Page 114 of 1677 results (0.019 seconds)

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2017-15705 – spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service

https://notcve.org/view.php?id=CVE-2017-15705

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html http://www.securityfocus.com/bid/105347 https://access.redhat.com/errata/RHSA-2018:2916 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html https://security.gentoo.org/glsa/201812-07 https://usn.ubuntu.com/3811-1 https://usn.ubuntu.com/3811-2 https://access.redhat.com/security/cve/CVE& • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-11781 – spamassassin: Local user code injection in the meta rule syntax

https://notcve.org/view.php?id=CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Apache SpamAssassin 3.4.2 soluciona una inyección de código de usuario local en la sintaxis de reglas meta. A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html https://access.redhat.com/errata/RHSA-2018:2916 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html https://security.gentoo.org/glsa/201812-07 https://usn.ubuntu.com/3811-1 https://usn.ubuntu.com/3811-3 https://access.redhat.com/security/cve/CVE-2018-11781 https://bugzilla.redhat.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0

CVE-2018-11780

https://notcve.org/view.php?id=CVE-2018-11780

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. Existe un error potencial de ejecución remota de código en el plugin PDFInfo en Apache SpamAssassin en versiones anteriores a la 3.4.2. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html http://www.securityfocus.com/bid/105373 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html https://security.gentoo.org/glsa/201812-07 https://usn.ubuntu.com/3811-1 https://usn.ubuntu.com/3811-3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-17100 – libtiff: Integer overflow in multiply_ms in tools/ppm2tiff.c

https://notcve.org/view.php?id=CVE-2018-17100

An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. Se ha descubierto un problema en LibTIFF 4.0.9. Hay un desbordamiento de int32 en multiply_ms en tools ppm2tiff.c que puede provocar una denegación de servicio (cierre inesperado) o, posiblemente, otro tipo de impacto sin especificar mediante un archivo de imagen manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2810 https://access.redhat.com/errata/RHSA-2019:2053 https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2020/dsa-4670 https://access.redhat.com/security/cve/CVE-2018-17100 https://bugzilla.redhat.com/show_bug.cgi?id=16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2018-17101 – libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c

https://notcve.org/view.php?id=CVE-2018-17101

An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. Se ha descubierto un problema en LibTIFF 4.0.9. Hay dos escrituras fuera de límites en cpTags en tools tiff2bw.c y tools pal2rgb.c que pueden provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar mediante un archivo de imagen manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2807 http://www.securityfocus.com/bid/105370 https://access.redhat.com/errata/RHSA-2019:2053 https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577 https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2018/dsa-4349 https://access.redhat.com/security/cve/CVE-2018-17101 https:&#x • CWE-787: Out-of-bounds Write •