Page 121 of 1833 results (0.013 seconds)

CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 0

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. Una confusión de tipos en "ztype" podría ser empleada por atacantes remotos que puedan proporcionar PostScript manipulado para provocar el cierre inesperado del intérprete o, posiblemente, otro tipo de impacto sin especificar. It was discovered that the ghostscript .type operator did not properly validate its operands. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01 http://seclists.org/oss-sec/2018/q3/182 https://access.redhat.com/errata/RHSA-2018:3650 https://bugs.ghostscript.com/show_bug.cgi?id=699659 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resolved https://www.debian.org/security/2018/dsa-4288 • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. El manejo incorrecto de la pila de ejecución en las primitivas PDF "CS" y "SC" podría ser empleado por atacantes remotos que puedan proporcionar PDF manipulados para provocar el cierre inesperado del intérprete o, posiblemente, otro tipo de impacto sin especificar. The fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 http://openwall.com/lists/oss-security/2018/08/27/4 https://bugs.ghostscript.com/show_bug.cgi?id=699671 https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://usn.ubuntu.com/3773-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 97%CPEs: 14EXPL: 5

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. La comprobación incorrecta de "restoration of privilege" durante el manejo de excepciones /invalidaccess podría ser empleada por atacantes que sean capaces de proporcionar PostScript manipulado para ejecutar código mediante la instrucción "pipe". It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. • https://www.exploit-db.com/exploits/45369 https://github.com/farisv/PIL-RCE-Ghostscript-CVE-2018-16509 https://github.com/knqyf263/CVE-2018-16509 https://github.com/rhpco/CVE-2018-16509 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33662a2afdc377159f70218e67bde5 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d590b4a91afac2e8417360b934156 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486a6595c43f1de1cd7ade696020a31 http://git.ghostscript.com/?p=gho •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. La función irda_setsockopt en net/irda/af_irda.c y siguientes en drivers/staging/irda/net/af_irda.c en el kernel de Linux en versiones anteriores a la 4.17 permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada en ias_object y cierre inesperado del sistema) o cualquier otro tipo de impacto sin especificar mediante un socket AF_IRDA. • http://www.securityfocus.com/bid/105304 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 https://usn.ubuntu.com/3777-2 https://usn.ubuntu.com/3777-3 https://www.debian.org/security/2018/dsa-4308 https://www.spinics.net/lists/stable/msg255031.html https://www.spinics.net/lists • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. Fuga de memoria en la función irda_bind en net/irda/af_irda.c y siguientes en drivers/staging/irda/net/af_irda.c en el kernel de Linux en versiones anteriores a la 4.17 permite que usuarios locales provoquen una denegación de servicio (consumo de memoria) enlazando repetidamente un socket AF_IRDA. • http://www.securityfocus.com/bid/105302 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 https://usn.ubuntu.com/3777-2 https://usn.ubuntu.com/3777-3 https://www.debian.org/security/2018/dsa-4308 https://www • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •