Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.įormat string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.įormat string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the aph function, aka ZEN-15415, a related issue to CVE-2013-2131. Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
#APPLE REMOTE DESKTOP 3.9.4 SOFTWARE#
in IBM License Metric Tool 7.2.2, 7.5, and 9 Endpoint Manger for Software Use Analysis 9 and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927. in IBM License Metric Tool 7.2.2, 7.5, and 9 Endpoint Manger for Software Use Analysis 9 and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926.Ĭommon Inventory Technology (CIT) before 2. įormat string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.Ĭommon Inventory Technology (CIT) before 2. Node.js in a PHP format request, which causes the string length to change when converting the request to. Was ZDI-CAN-16193.Ī format string vulnerability was found in libinput An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. The specific flaw exists within the processing of SQL queries. Authentication is required to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. Successful exploitation of this vulnerability may affect system availability.Ī Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2ĪSUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. The voice wakeup module has a vulnerability of using externally-controlled format strings.