224 matches found
CVE-2020-1979
A format string vulnerability in the PAN-OS log daemon logd on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affect...
DEBIAN-CVE-2014-6262
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...
libpoe-component-irc-perl Formatting String Error Vulnerability
libpoe-component-irc-perl is an event-driven Perl IRC client module. A format string error vulnerability exists in versions of libpoe-component-irc-perl prior to 6.32, which can be exploited to execute arbitrary commands on a system by sending specially crafted IRC commands...
The vulnerability of the tcp_emu component of the hardware emulation software QEMU allows a hacker to disclose protected information.
The vulnerability of the tcpemu component slirp/tcpsubr.c of the QEMU hardware emulation software is related to incorrect initialization of data in calls to snprintf. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...
Sensitive Information Disclosure
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload UFO feature was enabled. A remot...
Privilege Escalation
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...
Privilege Escalation
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...
Information Disclosure
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...
Information Disclosure
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...
Arbitrary Code Execution
Red Hat Certificate System RHCS is an enterprise software system designed to manage enterprise Public Key Infrastructure PKI deployments. The Token Processing System TPS is a PKI subsystem that acts as a Registration Authority RA for authenticating and processing enrollment requests, PIN reset...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Arbitrary Code Execution
openjdk is vulnerable to arbitrary code execution attacks. The vulnerability exists as a format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute...
PHP 7.0.x < 7.0.1 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.1. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in the collatorsortwithsortkeys function due to improper clearing of pointers when destroying an array. An...
CVE-2017-7519
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library...
UBUNTU-CVE-2017-7519
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library...
CVE-2017-7519
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library...
DEBIAN-CVE-2017-7519
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library...
CVE-2017-7519
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library...
IBM DB2 Privilege Mobilization Vulnerability
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A format string vulnerability exists in IBM DB2 including DB2 Connect Server on Linux, UNIX, and...
CVE-2018-12590
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...