CVE-2021-32785

CVE-2021-32785 affects mod_auth_openidc (Apache 2.x) prior to 2.4.9 when configured with an unencrypted Redis cache. The issue arises from argument interpolation before Redis requests are passed to hiredis, causing an uncontrolled format string bug. Impact described as reliable denial of service ...

PT-2021-8206 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 versions 1.5.1.3 and earlier DrayTek Vigor 3900 versions 1.5.1.3 and earlier DrayTek Vigor 300B versions 1.5.1.3 and earlier Description: The issue is related to a Format String vulnerability in the mainfunction.cgi file of...

[ASA-202107-55] libpano13: arbitrary code execution

Arch Linux Security Advisory ASA-202107-55 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-20307 Package : libpano13 Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1774 Summary ======= The package libpano13...

libpano13: Format string vulnerability

Background libpano13 is Helmut Dersch’s panorama toolbox library. Description A format string issue exists within panoFileOutputNamesCreate where unvalidated input is passed directly into the formatter. Impact A remote attacker could entice a user to open a specially crafted file using libpano1...

VulnCheck KEV: CVE-2021-25489

Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic...

How one word can disable an iPhone’s WiFi functionality

A researcher has found a way to disable the WiFi functionality on iPhones by getting them to join a WiFi hotspot with a weird name. This shouldnt be happening. The first thing you learn in coding school when it comes to input which is literally any data a device has to do something with is to...

CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

DEBIAN-CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

Format string

DISPUTED In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

CVE-2021-35331

CVE-2021-35331 concerns Tcl 8.6.11, where a format-string vulnerability in nmakehlp.c may allow code execution through a crafted file. Documented details indicate the vulnerability is local in nature with potential for partial confidentiality/integrity/availability impact per CVSS, though explici...

CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

Tcl 格式化字符串错误漏洞

Tcl is a free and available open source package. It provides a powerful platform for creating integrated applications that tie together various applications, protocols, devices, and frameworks. A format string error vulnerability exists in Tcl version 8.6.11, which stems from a format string...

Advisory ROSA-SA-2021-1965

Software: rsyslog 8.24.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-12588 CVE-Crit: CRITICAL CVE-DESC: zmq3 input and output modules in rsyslog prior to version 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with undefined impact. CVE-STATUS: default CVE-RE...

Weidmueller Industrial WLAN devices formatting string error vulnerability

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. A Format String Error vulnerability exists in Weidmueller Industrial WLAN devices, which stems from a specially crafted time server entry that can lead to a time server buffer overflow that can be exploited by an...

CVE-2021-33535

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iwconsole coniowritestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can se...

CVE-2021-33535

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iwconsole coniowritestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can se...