Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-19217 | 1 Gnu | 1 Ncurses | 2024-08-05 | 4.3 MEDIUM | 6.5 MEDIUM |
** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party. | |||||
CVE-2020-19186 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-02-05 | N/A | 6.5 MEDIUM |
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
CVE-2020-19190 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-02-05 | N/A | 6.5 MEDIUM |
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
CVE-2020-19185 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-02-05 | N/A | 6.5 MEDIUM |
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
CVE-2020-19189 | 3 Debian, Gnu, Netapp | 3 Debian Linux, Ncurses, Active Iq Unified Manager | 2024-02-05 | N/A | 6.5 MEDIUM |
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
CVE-2020-19188 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-02-05 | N/A | 6.5 MEDIUM |
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
CVE-2020-19187 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-02-05 | N/A | 6.5 MEDIUM |
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
CVE-2023-29491 | 1 Gnu | 1 Ncurses | 2024-02-04 | N/A | 7.8 HIGH |
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | |||||
CVE-2022-29458 | 3 Apple, Debian, Gnu | 3 Macos, Debian Linux, Ncurses | 2024-02-04 | 5.8 MEDIUM | 7.1 HIGH |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | |||||
CVE-2021-39537 | 2 Apple, Gnu | 3 Mac Os X, Macos, Ncurses | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | |||||
CVE-2019-17595 | 2 Gnu, Opensuse | 2 Ncurses, Leap | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | |||||
CVE-2019-17594 | 2 Gnu, Opensuse | 2 Ncurses, Leap | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | |||||
CVE-2018-19211 | 1 Gnu | 1 Ncurses | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. | |||||
CVE-2017-13732 | 1 Gnu | 1 Ncurses | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | |||||
CVE-2017-11112 | 1 Gnu | 1 Ncurses | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | |||||
CVE-2017-10685 | 1 Gnu | 1 Ncurses | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||||
CVE-2017-11113 | 1 Gnu | 1 Ncurses | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | |||||
CVE-2017-13730 | 1 Gnu | 1 Ncurses | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. | |||||
CVE-2017-13729 | 1 Gnu | 1 Ncurses | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | |||||
CVE-2017-13733 | 1 Gnu | 1 Ncurses | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. |