Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46123 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | 7.2 HIGH |
|
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string processing and enables remote code execution on the controller.
|
|||||
| CVE-2025-46121 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | 9.8 CRITICAL |
|
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite st ...
Show More |
|||||
| CVE-2024-45324 | 1 Fortinet | 5 Fortios, Fortipam, Fortiproxy and 2 more | 2025-07-24 | N/A | 7.2 HIGH |
|
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker ...
Show More |
|||||
| CVE-2025-48388 | 1 Freescout | 1 Freescout | 2025-07-11 | N/A | 6.5 MEDIUM |
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols (\r, \n, \t)to the application. This issue has been patched in version 1.8.178.
|
|||||
| CVE-2013-7386 | 1 Universityofcalifornia | 1 Boinc Client | 2025-07-08 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.
|
|||||
| CVE-2022-40604 | 1 Apache | 1 Airflow | 2025-05-27 | N/A | 7.5 HIGH |
|
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
|
|||||
| CVE-2022-3724 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2025-04-22 | N/A | 6.3 MEDIUM |
|
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
|
|||||
| CVE-2017-5613 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
|
|||||
| CVE-2016-5074 | 1 Cloudviewnms | 1 Cloudview Nms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.
|
|||||
| CVE-2017-5524 | 1 Plone | 1 Plone | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
|
|||||
| CVE-2017-2403 | 1 Apple | 1 Mac Os X | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.
|
|||||
| CVE-2017-12588 | 1 Rsyslog | 1 Rsyslog | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
|
|||||
| CVE-2017-15191 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
|
|||||
| CVE-2017-10685 | 1 Gnu | 1 Ncurses | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
|
|||||
| CVE-2017-0898 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
|
|||||
| CVE-2016-1895 | 1 Netapp | 1 Data Ontap | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.
|
|||||
| CVE-2015-8107 | 1 Gnu | 1 A2ps | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2017-16516 | 2 Debian, Yajl-ruby Project | 2 Debian Linux, Yajl-ruby | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
|
|||||
| CVE-2017-12702 | 1 Advantech | 1 Webaccess | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.
|
|||||
| CVE-2016-4864 | 1 Dena | 1 H2o | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
|
|||||
| CVE-2017-9212 | 1 Bavarian Motor Works | 1 Bluetooth Stack | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
|
|||||
| CVE-2014-8170 | 2 Ovirt, Redhat | 2 Ovirt-node, Enterprise Virtualization | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
|
|||||
| CVE-2016-5716 | 1 Puppet | 1 Puppet Enterprise | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.
|
|||||
| CVE-2017-3859 | 1 Cisco | 9 Asr-920-12cz-a, Asr-920-12cz-d, Asr-920-12sz-im and 6 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the de ...
Show More |
|||||
| CVE-2015-7271 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.
|
|||||
| CVE-2014-8625 | 1 Debian | 1 Dpkg | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
|
|||||
| CVE-2015-8106 | 2 Fedoraproject, Latex2rtf Project | 2 Fedora, Latex2rtf | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.
|
|||||
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
|
|||||
| CVE-2009-5141 | 1 Jgaa | 1 Warftpd | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.
|
|||||
| CVE-2014-9157 | 2 Debian, Graphviz | 2 Debian Linux, Graphviz | 2025-04-12 | 7.5 HIGH | N/A |
|
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
|
|||||
| CVE-2015-8617 | 1 Php | 1 Php | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
|
|||||
| CVE-2015-2894 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.
|
|||||
| CVE-2013-2131 | 1 Rrdtool Project | 1 Rrdtool | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
|
|||||
| CVE-2014-1315 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.
|
|||||
| CVE-2015-6285 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.
|
|||||
| CVE-2013-0929 | 1 Emc | 1 Alphastor | 2025-04-11 | 7.6 HIGH | N/A |
|
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command.
|
|||||
| CVE-2011-0270 | 1 Hp | 1 Openview Network Node Manager | 2025-04-11 | 10.0 HIGH | N/A |
|
Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.
|
|||||
| CVE-2010-4235 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2025-04-11 | 10.0 HIGH | N/A |
|
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.
|
|||||
| CVE-2012-3569 | 2 Microsoft, Vmware | 4 Windows, Ovf Tool, Player and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
|
|||||
| CVE-2010-1139 | 2 Linux, Vmware | 6 Linux Kernel, Fusion, Player and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
|
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.
|
|||||