8510 matches found
Medium: ruby22, ruby23
Issue Overview: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands i...
Internet Bug Bounty: Format string implementation vulnerability, resulting in code execution
In a security audit to the sprintf implementation in perl version 5.24.1 I found a major security vulnerability, here are the full details. Timeline: ====== 6th of May, 2017 - disclosure to the PERL security mailing list 8th of May, 2017 - vulnerability confirmed by PERL's security group, found...
ALPINE-CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
Information disclosure
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
CVE-2017-0898
CVE-2017-0898 affects Ruby older branches (before 2.4.2, 2.3.5, and 2.2.8) and is caused by a buffer underrun in Kernel.sprintf, leading to heap memory corruption and potential information disclosure from the heap or application instability. The issue is not restricted to a single product; it app...
CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
CVE-2017-0898
Removed by vendor...
CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
UBUNTU-CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
Buffer underrun vulnerability in Kernel.sprintf
There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...
Advantech WebAccess < 8.2_20170817 Multiple Vulnerabilities
Binary data scadaadvantechwebaccess8220170817.nbin...
CVE-2017-12702
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.220170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code...
CVE-2017-12702
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.220170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code...
CVE-2017-12702
CVE-2017-12702 affects Advantech WebAccess prior to version V8.2_20170817. The issue is an Externally Controlled Format String (CWE-134): string format specifiers based on user input are not properly validated, potentially enabling arbitrary code execution. The vulnerability is associated with th...
CVE-2017-12702
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.220170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code...
Updated dbus packages fix security vulnerabilities
A format string vulnerability in the reference bus implementation, dbus-daemon, could potentially allow local users to cause arbitrary code execution or denial of service. Symlink attack in nonce-tcp transport bsc1025950. Symlink attack in unit tests bsc1025951...
CVE-2017-12588
Multiple format string vulnerabilities were found in the zmq3 modules in rsyslog. A local attacker could potentially use these flaws to crash the rsyslog daemon under certain circumstances...