Format string

IBM Spectrum Scale 5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1 and IBM Elastic Storage System 6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1 could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539...

PT-2023-20158

Name of the Vulnerable Software and Affected Versions DataHub affected versions not specified Description The issue concerns the AuthServiceClient in DataHub, which is responsible for managing accounts and authentication. It crafts JSON strings using format strings with user-controlled data,...

CVE-2023-21420

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution...

CVE-2023-21420

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution...

Format string

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution...

CVE-2023-21420

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution...

CVE-2023-21420

Technical details for CVE-2023-21420 are not publicly available in the provided documents. The entries mention an externally controlled format string issue in STST TA with arbitrary code execution but do not specify products, versions, impact, or fixes. Monitor for updates.

CVE-2023-21420

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution...

CVE-2022-43869 IBM Spectrum Scale denial of service

IBM Spectrum Scale 5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1 and IBM Elastic Storage System 6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1 could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539...

CVE-2022-43869

Summary: CVE-2022-43869 affects IBM Spectrum Scale (versions 5.1.0.0–5.1.2.8 and 5.1.3.0–5.1.5.1) and IBM Elastic Storage System (ESS) (6.1.0.0–6.1.2.4 and 6.1.3.0–6.1.4.1). An authenticated user can cause a denial of service through the GUI by exploiting a format-string vulnerability in the GUI ...

SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow

Summary The SOUND4 Link&Share L&S is a simple and open protocol that allow users to remotely control SOUND4 processors through a network connection. SOUND4 offers a tool that manage sending L&S commands to your processors: the Link&Share Transmitter. Description The application suffers from a...

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service DoS or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol SOAP interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1...

CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note...

CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note...

Format string

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note...

CVE-2023-22374

CVE-2023-22374 affects F5 BIG-IP iControl SOAP with a format-string vulnerability that can crash the iControl SOAP CGI process or allow potentially arbitrary command execution for authenticated attackers. Affected BIG-IP branches and vulnerable versions (per K000130415): 17.x (17.0.0) fixed in 17...

CVE-2023-22374 iControl SOAP vulnerability

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note...

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

While following up our previous work on F5's BIG-IP devices, Rapid7 found an additional vulnerability in the appliance-mode REST interface; the vulnerability was assigned CVE-2023-22374. We reported it to F5 on December 6, 2022, and are now disclosing it in accordance with our vulnerability...

Security Bulletin: IBM Spectrum Scale GUI is vulnerable to "Format string attack" (CVE-2022-43869)

Summary A security vulnerability has been identified in IBM Spectrum Scale GUI where an input string could be evaluated as a command by the application. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-43869 DESCRIPTION: IBM Spectrum Scale could allow an authenticat...

F5 BIG-IP 格式化字符串错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in F5 iControl SOAP, which can be exploited by an authenticated attacker to...