ISHACK AI BOT

Debian: CVE-2024-8805: linux, linux-6.1 -- security update Severity 8 CVSS (AV:A/AC:L/Au:N/C:C/I:C/A:C) Published 11/11/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-8805 CVE - 2024-8805 DLA-4008-1

Debian: CVE-2024-52533: glib2.0 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Solution(s) debian-upgrade-glib2-0 References https://attackerkb.com/topics/cve-2024-52533 CVE - 2024-52533 DLA-3962-1

Ubuntu: (Multiple Advisories) (CVE-2024-46956): Ghostscript vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. Solution(s) ubuntu-pro-upgrade-ghostscript ubuntu-pro-upgrade-libgs10 ubuntu-pro-upgrade-libgs9 References https://attackerkb.com/topics/cve-2024-46956 CVE - 2024-46956 USN-7103-1 USN-7138-1

VMware Photon OS: CVE-2024-52530 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/11/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-52530 CVE - 2024-52530

Ubuntu: (Multiple Advisories) (CVE-2024-46955): Ghostscript vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 11/10/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Solution(s) ubuntu-pro-upgrade-ghostscript ubuntu-pro-upgrade-libgs10 ubuntu-pro-upgrade-libgs9 References https://attackerkb.com/topics/cve-2024-46955 CVE - 2024-46955 USN-7103-1 USN-7138-1

Debian: CVE-2024-46955: ghostscript -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 11/10/2024 Created 11/19/2024 Added 11/18/2024 Modified 01/28/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2024-46955 CVE - 2024-46955 DSA-5808-1

Huawei EulerOS: CVE-2024-46955: ghostscript security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 11/10/2024 Created 01/15/2025 Added 01/14/2025 Modified 01/28/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Solution(s) huawei-euleros-2_0_sp10-upgrade-ghostscript huawei-euleros-2_0_sp10-upgrade-ghostscript-help References https://attackerkb.com/topics/cve-2024-46955 CVE - 2024-46955 EulerOS-SA-2025-1021

Debian: CVE-2024-46956: ghostscript -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 11/19/2024 Added 11/18/2024 Modified 01/28/2025 Description An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2024-46956 CVE - 2024-46956 DSA-5808-1

Huawei EulerOS: CVE-2024-46953: ghostscript security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 01/16/2025 Added 01/15/2025 Modified 01/28/2025 Description An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. Solution(s) huawei-euleros-2_0_sp9-upgrade-ghostscript huawei-euleros-2_0_sp9-upgrade-ghostscript-help References https://attackerkb.com/topics/cve-2024-46953 CVE - 2024-46953 EulerOS-SA-2025-1055

Huawei EulerOS: CVE-2024-46955: ghostscript security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 11/10/2024 Created 01/16/2025 Added 01/15/2025 Modified 01/28/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Solution(s) huawei-euleros-2_0_sp9-upgrade-ghostscript huawei-euleros-2_0_sp9-upgrade-ghostscript-help References https://attackerkb.com/topics/cve-2024-46955 CVE - 2024-46955 EulerOS-SA-2025-1055

Huawei EulerOS: CVE-2024-46951: ghostscript security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 01/16/2025 Added 01/15/2025 Modified 01/28/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Solution(s) huawei-euleros-2_0_sp9-upgrade-ghostscript huawei-euleros-2_0_sp9-upgrade-ghostscript-help References https://attackerkb.com/topics/cve-2024-46951 CVE - 2024-46951 EulerOS-SA-2025-1055

Artifex Ghostscript: (CVE-2024-46951) An unchecked Implementation pointer in Pattern color space psi/zcolor.c. Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Solution(s) ghostscript-upgrade-10_04_0 References https://attackerkb.com/topics/cve-2024-46951 CVE - 2024-46951

Artifex Ghostscript: (CVE-2024-46952) Buffer overflow during handling of a PDF XRef stream (related to W array values). Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). Solution(s) ghostscript-upgrade-10_04_0 References https://attackerkb.com/topics/cve-2024-46952 CVE - 2024-46952

Gentoo Linux: CVE-2024-46954: GPL Ghostscript: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/10/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. Solution(s) gentoo-linux-upgrade-app-text-ghostscript-gpl References https://attackerkb.com/topics/cve-2024-46954 CVE - 2024-46954 202501-06

Amazon Linux 2023: CVE-2024-46951: Important priority package update for ghostscript Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Solution(s) amazon-linux-2023-upgrade-ghostscript amazon-linux-2023-upgrade-ghostscript-debuginfo amazon-linux-2023-upgrade-ghostscript-debugsource amazon-linux-2023-upgrade-ghostscript-doc amazon-linux-2023-upgrade-ghostscript-gtk amazon-linux-2023-upgrade-ghostscript-gtk-debuginfo amazon-linux-2023-upgrade-ghostscript-tools-dvipdf amazon-linux-2023-upgrade-ghostscript-tools-fonts amazon-linux-2023-upgrade-ghostscript-tools-printing amazon-linux-2023-upgrade-ghostscript-x11 amazon-linux-2023-upgrade-ghostscript-x11-debuginfo amazon-linux-2023-upgrade-libgs amazon-linux-2023-upgrade-libgs-debuginfo amazon-linux-2023-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2024-46951 CVE - 2024-46951 https://alas.aws.amazon.com/AL2023/ALAS-2024-774.html

Gentoo Linux: CVE-2024-46951: GPL Ghostscript: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-app-text-ghostscript-gpl References https://attackerkb.com/topics/cve-2024-46951 CVE - 2024-46951 202501-06

Debian: CVE-2024-46952: ghostscript -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 11/19/2024 Added 11/18/2024 Modified 01/28/2025 Description An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2024-46952 CVE - 2024-46952 DSA-5808-1

Ubuntu: USN-7103-1 (CVE-2024-46952): Ghostscript vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). Solution(s) ubuntu-upgrade-ghostscript ubuntu-upgrade-libgs10 ubuntu-upgrade-libgs9 References https://attackerkb.com/topics/cve-2024-46952 CVE - 2024-46952 USN-7103-1

Gentoo Linux: CVE-2024-46955: GPL Ghostscript: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 11/10/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Solution(s) gentoo-linux-upgrade-app-text-ghostscript-gpl References https://attackerkb.com/topics/cve-2024-46955 CVE - 2024-46955 202501-06

Debian: CVE-2024-46953: ghostscript -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 11/19/2024 Added 11/18/2024 Modified 01/28/2025 Description An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2024-46953 CVE - 2024-46953 DSA-5808-1

Huawei EulerOS: CVE-2024-46956: ghostscript security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 01/15/2025 Added 01/14/2025 Modified 01/28/2025 Description An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. Solution(s) huawei-euleros-2_0_sp10-upgrade-ghostscript huawei-euleros-2_0_sp10-upgrade-ghostscript-help References https://attackerkb.com/topics/cve-2024-46956 CVE - 2024-46956 EulerOS-SA-2025-1021

Huawei EulerOS: CVE-2024-46956: ghostscript security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 01/16/2025 Added 01/15/2025 Modified 01/28/2025 Description An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. Solution(s) huawei-euleros-2_0_sp9-upgrade-ghostscript huawei-euleros-2_0_sp9-upgrade-ghostscript-help References https://attackerkb.com/topics/cve-2024-46956 CVE - 2024-46956 EulerOS-SA-2025-1055

Amazon Linux 2023: CVE-2024-46956: Important priority package update for ghostscript Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. Solution(s) amazon-linux-2023-upgrade-ghostscript amazon-linux-2023-upgrade-ghostscript-debuginfo amazon-linux-2023-upgrade-ghostscript-debugsource amazon-linux-2023-upgrade-ghostscript-doc amazon-linux-2023-upgrade-ghostscript-gtk amazon-linux-2023-upgrade-ghostscript-gtk-debuginfo amazon-linux-2023-upgrade-ghostscript-tools-dvipdf amazon-linux-2023-upgrade-ghostscript-tools-fonts amazon-linux-2023-upgrade-ghostscript-tools-printing amazon-linux-2023-upgrade-ghostscript-x11 amazon-linux-2023-upgrade-ghostscript-x11-debuginfo amazon-linux-2023-upgrade-libgs amazon-linux-2023-upgrade-libgs-debuginfo amazon-linux-2023-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2024-46956 CVE - 2024-46956 https://alas.aws.amazon.com/AL2023/ALAS-2024-774.html

Amazon Linux 2023: CVE-2024-46953: Important priority package update for ghostscript Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. Solution(s) amazon-linux-2023-upgrade-ghostscript amazon-linux-2023-upgrade-ghostscript-debuginfo amazon-linux-2023-upgrade-ghostscript-debugsource amazon-linux-2023-upgrade-ghostscript-doc amazon-linux-2023-upgrade-ghostscript-gtk amazon-linux-2023-upgrade-ghostscript-gtk-debuginfo amazon-linux-2023-upgrade-ghostscript-tools-dvipdf amazon-linux-2023-upgrade-ghostscript-tools-fonts amazon-linux-2023-upgrade-ghostscript-tools-printing amazon-linux-2023-upgrade-ghostscript-x11 amazon-linux-2023-upgrade-ghostscript-x11-debuginfo amazon-linux-2023-upgrade-libgs amazon-linux-2023-upgrade-libgs-debuginfo amazon-linux-2023-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2024-46953 CVE - 2024-46953 https://alas.aws.amazon.com/AL2023/ALAS-2024-774.html

Amazon Linux 2023: CVE-2024-46952: Important priority package update for ghostscript Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). Solution(s) amazon-linux-2023-upgrade-ghostscript amazon-linux-2023-upgrade-ghostscript-debuginfo amazon-linux-2023-upgrade-ghostscript-debugsource amazon-linux-2023-upgrade-ghostscript-doc amazon-linux-2023-upgrade-ghostscript-gtk amazon-linux-2023-upgrade-ghostscript-gtk-debuginfo amazon-linux-2023-upgrade-ghostscript-tools-dvipdf amazon-linux-2023-upgrade-ghostscript-tools-fonts amazon-linux-2023-upgrade-ghostscript-tools-printing amazon-linux-2023-upgrade-ghostscript-x11 amazon-linux-2023-upgrade-ghostscript-x11-debuginfo amazon-linux-2023-upgrade-libgs amazon-linux-2023-upgrade-libgs-debuginfo amazon-linux-2023-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2024-46952 CVE - 2024-46952 https://alas.aws.amazon.com/AL2023/ALAS-2024-774.html