CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

Linux Distros Unpatched Vulnerability : CVE-2020-29510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows a...

Linux Distros Unpatched Vulnerability : CVE-2024-29510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. CVE-2024-29510 Note...

CVE-2022-29510

Improper buffer restrictions in some IntelR Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access...

GLSA-202409-03 : GPL Ghostscript: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-03 GPL Ghostscript: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2413)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2389)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2436)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-f433c5c4da)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RHEL 9 : ghostscript (RHSA-2024:6466)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6466 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

RHEL 9 : ghostscript (RHSA-2024:6197)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6197 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

AlmaLinux 9 : ghostscript (ALSA-2024:6197)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due to...

Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

Metasploit Weekly Wrap-Up 07/26/2024

New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...

Amazon Linux 2 : ghostscript (ALAS-2024-2597)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2597 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi-...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...

Ghostscript Command Execution / Format String Exploit

This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 an...

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2024-664)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-664 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1NOTE:...