767 matches found
MGASA-2014-0175 Updated json-c packages fix security vulnerabilities
Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...
DEBIAN-CVE-2012-3405
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...
CVE-2012-3404
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...
CVE-2012-3405
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...
CVE-2012-3405
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...
Format string
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...
Format string
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...
CVE-2012-3404
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...
glibc: incorrect size calculation in formatted printing can lead to FORTIFY_SOURCE format string protection bypass
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...
glibc: incorrect use of extend_alloca() in formatted printing can lead to FORTIFY_SOURCE format string protection bypass
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...
CVE-2012-3404
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...
CVE-2012-3405
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...
Sielco Sistemi Winlog Buffer Overflow <= v2.07.14
!/usr/bin/ruby --------------------------------------------- Sielco Sistemi Winlog Buffer Overflow = v2.07.14 - Buffer overflow vulnerability Date: 04.06.2012 --------------------------------------------- - Description Winlog Lite is the entry level version of the SCADA/HMI software Winlog Pro...
Safari On iOS Denial Of Service
/PoC for Safari crash discovered by Alberto Ortega @a0rtega, [email protected] http://www.livehacking.com/category/vulnerability/apple-vulnerability/ This PoC written by Larry W. Cashdollar http://vapid.dhs.org @lcashdol This PoC creates an html file to be served out by a normal webserver. It...
CVE-2012-0015
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework application, aka...
Design/Logic Flaw
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework application, aka...
CVE-2012-0015
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework application, aka...
Microsoft .NET Heap Corruption Code Execution (MS12-016; CVE-2012-0015)
A remote code execution vulnerability has been reported in the Microsoft .NET Framework. The vulnerability is due to improper calculation of buffer length while processing specially crafted input. A remote attacker may exploit this issue by enticing a target user to open a specially crafted web...
PT-2012-2241 · Microsoft · .Net Framework
Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 2.0 SP2 through 3.5.1 Description: A remote code execution issue exists due to improper buffer length calculation while processing specially crafted input. This could allow an attacker to take complete contro...
Debian DSA-2323-1 : radvd - several vulnerabilities
Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon : - CVE-2011-3602 setinterfacevar function doesn't check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local...