Lucene search
K

127 matches found

RedHat Linux
RedHat Linux
added 2019/02/04 8:45 p.m.7 views

libical: Multiple use-after-free vulnerabilities

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...

5.5CVSS7.4AI score0.02106EPSS
Exploits0References5
Mozilla
Mozilla
added 2019/01/29 12:0 a.m.103 views

Security vulnerabilities fixed in Thunderbird 60.5 — Mozilla

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. An earlier fix for an Inter-process Communication IPC vulnerability,...

10CVSS8.8AI score0.12658EPSS
Exploits1References7Affected Software1
Cent OS
Cent OS
added 2018/11/15 6:43 p.m.809 views

PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update

CentOS Errata and Security Advisory CESA-2018:3140 An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7AI score0.13207EPSS
Exploits19References7
Veracode
Veracode
added 2018/04/11 7:58 a.m.11 views

Denial Of Service (DoS)

libical is vulnerable to denial of service DoS attacks. The vulnerability exists as the icalparser failed to check if the value type is valid before parsing it, causing a denial of service DoS attack when parsing a malicious ics file...

6.4AI score
Exploits0
Veracode
Veracode
added 2018/04/11 7:52 a.m.10 views

Use-After-Free (UAF)

libical is vulnerable to use-after-free UAF attacks. The vulnerability exists in the fetchlatlongfromstring function of icaltimezone.c due to a heap-based use-after-free UAF issue...

6.6AI score
Exploits0
OpenVAS
OpenVAS
added 2018/01/24 12:0 a.m.23 views

Debian: Security Advisory (DLA-959-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.6AI score0.02106EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/01/18 12:0 a.m.32 views

SUSE SLES11 Security Update : Recommended update for libical (SUSE-SU-2018:0119-1)

This update for libical fixes the following issues: Security issues fixed : - CVE-2016-5823: The icalpropertynewclone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bnc986632 - CVE-2016-5824: libical 1.0 allows remote...

9.1CVSS7.2AI score0.03069EPSS
Exploits0References20
OSV
OSV
added 2018/01/17 10:52 a.m.12 views

SUSE-SU-2018:0119-1 Recommended update for libical

This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalpropertynewclone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bnc986632 - CVE-2016-5824: libical 1.0 allows remote...

9.1CVSS6.3AI score0.03069EPSS
Exploits0References14
Mageia
Mageia
added 2018/01/02 4:25 p.m.38 views

Updated libical packages fix security vulnerability

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file CVE-2016-5824. The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the...

9.1CVSS5AI score0.03069EPSS
Exploits0References2
OSV
OSV
added 2018/01/02 4:25 p.m.6 views

MGASA-2018-0021 Updated libical packages fix security vulnerability

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file CVE-2016-5824. The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the...

9.1CVSS6.8AI score0.03069EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/07/31 12:0 a.m.27 views

openSUSE Security Update : libical (openSUSE-2017-869)

This update for libical fixes the following issues : Security issues fixed : - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bsc986639 - CVE-2016-5827: The icaltimefromstring function in libical 0.47 and 1.0 allows remote...

9.1CVSS7.2AI score0.03069EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2017/07/31 12:0 a.m.28 views

SUSE SLED12 / SLES12 Security Update : libical (SUSE-SU-2017:1989-1)

This update for libical fixes the following issues: Security issues fixed : - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bsc986639 - CVE-2016-5827: The icaltimefromstring function in libical 0.47 and 1.0 allows remote...

9.1CVSS7.2AI score0.03069EPSS
Exploits0References11
OSV
OSV
added 2017/07/28 8:44 a.m.6 views

SUSE-SU-2017:1989-1 Security update for libical

This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bsc986639 - CVE-2016-5827: The icaltimefromstring function in libical 0.47 and 1.0 allows remote...

9.1CVSS6.9AI score0.03069EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2017/05/30 12:0 a.m.36 views

Debian DLA-959-1 : libical security update

It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a specially crafted .ICS file. For Debian 7 'Wheezy', this issue has been fixed in libical version 0.48-2+deb7u1. We...

9.1CVSS7.2AI score0.02106EPSS
Exploits0References4
Debian
Debian
added 2017/05/28 6:2 p.m.39 views

[SECURITY] [DLA 959-1] libical security update

Package : libical Version : 0.48-2+deb7u1 CVE ID : CVE-2016-5824 CVE-2016-9584 Debian Bug : 860451, 852034 It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a special...

9.1CVSS7.5AI score0.02106EPSS
Exploits0
OSV
OSV
added 2017/05/28 12:0 a.m.28 views

DLA-959-1 libical - security update

Bulletin has no description...

9.1CVSS7.3AI score0.02106EPSS
Exploits0
CNVD
CNVD
added 2017/03/13 12:0 a.m.6 views

Libical Denial of Service Vulnerability (CNVD-2017-03333)

Libical is an open source implementation of the iCalendar protocol and protocol data unit . A denial of service vulnerability exists in the icalpropertynewclone function in Libical. A remote attacker can cause a denial of service reuse after release via a specially crafted ics file...

5.5CVSS6.9AI score0.01002EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/13 12:0 a.m.3 views

Libical heap overflow vulnerability (CNVD-2017-03332)

Libical is an open source implementation of the iCalendar protocol and protocol data unit . A heap overflow vulnerability exists in libical version 1.0. An attacker can cause a denial of service reuse after release via a specially crafted ics file...

5.5CVSS8.8AI score0.02106EPSS
Exploits0References1
Prion
Prion
added 2017/01/27 10:59 p.m.20 views

Design/Logic Flaw

The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the icalparserparsestring function...

5CVSS6.9AI score0.03069EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2017/01/27 10:59 p.m.28 views

CVE-2016-5827

The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the icalparserparsestring function...

7.5CVSS7.1AI score0.03069EPSS
Exploits0References2
Rows per page
Query Builder