CVE-2024-29073

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-829
View all →

Vulnerability Description

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

Related Vulnerabilities

CVE-2013-4582

MEDIUM
CVSS:6.5(Medium)

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition befor...

CWE-8292013

CVE-2018-8351

MEDIUM
CVSS:6.5(Medium)

An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Int...

CWE-8292018

CVE-2019-11742

MEDIUM
CVSS:6.5(Medium)

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied t...

CWE-8292019

CVE-2020-22474

MEDIUM
CVSS:6.5(Medium)

In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.

CWE-8292020

CVE-2021-26271

MEDIUM
CVSS:6.5(Medium)

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plu...

CWE-8292021

CVE-2021-26272

MEDIUM
CVSS:6.5(Medium)

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugi...

CWE-8292021