in IBM License Metric Tool 7.2.2, 7.5, and 9 Endpoint Manger for Software Use Analysis 9 and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926.Ĭommon Inventory Technology (CIT) before 2. įormat string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.Ĭommon Inventory Technology (CIT) before 2. Node.js in a PHP format request, which causes the string length to change when converting the request to. Was ZDI-CAN-16193.Ī format string vulnerability was found in libinput An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. The specific flaw exists within the processing of SQL queries. Authentication is required to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. Successful exploitation of this vulnerability may affect system availability.Ī Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2ĪSUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. The voice wakeup module has a vulnerability of using externally-controlled format strings.
0 kommentar(er)
