Page 121 of 2170 results (0.018 seconds)

CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-16539 – ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658)

https://notcve.org/view.php?id=CVE-2018-16539

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear la comprobación de acceso incorrecta en el manejo de archivos temporales para revelar el contenido de los archivos del sistema que, normalmente, no estarían disponibles. It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could possibly exploit this to bypass the -dSAFER protection and disclose the content of affected files via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=a054156d425b4dbdaaa9fda4b5f1182b27598c2b https://access.redhat.com/errata/RHSA-2018:3650 https://bugs.ghostscript.com/show_bug.cgi?id=699658 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resolved https://www.debian.org/security/2018/dsa-4288 https://access.redhat.com/security/cve/CVE- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-377: Insecure Temporary File •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-16513

https://notcve.org/view.php?id=CVE-2018-16513

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear una confusión de tipos en la función setcolor para provocar el cierre inesperado del intérprete u otro tipo de impacto sin especificar. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b326a71659b7837d3acde954b18bda1a6f5e9498 https://bugs.ghostscript.com/show_bug.cgi?id=699655 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resol • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-13259 – zsh: Improper handling of shebang line longer than 64

https://notcve.org/view.php?id=CVE-2018-13259

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. Se ha descubierto un problema en versiones anteriores a la 5.6 de zsh. Las líneas Shebang que exceden los 64 estaban truncadas, lo que podría conducir a una llamada execve a un programa nombrado que es una subcadena del planeado. It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. • https://access.redhat.com/errata/RHSA-2019:2017 https://bugs.debian.org/908000 https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://security.gentoo.org/glsa/201903-02 https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d https://usn.ubuntu.com/3764-1 https://www.zsh.org/mla/zsh-announce/136 https://access.redhat.com/security/cve/CVE-2018-13259 https://bugzilla.redhat.com/show_bug.cgi?id=1626184 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-0502

https://notcve.org/view.php?id=CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. Se ha descubierto un problema en versiones anteriores a la 5.6 de zsh. El comienzo de un archivo de script #! • https://bugs.debian.org/908000 https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://security.gentoo.org/glsa/201903-02 https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d https://usn.ubuntu.com/3764-1 https://www.zsh.org/mla/zsh-announce/136 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 0

CVE-2018-16511 – ghostscript: missing type check in type checker (699659)

https://notcve.org/view.php?id=CVE-2018-16511

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. Una confusión de tipos en "ztype" podría ser empleada por atacantes remotos que puedan proporcionar PostScript manipulado para provocar el cierre inesperado del intérprete o, posiblemente, otro tipo de impacto sin especificar. It was discovered that the ghostscript .type operator did not properly validate its operands. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01 http://seclists.org/oss-sec/2018/q3/182 https://access.redhat.com/errata/RHSA-2018:3650 https://bugs.ghostscript.com/show_bug.cgi?id=699659 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resolved https://www.debian.org/security/2018/dsa-4288 • CWE-704: Incorrect Type Conversion or Cast •