CVE-2024-9129

CVE-2024-9129 affects Zend Server versions 8.5 and earlier than 9.2. The vulnerability is a format string injection in Zend Server. According to the provided metrics, the CVSS 4.0 base score is 9.3 (CRITICAL) with NETWORK attack vector, no privileges required, no user interaction, and impacts to ...

CVE-2024-9129 Format String Injection in Zend Server

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...

Debian dla-3933 : dmitry - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3933 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3933-1 [email protected]...

CVE-2024-47742

CVE-2024-47742 : Linux kernel firmware_loader path traversal vulnerability. Several code paths construct firmware filenames from device or userspace data (e.g., lpfc_sli4_request_firmware_update, nfp_net_fw_find, module_flash_fw_schedule). The issue arises when dynamic firmware names can include ...

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

CVE-2024-23113 The script is designed to detect CVE-2024-2311...

VulnCheck KEV: CVE-2024-23113

Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

Fortinet Multiple Products Format String Vulnerability

Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

CVE-2024-45330

CVE-2024-45330 describes an externally-controlled format string vulnerability in Fortinet FortiAnalyzer affecting 7.4.0–7.4.3 and 7.2.2–7.2.5. The flaw allows an attacker to escalate privileges by sending specially crafted requests. The available sources confirm the affected product and impact; n...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

OESA-2024-2162 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in...

OESA-2024-2163 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in...

EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2364)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint...

EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2024-2413)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint...

EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2389)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint...

Moderate: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

ghostscript: format string injection leads to shell command execution (SAFER bypass)

A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands and upYMoveCommand, are treated as format strings for gpfprintf and gssnprintf. This lack of restriction permit...

RHEL 9 : ghostscript (RHSA-2024:6466)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6466 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

AlmaLinux 9 : ghostscript (ALSA-2024:6197)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due to...

Moderate: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...