The vulnerability of the CONNECT function implementation in the MariaDB database management system allows a hacker to execute arbitrary code.

The vulnerability of the CONNECT function implementation in the MariaDB database management system is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the authentication/authorization module for the Apache mod_auth_openidc HTTP server, related to the use of uncontrolled format strings, allows a perpetrator to cause a service failure.

The vulnerability of the authentication/authorization module for the Apache modauthopenidc server is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Mishandling of format strings in ncurses

ncurses exposes functions from the ncurses library which: Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format...

Mishandling of format strings in rusqlite

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings...

CVE-2020-35869

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings...

CVE-2020-35869

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings...

Format string

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings...

CVE-2020-35869

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings...

Rust Formatting String Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust rusqlite crate before 0.23.0, which stems from rusqlite::trace::log incorrectly handling format strings, and thus may violate memory safety...

openSUSE Security Update : axel (openSUSE-2020-778)

This update for axel fixes the following issues : axel was updated to 2.17.8 : - CVE-2020-13614: SSL Certificate Hostnames were not verified boo1172159 - Replaced progressbar line clearing with terminal control sequence - Fixed parsing of Content-Disposition HTTP header - Fixed User-Agent HTTP...

The vulnerability of the String#unpack method in the Ruby programming language allows attackers to exploit it to disclose protected information.

The vulnerability of the Stringunpack method in the Ruby programming language is related to the use of uncontrolled format strings. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information that is protected by this method...

Multiple vulnerabilities exist in the functions cdio_log_handler (modules/access/cdda/access.c) of the CDDA plugin (libcdda_plugin), and in the cdio_log_handler and vcd_log_handler functions (modules/access/vcdx/access.c) of the VCDX plugin (libvcdx_plugin). These vulnerabilities allow an attacker to execute arbitrary code.

Multiple vulnerabilities exist in the functions cdiologhandler modules/access/cdda/access.c of the CDDA plugin libcddaplugin, and in the cdiologhandler and vcdloghandler functions modules/access/vcdx/access.c of the VCDX plugin libvcdxplugin of the VideoLAN VLC media player software. These...

Non-stack format string exploit techniques-vulnerability warning-the black bar safety net

On Linux the stack format string vulnerability in the use of online has many explanations, but non-stack format string vulnerability few people introduced. This is mainly over weekends SUCTF game playfmt topic, for example, detail about the bss segment or on the heap format strings the use of...

The vulnerability of the built-in software of the “Granite-Navigator-6.18” device lies in the use of uncontrolled format lines, which allows a perpetrator to trigger a service failure.

The vulnerability of the built-in software of the “Granite-Navigator-6.18” device is related to the use of uncontrolled format lines. Exploiting this vulnerability can allow an attacker to cause a service failure by using a specially crafted command e.g., canrcv canteseo2%n%n%n%n%n%n%n when...

ALPINE-CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

DEBIAN-CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

Format string

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2019-7228

Summary: CVE-2019-7228 is a memory corruption/format-string vulnerability in ABB IDAL HTTP server (used by ABB PB610 Panel Builder 600). The server mishandles format strings during authentication; examples show that using the username "%25s%25p%25x%25n" crashes the server and that "%08x.AAAA.%08x...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...