BIT-MOODLE-2022-35649

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in...

Remote Code Execution (RCE)

Moodle is vulnerable to Remote Code Execution. Due to an omitted execution parameter in the GhostScript command, an attacker is able to run code on the system by parsing PostScript code...

Input validation

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in...

CVE-2022-35649

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in...

SUSE: Security Advisory (SUSE-SU-2019:2981-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-17353

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...

CVE-2020-17353

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as it was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the curren...

openSUSE Security Update : ghostscript (openSUSE-2019-2535)

This update for ghostscript fixes the following issues : - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code bsc1156275. This update was imported from the SUSE:SLE-15:Update update project. C Tenable...

OPENSUSE-SU-2019:2535-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code bsc1156275. This update was imported from the SUSE:SLE-15:Update update project...

Remote Code Execution (RCE)

Typo3/Cms is vulnerable to remote code execution. Improper configuration of the applications used for image processing allows an attacker to execute arbitrary code on the server by uploading a malicious image file containing PostScript code...

RHEL 8 : ghostscript (RHSA-2019:0971)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0971 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

Artifex Ghostscript < 9.25 PostScript Code Execution Vulnerability

The version of Artifex Ghostscript installed on the remote Windows host is prior to 9.25. It is, therefore, affected by a code execution vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid117596; scriptversion"1.5";...

DEBIAN-CVE-2010-4820

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055...

Design/Logic Flaw

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055...

CVE-2010-4820

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055...

Ghostscript 8.64 executes random code at startup

Ghostscript8.64 on openSuSE11.2 executes all files matching ./Encoding/ on startup. This search is relative to the current directory so it is easy to poison Ghostscript and cause it to execute arbitrary PostScript code without user action or knowledge. Details:...