422 matches found
UBUNTU-CVE-2018-1000101
Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...
CVE-2018-1000101
Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...
Design/Logic Flaw
Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...
CVE-2018-1000101
Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...
CVE-2018-1000101
Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...
F5 Networks BIG-IP : NTP vulnerability (K32262483)
The mx4200send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write...
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)
This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed bsc1030050 : - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock -...
SUSE-SU-2017:1047-1 Security update for ntp
This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed bsc1030050: - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock -...
CVE-2017-6451
The mx4200send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write...
CVE-2017-6451
The mx4200send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write...
shopify-scripts: sprintf gem - format string combined attack
In the sprintf gem, NOT included in mruby-engine, there are severe vulnerabilities, including information leak, and heap buffer overflow. Here are the technical details. Technical Error 1: ============== The CHECKl macro can sometimes receive negative values, that will bypass the size checks, sin...
Wireshark H.225 Parser Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-h225.c file in th...
DEBIAN-CVE-2016-7176
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service copy overlap and application crash via a crafted packet...
UBUNTU-CVE-2016-7176
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service copy overlap and application crash via a crafted packet...
UBUNTU-CVE-2014-9901
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 2013 devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service device hang or reboot via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711...
UBUNTU-CVE-2016-5114
sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and buffer overflow via a long...
dhcpcd -- remote code execution/denial of service
MITRE reports: The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of...
FreeBSD : mini_httpd -- buffer overflow via snprintf (84dc49b0-b267-11e5-8a5b-00262d5ed8ee)
ACME Updates reports : minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...
Vulnerabilities found through code inspection — Mozilla
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and fi...
DEBIAN-CVE-2014-7913
The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory...