CVE-2017-10685

CVE-2017-10685 affects the ncurses (new curses) library. The vulnerability is a format-string flaw in the fmt_entry function, allowing a remote authenticated attacker to potentially execute arbitrary code by supplying a crafted input. The IBM X-Force entry for this CVE lists a base score of 7.3 (...

CVE-2017-10685

In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

CVE-2017-10685

In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

VulnCheck KEV: CVE-2017-5613

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file...

VulnCheck KEV: CVE-2001-0690

Format string vulnerability in exim 3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers...

CVE-2017-7519

In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library...

Format string

The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name...

CVE-2017-9212

The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name...

CVE-2017-9212

The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name...

CVE-2017-9212

The CVE concerns the Bluetooth stack in the 2011 BMW 330i. A vulnerability in the device name string allows remote crash of the CD/Multimedia software via format string specifiers like %x or %c. This is a network-accessible issue tied to the Bluetooth stack, with a high impact on availability (CR...

The vulnerability of the Cisco IOS operating system’s DHCP service allows a attacker to trigger a device reboot and a service failure.

The vulnerability of the DHCP service in Cisco IOS operating systems is related to the use of an uncontrolled format string. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot and a service failure through a specially crafted DHCP packet...

PT-2017-4282 · Rsyslog +1 · Rsyslog +1

Name of the Vulnerable Software and Affected Versions: Rsyslog versions prior to 8.28.0 Description: The issue is related to insufficient processing of format strings in the input/output modules of the Rsyslog utility for log processing. Exploitation of this issue could allow a remote attacker to...

Format string

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

CVE-2016-4864

CVE-2016-4864 affects H2O web server: versions 2.0.3 and earlier and 2.1.0-beta2 and earlier are vulnerable to a DoS via format string specifiers in template files processed by fastcgi, mruby, proxy, redirect or reproxy. Connected sources confirm this vulnerability class and affected ranges, with...

CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

cgiemail and cgiecho Multiple Security Vulnerabilities (CVE-2017-5613)

SEC-212 Format string injection The ability to supply arbitrary format strings to cgiemail and cgiecho allowed code execution whenever a user was able to provide a cgiemail template file. Use CVE-2017-5613. SEC-214 Open redirect The cgiemail and cgiecho binaries served as an open redirect due to...

The vulnerability of the Mac OS X operating system, which allows a hacker to execute arbitrary code

The vulnerability of the Printing component in the Mac OS X operating system is related to the use of an uncontrolled format string. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially crafted URL...

Apple Mac OS X Multiple Vulnerabilities-02 (Apr 2017)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...