Unspecified Vulnerability in CloudBees Jenkins Global Post Script Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Global Post Script Plugin is used in which a...

Unspecified Vulnerability in CloudBees Jenkins CRX Content Package Deployer Plugin (CNVD-2019-42835)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...

Atlassian Jira Information Disclosure Vulnerability (CNVD-2019-30067)

Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. An information disclosure vulnerability exists in several work log rest resources in Jira. The vulnerability stems from a lack of privilege checking. A remote attacker could exploi...

Arbitrary Code Execution

Artifex Ghostscript is vulnerable to arbitrary code execution. This is because incorrect restoration of privilege checking when running out of stack during exception handling. An attacker could use this flaw to supply crafted PostScript to execute code using the pipe instruction...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1022)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: Incorrect 'restoration of privilege' checking when running out of stack during exception handling CVE-2018-16802 - ghostscript...

EulerOS Virtualization 2.5.2 : ghostscript (EulerOS-SA-2018-1412)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibl...

RHEL 7 : ghostscript (RHSA-2018:3834)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3834 advisory. - ghostscript: Uninitialized memory access in the aesdecode operator 699665 CVE-2018-15911 - ghostscript: Incorrect free logic in pagedevice...

Amazon Linux 2 : ghostscript (ALAS-2018-1088)

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

Design/Logic Flaw

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...

CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...

CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...

CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...

CVE-2018-16802

Artifex Ghostscript prior to 9.25 is affected by CVE-2018-16802: incorrect “restoration of privilege” checking when stack overflows during exception handling could allow code execution via crafted PostScript using the pipe operator. This stems from an incomplete fix for CVE-2018-16509. The issue ...

CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...

CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

Security Bulletin: Vulnerabilities in PostgreSQL affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in PostgreSQL IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-7486 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by improper implementation of...

Security Bulletin: IBM® DB2® LUW contains a bypass security vulnerability in its Data Movement feature (CVE-2015-1922)

Summary IBM DB2 LUW contains a bypass security vulnerability in its Data Movement feature. Vulnerability Details CVEID: CVE-2015-1922 DESCRIPTION: IBM DB2 contains a bypass security vulnerability. DB2 Data Movement feature does not perform sufficient privilege checking which allows a user with...