8515 matches found
CVE-2016-5169
CVE-2016-5169 is a format-string vulnerability in Google Chrome OS up to version 53.0.2785.103, allowing remote attackers to cause a denial of service or possibly other impact via unknown vectors. The referenced Chrome OS security update (Stable Channel 53.0.2785.103) addresses this issue. Affect...
CVE-2016-5169
Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
Dropbear SSH Server < 2016.72 Multiple Vulnerabilities
According to its self-reported version in its banner, Dropbear SSH running on the remote host is prior to 2016.74. It is, therefore, affected by the following vulnerabilities : - A format string flaw exists due to improper handling of string format specifiers e.g., %s and %x in usernames and host...
Dropbear SSH Format String Vulnerability
Dropbear is a relatively small SSH server and client. Dropbear SSH suffers from a format string vulnerability that allows an attacker to execute arbitrary code within the context of the application...
MGASA-2016-0301 Updated dropbear packages fix security vulnerability
Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host...
Updated dropbear packages fix security vulnerability
Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host...
Google Chrome OS Remote Formatting String Vulnerability
Google Chrome OS is a fast, lightweight, open source web-based operating system. A format string handling vulnerability exists in Google Chrome OS that allows remote attackers to submit a special request that can be exploited to crash an application or execute arbitrary code...
JVN#94779084: H2O use of externally-controlled format string
H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Impact An unauthenticated remote attacker may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the...
H2O HTTP Server < 2.0.4, 2.1.x < 2.1.0-beta3 Format String Vulnerability
H2O HTTP Server is prone to a format string vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:h2oproject:h2o"; if...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the drivers/thermal/qpnp-adc-tm.c file in Qualcomm’s Android operating system is related to a format string vulnerability. Exploiting this vulnerability could allow an attacker, operating remotely, to enhance their privileges through a specially created application that...
FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)
Daniel Veillard reports : More format string warnings with possible format string vulnerability David Kilzer Avoid building recursive entities Daniel Veillard Heap-based buffer overread in htmlCurrentChar Pranjal Jumde Heap-based buffer-underreads due to xmlParseName David Kilzer Heap...
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1)
This update for libxml2 fixes the following security issues : - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c bsc963963, bsc965283, bsc981114. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings...
Remote Formatting String Vulnerability in Multiple Huawei Products
Huawei AR 120 and others are AR series enterprise router products from Huawei China. A remote format string vulnerability exists in multiple Huawei products. A remote attacker could exploit this vulnerability to cause a denial of service...
Google Chrome < 52.0.2743.82 Multiple Vulnerabilites
Binary data 9480.pasl...
CVE-2014-9885
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm...
CVE-2014-9885
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm...
UBUNTU-CVE-2014-9885
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm...
Format string
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm...
CVE-2014-9885
CVE-2014-9885 is a format-string vulnerability in the Qualcomm qpnp-adc-tm.c driver (drivers/thermal) used on Nexus 5 devices running Android versions before 2016-08-05. A crafted app can supply format specifiers in a name to escalate privileges. The issue is documented in multiple sources (e.g.,...
openSUSE: Security Advisory for dropbear (openSUSE-SU-2016:1917-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...