MSA-22-0015: PostScript Code Injection / Remote code execution risk

MSA-22-0015: PostScript Code Injection / Remote code execution risk

by Michael Hawkins. An omitted execution parameter resulted in a remote code execution risk for sites running GhostScript versions older than 9.50.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Nick Wojciechowski, CyberCXWorkaround:Ensure older versions of GhostScript are upgraded to 9.50 or newer.CVE identifier:CVE-2022-35649Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=436456&parent=1756382Leer másÚltimas Vulnerabilidades

by Michael Hawkins. An omitted execution parameter resulted in a remote code execution risk for sites running GhostScript versions older than 9.50.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Nick Wojciechowski, CyberCXWorkaround:Ensure older versions of GhostScript are upgraded to 9.50 or newer.CVE identifier:CVE-2022-35649Changes More info: https://moodle.org/mod/forum/discuss.php?d=436456&parent=1756382

by Michael Hawkins. An omitted execution parameter resulted in a remote code execution risk for sites running GhostScript versions older than 9.50.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Nick Wojciechowski, CyberCXWorkaround:Ensure older versions of GhostScript are upgraded to 9.50 or newer.CVE identifier:CVE-2022-35649Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=436456&parent=1756382Leer másÚltimas Vulnerabilidades

Facebook
Twitter
LinkedIn
Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

ciso2ciso editor´s picks

IBM Security
How much does a data breach cost in 2022? IBM Cost of a Data Breach 2022 Report by IBM Security
How much does a data breach cost in 2022? IBM Cost of a Data Breach 2022 Report by IBM Security
Marcos Jaimovich
Building a SECURE Minimum Viable Protection (SMVP) Product or Service. Software Quality must include Cybersecurity by Design Principle. Marcos Jaimovich
Building a SECURE Minimum Viable Protection (SMVP) Product or Service. Software Quality must include Cybersecurity by Design Principle. Marcos Jaimovich
Chris Davis
Blue Team Cheat Sheets by Chris Davis
Blue Team Cheat Sheets by Chris Davis
Apress
Jump-start Your SOC Analyst Career – A Roadmap to Cybersecurity Success by Apress
Jump-start Your SOC Analyst Career – A Roadmap to Cybersecurity Success by Apress
Ciso Council
CISO Security Officer Handbook
CISO Security Officer Handbook
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template by ACSC & Australian Goverment
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps by Australian Government – ACSC

More Latest Published Posts

Gray Hat Hacking: The Ethical Hacker’s Handbook, Second Edition
Gray Hat Hacking: The Ethical Hacker’s Handbook, Second Edition
EDR Bypassing via Memory Manipulation Techniques
EDR Bypassing via Memory Manipulation Techniques
NIST
Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines
Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines
Akamai
Cybersecurity in Financial Services
Cybersecurity in Financial Services
FORTINET
The Secure Network Journey
The Secure Network Journey
Akamai
Accelerate Compliance with the NSA Methodology for Adversary Obstruction
Accelerate Compliance with the NSA Methodology for Adversary Obstruction
CoESS
Cyber-Physical Securityand Critical Infrastructure
Cyber-Physical Securityand Critical Infrastructure
Centre for Cyber Security Belgium
CYBER FUNDAMENTALS ESSENTIAL
CYBER FUNDAMENTALS ESSENTIAL
CYBER SECURITY AWARENESS E-BOOK
CYBER SECURITY AWARENESS E-BOOK
New York State
NEW YORK STATE CYBERSECURITY STRATEGY
NEW YORK STATE CYBERSECURITY STRATEGY
ICIT
MATERIALITY MATTERS
MATERIALITY MATTERS
Cyphere
Cyber Incident Readiness Checklist
Cyber Incident Readiness Checklist
CROWDSTRIKE
2023Cloud Risk Report
2023Cloud Risk Report
CISSP
CISSP Concepts Guide
CISSP Concepts Guide
NIST
Building a Cybersecurity and Privacy Learning Program
Building a Cybersecurity and Privacy Learning Program
NSA
Best Practices for Securing Your Home Network
Best Practices for Securing Your Home Network
Microsoft Azure
Azure DevOps SecurityCheckList
Azure DevOps SecurityCheckList
Akamai
Software Defined Segmentation forData Center Operators
Software Defined Segmentation forData Center Operators
ISACA
Guide for the Implementation of Cyber Security Checks
Guide for the Implementation of Cyber Security Checks
Microsoft Security
Azure Defenses for Ransomware Attack by Microsoft Security
Azure Defenses for Ransomware Attack by Microsoft Security
Microsoft Security
Three Steps for Protecting Your Data End-to-End with Microsoft Purview by Microsoft Security
Three Steps for Protecting Your Data End-to-End with Microsoft Purview by Microsoft Security
Microsoft Security
The Cost of Inaction – A CISOs guide for getting boards of directors to invest in cybersecurity by Microsoft Security
The Cost of Inaction – A CISOs guide for getting boards of directors to invest in cybersecurity by Microsoft Security
SANS
SANS – Cloud Security Foundations, Frameworks, and Beyond – In partnership with aws , Google Cloud and Microsoft
SANS – Cloud Security Foundations, Frameworks, and Beyond – In partnership with aws , Google Cloud and Microsoft
National Security Agency
Defending Continuous Integ Cont Delivery CI DC Environ
Defending Continuous Integ Cont Delivery CI DC Environ
INTELTECHNIQUES
OSINT cheat Sheet
OSINT cheat Sheet
ministry of security
Data Center Security Checklist
Data Center Security Checklist
Google Cloud
Data governance_ Principles for securing and managing logs
Data governance_ Principles for securing and managing logs
LOG RHYTHM
Threat Hunting 101
Threat Hunting 101