109 matches found
RUSTSEC-2020-0105 Update unsound DrainFilter and RString::retain
Affected versions of this crate contained code from the Rust standard library that contained soundness bugs rust-lang/rust60977 double drop & rust-lang/rust78498 create invalid utf-8 string. The flaw was corrected in v0.9.1 by making a similar fix to the one made in the Rust standard library...
FreeBSD : pango -- buffer overflow (456375e1-cd09-11ea-9172-4c72b94353b5)
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is : The heap based buffer overflow can be used to get code execution. The component is : function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
Debian: Security Advisory (DLA-2185-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2019-1644)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output...
CVE-2010-4657
CVE-2010-4657 affects PHP5 prior to 5.4.4. The flaw allows passing invalid UTF-8 strings to xmlTextWriterWriteAttribute, which are misparsed by libxml2, causing a memory leak in the produced output. The vulnerability is triggered through the attribute-writing path and is not described as exploita...
ALPINE-CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
Heap overflow
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
OPENSUSE-SU-2019:1312-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Security issue fixed: - CVE-2019-10691: Fixed a denial of service via reachable assertion when processing invalid UTF-8 characters bsc1132501. This update was imported from the SUSE:SLE-15:Update update project...
Security update for dovecot23 (important)
openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2019:1312-1 Rating: important References: 1132501 Cross-References: CVE-2019-10691 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...
CVE-2019-10691
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...
SUSE-SU-2019:0997-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Security issue fixed: - CVE-2019-10691: Fixed a denial of service via reachable assertion when processing invalid UTF-8 characters bsc1132501...
UBUNTU-CVE-2019-10691
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...
CVE-2017-7653
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...
CVE-2017-7653
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...
Denial Of Service (DoS)
libidn is vulnerable to denial of service DoS attacks. The vulnerability exists because it does not properly handle if a user inputs invalid UTF-8 data...
SUSE-SU-2016:2291-1 Security update for libidn
This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input bsc990189 - CVE-2016-6261: Out-of-bounds stack read in idnatoascii4i bsc990190 - CVE-2016-6263: stringpreputf8nfkcnormalize reject invalid UTF-8 bsc990191 -...