CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46951 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46951
10 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46953 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46953
10 Nov 2024 — An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707793 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46955 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46955
10 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707990 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-32182
https://notcve.org/view.php?id=CVE-2023-32182
19 Sep 2023 — A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. Vulnerabilidad de Resolución de Enlace Incorrecta Antes del A... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2022-27239 – Gentoo Linux Security Advisory 202311-05
https://notcve.org/view.php?id=CVE-2022-27239
27 Apr 2022 — In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. En cifs-utils versiones hasta 6.14, un desbordamiento del búfer en la región stack de la memoria cuando es analizado el argumento de línea de comandos mount.cifs ip= podría conllevar a que atacantes locales obtuvieran privilegios de root Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environmen... • http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 87%CPEs: 56EXPL: 170CVE-2021-4034 – Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-4034
26 Jan 2022 — A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfull... • https://packetstorm.news/files/id/166196 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-8025 – outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues
https://notcve.org/view.php?id=CVE-2020-8025
07 Aug 2020 — A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 2018012... • https://bugzilla.suse.com/show_bug.cgi?id=1171883 • CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-18904 – Migrations requests can cause DoS on rmt
https://notcve.org/view.php?id=CVE-2019-18904
03 Apr 2020 — A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting mi... • https://bugzilla.suse.com/show_bug.cgi?id=1160922 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 1CVE-2019-3696 – pcp: Local privilege escalation from user pcp to root through migrate_tempdirs
https://notcve.org/view.php?id=CVE-2019-3696
03 Mar 2020 — A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Soft... • https://bugzilla.suse.com/show_bug.cgi?id=1153921 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 1CVE-2019-3695 – pcp: Local privilege escalation from user pcp to root
https://notcve.org/view.php?id=CVE-2019-3695
03 Mar 2020 — A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit ... • https://bugzilla.suse.com/show_bug.cgi?id=1152763 • CWE-94: Improper Control of Generation of Code ('Code Injection') •