37 matches found
CVE-2018-5144
CVE-2018-5144 describes an integer overflow during Unicode text conversion caused by an unchecked length parameter. Affected products: Firefox ESR and Thunderbird (pre-52.7). Root cause: overflow during Unicode conversion. Impact: potential remote code execution or memory issues as implied by the...
GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 - Buffer Overflow Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Author: Gjoko 'LiquidWorm' Krstic Tested on: Ubuntu 16.04.4 Affected version: 0.99 Summary: GNU Barcode is a...
Memory out-of-bounds write vulnerability in WPS Text WordConvertDll module
WPS is an office software developed by Kingsoft Office Software. A memory out-of-bounds write vulnerability exists in the WPS text WordConvertDll module. The vulnerability is caused due to the program failing to validate the buffer length when the user uses the Traditional and Simplified Conversi...
DEBIAN-CVE-2016-5270
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to cause a denial of service boolean out-of-bounds write or possibly have unspecified other impact v...
Heap overflow
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to cause a denial of service boolean out-of-bounds write or possibly have unspecified other impact v...
CVE-2016-5270
CVE-2016-5270: Mozilla Firefox (and Thunderbird <45.4/Firefox ESR
CVE-2016-5270
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to cause a denial of service boolean out-of-bounds write or possibly have unspecified other impact v...
USN-3076-1 firefox vulnerabilities
Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy CSP directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash...
CVE-2016-5270
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to cause a denial of service boolean out-of-bounds write or possibly have unspecified other impact v...
Debian DSA-3452-1 : claws-mail - security update
'DrWhax' of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. %NASLMINLEVEL 70300 C Tenable Network...
Debian Security Advisory DSA 3452-1 (claws-mail - security update)
DrWhax of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. OpenVAS Vulnerability Test $Id: deb3452.nasl...
DSA-3452-1 claws-mail - security update
Bulletin has no description...
Debian DLA-383-1 : claws-mail security update
'DrWhax' of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. CVE-2015-8614 There were no checks on the...
[SECURITY] [DLA 383-1] claws-mail security update
Package : claws-mail Version : 3.7.6-4+squeeze2 CVE ID : CVE-2015-8614 CVE-2015-8708 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account...
DLA-383-1 claws-mail - security update
Bulletin has no description...
Updated ruby package fixes security vulnerability
Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...
RoundCube Webmail <= 0.2-3 beta Code Execution Vulnerability
No description provided by source. Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses "chuggnutt.com...