Linux Distros Unpatched Vulnerability : CVE-2022-1215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A format string vulnerability was found in libinput CVE-2022-1215 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVE...

Linux Distros Unpatched Vulnerability : CVE-2012-0864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the...

Linux Distros Unpatched Vulnerability : CVE-2012-5580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service...

CVE-2025-1471

CVE-2025-1471 concerns Eclipse OMR: z/OS atoe print functions using a constant-length buffer from versions 0.2.0–0.4.0, enabling a buffer overflow if input exceeds the buffer. Beginning with 0.5.0, conversion buffers are sized and checked to prevent overflow. Connected sources confirm this CVE ac...

curl: Format string vulnerability, curl_msnprintf() function

Summary: A vulnerability has been identified in the curl library’s formatted output functions specifically in curlmsnprintf and its related functions. When a malicious attacker-controlled format string containing the %hn conversion specifier is passed, the function incorrectly attempts to write t...

CVE-2023-40721

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...

CVE-2023-40721

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...

PT-2025-6253 · Fortinet · Fortiproxy +3

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.4.0 through 7.4.1 and prior to 7.2.6 FortiProxy versions 7.4.0 and prior to 7.2.7 FortiPAM versions 1.1.2 and prior to 1.0.3 FortiSwitchManager versions 7.2.0 through 7.2.2 and prior to 7.0.2 Description: A use of...

Fortinet Fortigate - Format string vulnerability in CLI commands (FG-IR-23-261)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-261 advisory. - A use of externally-controlled format string vulnerability CWE-134 in Fortinet FortiOS version 7.4.0 through 7.4.1 and befo...

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

CVE-2022-22299

A format string vulnerability CWE-134 in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 throu...

CVE-2022-35877

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

CVE-2022-35886

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

CVE-2019-5143

An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...

CVE-2020-15203

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

CVE-2024-23937 Silicon Labs Gecko OS Debug Interface Format String

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper...

Silicon Labs Gecko OS 安全漏洞

Silicon Labs Gecko OS is a highly optimized and feature-rich operating system for the Internet of Things from Silicon Labs, USA. A security vulnerability exists in Silicon Labs Gecko OS that stems from a missing debug interface format string validation...

Unspecified Vulnerability in SonicWall SonicOS (CNVD-2025-01661)

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS, which stems from a format string issue that can be exploited by an authenticated, remote attacker to crash the firewall and...

CVE-2024-12805

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...