Page 12 of 115 results (0.007 seconds)

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. Se ha detectado que RHSA-2018:2918 no ha resuelto por completo CVE-2018-16509. Un atacante podría explotar otra variante del fallo y omitir la protección -dSAFER para, por ejemplo, ejecutar comandos de shell arbitrarios a través de un documento PostScript especialmente diseñado. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486 https://access.redhat.com/errata/RHSA-2018:3761 https://bugzilla.redhat.com/show_bug.cgi? • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-184: Incomplete List of Disallowed Inputs •

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. psi/zdevice2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a que el espacio de pila disponible no se comprueba cuando el dispositivo no cambia. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761e03bc70a9f249a987e http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=aeea342904978c9fe17d85f4906a0f6fcce2d315 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700153 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerabilit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. psi/zicc.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo setcolorspace. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a http://git.ghostscript.com/?p=ghostpdl.git%3Bh=434753adbe8be5534bfb9b7d91746023e8073d16 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700169 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript&# • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. psi/zfjbig2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo JBIG2Decode. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb http://git.ghostscript.com/?p=ghostpdl.git%3Bh=606a22e77e7f081781e99e44644cd0119f559e03 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700168 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript&# • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Se ha descubierto un problema en versiones anteriores a la 9.26 de Artifex Ghostscript. LockSafetyParams no se comprueba correctamente si se emplea otro dispositivo. • http://www.securityfocus.com/bid/105990 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=700176 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3831-1 https://www.debian.org/security/2018/dsa-4346 https://www.ghostscript.com/doc/9.26/History9.htm#Version9 • CWE-391: Unchecked Error Condition •