Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16142 | 1 Mercedes-benz | 2 C220, Comand | 2024-11-21 | 2.9 LOW | 3.5 LOW |
|
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
|
|||||
| CVE-2020-15634 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the w ...
Show More |
|||||
| CVE-2020-15203 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
|
|||||
| CVE-2020-13160 | 3 Anydesk, Freebsd, Linux | 3 Anydesk, Freebsd, Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
|
|||||
| CVE-2019-7715 | 1 Ghs | 1 Integrity Rtos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.
|
|||||
| CVE-2019-7712 | 1 Ghs | 1 Integrity Rtos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.
|
|||||
| CVE-2019-7711 | 1 Ghs | 1 Integrity Rtos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.
|
|||||
| CVE-2019-7230 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
|
|||||
| CVE-2019-7228 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
|
|||||
| CVE-2019-6840 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.
|
|||||
| CVE-2019-5143 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
|
|||||
| CVE-2019-18420 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 6.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long per ...
Show More |
|||||
| CVE-2019-15547 | 1 Ncurses Project | 1 Ncurses | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.
|
|||||
| CVE-2019-15546 | 1 Pancurses Project | 1 Pancurses | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.
|
|||||
| CVE-2019-14412 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).
|
|||||
| CVE-2019-14410 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).
|
|||||
| CVE-2019-13318 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in ...
Show More |
|||||
| CVE-2019-12297 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.
|
|||||
| CVE-2018-8778 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
|
|||||
| CVE-2018-7544 | 1 Openvpn | 1 Openvpn | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" c ...
Show More |
|||||
| CVE-2018-6875 | 2 Keepkey, Shapeshift | 2 Keepkey, Keepkey Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.
|
|||||
| CVE-2018-6508 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
|
|||||
| CVE-2018-6317 | 1 Claymore Dual Miner Project | 1 Claymore Dual Miner | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
|
|||||
| CVE-2018-5704 | 2 Debian, Openocd | 2 Debian Linux, Open On-chip Debugger | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
|
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
|
|||||
| CVE-2018-5207 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.
|
|||||
| CVE-2018-5205 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
|
|||||
| CVE-2018-1566 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.
|
|||||
| CVE-2018-1352 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
|
|||||
| CVE-2018-17336 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Udisks | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
|
|||||
| CVE-2018-16554 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
|
|||||
| CVE-2018-15749 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.
|
|||||
| CVE-2018-14799 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2024-11-21 | 4.6 MEDIUM | 3.7 LOW |
|
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.
|
|||||
| CVE-2018-14713 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.
|
|||||
| CVE-2018-14661 | 3 Debian, Gluster, Redhat | 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
|
|||||
| CVE-2018-12590 | 1 Ui | 2 Edgeswitch, Edgeswitch Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.
|
|||||
| CVE-2018-10389 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
|
|||||
| CVE-2018-10388 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
|
|||||
| CVE-2018-1000052 | 1 Fmt | 1 Fmt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7.
|
|||||
| CVE-2017-7519 | 2 Ceph, Debian | 2 Ceph, Debian Linux | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.
|
|||||
| CVE-2017-17407 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute co ...
Show More |
|||||