Format string

Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of servic...

CVE-2016-6901

CVE-2016-6901 is a Huawei format-string vulnerability affecting AR100/120/150/200/500/550/1200/2200/2500/3200/3600 routers and NetEngine 16EX with software before V200R007C00SPC900. It allows remote authenticated users to cause a denial of service via format specifiers when processing partial com...

CVE-2016-6901

Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of servic...

CVE-2016-5169

Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

Format string

Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2016-5169

Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2016-5169

CVE-2016-5169 is a format-string vulnerability in Google Chrome OS up to version 53.0.2785.103, allowing remote attackers to cause a denial of service or possibly other impact via unknown vectors. The referenced Chrome OS security update (Stable Channel 53.0.2785.103) addresses this issue. Affect...

CVE-2016-5169

Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

Dropbear SSH Server < 2016.72 Multiple Vulnerabilities

According to its self-reported version in its banner, Dropbear SSH running on the remote host is prior to 2016.74. It is, therefore, affected by the following vulnerabilities : - A format string flaw exists due to improper handling of string format specifiers e.g., %s and %x in usernames and host...

Dropbear SSH Format String Vulnerability

Dropbear is a relatively small SSH server and client. Dropbear SSH suffers from a format string vulnerability that allows an attacker to execute arbitrary code within the context of the application...

Updated dropbear packages fix security vulnerability

Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host...

MGASA-2016-0301 Updated dropbear packages fix security vulnerability

Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host...

Google Chrome OS Remote Formatting String Vulnerability

Google Chrome OS is a fast, lightweight, open source web-based operating system. A format string handling vulnerability exists in Google Chrome OS that allows remote attackers to submit a special request that can be exploited to crash an application or execute arbitrary code...

H2O HTTP Server < 2.0.4, 2.1.x < 2.1.0-beta3 Format String Vulnerability

H2O HTTP Server is prone to a format string vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:h2oproject:h2o"; if...

JVN#94779084: H2O use of externally-controlled format string

H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Impact An unauthenticated remote attacker may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the drivers/thermal/qpnp-adc-tm.c file in Qualcomm’s Android operating system is related to a format string vulnerability. Exploiting this vulnerability could allow an attacker, operating remotely, to enhance their privileges through a specially created application that...

SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1)

This update for libxml2 fixes the following security issues : - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c bsc963963, bsc965283, bsc981114. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings...

FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)

Daniel Veillard reports : More format string warnings with possible format string vulnerability David Kilzer Avoid building recursive entities Daniel Veillard Heap-based buffer overread in htmlCurrentChar Pranjal Jumde Heap-based buffer-underreads due to xmlParseName David Kilzer Heap...

Remote Formatting String Vulnerability in Multiple Huawei Products

Huawei AR 120 and others are AR series enterprise router products from Huawei China. A remote format string vulnerability exists in multiple Huawei products. A remote attacker could exploit this vulnerability to cause a denial of service...

Google Chrome < 52.0.2743.82 Multiple Vulnerabilites

Binary data 9480.pasl...