Page 9 of 47 results (0.014 seconds)

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. Se ha descubierto una vulnerabilidad en login.cgi en Pulse Secure Pulse Connect Secure (PCS) en versiones 8.1RX anteriores a la 8.1R12 y versiones 8.3RX anteriores a la 8.3R2 y Pulse Policy Secure (PPS) en versiones 5.2RX anteriores a la 5.2R9 y versiones 5.4RX anteriores a la 5.4R2 cuando se confía en una cabecera Host HTTP(S) recibida del navegador sin validación. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear una confusión de tipos en la función setcolor para provocar el cierre inesperado del intérprete u otro tipo de impacto sin especificar. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b326a71659b7837d3acde954b18bda1a6f5e9498 https://bugs.ghostscript.com/show_bug.cgi?id=699655 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resol • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. En Artifex Ghostscript 9.23 antes del 24/08/2018, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear un acceso a la memoria no inicializada en el operador aesdecode para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8e9ce5016db968b40e4ec255a3005f2786cce45f http://www.securityfocus.com/bid/105122 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699665 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium= • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •

CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. En Artifex Ghostscript 9.23 antes del 24/08/2018, los atacantes podrían emplear una confusión de tipos usando el operador .shfill para proporcionar archivos PostScript manipulados para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6 http://www.securityfocus.com/bid/105178 https://access.redhat.com/errata/RHSA-2018:3650 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K24803507?utm • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear una confusión de tipos en el parámetro LockDistillerParams para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c3476dde7743761a4e1d39a631716199b696b880 http://www.securityfocus.com/bid/105122 https://access.redhat.com/errata/RHSA-2018:2918 https://bugs.ghostscript.com/show_bug.cgi?id=699656 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium= • CWE-704: Incorrect Type Conversion or Cast •