CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

Updated glibc packages fix security vulnerabilities

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context- dependent attackers to bypass the FORTIFYSOURCE format-string...

XM-Easy-Personal-FTP-Server

Because this address is relative and has a static base in this environment, I was able to use the heap chunk address as the pointer to write at the vtable. Then a function is called at offset 0xb0 or 0x98 and we can reliably return into a ROP payload and execute arbitrary code. import socket impo...

CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...

Format string

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...

CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...

UBUNTU-CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...

DEBIAN-CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...

CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...

CVE-2013-2131

CVE-2013-2131 affects the Python rrdtool module (1.4.7) as used in Zenoss, with a format-string flaw in rrdtool.graph that can cause a denial of service (crash) when processing crafted format specifiers. Related disclosures note a broader class of format-string vulnerabilities in RRDtool used by ...

glibc: arbitrary code execution

CVE-2012-3406 arbitrary code execution The vfprintf function in stdio-common/vfprintf.c in GNU C Library does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection...

Debian DSA-3098-1 : graphviz - security update

Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...

Mandriva Linux Security Advisory : graphviz (MDVSA-2014:248)

Updated graphviz packages fix security vulnerability : Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string...

[SECURITY] [DLA 105-1] graphviz security update

Package : graphviz Version : 2.26.3-5+squeeze3 CVE ID : CVE-2014-9157 Debian Bug : 772648 Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash ...

[SECURITY] [DSA 3098-1] graphviz security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3098-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 11, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3098-1] graphviz security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3098-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 11, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3098-1 (graphviz - security update)

Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. OpenVAS Vulnerability Test $Id: deb3098.nasl 9136...

DLA-105-1 graphviz - security update

Bulletin has no description...

DSA-3098-1 graphviz - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3098-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...