cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-19189,https://securityvulnerability.io/vulnerability/CVE-2020-19189,Buffer Overflow Vulnerability in Ncurses by Ncurses,"A buffer overflow vulnerability exists in the postprocess_terminfo function within ncurses 6.1. This issue allows remote attackers to manipulate crafted commands that could lead to a denial of service, potentially disrupting the operation of the affected software. Addressing this vulnerability is essential to ensure the stability and security of applications relying on ncurses.",Gnu,Ncurses,6.5,MEDIUM,0.008030000142753124,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2020-19187,https://securityvulnerability.io/vulnerability/CVE-2020-19187,Buffer Overflow Vulnerability in Ncurses 6.1 Affecting Remote Systems,"A buffer overflow vulnerability exists in the fmt_entry function of Ncurses 6.1, specifically in the file progs/dump_entry.c at line 1100. This flaw enables remote attackers to exploit crafted commands, potentially leading to a denial of service. This issue highlights the importance of input validation and secure coding practices to prevent such vulnerabilities in software.",Gnu,Ncurses,6.5,MEDIUM,0.013380000367760658,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2020-19188,https://securityvulnerability.io/vulnerability/CVE-2020-19188,Buffer Overflow Vulnerability in ncurses Affects Remote Command Execution,"A buffer overflow vulnerability exists in the fmt_entry function of ncurses 6.1, specifically within the progs/dump_entry.c component at line 1116. An attacker could exploit this weakness by sending specially crafted commands, potentially resulting in a denial of service. This flaw poses a risk as it permits unauthorized remote operations that can disrupt the normal functioning of applications utilizing ncurses.",Gnu,Ncurses,6.5,MEDIUM,0.013380000367760658,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2020-19185,https://securityvulnerability.io/vulnerability/CVE-2020-19185,Buffer Overflow Vulnerability in Ncurses from GitHub,"A buffer overflow vulnerability exists in the one_one_mapping function of the Ncurses library version 6.1. This flaw can be exploited by remote attackers to execute crafted commands, potentially resulting in a denial of service condition. The vulnerability is located in 'progs/dump_entry.c' at line 1373. Proper sanitation of user inputs and robust memory management practices need to be implemented to mitigate the risk associated with this vulnerability.",Gnu,Ncurses,6.5,MEDIUM,0.013380000367760658,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2020-19190,https://securityvulnerability.io/vulnerability/CVE-2020-19190,Buffer Overflow Vulnerability in ncurses Affects Multiple Platforms,"A buffer overflow vulnerability exists in the _nc_find_entry function located in tinfo/comp_hash.c:70 of the ncurses library version 6.1. This flaw allows remote attackers to send specially crafted commands to compromise the application, potentially resulting in a denial of service. Exploitation of this vulnerability can lead to disruption of service and hinder the application’s functioning. Proper input validation and updates to affected versions are critical for maintaining security.",Gnu,Ncurses,6.5,MEDIUM,0.013380000367760658,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2020-19186,https://securityvulnerability.io/vulnerability/CVE-2020-19186,Buffer Overflow Vulnerability in Ncurses by Tinfo,"A buffer overflow vulnerability exists in the _nc_find_entry function within the tinfo/comp_hash.c file in ncurses version 6.1. This flaw allows remote attackers to exploit the vulnerable software, leading to a denial of service condition through specially crafted commands. Attackers can leverage this vulnerability to disrupt service availability, emphasizing the importance of timely security updates and careful input validation.",Gnu,Ncurses,6.5,MEDIUM,0.013380000367760658,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2023-29491,https://securityvulnerability.io/vulnerability/CVE-2023-29491,Memory Corruption Vulnerability in ncurses Affects Local Users,ncurses versions prior to 6.4 20230408 exhibit a vulnerability that permits local users of setuid applications to induce memory corruption. This occurs through the utilization of malformed data within a terminfo database file located in the user's home directory or accessed via environment variables like TERMINFO or TERM. This security flaw underscores the importance of maintaining updated ncurses installations to mitigate potential risks.,Gnu,Ncurses,7.8,HIGH,0.0004199999966658652,false,,true,false,true,2023-10-12T16:28:00.000Z,,false,false,,2023-04-14T01:15:00.000Z,0
CVE-2022-29458,https://securityvulnerability.io/vulnerability/CVE-2022-29458,Out-of-Bounds Read Vulnerability in Terminfo Library by GNU,"The vulnerability in the ncurses library stems from an out-of-bounds read and a segmentation violation occurring in the 'convert_strings' function within the 'tinfo/read_entry.c' file. This issue has potential implications for software relying on ncurses for terminal handling, affecting stability and security. Patches are available for versions of ncurses prior to 20220416, addressing the critical aspects of this flaw and ensuring better protection for users.",Gnu,Ncurses,7.1,HIGH,0.0012100000167265534,false,,false,false,false,,,false,false,,2022-04-18T00:00:00.000Z,0
CVE-2021-39537,https://securityvulnerability.io/vulnerability/CVE-2021-39537,Heap-based Buffer Overflow in ncurses Affects Multiple Platforms,"A heap-based buffer overflow has been identified in ncurses, specifically within the _nc_captoinfo function in captoinfo.c. This vulnerability can be exploited to lead to unexpected behavior in affected applications, potentially allowing attackers to execute arbitrary code. It is critical for users and system administrators to update ncurses to the latest version to mitigate risks associated with this vulnerability.",Gnu,Ncurses,8.8,HIGH,0.004639999940991402,false,,false,false,false,,,false,false,,2021-09-20T00:00:00.000Z,0
CVE-2019-17594,https://securityvulnerability.io/vulnerability/CVE-2019-17594,Heap-Based Buffer Over-Read in Ncurses Terminfo Library by GNU,"A heap-based buffer over-read vulnerability exists in the _nc_find_entry function within the terminfo library of the ncurses package. This flaw could allow an attacker to read sensitive data from memory, potentially exposing information that should remain confidential. The vulnerability affects ncurses versions before 6.1-20191012, making it imperative for users to upgrade to the latest version to mitigate risks associated with this security issue.",Gnu,Ncurses,5.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2019-10-14T20:43:11.000Z,0
CVE-2019-17595,https://securityvulnerability.io/vulnerability/CVE-2019-17595,Heap-Based Buffer Over-Read in Ncurses Terminfo Library,"A vulnerability exists in the fmt_entry function of the terminfo library within the ncurses framework. This issue allows for a heap-based buffer over-read, which could potentially lead to information disclosure or other unintended behaviors if exploited. The affected versions prior to ncurses 6.1-20191012 are particularly vulnerable.",Gnu,Ncurses,5.4,MEDIUM,0.00279999990016222,false,,false,false,false,,,false,false,,2019-10-14T20:42:57.000Z,0
CVE-2018-19211,https://securityvulnerability.io/vulnerability/CVE-2018-19211,,"In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a ""dubious character `*' in name or alias field"" detection.",Gnu,Ncurses,5.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2018-11-12T19:00:00.000Z,0
CVE-2018-19217,https://securityvulnerability.io/vulnerability/CVE-2018-19217,,"In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party",Gnu,Ncurses,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2018-11-12T19:00:00.000Z,0
CVE-2017-16879,https://securityvulnerability.io/vulnerability/CVE-2017-16879,,"Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.",Gnu,Ncurses,7.8,HIGH,0.004189999774098396,false,,false,false,false,,,false,false,,2017-11-22T22:00:00.000Z,0
CVE-2017-13730,https://securityvulnerability.io/vulnerability/CVE-2017-13730,,There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.,Gnu,Ncurses,6.5,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2017-08-29T06:00:00.000Z,0
CVE-2017-13731,https://securityvulnerability.io/vulnerability/CVE-2017-13731,,There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.,Gnu,Ncurses,6.5,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2017-08-29T06:00:00.000Z,0
CVE-2017-13733,https://securityvulnerability.io/vulnerability/CVE-2017-13733,,There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.,Gnu,Ncurses,6.5,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2017-08-29T06:00:00.000Z,0
CVE-2017-13729,https://securityvulnerability.io/vulnerability/CVE-2017-13729,,There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.,Gnu,Ncurses,6.5,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2017-08-29T06:00:00.000Z,0
CVE-2017-13734,https://securityvulnerability.io/vulnerability/CVE-2017-13734,,There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.,Gnu,Ncurses,6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2017-08-29T06:00:00.000Z,0
CVE-2017-13732,https://securityvulnerability.io/vulnerability/CVE-2017-13732,,There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.,Gnu,Ncurses,6.5,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2017-08-29T06:00:00.000Z,0
CVE-2017-13728,https://securityvulnerability.io/vulnerability/CVE-2017-13728,,"There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.",Gnu,Ncurses,7.5,HIGH,0.003120000008493662,false,,false,false,false,,,false,false,,2017-08-29T06:00:00.000Z,0
CVE-2017-11113,https://securityvulnerability.io/vulnerability/CVE-2017-11113,,"In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",Gnu,Ncurses,7.5,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2017-07-08T17:00:00.000Z,0
CVE-2017-11112,https://securityvulnerability.io/vulnerability/CVE-2017-11112,,"In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",Gnu,Ncurses,7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2017-07-08T17:00:00.000Z,0
CVE-2017-10684,https://securityvulnerability.io/vulnerability/CVE-2017-10684,,"In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",Gnu,Ncurses,9.8,CRITICAL,0.022199999541044235,false,,false,false,false,,,false,false,,2017-06-29T23:29:00.000Z,0
CVE-2017-10685,https://securityvulnerability.io/vulnerability/CVE-2017-10685,,"In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",Gnu,Ncurses,9.8,CRITICAL,0.021379999816417694,false,,false,false,false,,,false,false,,2017-06-29T23:29:00.000Z,0