EUVD-2021-26673

Malware in sbrugna...

CVE-2021-39248

Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion...

emacs: Gnus treats inline MIME contents as trusted

A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results...

CVE-2021-39248

Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

Input validation

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI...

Design/Logic Flaw

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

CVE-2021-26476

CVE-2021-26476 affects EPrints 3.4.2, where a remote attacker can cause command injection by sending crafted LaTeX input to a cgi/cal?year= URI, enabling execution of OS commands. This is described as a remote, unauthenticated, network-based impact with partial confidentiality, integrity, and ava...