8488 matches found
CVE-2023-40546
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...
Format string
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...
CVE-2023-24590
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...
CVE-2023-24590
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...
Format string
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...
CVE-2023-24590
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...
CVE-2023-24590
CVE-2023-24590 describes a format-string vulnerability in Gallagher Controller 6000’s optional diagnostic web interface. The issue allows write/read access to memory and can crash the device, potentially causing a Denial of Service. Affected are Gallagher Controller 6000 versions 8.60 prior to vC...
Gallagher Controller 6000 Formatting String Error Vulnerability
The Gallagher Controller 6000 is an interface between the Gallagher Command Center server and distributed field hardware from Gallagher New Zealand. A format string error vulnerability exists in Gallagher Controller 6000 prior to vCR8.60.231116a, 8.50 and prior versions, which stems from the fact...
The vulnerability of HTTPSd on FortiOS operating systems, the FortiProxy proxy server for protecting against internet attacks, and the FortiPAM identity management system allows a perpetrator to execute arbitrary code or commands.
The vulnerability of HTTPSd in FortiOS operating systems, along with the FortiProxy proxy server for protecting against internet attacks, and the FortiPAM identity management system, is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a malicious actor to...
CVE-2023-36639
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...
CVE-2023-36639
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...
PT-2023-7697 · Fortinet · Fortiproxy +2
Name of the Vulnerable Software and Affected Versions: FortiProxy versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.10 FortiOS versions 7.4.0 FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0...
The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP allows a perpetrator to execute arbitrary code.
The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP involves the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
PT-2023-8709 · Zyxel · Zyxel Usg Flex Series +3
Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.37 Patch 1 Zyxel USG FLEX series versions 4.50 through 5.37 Patch 1 Zyxel USG FLEX 50W series versions 4.16 through 5.37 Patch 1 Zyxel USG20W-VPN series versions 4.16 through 5.37 Patch 1 Zyxel USG FLE...
Format string
wire-avs provides Audio, Visual, and Signaling AVS functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has bee...
CVE-2023-48221 wire-avs remote format string vulnerability
wire-avs provides Audio, Visual, and Signaling AVS functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has bee...
CVE-2023-48221 wire-avs remote format string vulnerability
wire-avs provides Audio, Visual, and Signaling AVS functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has bee...
CVE-2023-48221
CVE-2023-48221 affects wire-avs (AVS component of Wire). A remote format string vulnerability in Wire’s AVS prior to versions 9.2.22 and 9.3.5 could potentially cause a denial of service or, possibly, execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 and 9.3.5 and is already inc...
PT-2023-30738 · Wire-Avs · Wire-Avs
Name of the Vulnerable Software and Affected Versions: wire-avs versions prior to 9.2.22 wire-avs versions prior to 9.3.5 Description: A remote format string issue could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. Recommendations: For versions...
The vulnerabilities of the input/output modules in the Rsyslog software utility for logging processing allow a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the input/output modules of the Rsyslog log processing software is related to insufficient handling of the format string. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...