Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2019/10/08 10:56 a.m.34 views

CVE-2018-15909

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

9.3CVSS1.6AI score0.92499EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.31 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0054)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit thi...

7.8CVSS7.9AI score0.43901EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.41 views

NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0145)

The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection...

9.3CVSS8.1AI score0.92499EPSS
Exploits4References2
Veracode
Veracode
added 2019/05/16 3:38 a.m.22 views

Remote Code Execution (RCE)

Artifex Ghostscript is vulnerable to remote code execution RCE attacks. This is because the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in the...

7.8CVSS8.3AI score0.03037EPSS
Exploits0References14Affected Software1
Veracode
Veracode
added 2019/05/16 3:23 a.m.22 views

Denial Of Service (DoS)

Ghostscript is vulnerable to denial of serviceDoS attacks. This is because the ghostscript device cleanup does not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code...

5.5CVSS7.1AI score0.01412EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.38 views

EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1202)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An...

5.5CVSS7.3AI score0.01445EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/01/23 8:20 p.m.30 views

CVE-2019-6116

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER...

9.3CVSS1.3AI score0.92499EPSS
Exploits6References3
Amazon
Amazon
added 2018/12/20 12:0 a.m.130 views

Important: ghostscript

Issue Overview: It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document.CVE-2018-16509 Affect...

9.3CVSS8.3AI score0.92499EPSS
Exploits4
Cent OS
Cent OS
added 2018/12/06 6:54 p.m.168 views

ghostscript security update

CentOS Errata and Security Advisory CESA-2018:3760 An update for ghostscript is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

9.3CVSS7.4AI score0.92499EPSS
Exploits4References7
UbuntuCve
UbuntuCve
added 2018/12/03 5:29 p.m.35 views

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as...

9.3CVSS7.3AI score0.01249EPSS
Exploits0References7
Prion
Prion
added 2018/12/03 5:29 p.m.40 views

Design/Logic Flaw

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as...

9.3CVSS8AI score0.92499EPSS
Exploits4References6Affected Software7
RedhatCVE
RedhatCVE
added 2018/09/06 5:50 a.m.45 views

CVE-2018-16540

It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScrip...

9.3CVSS1.9AI score0.92499EPSS
Exploits4References2
Rows per page
Query Builder