Page 120 of 1677 results (0.014 seconds)

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-16513

https://notcve.org/view.php?id=CVE-2018-16513

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear una confusión de tipos en la función setcolor para provocar el cierre inesperado del intérprete u otro tipo de impacto sin especificar. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b326a71659b7837d3acde954b18bda1a6f5e9498 https://bugs.ghostscript.com/show_bug.cgi?id=699655 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resol • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-13259 – zsh: Improper handling of shebang line longer than 64

https://notcve.org/view.php?id=CVE-2018-13259

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. Se ha descubierto un problema en versiones anteriores a la 5.6 de zsh. Las líneas Shebang que exceden los 64 estaban truncadas, lo que podría conducir a una llamada execve a un programa nombrado que es una subcadena del planeado. It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. • https://access.redhat.com/errata/RHSA-2019:2017 https://bugs.debian.org/908000 https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://security.gentoo.org/glsa/201903-02 https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d https://usn.ubuntu.com/3764-1 https://www.zsh.org/mla/zsh-announce/136 https://access.redhat.com/security/cve/CVE-2018-13259 https://bugzilla.redhat.com/show_bug.cgi?id=1626184 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-0502

https://notcve.org/view.php?id=CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. Se ha descubierto un problema en versiones anteriores a la 5.6 de zsh. El comienzo de un archivo de script #! • https://bugs.debian.org/908000 https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://security.gentoo.org/glsa/201903-02 https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d https://usn.ubuntu.com/3764-1 https://www.zsh.org/mla/zsh-announce/136 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 0

CVE-2018-16511 – ghostscript: missing type check in type checker (699659)

https://notcve.org/view.php?id=CVE-2018-16511

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. Una confusión de tipos en "ztype" podría ser empleada por atacantes remotos que puedan proporcionar PostScript manipulado para provocar el cierre inesperado del intérprete o, posiblemente, otro tipo de impacto sin especificar. It was discovered that the ghostscript .type operator did not properly validate its operands. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01 http://seclists.org/oss-sec/2018/q3/182 https://access.redhat.com/errata/RHSA-2018:3650 https://bugs.ghostscript.com/show_bug.cgi?id=699659 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resolved https://www.debian.org/security/2018/dsa-4288 • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-16510 – Ubuntu Ghostscript Failed Fix

https://notcve.org/view.php?id=CVE-2018-16510

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. El manejo incorrecto de la pila de ejecución en las primitivas PDF "CS" y "SC" podría ser empleado por atacantes remotos que puedan proporcionar PDF manipulados para provocar el cierre inesperado del intérprete o, posiblemente, otro tipo de impacto sin especificar. The fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 http://openwall.com/lists/oss-security/2018/08/27/4 https://bugs.ghostscript.com/show_bug.cgi?id=699671 https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://usn.ubuntu.com/3773-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •