194 matches found
CVE-2024-45312
Summary: CVE-2024-45312 affects Overleaf Community Edition and Server Pro before 5.0.7 (or 4.x before 4.2.7). The issue lets an arbitrary language parameter in client spelling requests reach the server’s aspell process, causing it to load a dictionary file with an arbitrary filename; access is li...
CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf
Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...
PT-2024-31564 · Overleaf · Overleaf Server Pro +1
Name of the Vulnerable Software and Affected Versions: Overleaf Community Edition and Server Pro versions prior to 5.0.7 Overleaf Community Edition and Server Pro versions 4.x prior to 4.2.7 Description: Overleaf is a web-based collaborative LaTeX editor. The issue allows an arbitrary language...
OESA-2024-1755 aspell security update
GNU Aspell is a spell checker intended to replace Ispell. It can be used as a library and spell checker. Its main feature is that it provides much better suggestions than other inspectors, including Ispell and Microsoft Word. It also has many other technical enhancements to Ispell, such as the us...
OESA-2024-1754 aspell security update
GNU Aspell is a spell checker intended to replace Ispell. It can be used as a library and spell checker. Its main feature is that it provides much better suggestions than other inspectors, including Ispell and Microsoft Word. It also has many other technical enhancements to Ispell, such as the us...
OPENSUSE-SU-2024:10635-1 aspell-0.60.8-4.2 on GA media
These are all security issues fixed in the aspell-0.60.8-4.2 package on the GA media of openSUSE Tumbleweed...
RHEL 7 : aspell (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...
RHEL 8 : aspell (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...
Advisory ROSA-SA-2024-2425
software: aspell 0.60.8 WASP: ROSA-CHROME packageevrstring: aspell-0.60.8-3 CVE-ID: CVE-2019-25051 BDU-ID: None CVE-Crit: N/A CVE-DESC.: objstack in GNU Aspell has a heap buffer overflow in acommon::ObjStack::duptop CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update aspell...
RHEL 7 : aspell (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - aspell: Heap-buffer-overflow in acommon::ObjStack::duptop CVE-2019-25051 Note that Nessus has not tested for this...
RHEL 6 : aspell (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...
GNU Aspell: Heap Buffer Overflow
Background GNU Aspell is a popular spell-checker. Dictionaries are available for many languages. Description Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details. Impact GNU Aspell has a heap-based buffer overflow in...
GLSA-202402-31 : GNU Aspell: Heap Buffer Overflow
The remote host is affected by the vulnerability described in GLSA-202402-31 GNU Aspell: Heap Buffer Overflow - objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist. CVE-2019-25051 Note that...
Medium: aspell
Issue Overview: objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist. CVE-2019-25051 Affected Packages: aspell Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...
Advisory ROSA-SA-2023-2199
Software: aspell 0.60.6.1 OS: ROSA Virtualization 2.1 packageevrstring: aspell-0.60.6.1.1-21.rv3.1.src.rpm CVE-ID: CVE-2019-17544 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer that is reloaded in acommon::unescape in common/getdata.cpp...
SUSE CVE-2019-17544
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...
SUSE CVE-2019-20433
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...
SUSE CVE-2019-25051
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist...
OESA-2023-1059 git security update
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...
AZL-13025 CVE-2022-41953 affecting package git for versions less than 2.33.8-2
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...