200 matches found
NewStart CGSL CORE 5.05 / MAIN 5.05 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0250)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ghostscript packages installed that are affected by multiple vulnerabilities: - psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to...
CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...
CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...
CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...
CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...
DEBIAN-CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of...
CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of...
ALPINE-CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of...
CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of...
CVE-2019-14869
A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could...
DEBIAN-CVE-2019-14869
A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could...
Design/Logic Flaw
A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could...
CVE-2019-14869
Summary: CVE-2019-14869 affects Ghostscript 9.x up to 9.49, where the .charkeys primitive did not properly secure privileged calls, allowing a crafted PostScript file to bypass -dSAFER and escalate/execute commands or access restricted files. The issue is rooted in insufficient isolation of privi...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0203)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to...
CVE-2019-14813
A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...
EulerOS 2.0 SP8 : ghostscript (EulerOS-SA-2019-2076)
According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An...
openSUSE Security Update : ghostscript (openSUSE-2019-2160)
This update for ghostscript fixes the following issues : Security issue fixed : - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file bsc1144621. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...
Security update for ghostscript (moderate)
openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2019:2160-1 Rating: moderate References: 1144621 Cross-References: CVE-2019-10216 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...
The vulnerability of the .pdfhook_DSC_Creator procedure of the Ghostscript file conversion program allows a hacker to gain access to the file system.
The vulnerability of the .pdfhookDSCCreator procedure of the Ghostscript file conversion program is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to the file system by circumventing the restrictions imposed by -dSAFER, using a...
The vulnerability of the .pdfexecoken process of the Ghostscript file conversion program allows a perpetrator to execute arbitrary commands or gain access to the file system.
The vulnerability of the .pdfexecoken procedure in the Ghostscript file conversion program is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely or gain access to the file system bypassing the restrictions impos...