Format string

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023...

CVE-2018-1566

CVE-2018-1566 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1. The vulnerability is a local, format-string error that could allow a local user to execute arbitrary code. Several connected documents confirm the issue and cite IBM X-Forc...

CVE-2018-1566

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023...

IBM DB2 Privilege Mobilization Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A format string vulnerability exists in IBM DB2 including DB2 Connect Server on Linux, UNIX, and...

EulerOS 2.0 SP3 : ncurses (EulerOS-SA-2018-1166)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ncurses 6.0, there is a stack-based buffer overflow in the fmtentry function. A crafted input will lead to a remote arbitrary code execution...

Axigen POP3 Service Remote Format String - Ver2

A remote format-string vulnerability exists in Axigen POP3 Service. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code with superuser privileges on the affected system...

Format string

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

CVE-2018-12590

Affected product / version: Ubiquiti Networks EdgeSwitch 1.7.3 and earlier. Vulnerability: externally controlled format-string in the admin CLI due to lack of protection, enabling code execution and privilege escalation beyond what admins can do. Impact: attacker with access to an admin account c...

Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)

Summary A set of Libxml2 vulnerabilities were disclosed by the Libxml2 Project. Libxml2 is used by Rational Systems Tester. Rational Systems Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-4447 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a...

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448)

Summary The vulnerabilities have been addressed in the libxml2 component of IBM Cognos Metrics Manager Vulnerability Details CVEID: CVE-2016-3705 DESCRIPTION: libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck and xmlParseAttValueComple...

CVE-2012-10055

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/comsndftpdfmtstr.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

ALPINE-CVE-2016-9586

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks...

ICSA-18-107-03_Rockwell Automation Stratix Services Router

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Automation Equipment : Allen-Bradley Stratix 5900 Services Router Vulnerabilities : Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer,...

Format string

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

UBUNTU-CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

Format string

Format String vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges o...

CVE-2018-0175

Format String vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges o...