53 matches found
CVE-2022-39046
An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...
Heap overflow
An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...
CVE-2022-39046
An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...
CVE-2022-39046
An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...
CVE-2022-39046
CVE-2022-39046 : In the GNU C Library (glibc) 2.36, passing a crafted input string larger than 1024 bytes to syslog reads uninitialized heap memory and writes it to the log, potentially exposing heap contents. This is the vulnerability described in multiple sources (NVD, OSV, Gentoo GLSA). Affect...
Slurp 1.10.2 Format String Vulnerability
Exploit Title: Slurp 1.10.2 - Remote Format String Date: 2022-02-12 Author: Milad Karimi slurp is a freely available, open source NNTP client. It is designed for use on most Unix and Linux operating systems. It may be possible for a remote server to execute code on a vulnerable client. slurp offe...
SUSE-SU-2020:3024-1 Security update for glibc
This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero bsc1165784 - Use posixspawn on popen bsc1149332, bsc1176013 - Correct locking and cancellation cleanup in syslog functions bsc1172085 - Fixed concurrent changes on nscd...
Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (2)
No description provided by source. source: http://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the...
William Deich Super 3.x SysLog Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5367/info super is prone to a format string vulnerability. This problem is due to incorrect use of the syslog function to log error messages. It is possible to corrupt memory by passing format strings through the vulnerab...
Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (3)
No description provided by source. source: http://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the...
zkfingerd SysLog 0.9.1 Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6402/info zkfingerd is prone to a format string vulnerability. This problem is due to incorrect use of the 'syslog' function to log error messages. It is possible to corrupt memory by passing format strings through the...
Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (1)
No description provided by source. source: http://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the...
Slurp 1.10 SysLog Remote Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4935/info slurp is a freely available, open source NNTP client. It is designed for use on most Unix and Linux operating systems. It may be possible for a remote server to execute code on a vulnerable client. slurp offers...
Format string
Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call...
CVE-2006-2115
Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call...
[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability
--------------------------------------------------------------------------------------- ECHOADV31$2006 Sws Web Server 0.1.7 Strcpy & Syslog Format String Vulnerability --------------------------------------------------------------------------------------- Author : Dedi Dwianto Date : April, 28th...
[Full-disclosure] Fcrontab - memory corruption on heap.
Name: Fcron - convert-fcrontab Vendor URL: http://fcron.free.fr Author: Adam Zabrocki [email protected] Date: November 25, 2005 Issue: Fcron convert-fcrontab allow users to corruption on heap section. Description: Fcron is a periodical command scheduler which aims at replacing Vixie Cron, and...
CVE-2005-4511
Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via format string specifiers in syslog function calls...
CVE-2005-4511
The CVE-2005-4511 is a format-string vulnerability in TN3270 Resource Gateway 1.1.0. The underlying issue is unvalidated format specifiers in syslog function calls, enabling local users to cause a denial of service and potentially execute arbitrary code. The vulnerability is characterized by a lo...
CVE-2002-1789
Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function...