CVE-2025-55298

ImageMagick vulnerability CVE-2025-55298 is caused by a format string bug in InterpretImageFilename where un-sanitized user input is passed to FormatLocaleString, enabling potential heap overflow or remote code execution due to memory overwrite. Affected releases before patches include ImageMagic...

ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution

Summary A format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code...

Samsung Mobile Devices Improper Input Validation Vulnerability

Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic...

Fortinet Fortigate Format String Bug in Fclicense daemon (FG-IR-23-119)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-119 advisory. - A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through...

SUSE CVE-2008-7160

The silchttpserverparse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing SILC Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header,...

Format string bug in the Redis cache implementation

...

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...

Format string

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...

CVE-2021-25489

The CVE-2021-25489 issue affects Samsung Mobile Devices, caused by improper input validation in the modem interface driver, triggering a format-string error that can cause a kernel panic. Affected are Samsung Mobile Devices prior to SMR Oct-2021 Release 1. The root cause is missing input validati...

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

PT-2021-16679 · Samsung · Samsung Mobile Devices

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices versions prior to SMR Oct-2021 Release 1 Description: The issue is related to improper input validation in the modem interface driver. Assuming radio permission is gained, missing input validation results in a format...

openSUSE: Security Advisory for apache2-mod_auth_openidc (openSUSE-SU-2021:1277-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for apache2-mod_auth_openidc (openSUSE-SU-2021:3020-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:3020-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis bsc1188638 - CVE-2021-32786: open redirect in logout functionality bsc1188639 - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption bsc1188849 -...

SUSE-SU-2021:3020-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis bsc1188638 - CVE-2021-32786: open redirect in logout functionality bsc1188639 - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption bsc1188849 -...

Security update for apache2-mod_auth_openidc (moderate)

openSUSE Security Update: Security update for apache2-modauthopenidc Announcement ID: openSUSE-SU-2021:3020-1 Rating: moderate References: 1188638 1188639 1188848 1188849 Cross-References: CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVSS scores: CVE-2021-32785 SUSE: 5.3...

Denial Of Service

libapache2-mod-auth-openidc is vulnerable to denial of service. The vulnerability exists due to a wrongly performed argument interpolation before passing Redis requests to hiredis, which would perform it again and lead to an uncontrolled format string bug...

CVE-2021-32785

A flaw was found in modauthopenidc. When modauthopenidc is configured to use unencrypted Redis cache it is possible to trigger a format string bug that could be used by a remote unauthenticated attacker to crash the httpd workers. The highest threat from this liability is to service availability...