Remote code execution

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution...

CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution...

CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution...

Thoughts on Cloud Security

Recently I've been reading about cloud security and security with respect to DevOps. I'll say more about the excellent book I'm reading, but I had a moment of déjà vu during one section. The book described how cloud security is a big change from enterprise security because it relies less on...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1065)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: access bypass in psi/zdevice2.c 700153 CVE-2018-19475 - ghostscript: access bypass in psi/zicc.c 700169 CVE-2018-19476 -...

Saudi Arabia smart phone application Dalil is burst serious vulnerability: the more than 500 million users information was leaked-vulnerability warning-the black bar safety net

Dalil is a similar to Truecaller's smart phone application, but only limited to Saudi Arabia and other Arab regions of the user. Due to the application of the use of the MongoDB database can not enter the password in the case of online access, causing the user data of the continued leak of the we...

X (Formerly Twitter): Protected tweets exposure through the URL

Summary Leaking sensitive information from protected tweets via a prepared website. This vulnerability could lead to exposure of information such as credit card numbers, bank account numbers, phone numbers, tokens, specific words or even the whole phrases but also the exposure of any additional...

ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317)

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER...

CVE-2019-6116

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER...

SUSE-SU-2019:0144-1 Security update for ghostscript

This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators bsc1122319...

CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution...

CVE-2017-3138

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of name...

Faraday v3.4 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.4: Services can now be tagged. With this new feature, you can now easily identify important services, geolocate them and more. New search operators OR/NOT In a previous release we added the AND operator, now with 3.4 you can also use OR...

UBUNTU-CVE-2018-19838

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENTASTOPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone, cloneChildren, and copy...

ALPINE-CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...

DEBIAN-CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...

CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...

CVE-2018-18073

CVE-2018-18073 describes a sandbox-bypass vulnerability in Artifex Ghostscript. The issue arises in Ghostscript 9.25 and earlier where the saved execution stack can leak operator arrays or expose system operators in an error object, allowing a crafted PostScript to bypass -dSAFER/sandbox protecti...

CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...

CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...