8512 matches found
CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
UBUNTU-CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
Format string
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4389
CVE-2013-4389 affecting Ruby on Rails Action Mailer 3.x (log_subscriber.rb) allows remote DoS via a crafted email address during log message construction. Connected advisories confirm the issue in rubygem-actionmailer-3.x/Action Mailer, with OpenSUSE noting a fix for the log_subscriber DoS vulner...
PT-2013-4991 · Ruby +1 · Ruby On Rails +1
Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 3.2.15 Description: The issue concerns multiple format string vulnerabilities in the log subscriber.rb files within the log subscriber component of Action Mailer in Ruby on Rails. These vulnerabilities can be...
Possible DoS Vulnerability
A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: "some string userinput" % somenumber...
CVE-2013-4389 rubygem-actionmailer: email address processing DoS
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
[SECURITY] [DSA 2771-1] nas security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2771-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 09, 2013 http://www.debian.org/security/faq -...
Debian DSA-2771-1 : nas - several vulnerabilities
Hamid Zamani discovered multiple security problems buffer overflows, format string vulnerabilities and missing input sanitising, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
[SECURITY] [DSA 2771-1] nas security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2771-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 09, 2013 http://www.debian.org/security/faq -...
DEBIAN-CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...
CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...
CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...
CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...
Format string
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...
CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...
CVE-2013-4258
CVE-2013-4258 affects Network Audio System (NAS) 1.9.3. A format string vulnerability in the osLogMsg function (server/os/aulog.c) can allow remote attackers to crash NAS or possibly execute arbitrary code via format specifiers related to syslog. Public advisories note multiple vulnerabilities in...
CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...