CVE-2019-13129

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption infinite recursion issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling...

CVE-2019-13129

Summary: CVE-2019-13129 affects the Motorola CX2L MWR04L router (version 1.01). The issue is a stack consumption/infinite recursion in the scopd process reachable over TCP port 8010 and UDP port 8080, caused by improper length handling in snprintf. This can lead to denial of service through resou...

Information Disclosure

miniupnpc-vc140 is vulnerable to information disclosure. Failure to validate a return value obj-tosend from snprintf allows a user to send a value larger than the buffer's length to cause a heap memory leak...

CVE-2019-12107

The upnpeventprepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value...

CVE-2019-12107

The upnpeventprepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value...

CVE-2019-12107

The upnpeventprepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value...

SUSE SLES11 Security Update : ntp (SUSE-SU-2019:13991-1)

This update for ntp fixes the following issues : Security issue fixed : CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd bsc1128525. Other issues addressed: Make sure that SLE12 version is higher than the one in SLE11...

Denial Of Service (DoS) Through Stack Buffer Overflow

librelp.so is vulnerable to denial of service DoS through stack-based buffer overflow attacks. The vulnerability exists in relpTcpChkPeerName of src/tcp.c where it was possible to overflow the call to snprintf when parsing a malicious x509 certificate, causing a denial of service DoS, and possibl...

glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service

It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service

It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

procps-ng security update

3.3.10-17.el75.2 - check for truncation after calling snprintf - Related: CVE-2018-1124 3.3.10-17.el75.1 - fix integer overflows leading to heap overflow in file2strvec - Resolves: CVE-2018-1124...

Denial Of Service (DoS) Through Stack Buffer Overflow

librelp.so is vulnerable to denial of service DoS through stack-based buffer overflow attacks. The vulnerability exists in relpTcpChkPeerName of src/tcp.c where it was possible to overflow the call to snprintf when parsing a malicious x509 certificate, causing a denial of service DoS, and possibl...

Mingw-w64 Design Vulnerability

Mingw-w64 is a dedicated gcc runtime environment for Windows. A security vulnerability exists in Mingw-w64 5.0.3 and earlier in mingw-w64-crt libc-vsnprintf. An attacker can exploit this vulnerability to corrupt subsequent string functions...

Design/Logic Flaw

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...

CVE-2018-1000101

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...

DEBIAN-CVE-2018-1000101

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...

CVE-2018-1000101

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...

CVE-2018-1000101

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...

CVE-2018-1000101

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...

SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)

This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed bsc1030050 : - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock -...