Updated dropbear packages fix security vulnerability

Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host...

Google Chrome OS Remote Formatting String Vulnerability

Google Chrome OS is a fast, lightweight, open source web-based operating system. A format string handling vulnerability exists in Google Chrome OS that allows remote attackers to submit a special request that can be exploited to crash an application or execute arbitrary code...

JVN#94779084: H2O use of externally-controlled format string

H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Impact An unauthenticated remote attacker may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the...

H2O HTTP Server < 2.0.4, 2.1.x < 2.1.0-beta3 Format String Vulnerability

H2O HTTP Server is prone to a format string vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:h2oproject:h2o"; if...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the drivers/thermal/qpnp-adc-tm.c file in Qualcomm’s Android operating system is related to a format string vulnerability. Exploiting this vulnerability could allow an attacker, operating remotely, to enhance their privileges through a specially created application that...

SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1)

This update for libxml2 fixes the following security issues : - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c bsc963963, bsc965283, bsc981114. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings...

FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)

Daniel Veillard reports : More format string warnings with possible format string vulnerability David Kilzer Avoid building recursive entities Daniel Veillard Heap-based buffer overread in htmlCurrentChar Pranjal Jumde Heap-based buffer-underreads due to xmlParseName David Kilzer Heap...

Remote Formatting String Vulnerability in Multiple Huawei Products

Huawei AR 120 and others are AR series enterprise router products from Huawei China. A remote format string vulnerability exists in multiple Huawei products. A remote attacker could exploit this vulnerability to cause a denial of service...

Google Chrome < 52.0.2743.82 Multiple Vulnerabilites

Binary data 9480.pasl...

CVE-2014-9885

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm...

CVE-2014-9885

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm...

Format string

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm...

UBUNTU-CVE-2014-9885

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm...

CVE-2014-9885

CVE-2014-9885 is a format-string vulnerability in the Qualcomm qpnp-adc-tm.c driver (drivers/thermal) used on Nexus 5 devices running Android versions before 2016-08-05. A crafted app can supply format specifiers in a name to escalate privileges. The issue is documented in multiple sources (e.g.,...

openSUSE: Security Advisory for dropbear (openSUSE-SU-2016:1917-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for dropbear (openSUSE-SU-2016:1891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : dropbear (openSUSE-2016-918)

This update for dropbear fixes four security issues bnc990363 : - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including '%' symbols could be created on the target system. If a dbclient user can control usernames or host...

Security update for dropbear (critical)

This update for dropbear fixes four security issues bnc990363: - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including "%" symbols could be created on the target system. If a dbclient user can control usernames or host...

openSUSE Security Update : dropbear (openSUSE-2016-912)

This update for dropbear fixes four security issues bnc990363 : - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including '%' symbols could be created on the target system. If a dbclient user can control usernames or host...

Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String

Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following...