47 matches found
gnupg: denial of service
By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow. The bug is not easy to exploit because there only 80 possible values which can be used to overwrite memory. However, a denial of service is possible and someone may come up with other...
Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities)
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-0455Soroush Dalili discovered that a cross-site scripting countermeasure related to JavaScript URLs could be bypassed. CVE-2012-0456Atte Kettunen discovered an out of bounds read in t...
krb5: ASN.1 decoder can free uninitialized pointer when decoding an invalid encoding (MITKRB5-SA-2009-002)
The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...
CVE-2007-4841
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a 1 mailto, 2 nntp, 3 news, or 4 snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7...
CVE-2007-4841
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a 1 mailto, 2 nntp, 3 news, or 4 snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7...
PT-2003-1008 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.6 through 0.9.7a Description: The issue concerns multiple vulnerabilities in the OpenSSL package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilitie...
PT-2003-1621 · Ethereal · Ethereal
Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.12 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, by providing an invalid ASN.1 value to the SPNEGO dissector. Recommendations: For Ethereal versions 0.9.12...