The vulnerability of the Thunderbird email client, related to errors in processing Unicode characters in the message header, allows a hacker to forge the sender’s email address.

The vulnerability of the Thunderbird email client is related to errors in processing Unicode characters in the message header. Exploiting this vulnerability allows a malicious actor to forge the sender’s email address displayed by Thunderbird...

CVE-2019-14119

u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

Puppet Enterprise 2015.x < 2016.4.0 Denial of Service Vulnerability

According to its self-reported version number, the Puppet install running on the remote host is version 5.5.x prior to 2017.2.2. It is, therefore, affected by a denial of service DoS vulnerability which exists in the puppet communications protocol broker due to incorrect validation of message...

Description of the security update for Outlook 2016: January 8, 2019

Description of the security update for Outlook 2016: January 8, 2019 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Outlook improperly handles certain types of messages. To learn more about the information disclosure vulnerability, see...

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:3434-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2017:3433-1 Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

OPENSUSE-SU-2017:3434-1 Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

Fedora 26 : 1:dovecot (2017-e8b639c286)

quota: Add plugin quotamaxmailsize setting to limit the maximum individual mail size that can be saved. + imapc: Add imapcfeatures=delay-login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapcconnectionretrycount and imapcconnectionretryinterval...

CVE-2016-9686

The Puppet Communications Protocol PCP Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2...

Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by...

CVE-2013-7299

framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests...

Rockwell RNA Message Header Not Null Terminated

...

Debian: Security Advisory (DSA-2252-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 10.10 / 11.04 : dovecot vulnerability (USN-1143-1)

It was discovered that the message header parser in Dovecot did not properly handle '\0' characters in header names. This could allow a remote attacker to cause a denial of service through a crafted email message by crashing the Dovecot daemon or corrupting mailboxes. Note that Tenable Network...

Fedora 14 : mutt-1.5.21-5.fc14 (2011-7751)

This is an update that fixes a hostname verification of x.509 certificates and a segmentation fault during reading message headers. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

Ubuntu Update for dovecot USN-1143-1

Ubuntu Update for Linux kernel vulnerabilities USN-1143-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11431.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for dovecot USN-1143-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

USN-1143-1: Dovecot vulnerability

It was discovered that the message header parser in Dovecot did not properly handle '\0' characters in header names. This could allow a remote attacker to cause a denial of service through a crafted email message by crashing the Dovecot daemon or corrupting mailboxes...

ecshop the latest storm path oday-vulnerability warning-the black bar safety net

Brief description: /affiche.php,php5 environmental error exposure program path, php4 environment to display the written information Detailed description: the charset parameter is not to do rigorous filtration result in an http message header truncated written Vulnerability to prove:...

Code injection

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...