Lucene search
+L

155 matches found

Ubuntu
Ubuntu
added 2012/01/26 2:41 p.m.54 views

USN-1348-1: ICU vulnerability

It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program...

7.5CVSS8.3AI score0.08003EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/10/09 12:0 a.m.21 views

Ubuntu 8.04 LTS / 8.10 / 9.04 : icu vulnerability (USN-846-1)

It was discovered that ICU did not properly handle invalid byte sequences during Unicode conversion. If an application using ICU processed crafted data, content security mechanisms could be bypassed, potentially leading to cross-site scripting XSS attacks. Note that Tenable Network Security has...

4.3CVSS5.7AI score0.0368EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2009/10/08 6:17 p.m.59 views

USN-846-1: ICU vulnerability

It was discovered that ICU did not properly handle invalid byte sequences during Unicode conversion. If an application using ICU processed crafted data, content security mechanisms could be bypassed, potentially leading to cross-site scripting XSS attacks...

4.3CVSS6.1AI score0.0368EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/10/06 12:0 a.m.24 views

openSUSE 10 Security Update : icu (icu-6322)

icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting XSS attacks CVE-2009-0153. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

4.3CVSS5.8AI score0.0368EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.25 views

SuSE 10 Security Update : icu (ZYPP Patch Number 6422)

icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting XSS attacks. CVE-2009-0153 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...

4.3CVSS5.8AI score0.0368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/08/20 12:0 a.m.25 views

openSUSE Security Update : icu (icu-1028)

icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting XSS attacks CVE-2009-0153. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

4.3CVSS5.8AI score0.0368EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/06/30 12:0 a.m.15 views

RedHat Security Advisory RHSA-2009:1122

The remote host is missing updates announced in advisory RHSA-2009:1122. A flaw was found in the way ICU processed certain, invalid byte sequences during Unicode conversion. If an application used ICU to decode malformed, multibyte character data, it may have been possible to bypass certain conte...

4.3CVSS7.5AI score0.0368EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/06/30 12:0 a.m.18 views

RedHat Security Advisory RHSA-2009:1122

The remote host is missing updates announced in advisory RHSA-2009:1122. A flaw was found in the way ICU processed certain, invalid byte sequences during Unicode conversion. If an application used ICU to decode malformed, multibyte character data, it may have been possible to bypass certain conte...

4.3CVSS7.6AI score0.0368EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2009/06/25 2:6 p.m.38 views

Moderate: Red Hat Security Advisory: icu security update

Updated icu packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The International Components for Unicode ICU library provides robust and full-featured Unicode...

4.3CVSS6.3AI score0.0368EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/06/05 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-720-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.9AI score0.07371EPSS
Exploits8References2
Prion
Prion
added 2009/05/13 3:30 p.m.21 views

Cross site scripting

International Components for Unicode ICU 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences...

4.3CVSS5.8AI score0.0368EPSS
Exploits0References24Affected Software2
OSV
OSV
added 2009/05/13 3:30 p.m.9 views

CVE-2009-0153

International Components for Unicode ICU 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences...

5.4AI score
Exploits0References26
Debian CVE
Debian CVE
added 2009/05/13 3:14 p.m.24 views

CVE-2009-0153

International Components for Unicode ICU 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences...

4.3CVSS5.5AI score0.0368EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.38 views

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : php5 vulnerabilities (USN-720-1)

It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....

10CVSS7.7AI score0.07371EPSS
Exploits9References11
RedHat Linux
RedHat Linux
added 2009/04/06 4:45 p.m.6 views

php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...

10CVSS7.7AI score0.07371EPSS
Exploits2References4
Ubuntu
Ubuntu
added 2009/02/12 7:13 p.m.104 views

USN-720-1: PHP vulnerabilities

It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....

10CVSS7.7AI score0.07371EPSS
Exploits8
Prion
Prion
added 2008/12/23 6:30 p.m.30 views

Heap overflow

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...

10CVSS7.7AI score0.07371EPSS
Exploits2References29Affected Software1
CVE
CVE
added 2008/12/23 6:13 p.m.226 views

CVE-2008-5557

CVE-2008-5557 is a heap-based buffer overflow in PHP’s mbstring extension (mbfilter_htmlent.c) present in PHP 4.3.0–5.2.6. The issue arises during Unicode conversion and can allow a context-dependent attacker to execute arbitrary code via a crafted string containing an HTML entity, related to the...

10CVSS8.1AI score0.07371EPSS
Exploits2References29Affected Software1
UbuntuCve
UbuntuCve
added 2008/12/23 12:0 a.m.62 views

CVE-2008-5557

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...

10CVSS7.3AI score0.07371EPSS
Exploits2References3
Saint
Saint
added 2008/07/07 12:0 a.m.31 views

Orbit Downloader URL Unicode conversion buffer overflow

Added: 07/07/2008 CVE: CVE-2008-1602 BID: 28541 OSVDB: 44036 Background Orbit Downloader is a download manager supporting various protocols. Problem A buffer overflow vulnerability during Unicode conversion in the download failure notification message allows command execution when Orbit Downloade...

10CVSS6.8AI score0.6749EPSS
Exploits10
Rows per page
Query Builder