CVE-2026-44048

A stack-based buffer overflow via UCS-2 type confusion in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service...

CVE-2026-44048

Netatalk 2.0.4–4.4.2 is affected by a stack-based buffer overflow due to UCS-2 type confusion in convert_charset(). Affected variants can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service; the issue is fixed in Netatalk 4.4.3. Debian notes the vulnerabil...

EUVD-2019-10981

Malware in sbrugna...

EUVD-2018-4093

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-12115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and...

RHEL 8 : aspell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...

RHEL 7 : aspell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...

RHEL 6 / 7 : rh-nodejs6-nodejs (RHSA-2018:2944)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2944 advisory. - nodejs: Out of bounds OOB write via UCS-2 encoding CVE-2018-12115 Note that Nessus has not tested for this issue but has instead relied only on...

Ubuntu 16.04 ESM / 18.04 ESM : Node.js vulnerabilities (USN-4796-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4796-1 advisory. Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An...

Advisory ROSA-SA-2021-1806

Software: aspell 0.60.6.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-20433 CVE-Crit: CRITICAL CVE-DESC: libaspell.a in GNU Aspell before 0.60.8 has a buffer reread for a string ending with one byte '\ 0' if the encoding is set to ucs-2 or ucs-4 outside the application. , as shown by the ASPELLCONF environme...

Denial Of Service (DoS)

Aspell is vulnerable to denial of service. A buffer over-read for a string ending with a single \0 when the encoding is set to ucs-2 or ucs-4 outside of the application results in an application crash...

SUSE SLES12 Security Update : aspell (SUSE-SU-2020:2807-1)

This update for aspell fixes the following security issue : CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding bsc1161982. Note that Tenable Network Security has extracted the preceding description block directly from the...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2018-12115

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...

Out-of-Bounds (OOB) Write

node is vulnerable to out-of-bounds OOB write. The library does not handle UCS-2 encoding properly, allowing a malicious user to write outside the bounds of the memory space of a Buffer...

RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2018:3537)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3537 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...