42 matches found
Astra Linux - уязвимость в texlive-bin
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
EUVD-2023-36911
Malicious code in bioql PyPI...
EUVD-2023-36927
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-32668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket...
CVE-2023-32668
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
Linux Distros Unpatched Vulnerability : CVE-2023-32700
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.l...
Updated texlive-20220321 packages fix security vulnerabilities
LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CentOS 9 : texlive-20200406-26.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the texlive-20200406-26.el9 build changelog. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs...
CentOS 8 : texlive (CESA-2023:3661)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:3661 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because...
openSUSE 15 Security Update : texlive (SUSE-SU-2023:2284-2)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2284-2 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because...
OESA-2023-1421 texlive-base security update
The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...
Oracle Linux 8 / 9 : texlive (ELSA-2023-3661)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3661 advisory. 9:20200406-26 - Resolves: 2209872, CVE-2023-32700 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...
Fedora 37 : texlive-base (2023-d261122726)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d261122726 advisory. Fix CVE-2023-32700 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Fedora 38 : texlive-base (2023-38094d905c)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-38094d905c advisory. Fixes CVE-2023-32700. Also fixes issues with mptopdf.pl, thumb2pdf.pl, and mtxrun. Tenable has extracted the preceding description block directly fr...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : TeX Live vulnerability (USN-6115-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6115-1 advisory. Max Chernoff discovered that LuaTeX TeX Live did not properly disable shell escape. An attacker could possibly use this issue to...
Slackware Linux 15.0 / current texlive Vulnerability (SSA:2023-144-01)
The version of texlive installed on the remote host is prior to 2023.230322. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-144-01 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source...
SUSE SLES15 / openSUSE 15 Security Update : cups-filters, poppler, texlive (SUSE-SU-2023:2287-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2287-1 advisory. - cups-filters contains backends, filters, and other software required to get the cups printing service working on...
Debian dla-3427 : libkpathsea-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3427 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3427-2 [email protected]...
CVE-2023-32700
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
DEBIAN-CVE-2023-32700
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...