Lucene search
K

194 matches found

CVE
CVE
added 2024/09/02 4:50 p.m.62 views

CVE-2024-45312

Summary: CVE-2024-45312 affects Overleaf Community Edition and Server Pro before 5.0.7 (or 4.x before 4.2.7). The issue lets an arbitrary language parameter in client spelling requests reach the server’s aspell process, causing it to load a dictionary file with an arbitrary filename; access is li...

5.3CVSS5.3AI score0.00478EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/02 4:50 p.m.19 views

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...

5.3CVSS6.9AI score0.00478EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.11 views

PT-2024-31564 · Overleaf · Overleaf Server Pro +1

Name of the Vulnerable Software and Affected Versions: Overleaf Community Edition and Server Pro versions prior to 5.0.7 Overleaf Community Edition and Server Pro versions 4.x prior to 4.2.7 Description: Overleaf is a web-based collaborative LaTeX editor. The issue allows an arbitrary language...

5.3CVSS6.9AI score0.00478EPSS
Exploits0References9
OSV
OSV
added 2024/06/28 11:8 a.m.5 views

OESA-2024-1755 aspell security update

GNU Aspell is a spell checker intended to replace Ispell. It can be used as a library and spell checker. Its main feature is that it provides much better suggestions than other inspectors, including Ispell and Microsoft Word. It also has many other technical enhancements to Ispell, such as the us...

7.8CVSS7.4AI score0.00549EPSS
Exploits0References2
OSV
OSV
added 2024/06/28 11:8 a.m.5 views

OESA-2024-1754 aspell security update

GNU Aspell is a spell checker intended to replace Ispell. It can be used as a library and spell checker. Its main feature is that it provides much better suggestions than other inspectors, including Ispell and Microsoft Word. It also has many other technical enhancements to Ispell, such as the us...

7.8CVSS7.4AI score0.00549EPSS
Exploits0References2
OSV
OSV
added 2024/06/15 12:0 a.m.17 views

OPENSUSE-SU-2024:10635-1 aspell-0.60.8-4.2 on GA media

These are all security issues fixed in the aspell-0.60.8-4.2 package on the GA media of openSUSE Tumbleweed...

7.8CVSS7.8AI score0.00549EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 7 : aspell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...

9.1CVSS7.8AI score0.03259EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.22 views

RHEL 8 : aspell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...

9.1CVSS9.8AI score0.03259EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2024/05/28 8:24 a.m.36 views

Advisory ROSA-SA-2024-2425

software: aspell 0.60.8 WASP: ROSA-CHROME packageevrstring: aspell-0.60.8-3 CVE-ID: CVE-2019-25051 BDU-ID: None CVE-Crit: N/A CVE-DESC.: objstack in GNU Aspell has a heap buffer overflow in acommon::ObjStack::duptop CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update aspell...

7.8CVSS7.5AI score0.00549EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.29 views

RHEL 7 : aspell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - aspell: Heap-buffer-overflow in acommon::ObjStack::duptop CVE-2019-25051 Note that Nessus has not tested for this...

7.7AI score0.00549EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 6 : aspell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...

8.5AI score0.03259EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2024/02/26 12:0 a.m.31 views

GNU Aspell: Heap Buffer Overflow

Background GNU Aspell is a popular spell-checker. Dictionaries are available for many languages. Description Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details. Impact GNU Aspell has a heap-based buffer overflow in...

7.8CVSS7.8AI score0.00549EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.22 views

GLSA-202402-31 : GNU Aspell: Heap Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202402-31 GNU Aspell: Heap Buffer Overflow - objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist. CVE-2019-25051 Note that...

7.8CVSS7.6AI score0.00549EPSS
Exploits0References3
Amazon
Amazon
added 2023/08/07 12:0 a.m.20 views

Medium: aspell

Issue Overview: objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist. CVE-2019-25051 Affected Packages: aspell Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

7.8CVSS8.1AI score0.00549EPSS
Exploits0
Rosalinux
Rosalinux
added 2023/07/25 10:20 a.m.26 views

Advisory ROSA-SA-2023-2199

Software: aspell 0.60.6.1 OS: ROSA Virtualization 2.1 packageevrstring: aspell-0.60.6.1.1-21.rv3.1.src.rpm CVE-ID: CVE-2019-17544 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer that is reloaded in acommon::unescape in common/getdata.cpp...

9.1CVSS7.1AI score0.03259EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.4 views

SUSE CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...

3.3CVSS7.3AI score0.03259EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.4 views

SUSE CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

4CVSS7.2AI score0.01739EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2019-25051

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist...

7.8CVSS7.5AI score0.00549EPSS
Exploits0References11
OSV
OSV
added 2023/02/03 11:4 a.m.4 views

OESA-2023-1059 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

8.6CVSS6.7AI score0.06796EPSS
Exploits0References2
OSV
OSV
added 2023/01/17 10:15 p.m.11 views

AZL-13025 CVE-2022-41953 affecting package git for versions less than 2.33.8-2

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

7.8CVSS7.1AI score0.06796EPSS
Exploits0References1
Rows per page
Query Builder