8517 matches found
CVE-2013-5135
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username...
Format string
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username...
CVE-2013-5135
CVE-2013-5135 targets Apple Mac OS X prior to 10.9 and Apple Remote Desktop prior to 3.5.4. The issue is a format string vulnerability in Screen Sharing Server that permits remote code execution via format string specifiers in a VNC username. Impact is remote execution of arbitrary code with netw...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...
kernel: b43: format string leaking into error msgs
Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...
CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
Format string
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
UBUNTU-CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4389
CVE-2013-4389 affecting Ruby on Rails Action Mailer 3.x (log_subscriber.rb) allows remote DoS via a crafted email address during log message construction. Connected advisories confirm the issue in rubygem-actionmailer-3.x/Action Mailer, with OpenSUSE noting a fix for the log_subscriber DoS vulner...
PT-2013-4991 · Ruby +1 · Ruby On Rails +1
Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 3.2.15 Description: The issue concerns multiple format string vulnerabilities in the log subscriber.rb files within the log subscriber component of Action Mailer in Ruby on Rails. These vulnerabilities can be...
CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4389 rubygem-actionmailer: email address processing DoS
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
Possible DoS Vulnerability
A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: "some string userinput" % somenumber...
[SECURITY] [DSA 2771-1] nas security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2771-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 09, 2013 http://www.debian.org/security/faq -...
Debian DSA-2771-1 : nas - several vulnerabilities
Hamid Zamani discovered multiple security problems buffer overflows, format string vulnerabilities and missing input sanitising, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
[SECURITY] [DSA 2771-1] nas security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2771-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 09, 2013 http://www.debian.org/security/faq -...
CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...
DEBIAN-CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...
CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...