Lucene search
K

89 matches found

Ubuntu
Ubuntu
added 2019/06/05 5:11 p.m.274 views

USN-4009-2: PHP vulnerabilities

USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP t...

9.1CVSS7.6AI score0.04068EPSS
Exploits2
Ubuntu
Ubuntu
added 2019/06/05 3:2 p.m.279 views

USN-4009-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2019-11036 It was discovered that PHP incorrectly decoding certain MIME headers...

9.1CVSS7AI score0.07031EPSS
Exploits2
OSV
OSV
added 2019/06/03 12:0 a.m.4 views

UBUNTU-CVE-2019-11039

Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash...

9.1CVSS6.3AI score0.0313EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2019/06/03 12:0 a.m.43 views

CVE-2019-11039

Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash...

9.1CVSS6.4AI score0.0313EPSS
Exploits1References3
CNVD
CNVD
added 2017/12/04 12:0 a.m.4 views

Cisco Email Security Appliance Security Bypass Vulnerability (CNVD-2017-36396)

The Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system used in it.Multipurpose Internet Mail Extensions MIME AsyncOS Software is the operating system used in it. Multipurpose Internet Mail Extensions MIME scanner is on...

5.8CVSS6.8AI score0.01638EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/15 12:0 a.m.3 views

Cisco Email Security Appliance Attachment Filter Bypass Vulnerability

The Cisco Email Security Appliance is a suite of email security appliances.Cisco Content Security Management is a unified email and Web security management solution. An email scanning vulnerability exists in the Cisco AsyncOS Software in the Cisco Email Security Appliance ESA appliance that stems...

7.5CVSS7.2AI score0.01957EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/11/17 12:0 a.m.24 views

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. SPDX-FileCopyrightText: 2016 Greenbone A...

5.3CVSS5.5AI score0.02012EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/11/17 12:0 a.m.29 views

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. SPDX-FileCopyrightText: 2016 Greenbone A...

5.3CVSS5.5AI score0.0113EPSS
Exploits0References1
NVD
NVD
added 2016/10/28 10:59 a.m.21 views

CVE-2016-6372

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering...

7.5CVSS7.7AI score0.01634EPSS
Exploits0References4
Prion
Prion
added 2016/10/28 10:59 a.m.17 views

Design/Logic Flaw

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering...

5CVSS7.4AI score0.01634EPSS
Exploits0References4Affected Software3
Cisco
Cisco
added 2016/10/26 4:0 p.m.39 views

Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability

A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering functionality of the...

5CVSS7.7AI score0.01634EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.41 views

openSUSE Security Update : openssl (openSUSE-SU-2012:0414-1)

Specially crafted MIME headers could crash openssl's ASN.1 parser %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-174. The text description of this plugin is C SUSE LLC...

5CVSS8.7AI score0.06989EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/07/22 12:0 a.m.43 views

Request Tracker 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities

According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 3.8.x prior to 3.8.17 or version 4.x prior to 4.0.13. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists that allows a...

6.8CVSS7.8AI score0.02428EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2012/04/11 12:0 a.m.53 views

SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)

The following security issues have been fixed : - Specially crafted MIME headers could cause openssl's ans1 parser to dereference a NULL pointer leading to a Denial of Service CVE-2006-7250 or fail verfication. CVE-2012-1165 - The implementation of Cryptographic Message Syntax CMS and PKCS 7 in...

5CVSS8AI score0.13075EPSS
Exploits0References11
Oracle linux
Oracle linux
added 2012/03/27 12:0 a.m.55 views

openssl security and bug fix update

1.0.0-20.3 - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS7 code 802725 - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers 802489...

5CVSS0.7AI score0.13075EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.24 views

Debian Security Advisory DSA 081-1 (w3m, w3m-ssl)

The remote host is missing an update to w3m, w3m-ssl announced via advisory DSA 081-1. OpenVAS Vulnerability Test $Id: deb0811.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 081-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

7.5CVSS1.3AI score0.12628EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.14 views

Debian Security Advisory DSA 081-1 (w3m, w3m-ssl)

The remote host is missing an update to w3m, w3m-ssl announced via advisory DSA 081-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.5CVSS7.2AI score0.12628EPSS
Exploits1References1
Gentoo Linux
Gentoo Linux
added 2007/03/02 12:0 a.m.40 views

ClamAV: Denial of service

Background ClamAV is a GPL virus scanner. Description An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the "id" parameter string used to create local files when parsing MIME headers. Impact A remote attacker can send...

7.5CVSS8.9AI score0.03758EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/03/02 12:0 a.m.28 views

GLSA-200703-03 : ClamAV: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200703-03 ClamAV: Denial of Service An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the 'id' parameter string used to create local files when parsing MI...

7.5CVSS8AI score0.03758EPSS
Exploits0References3
Rows per page
Query Builder