Versions Kibana versions prior to 8.19.10 Kibana versions prior to 9.1.10 Kibana versions prior to 9.2.4 Description An issue exists in Kibana where External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allo...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via specific endpoints. An attacker can make the system initiate arbitrary network requests to internal or external resources by sending crafted requests to these endpoints. Remediation There is no fixed...
Debian dla-3941 : libkpathsea-dev - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3941 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3941-1 [email protected]...
Mageia: Security Advisory (MGASA-2024-0108)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated texlive-20220321 packages fix security vulnerabilities
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CVE-2023-32668
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
Default configuration
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CVE-2023-32668
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CVE-2023-32668
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CVE-2023-32668
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
Input validation
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this...
Input validation
A vulnerability in Cisco TelePresence Video Communication Server VCS and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the...
CVE-2019-1872
A vulnerability in Cisco TelePresence Video Communication Server VCS and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the...