CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 2CVE-2018-14624 – 389-ds-base: Server crash through modify command with large DN
https://notcve.org/view.php?id=CVE-2018-14624
06 Sep 2018 — A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. Se ha descubierto una vulnerabilidad en 389-ds-base hasta las versiones 1.3.7.10, 1.3.8.8 y 1.4.0.16. El bloqueo que controla el registro de errores no se empleaba correctamente al reabrir el archivo d... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16541 – ghostscript: Incorrect free logic in pagedevice replacement (699664)
https://notcve.org/view.php?id=CVE-2018-16541
05 Sep 2018 — In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear una lógica libre incorrecta en el reemplazo pagedevice para provocar el cierre inesperado del intérprete. It was discovered that the ghostscript device cleanup did not properly handle devices replace... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=241d91112771a6104de10b3948c3f350d6690c1d • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 11EXPL: 0CVE-2018-16542 – ghostscript: .definemodifiedfont memory corruption if /typecheck is handled (699668)
https://notcve.org/view.php?id=CVE-2018-16542
05 Sep 2018 — In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear una comprobación insuficiente del tamaño de la pila del intérprete durante el manejo de errores para provocar el cierre inesperado del intérprete. It was discovered that ghostscri... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16539 – ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658)
https://notcve.org/view.php?id=CVE-2018-16539
05 Sep 2018 — In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear la comprobación de acceso incorrecta en el manejo de archivos temporales para revelar el contenido de los archivos del sistema que, normalmente, no estarían... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=a054156d425b4dbdaaa9fda4b5f1182b27598c2b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-16540 – ghostscript: use-after-free in copydevice handling (699661)
https://notcve.org/view.php?id=CVE-2018-16540
05 Sep 2018 — In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados al convertidor PDF14 integrado podrían emplear un uso de memoria previamente liberada en el manejo de copydevice para provocar el cierre inesperado d... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c432131c3fdb2143e148e8ba88555f7f7a63b25e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16511 – ghostscript: missing type check in type checker (699659)
https://notcve.org/view.php?id=CVE-2018-16511
05 Sep 2018 — An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. Una confusión de tipos en "ztype" podría ser empleada por atacantes remotos que puedan proporcionar PostScript manipulado para provocar el cierre inesperado del intérprete o, posiblemente, otro tipo d... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 90%CPEs: 14EXPL: 7CVE-2018-16509 – Ghostscript - Failed Restore Command Execution
https://notcve.org/view.php?id=CVE-2018-16509
05 Sep 2018 — An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. La comprobación incorrecta de "restoration of privilege" durante el manejo de excepciones /invalidaccess podría ser empleada por atacantes que sean capaces de proporc... • https://packetstorm.news/files/id/149263 •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2018-10907 – glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code
https://notcve.org/view.php?id=CVE-2018-10907
04 Sep 2018 — It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. Se ha detectado que el servidor glusterfs es vulnerable a múltiples desbordamientos de búfer basados en pila debido a que las funciones en server-rpc-fopc.c asign... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-10913 – glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c
https://notcve.org/view.php?id=CVE-2018-10913
04 Sep 2018 — An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. Se ha descubierto una vulnerabilidad de divulgación de información en el servidor glusterfs. Un atacante podría lanzar una petición xattr mediante glusterfs FUSE para determinar la existencia de algún archivo. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 6%CPEs: 8EXPL: 0CVE-2018-10914 – glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c
https://notcve.org/view.php?id=CVE-2018-10914
04 Sep 2018 — It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. Se ha descubierto que un atacante podría lanzar una petición xattr mediante glusterfs FUSE para provocar que el proceso brick de gluster se cierre inesperadamente, lo que resultará en una denegación de servicio (DoS) remota. Si gluster multipl... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-476: NULL Pointer Dereference •