8491 matches found
CVE-2020-27523
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screenkey, displayname, browsername, and operationsystem parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of...
Format string
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screenkey, displayname, browsername, and operationsystem parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of...
CVE-2020-27523
CVE-2020-27523 affects Solstice-Pod (up to 5.0.2) WEBRTC server. The vulnerability arises from mishandling format-string specifiers (%x; %p; %c; %s) in authentication parameters (screen_key, display_name, browser_name, operation_system), which can crash the server and trigger a reboot, resulting ...
CVE-2020-27524
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version N+RCNAUP0395 mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services...
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2020-2394)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : rsyslog (EulerOS-SA-2020-2394)
According to the version of the rsyslog packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string...
EulerOS 2.0 SP2 : php (EulerOS-SA-2020-2384)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, o...
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
This update for tensorflow2 fixes the following issues : - updated to 2.1.2 with following fixes boo1177022 : - Fixes an undefined behavior causing a segfault in tf.rawops.Switch CVE-2020-15190 - Fixes three vulnerabilities in conversion to DLPack format CVE-2020-15191, CVE-2020-15192,...
Security update for tensorflow2 (moderate)
openSUSE Security Update: Security update for tensorflow2 Announcement ID: openSUSE-SU-2020:1766-1 Rating: moderate References: 1173314 1175099 1175789 1177022 Cross-References: CVE-2020-15190 CVE-2020-15191 CVE-2020-15192 CVE-2020-15193 CVE-2020-15194 CVE-2020-15195 CVE-2020-15202 CVE-2020-15203...
CVE-2020-27853
Wire before 2020-10-16 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a format string. This affects Wire AVS Audio, Video, and Signaling 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, an...
CVE-2020-27853
Wire before 2020-10-16 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a format string. This affects Wire AVS Audio, Video, and Signaling 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, an...
CVE-2020-27853
Wire before 2020-10-16 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a format string. This affects Wire AVS Audio, Video, and Signaling 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, an...
CVE-2020-27853
CVE-2020-27853 is a format-string vulnerability in Wire’s peerflow/sdp.c (sdp_media_set_lattr). It affects Wire AVS 5.3–6.x before 6.4 and Wire Secure Messenger apps on Android/iOS (before the listed versions). Remote attackers could cause a denial of service (crash) or execute arbitrary code; im...
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2020-2138)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Format String Attack
tensorflow is vulnerable to format string attacks. The vulnerability exists as the fill argument of tf.strings.asstring reaches a printf call without sanitization...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2020-54472)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Tensorflow versions prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1, which can be exploited by an attacker to trigger a format string vulnerability...
EulerOS 2.0 SP3 : rsyslog (EulerOS-SA-2020-2138)
According to the version of the rsyslog packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string...
CVE-2020-15203
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...
CVE-2020-15203
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...
PYSEC-2020-318
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...