Vulnerabilities > TUG > Texlive

DATE CVE VULNERABILITY TITLE RISK
2017-10-06 CVE-2015-0296 Permissions, Privileges, and Access Controls vulnerability in TUG Texlive 3.1.20140525R34255.Fc21/6.20131226R32488.Fc20
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
local
high complexity
tug CWE-264
4.7
2017-08-25 CVE-2015-5701 Link Following vulnerability in TUG Texlive
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
local
low complexity
tug CWE-59
6.1
2017-08-25 CVE-2015-5700 Link Following vulnerability in TUG Texlive
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
local
low complexity
tug CWE-59
6.1