23 matches found
SUSE CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
Linux Distros Unpatched Vulnerability : CVE-2025-59028
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 da...
EUVD-2025-209088
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
ALPINE-CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
UBUNTU-CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
Linux Distros Unpatched Vulnerability : CVE-2019-3804
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated...
SUSE CVE-2012-2665
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text .odt file with 1 a child tag within...
cockpit: Crash when parsing invalid base64 headers
It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash...
CentOS 7 : cockpit (CESA-2019:0482)
An update for cockpit is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
php: wddx_deserialize null dereference
The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...
CVE-2016-7130
The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...
CVE-2016-7130
The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...
UBUNTU-CVE-2016-7130
The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...
CVE-2016-7130
The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...
USN-1667-1: bogofilter vulnerability
Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code...
Buffer overflow
Multiple buffer underflows in the base64 decoder in base64.c in 1 bogofilter and 2 bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service heap memory corruption and application crash via an e-mail message with invalid base64 data that begins with an = equals...
CVE-2010-2494
Multiple buffer underflows in the base64 decoder in base64.c in 1 bogofilter and 2 bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service heap memory corruption and application crash via an e-mail message with invalid base64 data that begins with an = equals...
(seamonkey): DOS/arbitrary code execution vuln with vcards
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service hang and possibly execute arbitrary code via a VCard that contains invalid base64 characters...
CVE-2006-2781
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service hang and possibly execute arbitrary code via a VCard that contains invalid base64 characters...