CVE-2018-16863

HIGH Year: 2018
CVSS v3 Score
7.8
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-184
View all →

Vulnerability Description

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

Related Vulnerabilities

CVE-2015-5946

HIGH
CVSS:7.8(High)

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

CWE-1842015

CVE-2016-7076

HIGH
CVSS:7.8(High)

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user perm...

CWE-1842016

CVE-2025-29822

HIGH
CVSS:7.8(High)

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

CWE-1842025

CVE-2018-5968

HIGH
CVSS:8.1(High)

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization fla...

CWE-1842018

CVE-2020-14372

HIGH
CVSS:7.5(High)

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craf...

CWE-1842020

CVE-2020-3384

HIGH
CVSS:8.2(High)

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system...

CWE-1842020