CVE-2012-3404

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...

CVE-2011-4930

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service condorschedd daemon and failure to launch jobs and possibly execute arbitrary code via...

Format string

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...

Format string

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...

CVE-2011-4930

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service condorschedd daemon and failure to launch jobs and possibly execute arbitrary code via...

Format string

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service condorschedd daemon and failure to launch jobs and possibly execute arbitrary code via...

Format string

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

CVE-2012-3404

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...

CVE-2012-3405

CVE-2012-3405 affects the GNU C Library (glibc) vfprintf handling in stdio-common/vfprintf.c, where improper buffer length calculation can bypass Fortify_source format-string protection and trigger a denial of service via a crafted format string with many specifiers. Public references in the Debi...

CVE-2011-4930

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service condorschedd daemon and failure to launch jobs and possibly execute arbitrary code via...

CVE-2012-3406

The CVE-2012-3406 issue concerns glibc’s vfprintf (stdio-common/vfprintf.c). It states that glibc 2.5, 2.12, and likely other versions fail to properly restrict the use of alloca when allocating the SPECS array, which can bypass FORTIFY_SOURCE format-string protection and lead to a denial of serv...

CVE-2012-3404

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...

CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

CVE-2011-4930

CVE-2011-4930 concerns multiple format string flaws in Condor 7.2.0–7.6.4 (and possibly 7.7.x), used with Red Hat MRG Grid. An authenticated Condor service user could leverage these flaws to crash the condor_schedd daemon, prevent job scheduling/execution, or potentially execute arbitrary code vi...

CVE-2012-3404

CVE-2012-3404 affects the GNU C Library (glibc) in the vfprintf path (stdio-common/vfprintf.c). The issue is a miscalculation of buffer length that can bypass Fortify_SOURCE format-string protections when using positional parameters with many specifiers, enabling context-dependent DoS via a craft...

CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

CVE-2011-4930

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service condorschedd daemon and failure to launch jobs and possibly execute arbitrary code via...

Solaris rwalld Format String - Ver2 (CVE-2002-0573)

A format string vulnerability has been reported in Sun Solaris. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Fedora 19 : rubygem-actionmailer-3.2.13-2.fc19 / rubygem-actionpack-3.2.13-4.fc19 / etc (2014-0970)

Avoid potential format string vulnerabilities where user-provided data is interpolated into the log message before String% is called. CVE-2013-4389. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...

CVE-2013-7296

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service segmentation fault and application crash via a crafted PDF file...