Page 94 of 1677 results (0.017 seconds)

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

CVE-2018-19476 – ghostscript: access bypass in psi/zicc.c (700169)

https://notcve.org/view.php?id=CVE-2018-19476

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. psi/zicc.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo setcolorspace. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a http://git.ghostscript.com/?p=ghostpdl.git%3Bh=434753adbe8be5534bfb9b7d91746023e8073d16 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700169 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript&# • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

CVE-2018-19477 – ghostscript: access bypass in psi/zfjbig2.c (700168)

https://notcve.org/view.php?id=CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. psi/zfjbig2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo JBIG2Decode. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb http://git.ghostscript.com/?p=ghostpdl.git%3Bh=606a22e77e7f081781e99e44644cd0119f559e03 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700168 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript&# • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-19409 – ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c

https://notcve.org/view.php?id=CVE-2018-19409

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Se ha descubierto un problema en versiones anteriores a la 9.26 de Artifex Ghostscript. LockSafetyParams no se comprueba correctamente si se emplea otro dispositivo. • http://www.securityfocus.com/bid/105990 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=700176 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3831-1 https://www.debian.org/security/2018/dsa-4346 https://www.ghostscript.com/doc/9.26/History9.htm#Version9 • CWE-391: Unchecked Error Condition •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-19407

https://notcve.org/view.php?id=CVE-2018-19407

The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. La función vcpu_scan_ioapic en arch/x86/kvm/x86.c en el kernel de Linux hasta la versión 4.19.2 permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULLy error) mediante llamadas del sistema manipuladas que alcanzan una situación donde ioapic no está inicializado. • http://www.securityfocus.com/bid/105987 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lkml.org/lkml/2018/11/20/580 https://usn.ubuntu.com/3871-1 https://usn.ubuntu.com/3871-3 https://usn.ubuntu.com/3871-4 https://usn.ubuntu.com/3871-5 https://usn.ubuntu.com/3872-1 https://usn.ubuntu.com/3878-1 https://usn.ubuntu.com/3878-2 https://usn.ubuntu.com/3879-1 https://usn.ubuntu.com/3879-2 • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2018-19210

https://notcve.org/view.php?id=CVE-2018-19210

In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. En LibTIFF 4.0.9, hay una desreferencia de puntero NULL en la función TIFFWriteDirectorySec en tif_dirwrite.c que conducirá a un ataque de denegación de servicio (DoS), tal y como queda demostrado con tiffset. • http://bugzilla.maptools.org/show_bug.cgi?id=2820 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html http://www.securityfocus.com/bid/105932 https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-476: NULL Pointer Dereference •