CVE-2024-31837

Affected software and issue : DMitry (Deepmagic Information Gathering Tool) version 1.3a contains a format-string vulnerability identified as CVE-2024-31837. The vulnerability is described as a format-string flaw in DMitry 1.3a (Unix) with a threat model similar to CVE-2017-7938. Root cause and i...

shim: Out-of-bounds read printing error messages

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

shim: Out-of-bounds read printing error messages

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

CVE-2023-4856

A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint...

CVE-2023-4856

A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint...

Lenovo SMM/SMM2/FPC 安全漏洞

Lenovo SMM/SMM2/FPC is an application from Lenovo China. A security vulnerability exists in Lenovo SMM/SMM2/FPC that stems from a format string vulnerability. An attacker can use this vulnerability to execute arbitrary commands on specific API endpoints...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

PT-2024-3562 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.4.1 and below FortiOS versions 7.2.7 and below FortiOS versions 7.0.14 and below FortiOS versions 6.4.15 and below Description: A use of externally-controlled format string vulnerability in FortiOS command line interface ma...

CVE-2023-41842

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...

CVE-2023-41842

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...

CVE-2023-41842

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...

PT-2024-2113 · Fortinet · Fortiportal +3

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer-BigData before 7.2.5 Fortinet...

[SECURITY] Fedora 40 Update: jFormatString-0-0.49.20131227gitf159b88.fc40

This project is derived from Sun's implementation of java.util.Formatter. It is designed to allow compile time checks as to whether or not a use of a format string will be erroneous when executed at runtime...

BIT-TENSORFLOW-2020-15203 Denial of Service in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

BIT-MYSQL-CLIENT-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

CentOS 9 : libinput-1.19.3-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libinput-1.19.3-2.el9 build changelog. - fix a format string vulnerability 2076816 CVE-2022-1215 Note that Nessus has not tested for this issue but has instead relied only on the...

CVE-2023-29181

A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0....