Buffer overflow and format vulnerabilities in ncurses

ncurses exposes functions from the ncurses library which: Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format...

GHSA-M57C-4VVX-GJGQ Format string vulnerabilities in pancurses

An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...

Format string vulnerabilities in pancurses

An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...

B. Braun SpaceCom2 格式化字符串错误漏洞

B. Braun SpaceCom2, a hardware device from B. Braun, is used to connect to an external device to record data in a patient data management system, PC, or USB memory stick. A remote, unauthenticated attacker could use this vulnerability to gain user-level command-line access by passing a raw extern...

Denial Of Service

rabbitmq-server is vulnerable to denial of service. The vulnerability exists due to the lack of sanitizating the "X-Reason" HTTP Header which can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing...

CVE-2021-28846

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...

Format string

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...

CVE-2021-28846

CVE-2021-28846 is a format-string vulnerability in TRENDnet devices (TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, TEW-825DAP 1.11B03). The issue arises from a logic bug at address 0x40dcd0 when calling fprintf with the format string "%s: key len = %d, too long\n" and the two ...

CVE-2021-28846

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...

Denial Of Service

libapache2-mod-auth-openidc is vulnerable to denial of service. The vulnerability exists due to a wrongly performed argument interpolation before passing Redis requests to hiredis, which would perform it again and lead to an uncontrolled format string bug...

CVE-2021-32785

A flaw was found in modauthopenidc. When modauthopenidc is configured to use unencrypted Redis cache it is possible to trigger a format string bug that could be used by a remote unauthenticated attacker to crash the httpd workers. The highest threat from this liability is to service availability...

DEBIAN-CVE-2021-32785

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...

Format string

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...

CVE-2021-32785

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...

CVE-2021-32785

CVE-2021-32785 affects mod_auth_openidc (Apache 2.x) prior to 2.4.9 when configured with an unencrypted Redis cache. The issue arises from argument interpolation before Redis requests are passed to hiredis, causing an uncontrolled format string bug. Impact described as reliable denial of service ...

PT-2021-8206 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 versions 1.5.1.3 and earlier DrayTek Vigor 3900 versions 1.5.1.3 and earlier DrayTek Vigor 300B versions 1.5.1.3 and earlier Description: The issue is related to a Format String vulnerability in the mainfunction.cgi file of...

[ASA-202107-55] libpano13: arbitrary code execution

Arch Linux Security Advisory ASA-202107-55 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-20307 Package : libpano13 Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1774 Summary ======= The package libpano13...

libpano13: Format string vulnerability

Background libpano13 is Helmut Dersch’s panorama toolbox library. Description A format string issue exists within panoFileOutputNamesCreate where unvalidated input is passed directly into the formatter. Impact A remote attacker could entice a user to open a specially crafted file using libpano1...

VulnCheck KEV: CVE-2021-25489

Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic...

How one word can disable an iPhone’s WiFi functionality

A researcher has found a way to disable the WiFi functionality on iPhones by getting them to join a WiFi hotspot with a weird name. This shouldnt be happening. The first thing you learn in coding school when it comes to input which is literally any data a device has to do something with is to...