CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

UBUNTU-CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

Advantech WebAccess < 8.2_20170817 Multiple Vulnerabilities

Binary data scadaadvantechwebaccess8220170817.nbin...

CVE-2017-12702

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.220170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code...

CVE-2017-12702

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.220170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code...

CVE-2017-12702

CVE-2017-12702 affects Advantech WebAccess prior to version V8.2_20170817. The issue is an Externally Controlled Format String (CWE-134): string format specifiers based on user input are not properly validated, potentially enabling arbitrary code execution. The vulnerability is associated with th...

CVE-2017-12702

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.220170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code...

Updated dbus packages fix security vulnerabilities

A format string vulnerability in the reference bus implementation, dbus-daemon, could potentially allow local users to cause arbitrary code execution or denial of service. Symlink attack in nonce-tcp transport bsc1025950. Symlink attack in unit tests bsc1025951...

CVE-2017-12588

Multiple format string vulnerabilities were found in the zmq3 modules in rsyslog. A local attacker could potentially use these flaws to crash the rsyslog daemon under certain circumstances...

(0Day) Advantech WebAccess nvA1Media ExecuteURLCommand Format String Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within nvA1Media.oc...

Format string

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

DEBIAN-CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

CVE-2017-12588

CVE-2017-12588 affects rsyslog’s zmq3 input/output modules prior to 8.28.0, where description fields are interpreted as format strings, enabling a format-string attack. Impact is described as unspecified. Affected component: rsyslog (zmq3 modules). Mitigation: upgrade to rsyslog 8.28.0 or newer (...

CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

CVE-2017-10685

In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

openSUSE Security Update : ncurses (openSUSE-2017-823)

This update for ncurses fixes the following issues : Security issues fixed : - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmtentry function. bsc1046858 - CVE-2017-10685: Possible RCE with format string vulnerability in the fmtentry function. bsc1046853 Bugfixes : - Drop...