Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OpenVAS
OpenVASadded 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2018-0408)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS6.9AI score0.10504EPSS
Exploits3References7
Exploit DB
Exploit DBadded 2019/01/24 12:0 a.m.127 views

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution

I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an executable array of commands, you need to mark it as...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2018/11/30 12:0 a.m.55 views

Ubuntu Ghostscript Failed Fix

Ubuntu: incomplete fix for CVE-2018-16510 This Ubuntu advisory claims to fix CVE-2018-16510: https://usn.ubuntu.com/3768-1/ That does not appear to be true. The root cause of CVE-2018-16510 was that a bunch of procedures were in userdict that should have been executeonly, but were not. In...

6.8CVSS7.8AI score0.00223EPSS
Exploits1
OSV
OSVadded 2018/10/19 6:36 p.m.11 views

MGASA-2018-0408 Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. CVE-2018-17961 Saved execution stacks can leak operator arrays. CVE-2018-18073 1Policy operator gives access to .forceput. CVE-2018-18284...

8.6CVSS7.4AI score0.10504EPSS
Exploits3References6
Mageia
Mageiaadded 2018/10/19 6:36 p.m.34 views

Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. CVE-2018-17961 Saved execution stacks can leak operator arrays. CVE-2018-18073 1Policy operator gives access to .forceput. CVE-2018-18284...

8.6CVSS1.8AI score0.10504EPSS
Exploits3References5
0day.today
0day.todayadded 2018/10/10 12:0 a.m.43 views

ghostscript - executeonly Bypass with errorhandler Setup Exploit

Exploit for linux platform in category local exploits While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc...

0.1AI score0.10504EPSS
Exploits2
Exploit DB
Exploit DBadded 2018/10/09 12:0 a.m.38 views

ghostscript - executeonly Bypass with errorhandler Setup

While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc. Additionally, because nautilus will automatically invoke...

7.4AI score
Exploits0
Rows per page
Query Builder