Lucene search
+L

109 matches found

OSV
OSV
added 2020/12/21 12:0 p.m.24 views

RUSTSEC-2020-0105 Update unsound DrainFilter and RString::retain

Affected versions of this crate contained code from the Rust standard library that contained soundness bugs rust-lang/rust60977 double drop & rust-lang/rust78498 create invalid utf-8 string. The flaw was corrected in v0.9.1 by making a similar fix to the one made in the Rust standard library...

7.5CVSS7.4AI score0.01413EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/27 12:0 a.m.25 views

FreeBSD : pango -- buffer overflow (456375e1-cd09-11ea-9172-4c72b94353b5)

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is : The heap based buffer overflow can be used to get code execution. The component is : function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

9.8CVSS8.3AI score0.06274EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/04/26 12:0 a.m.31 views

Debian: Security Advisory (DLA-2185-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.18862EPSS
Exploits4References3
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.35 views

Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2019-1644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.9AI score0.028EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/11/13 9:15 p.m.28 views

CVE-2010-4657

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output...

7.5CVSS7.1AI score0.01541EPSS
Exploits0References1
CVE
CVE
added 2019/11/13 8:6 p.m.206 views

CVE-2010-4657

CVE-2010-4657 affects PHP5 prior to 5.4.4. The flaw allows passing invalid UTF-8 strings to xmlTextWriterWriteAttribute, which are misparsed by libxml2, causing a memory leak in the produced output. The vulnerability is triggered through the attribute-writing path and is not described as exploita...

7.5CVSS7.4AI score0.01541EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/08/02 3:15 p.m.5 views

ALPINE-CVE-2019-14235

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...

7.5CVSS6.9AI score0.03073EPSS
Exploits0References1
OSV
OSV
added 2019/07/19 5:15 p.m.17 views

CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

9.8CVSS7.5AI score
Exploits0References14
Prion
Prion
added 2019/07/19 5:15 p.m.21 views

Heap overflow

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

7.5CVSS9.7AI score0.06274EPSS
Exploits1References14Affected Software13
Cvelist
Cvelist
added 2019/07/19 4:42 p.m.35 views

CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

9.8AI score0.06274EPSS
Exploits1References14
UbuntuCve
UbuntuCve
added 2019/07/19 12:0 a.m.17 views

CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

9.8CVSS7.4AI score0.06274EPSS
Exploits1References3
OSV
OSV
added 2019/05/02 2:24 p.m.7 views

OPENSUSE-SU-2019:1312-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Security issue fixed: - CVE-2019-10691: Fixed a denial of service via reachable assertion when processing invalid UTF-8 characters bsc1132501. This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.8AI score0.028EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2019/05/02 12:0 a.m.103 views

Security update for dovecot23 (important)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2019:1312-1 Rating: important References: 1132501 Cross-References: CVE-2019-10691 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

7.5CVSS7.5AI score0.028EPSS
Exploits0References1
NVD
NVD
added 2019/04/24 5:29 p.m.26 views

CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

7.5CVSS7.8AI score0.028EPSS
Exploits0References5
OSV
OSV
added 2019/04/23 4:43 p.m.5 views

SUSE-SU-2019:0997-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Security issue fixed: - CVE-2019-10691: Fixed a denial of service via reachable assertion when processing invalid UTF-8 characters bsc1132501...

7.5CVSS7.4AI score0.028EPSS
Exploits0References3
OSV
OSV
added 2019/04/18 9:0 a.m.6 views

UBUNTU-CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

7.5CVSS7.2AI score0.028EPSS
Exploits0References4
OSV
OSV
added 2018/06/05 8:29 p.m.16 views

CVE-2017-7653

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...

5.3CVSS6.4AI score
Exploits0References5
NVD
NVD
added 2018/06/05 8:29 p.m.22 views

CVE-2017-7653

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...

5.3CVSS5.5AI score0.01467EPSS
Exploits0References5
Veracode
Veracode
added 2017/01/31 2:23 a.m.30 views

Denial Of Service (DoS)

libidn is vulnerable to denial of service DoS attacks. The vulnerability exists because it does not properly handle if a user inputs invalid UTF-8 data...

7.5CVSS7.1AI score0.0391EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2016/09/12 10:3 a.m.9 views

SUSE-SU-2016:2291-1 Security update for libidn

This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input bsc990189 - CVE-2016-6261: Out-of-bounds stack read in idnatoascii4i bsc990190 - CVE-2016-6263: stringpreputf8nfkcnormalize reject invalid UTF-8 bsc990191 -...

7.5CVSS7.6AI score0.06721EPSS
Exploits0References10
Rows per page
Query Builder