38 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-29510
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. CVE-2024-29510 Note...
GLSA-202409-03 : GPL Ghostscript: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202409-03 GPL Ghostscript: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2413)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2389)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2436)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-f433c5c4da)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
RHEL 9 : ghostscript (RHSA-2024:6466)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6466 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
RHEL 9 : ghostscript (RHSA-2024:6197)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6197 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
AlmaLinux 9 : ghostscript (ALSA-2024:6197)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due to...
Moderate: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...
Metasploit Weekly Wrap-Up 07/26/2024
New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...
Amazon Linux 2 : ghostscript (ALAS-2024-2597)
The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2597 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi-...
Important: ghostscript
Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...
Important: ghostscript
Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...
Important: ghostscript
Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...
Ghostscript Command Execution / Format String Exploit
This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 an...
Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2024-664)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-664 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1NOTE:...
Ghostscript Command Execution / Format String
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ghostscript Command Execution via Format String', 'Description' = %q This module exploits a format string vulnerability in Ghostscript versions...
Important: ghostscript
Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...