89 matches found
USN-4009-2: PHP vulnerabilities
USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP t...
USN-4009-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2019-11036 It was discovered that PHP incorrectly decoding certain MIME headers...
UBUNTU-CVE-2019-11039
Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash...
CVE-2019-11039
Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash...
Cisco Email Security Appliance Security Bypass Vulnerability (CNVD-2017-36396)
The Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system used in it.Multipurpose Internet Mail Extensions MIME AsyncOS Software is the operating system used in it. Multipurpose Internet Mail Extensions MIME scanner is on...
Cisco Email Security Appliance Attachment Filter Bypass Vulnerability
The Cisco Email Security Appliance is a suite of email security appliances.Cisco Content Security Management is a unified email and Web security management solution. An email scanning vulnerability exists in the Cisco AsyncOS Software in the Cisco Email Security Appliance ESA appliance that stems...
Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. SPDX-FileCopyrightText: 2016 Greenbone A...
Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. SPDX-FileCopyrightText: 2016 Greenbone A...
CVE-2016-6372
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering...
Design/Logic Flaw
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering...
Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability
A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering functionality of the...
Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look...
openSUSE Security Update : openssl (openSUSE-SU-2012:0414-1)
Specially crafted MIME headers could crash openssl's ASN.1 parser %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-174. The text description of this plugin is C SUSE LLC...
Request Tracker 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities
According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 3.8.x prior to 3.8.17 or version 4.x prior to 4.0.13. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists that allows a...
SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)
The following security issues have been fixed : - Specially crafted MIME headers could cause openssl's ans1 parser to dereference a NULL pointer leading to a Denial of Service CVE-2006-7250 or fail verfication. CVE-2012-1165 - The implementation of Cryptographic Message Syntax CMS and PKCS 7 in...
openssl security and bug fix update
1.0.0-20.3 - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS7 code 802725 - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers 802489...
Debian Security Advisory DSA 081-1 (w3m, w3m-ssl)
The remote host is missing an update to w3m, w3m-ssl announced via advisory DSA 081-1. OpenVAS Vulnerability Test $Id: deb0811.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 081-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 081-1 (w3m, w3m-ssl)
The remote host is missing an update to w3m, w3m-ssl announced via advisory DSA 081-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
ClamAV: Denial of service
Background ClamAV is a GPL virus scanner. Description An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the "id" parameter string used to create local files when parsing MIME headers. Impact A remote attacker can send...
GLSA-200703-03 : ClamAV: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200703-03 ClamAV: Denial of Service An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the 'id' parameter string used to create local files when parsing MI...