CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2015-8107
https://notcve.org/view.php?id=CVE-2015-8107
13 Apr 2017 — Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. La vulnerabilidad de cadena de formato en GNU a2ps 4.14 permite a atacantes remotos ejecutar código arbitrario. • http://seclists.org/oss-sec/2015/q4/284 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2001-1593 – Debian Security Advisory 2892-1
https://notcve.org/view.php?id=CVE-2001-1593
01 Apr 2014 — The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. La función tempname_ensure en biblioteca lib/routines.h en a2ps versión 4.14 y anteriores, tal y como es usado por la función spy_user y otras posibles funciones, permite a usuarios locales modificar archivos arbitrarios en una ataque de tipo symlink en un archivo temporal. Several vulner... • http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0466 – Mandriva Linux Security Advisory 2014-076
https://notcve.org/view.php?id=CVE-2014-0466
01 Apr 2014 — The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file. El script fixps en a2ps 4.14 no utiliza la opción -dSAFER cuando ejecuta gs, lo que permite a atacantes dependientes de contexto eliminar archivos arbitrarios o ejecutar comandos arbitrarios a través de un archivo PostScript. Brian M. Carlson reported that a2ps's fixps script does not invoke gs with th... • http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2004-1377
https://notcve.org/view.php?id=CVE-2004-1377
27 Dec 2004 — The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files. • http://secunia.com/advisories/13641 •
CVSS: 10.0EPSS: 15%CPEs: 11EXPL: 3CVE-2004-1170 – GNU a2ps 4.13 - File Name Command Execution
https://notcve.org/view.php?id=CVE-2004-1170
10 Dec 2004 — a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. • https://www.exploit-db.com/exploits/24406 •