8453 matches found
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
SUSE-SU-2024:2292-1 Security update for ghostscript
This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format string injection that could lead to command execution bsc1226944. - CVE-2024-33869: Fixed a path validation...
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Recent assessments: cdelafuente-r7 at August 13, 2024 10:25am UTC reported: Ghostscript is vulnerable to a critical format string vulnerability that affects...
SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2276-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2276-1 advisory. - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format...
VulnCheck KEV: CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
SUSE-SU-2024:2276-1 Security update for ghostscript
This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format string injection that could lead to command execution bsc1226944. - CVE-2024-33869: Fixed a path validation...
CVE-2024-4641
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service...
CVE-2024-4641 OnCell G3470A-LTE Series: Authenticated Format String Errors
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service...
CVE-2024-4641
Summary: CVE-2024-4641 affects MOXA OnCell G3470A-LTE Series firmware v1.7.7 and earlier, due to accepting an externally supplied format string as an argument. An attacker could supply a manipulated format string to trigger a memory leak and denial of service. Affected scope: OnCell G3470A-LTE Se...
CVE-2024-4641 OnCell G3470A-LTE Series: Authenticated Format String Errors
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service...
MOXA OnCell G3470A-LTE 安全漏洞
MOXA OnCell G3470A-LTE is a series of cellular gateway/router from MOXA China. A security vulnerability exists in MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions, which originates from accepting a format string from an external source as a parameter, and can be exploited by an attacke...
CVE-2024-6145
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exis...
CVE-2024-6145 Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exis...
CVE-2024-6145
The CVE-2024-6145 entry concerns Actiontec WCB6200Q routers. Concrete details in connected documents show that the vulnerability exists in the HTTP server, where a crafted Cookie header can trigger a format specifier from a user-supplied string, allowing a network-adjacent attacker to execute arb...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6835-1 advisory. It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format...
USN-6835-1: Ghostscript vulnerabilities
It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. CVE-2023-52722 This issue only affected Ubuntu 20.04...
USN-6835-1 ghostscript vulnerabilities
It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. CVE-2023-52722 This issue only affected Ubuntu 20.04...
OESA-2024-1722 mpv security update
Mpv is a movie player based on MPlayer and mplayer2. It supports a wide variety of video file formats, audio and video codecs, and subtitle types. Special input URL types are available to read input from a variety of sources other than disk files. Depending on platform, a variety of different vid...