52 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-17523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows...
Linux Distros Unpatched Vulnerability : CVE-2020-17354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme...
OPENSUSE-SU-2024:11021-1 lilypond-2.23.3-1.3 on GA media
These are all security issues fixed in the lilypond-2.23.3-1.3 package on the GA media of openSUSE Tumbleweed...
openSUSE: Security Advisory for guile1, lilypond (openSUSE-SU-2023:0137-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : guile1, lilypond (openSUSE-SU-2023:0137-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0137-1 advisory. - The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other...
Security update for guile1, lilypond (important)
openSUSE Security Update: Security update for guile1, lilypond Announcement ID: openSUSE-SU-2023:0137-1 Rating: important References: 1210502 Cross-References: CVE-2016-8605 CVE-2020-17354 CVSS scores: CVE-2016-8605 NVD : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-17354 NVD : 8.6...
Fedora: Security Advisory for lilypond (FEDORA-2023-6edb8fab0d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for lilypond (FEDORA-2023-fb8bc496c2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: lilypond-doc-2.24.1-1.fc36
LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files. This package contains the HTML documentation for LilyPond...
[SECURITY] Fedora 36 Update: lilypond-2.24.1-1.fc36
LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files...
[SECURITY] Fedora 37 Update: lilypond-doc-2.24.1-1.fc37
LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files. This package contains the HTML documentation for LilyPond...
[SECURITY] Fedora 37 Update: lilypond-2.24.1-1.fc37
LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files...
Fedora 36 : lilypond / lilypond-doc (2023-6edb8fab0d)
The remote Fedora 36 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6edb8fab0d advisory. Fix for CVE-2020-17354 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Fedora 37 : lilypond / lilypond-doc (2023-fb8bc496c2)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-fb8bc496c2 advisory. Fix for CVE-2020-17354 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
CVE-2020-17354
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, sa...
CVE-2020-17354
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, sa...
CVE-2020-17354
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, sa...
UBUNTU-CVE-2020-17354
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, sa...
CVE-2020-17354
LilyPond (before 2.24) is vulnerable to bypassing -dsafe via output-def-lookup/output-def-scope, enabling dangerous Scheme code in a .ly file and arbitrary code execution during conversion to another format. 2.24 and later remove safe mode, removing a blocking safeguard when handling external fil...
CVE-2020-17354
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, sa...