330 matches found
CVE-2024-9129
CVE-2024-9129 affects Zend Server versions 8.5 and earlier than 9.2. The vulnerability is a format string injection in Zend Server. According to the provided metrics, the CVSS 4.0 base score is 9.3 (CRITICAL) with NETWORK attack vector, no privileges required, no user interaction, and impacts to ...
OESA-2024-2162 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in...
OESA-2024-2163 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in...
EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2024-2413)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint...
EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2389)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint...
EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2364)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint...
Moderate: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
RHEL 9 : ghostscript (RHSA-2024:6466)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6466 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
AlmaLinux 9 : ghostscript (ALSA-2024:6197)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due to...
Moderate: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
ghostscript: format string injection leads to shell command execution (SAFER bypass)
A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands and upYMoveCommand, are treated as format strings for gpfprintf and gssnprintf. This lack of restriction permit...
ALSA-2024:6197 Moderate: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...
ghostscript security update
9.54.0-17 - RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths - RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction - RHEL-44731 CVE-2024-29510 ghostscript: format string...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:2292-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2292-1 advisory. - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945....
DEBIAN-CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
SUSE-SU-2024:2292-1 Security update for ghostscript
This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format string injection that could lead to command execution bsc1226944. - CVE-2024-33869: Fixed a path validation...
SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2276-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2276-1 advisory. - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format...
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...