8497 matches found
OPENSUSE-SU-2021:3020-1 Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis bsc1188638 - CVE-2021-32786: open redirect in logout functionality bsc1188639 - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption bsc1188849 -...
SUSE-SU-2021:3020-1 Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis bsc1188638 - CVE-2021-32786: open redirect in logout functionality bsc1188639 - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption bsc1188849 -...
Security update for apache2-mod_auth_openidc (moderate)
openSUSE Security Update: Security update for apache2-modauthopenidc Announcement ID: openSUSE-SU-2021:3020-1 Rating: moderate References: 1188638 1188639 1188848 1188849 Cross-References: CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVSS scores: CVE-2021-32785 SUSE: 5.3...
GHSA-32V7-GHPR-C8HG Mishandling of format strings in ncurses
ncurses exposes functions from the ncurses library which: Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format...
Mishandling of format strings in ncurses
ncurses exposes functions from the ncurses library which: Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format...
Buffer overflow and format vulnerabilities in ncurses
ncurses exposes functions from the ncurses library which: Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format...
GHSA-G7R5-X7CR-VM3V Buffer overflow and format vulnerabilities in ncurses
ncurses exposes functions from the ncurses library which: Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format...
GHSA-M57C-4VVX-GJGQ Format string vulnerabilities in pancurses
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...
Format string vulnerabilities in pancurses
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...
B. Braun SpaceCom2 格式化字符串错误漏洞
B. Braun SpaceCom2, a hardware device from B. Braun, is used to connect to an external device to record data in a patient data management system, PC, or USB memory stick. A remote, unauthenticated attacker could use this vulnerability to gain user-level command-line access by passing a raw extern...
Denial Of Service
rabbitmq-server is vulnerable to denial of service. The vulnerability exists due to the lack of sanitizating the "X-Reason" HTTP Header which can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing...
CVE-2021-28846
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...
Format string
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...
CVE-2021-28846
CVE-2021-28846 is a format-string vulnerability in TRENDnet devices (TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, TEW-825DAP 1.11B03). The issue arises from a logic bug at address 0x40dcd0 when calling fprintf with the format string "%s: key len = %d, too long\n" and the two ...
CVE-2021-28846
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...
Denial Of Service
libapache2-mod-auth-openidc is vulnerable to denial of service. The vulnerability exists due to a wrongly performed argument interpolation before passing Redis requests to hiredis, which would perform it again and lead to an uncontrolled format string bug...
CVE-2021-32785
A flaw was found in modauthopenidc. When modauthopenidc is configured to use unencrypted Redis cache it is possible to trigger a format string bug that could be used by a remote unauthenticated attacker to crash the httpd workers. The highest threat from this liability is to service availability...
DEBIAN-CVE-2021-32785
modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...
Format string
modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...
CVE-2021-32785
modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...