Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): LaTeX
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-30204 |
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Published: March 25, 2024; 11:15:52 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-51885 |
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. Published: January 24, 2024; 12:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-40694 |
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. Published: September 28, 2022; 11:15:14 PM -0400 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2022-1780 |
The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping Published: June 13, 2022; 9:15:12 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-39248 |
Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion. Published: August 17, 2021; 5:15:06 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-3342 |
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. Published: March 01, 2021; 5:15:14 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2021-26476 |
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. Published: March 01, 2021; 5:15:14 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-21262 |
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. Published: June 19, 2020; 1:15:13 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-20854 |
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. Published: June 19, 2020; 11:15:10 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-1000639 |
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file. Published: August 20, 2018; 3:31:35 PM -0400 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2017-2747 |
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers. Published: January 23, 2018; 11:29:01 AM -0500 |
V3.0: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2015-8106 |
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. Published: April 18, 2016; 10:59:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-0934 |
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. Published: March 03, 2015; 9:59:03 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2012-2120 |
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Published: May 18, 2012; 6:55:03 PM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-2093 |
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. Published: May 18, 2012; 6:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2009-1171 |
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. Published: March 30, 2009; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-2260 |
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files. Published: April 25, 2007; 1:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-4942 |
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. Published: September 22, 2006; 8:07:00 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2004-2167 |
Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |