25 matches found
[SECURITY] [DLA 3152-1] glibc security update
Debian LTS Advisory DLA-3152-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne October 17, 2022 https://wiki.debian.org/LTS Package : glibc Version : 2.28-10+deb10u2 CVE ID : CVE-2016-10228 CVE-2019-19126 CVE-2019-25013 CVE-2020-1752 CVE-2020-6096 CVE-2020-10029...
[SECURITY] Fedora 36 Update: golang-github-axgle-mahonia-0-0.14.20181112git3358181.fc36
Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...
[SECURITY] Fedora 35 Update: golang-github-axgle-mahonia-0-0.13.20181112git3358181.fc35
Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...
CVE-2015-8708
Stack-based buffer overflow in the conveuctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614...
CVE-2015-8614
Multiple stack-based buffer overflows in the 1 convjistoeuc, 2 conveuctojis, and 3 convsjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion...
CVE-2015-8614
Multiple stack-based buffer overflows in the 1 convjistoeuc, 2 conveuctojis, and 3 convsjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion...
Stack overflow
Stack-based buffer overflow in the conveuctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614...
Stack overflow
Multiple stack-based buffer overflows in the 1 convjistoeuc, 2 conveuctojis, and 3 convsjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion...
CVE-2015-8614
Multiple stack-based buffer overflows in the 1 convjistoeuc, 2 conveuctojis, and 3 convsjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion...
CVE-2015-8614
Claws Mail (GTK-based email client) is affected by a stack-based buffer overflow in codeconv.c (conv_jistoeuc, conv_euctojis, conv_sjistoeuc) that can be triggered by a crafted email containing Japanese character set conversions. Affects versions before 3.13.1; CVE-2015-8708 notes this is an inco...
MGASA-2016-0008 Updated claws-mail packages fix security vulnerability
no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...
Memory corruption
The pushascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service memory corruption and daemon crash via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a...
CVE-2014-3493
The pushascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service memory corruption and daemon crash via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a...
Mandriva Linux Security Advisory : bogofilter (MDVSA-2013:064)
Updated bogofilter package fixes security vulnerability : In bogofilter before 1.2.3, bogofilter's/bogolexer's base64 could overwrite heap memory in the character set conversion in certain pathological cases of invalid base64 code that decodes to incomplete multibyte characters CVE-2012-5468...
Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)
Heap-based buffer overflow in the utf16toisolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a...
CVE-2012-1947
Heap-based buffer overflow in the utf16toisolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a...
CVE-2012-1947
Heap-based buffer overflow in the utf16toisolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a...
Heap overflow
Heap-based buffer overflow in the utf16toisolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a...
CVE-2012-1947
Heap-based buffer overflow in the utf16toisolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a...
Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)
Heap-based buffer overflow in the utf16toisolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a...