Page 9 of 98 results (0.012 seconds)

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

CVE-2018-19476 – ghostscript: access bypass in psi/zicc.c (700169)

https://notcve.org/view.php?id=CVE-2018-19476

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. psi/zicc.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo setcolorspace. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a http://git.ghostscript.com/?p=ghostpdl.git%3Bh=434753adbe8be5534bfb9b7d91746023e8073d16 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700169 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript&# • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

CVE-2018-19477 – ghostscript: access bypass in psi/zfjbig2.c (700168)

https://notcve.org/view.php?id=CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. psi/zfjbig2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo JBIG2Decode. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb http://git.ghostscript.com/?p=ghostpdl.git%3Bh=606a22e77e7f081781e99e44644cd0119f559e03 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700168 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript&# • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-19409 – ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c

https://notcve.org/view.php?id=CVE-2018-19409

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Se ha descubierto un problema en versiones anteriores a la 9.26 de Artifex Ghostscript. LockSafetyParams no se comprueba correctamente si se emplea otro dispositivo. • http://www.securityfocus.com/bid/105990 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=700176 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3831-1 https://www.debian.org/security/2018/dsa-4346 https://www.ghostscript.com/doc/9.26/History9.htm#Version9 • CWE-391: Unchecked Error Condition •

CVSS: 8.6EPSS: 0%CPEs: 17EXPL: 1

CVE-2018-18284 – ghostscript: 1Policy operator allows a sandbox protection bypass

https://notcve.org/view.php?id=CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con el operador 1Policy. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b http://www.openwall.com/lists/oss-security/2018/10/16/2 http://www.securityfocus.com/bid/107451 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 https://bugs.ghostscript.com/show_bug.cgi?id=699963 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https:&#x •

CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 3

CVE-2018-17961 – ghostscript - executeonly Bypass with errorhandler Setup

https://notcve.org/view.php?id=CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con la configuración de errorhandler. NOTA: este problema existe debido a una solución incompleta para CVE-2018-17183. Ghostscript suffers from an executeonly bypass with errorhandler setup. • https://www.exploit-db.com/exploits/45573 https://github.com/matlink/CVE-2018-17961 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a54c9e61e7d0 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a5a9bf8c6a63 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6807394bd94 http://www.openwall.com/lists/oss-security/2018/10/09/4 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc& • CWE-209: Generation of Error Message Containing Sensitive Information CWE-460: Improper Cleanup on Thrown Exception •