Vulnerabilites related to aladdin_enterprises - ghostscript
CVE-2004-0967 (GCVE-0-2004-0967)
Vulnerability from cvelistv5
Published
2004-10-20 04:00
Modified
2024-08-08 00:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10284",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"
},
{
"name": "script-temporary-file-overwrite(17583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "19799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19799"
},
{
"name": "2004-0050",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "20056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"
},
{
"name": "SCOSA-2006.23",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"
},
{
"name": "16997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16997"
},
{
"name": "RHSA-2005:081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"
},
{
"name": "17135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17135"
},
{
"name": "USN-3-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/usn-3-1/"
},
{
"name": "11285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11285"
},
{
"name": "SCOSA-2006.19",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10284",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"
},
{
"name": "script-temporary-file-overwrite(17583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "19799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19799"
},
{
"name": "2004-0050",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "20056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"
},
{
"name": "SCOSA-2006.23",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"
},
{
"name": "16997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16997"
},
{
"name": "RHSA-2005:081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"
},
{
"name": "17135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17135"
},
{
"name": "USN-3-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/usn-3-1/"
},
{
"name": "11285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11285"
},
{
"name": "SCOSA-2006.19",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10284",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"
},
{
"name": "script-temporary-file-overwrite(17583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "19799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19799"
},
{
"name": "2004-0050",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "20056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20056"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"
},
{
"name": "SCOSA-2006.23",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"
},
{
"name": "16997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16997"
},
{
"name": "RHSA-2005:081",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"
},
{
"name": "17135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17135"
},
{
"name": "USN-3-1",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/usn-3-1/"
},
{
"name": "11285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11285"
},
{
"name": "SCOSA-2006.19",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0967",
"datePublished": "2004-10-20T04:00:00",
"dateReserved": "2004-10-19T00:00:00",
"dateUpdated": "2024-08-08T00:38:59.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1163 (GCVE-0-2000-1163)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CSSA-2000-041",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"name": "ghostscript-env-variable(5564)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5564"
},
{
"name": "MDKSA-2000:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"name": "1991",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1991"
},
{
"name": "CLSA-2000:343",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"name": "20001123 ghostscript: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CSSA-2000-041",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"name": "ghostscript-env-variable(5564)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5564"
},
{
"name": "MDKSA-2000:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"name": "1991",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1991"
},
{
"name": "CLSA-2000:343",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"name": "20001123 ghostscript: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2000-041",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"name": "ghostscript-env-variable(5564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5564"
},
{
"name": "MDKSA-2000:074",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"name": "1991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1991"
},
{
"name": "CLSA-2000:343",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"name": "20001123 ghostscript: symlink attack",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1163",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-12-14T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0155 (GCVE-0-1999-0155)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ghostscript command with the -dSAFER option allows remote attackers to execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:49:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ghostscript command with the -dSAFER option allows remote attackers to execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0155",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1162 (GCVE-0-2000-1162)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CSSA-2000-041",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"name": "MDKSA-2000:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"name": "RHSA-2000:114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-114.html"
},
{
"name": "CLSA-2000:343",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"name": "1990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1990"
},
{
"name": "ghostscript-sym-link(5563)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5563"
},
{
"name": "20001123 ghostscript: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CSSA-2000-041",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"name": "MDKSA-2000:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"name": "RHSA-2000:114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-114.html"
},
{
"name": "CLSA-2000:343",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"name": "1990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1990"
},
{
"name": "ghostscript-sym-link(5563)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5563"
},
{
"name": "20001123 ghostscript: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2000-041",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"name": "MDKSA-2000:074",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"name": "RHSA-2000:114",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-114.html"
},
{
"name": "CLSA-2000:343",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"name": "1990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1990"
},
{
"name": "ghostscript-sym-link(5563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5563"
},
{
"name": "20001123 ghostscript: symlink attack",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1162",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-12-14T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0363 (GCVE-0-2002-0363)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:27.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-209.html"
},
{
"name": "4937",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4937"
},
{
"name": "CSSA-2002-026.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt"
},
{
"name": "ghostscript-postscript-command-execution(9254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9254.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html"
},
{
"name": "RHSA-2002:083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-083.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html"
},
{
"name": "RHSA-2002:123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-123.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-209.html"
},
{
"name": "4937",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4937"
},
{
"name": "CSSA-2002-026.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt"
},
{
"name": "ghostscript-postscript-command-execution(9254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9254.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html"
},
{
"name": "RHSA-2002:083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-083.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html"
},
{
"name": "RHSA-2002:123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-123.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:209",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-209.html"
},
{
"name": "4937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4937"
},
{
"name": "CSSA-2002-026.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt"
},
{
"name": "ghostscript-postscript-command-execution(9254)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9254.php"
},
{
"name": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html",
"refsource": "MISC",
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html"
},
{
"name": "RHSA-2002:083",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-083.html"
},
{
"name": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html",
"refsource": "MISC",
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html"
},
{
"name": "RHSA-2002:123",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-123.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0363",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-05-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:27.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1353 (GCVE-0-2001-1353)
Vulnerability from cvelistv5
Published
2002-06-05 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2001:138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-138.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://marc.info/?l=lprng\u0026m=100083210910857\u0026w=2"
},
{
"name": "HPSBUX0112-009",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0069.html"
},
{
"name": "RHSA-2001:112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2001-112.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ghostscript before 6.51 allows local users to read and write arbitrary files as the \u0027lp\u0027 user via the file operator, even with -dSAFER enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2001:138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-138.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://marc.info/?l=lprng\u0026m=100083210910857\u0026w=2"
},
{
"name": "HPSBUX0112-009",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0069.html"
},
{
"name": "RHSA-2001:112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2001-112.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ghostscript before 6.51 allows local users to read and write arbitrary files as the \u0027lp\u0027 user via the file operator, even with -dSAFER enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2001:138",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-138.html"
},
{
"name": "http://marc.info/?l=lprng\u0026m=100083210910857\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=lprng\u0026m=100083210910857\u0026w=2"
},
{
"name": "HPSBUX0112-009",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0069.html"
},
{
"name": "RHSA-2001:112",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2001-112.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1353",
"datePublished": "2002-06-05T04:00:00",
"dateReserved": "2002-06-02T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-02-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt | ||
| cve@mitre.org | ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt | ||
| cve@mitre.org | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321 | ||
| cve@mitre.org | http://secunia.com/advisories/16997 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17135 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/19799 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/20056 | Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-081.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/11285 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.trustix.org/errata/2004/0050 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284 | ||
| cve@mitre.org | https://www.ubuntu.com/usn/usn-3-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16997 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17135 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19799 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20056 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-081.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11285 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trustix.org/errata/2004/0050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ubuntu.com/usn/usn-3-1/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aladdin_enterprises | ghostscript | 4.3 | |
| aladdin_enterprises | ghostscript | 4.3.2 | |
| aladdin_enterprises | ghostscript | 5.10.10 | |
| aladdin_enterprises | ghostscript | 5.10.10 | |
| aladdin_enterprises | ghostscript | 5.10.10_1 | |
| aladdin_enterprises | ghostscript | 5.10.10_1 | |
| aladdin_enterprises | ghostscript | 5.10.12cl | |
| aladdin_enterprises | ghostscript | 5.10.15 | |
| aladdin_enterprises | ghostscript | 5.10.16 | |
| aladdin_enterprises | ghostscript | 5.10cl | |
| aladdin_enterprises | ghostscript | 5.50 | |
| aladdin_enterprises | ghostscript | 5.50.8 | |
| aladdin_enterprises | ghostscript | 5.50.8_7 | |
| aladdin_enterprises | ghostscript | 6.51 | |
| aladdin_enterprises | ghostscript | 6.52 | |
| aladdin_enterprises | ghostscript | 6.53 | |
| aladdin_enterprises | ghostscript | 7.0.4 | |
| aladdin_enterprises | ghostscript | 7.0.5 | |
| aladdin_enterprises | ghostscript | 7.0.6 | |
| aladdin_enterprises | ghostscript | 7.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "563638C2-75D6-4EBB-BE65-A2DBCB9B2425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "688546DF-EEA4-49DD-AB36-EE542EB51931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "31868FF9-396E-43F3-87CC-99653D2EEB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10:*:mdk:*:*:*:*:*",
"matchCriteriaId": "9D8853B6-08C4-467B-8B2C-5636A2E6535B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10_1:*:*:*:*:*:*:*",
"matchCriteriaId": "A77665EE-BD4A-46F4-9FD4-AF4B85519938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10_1:*:mdk:*:*:*:*:*",
"matchCriteriaId": "0204AB31-487C-48CF-9E95-C9FAC201AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.12cl:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED505EB-D306-4B32-8548-3B6F040C972D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "65386D8C-7D7C-464A-839D-6B4B39F724BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D3797-3953-4030-BAFE-FD427E4CDC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10cl:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB97AFC-64CA-4B20-8BB6-DFF70225400D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "718E9B80-DD01-45E5-B61C-B5BA2036262F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.50.8:*:*:*:*:*:*:*",
"matchCriteriaId": "971EDCE7-B3B1-4D85-9E8D-56DA8E5C0934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.50.8_7:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4EA720-85DB-4E00-853A-83EF85852F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "B9001A11-30B4-4ABB-BA76-4A96203260AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CE4BD3-3625-4815-84FF-3AAE091846BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "575962D6-91D5-41AF-AF88-D61F4E32BD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB5CC32-6B1F-4C57-B969-953AB539A9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F05F06-F884-4636-AD6E-664E841BEE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F003331-1740-4087-B5B7-4687FF78A1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20C1DB4C-1A32-4E95-A117-690AA4449C61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files."
}
],
"id": "CVE-2004-0967",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"
},
{
"source": "cve@mitre.org",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16997"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17135"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20056"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11285"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"
},
{
"source": "cve@mitre.org",
"url": "https://www.ubuntu.com/usn/usn-3-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ubuntu.com/usn/usn-3-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140074\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
"lastModified": "2007-09-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-01-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 | ||
| cve@mitre.org | http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2000/20001123 | ||
| cve@mitre.org | http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2000-114.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/1990 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/5563 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2000/20001123 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2000-114.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1990 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/5563 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aladdin_enterprises | ghostscript | 4.3 | |
| aladdin_enterprises | ghostscript | 5.10.10 | |
| aladdin_enterprises | ghostscript | 5.10.15 | |
| aladdin_enterprises | ghostscript | 5.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "563638C2-75D6-4EBB-BE65-A2DBCB9B2425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "31868FF9-396E-43F3-87CC-99653D2EEB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "65386D8C-7D7C-464A-839D-6B4B39F724BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "718E9B80-DD01-45E5-B61C-B5BA2036262F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack."
}
],
"id": "CVE-2000-1162",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-01-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2000/20001123"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1990"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2000/20001123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5563"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/hp/2001-q4/0069.html | ||
| cve@mitre.org | http://marc.info/?l=lprng&m=100083210910857&w=2 | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2001-112.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2001-138.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/hp/2001-q4/0069.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=lprng&m=100083210910857&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2001-112.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2001-138.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aladdin_enterprises | ghostscript | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "398E988F-4725-409E-94D2-270333D76F2D",
"versionEndIncluding": "6.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ghostscript before 6.51 allows local users to read and write arbitrary files as the \u0027lp\u0027 user via the file operator, even with -dSAFER enabled."
}
],
"id": "CVE-2001-1353",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0069.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=lprng\u0026m=100083210910857\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2001-112.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-138.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=lprng\u0026m=100083210910857\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2001-112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-138.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-29 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt | ||
| cve@mitre.org | http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html | Vendor Advisory | |
| cve@mitre.org | http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html | Patch | |
| cve@mitre.org | http://www.iss.net/security_center/static/9254.php | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2002-083.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2002-123.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-209.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/4937 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9254.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2002-083.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2002-123.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-209.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4937 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aladdin_enterprises | ghostscript | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1A85B3-4935-4966-A3CD-2EA13C42866C",
"versionEndIncluding": "6.53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice."
}
],
"id": "CVE-2002-0363",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9254.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-083.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-123.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-209.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9254.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-123.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4937"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-01-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 | ||
| cve@mitre.org | http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt | ||
| cve@mitre.org | http://www.debian.org/security/2000/20001123 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/1991 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/5564 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2000/20001123 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1991 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/5564 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aladdin_enterprises | ghostscript | 4.3 | |
| aladdin_enterprises | ghostscript | 5.10.10 | |
| aladdin_enterprises | ghostscript | 5.10.15 | |
| aladdin_enterprises | ghostscript | 5.10cl | |
| aladdin_enterprises | ghostscript | 5.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "563638C2-75D6-4EBB-BE65-A2DBCB9B2425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "31868FF9-396E-43F3-87CC-99653D2EEB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "65386D8C-7D7C-464A-839D-6B4B39F724BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10cl:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB97AFC-64CA-4B20-8BB6-DFF70225400D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "718E9B80-DD01-45E5-B61C-B5BA2036262F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript."
}
],
"id": "CVE-2000-1163",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-01-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"source": "cve@mitre.org",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2000/20001123"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1991"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2000/20001123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5564"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1995-08-31 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aladdin_enterprises | ghostscript | 2.6 | |
| aladdin_enterprises | ghostscript | 3.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1776085C-BF6C-4492-884C-09DEC1F46548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2244ABF5-6D70-44A8-B9A2-FBFD5098B8FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ghostscript command with the -dSAFER option allows remote attackers to execute commands."
}
],
"id": "CVE-1999-0155",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1995-08-31T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}