8453 matches found
CVE-2023-2186
On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string...
CVE-2022-43869
IBM Spectrum Scale 5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1 and IBM Elastic Storage System 6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1 could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539...
CVE-2022-3023
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3...
CVE-2021-35331
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...
CVE-2021-30145
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...
CVE-2021-43041
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application...
CVE-2020-13160
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution...
CVE-2010-1376
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service application crash via format string specifiers in a 1 afp, 2 cifs, or 3 smb URL...
CVE-2019-15547
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled...
CVE-2019-6840
A Format String: CWE-134 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to send a crafted messa...
CVE-2019-14410
Maketext in cPanel before 78.0.2 allows format-string injection in the Email storefilter UAPI SEC-472...
CVE-2019-15546
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...
CVE-2019-7715
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf. Setting this variable using the sysvar command results in a...
CVE-2017-9212
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name...
CVE-2018-14713
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter...
CVE-2012-0824
gnusound 0.7.5 has format string issue...
CVE-2016-10773
cPanel before 60.0.25 allows format-string injection in exception-message handling SEC-171...
CVE-2019-7228
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...
CVE-2010-4235
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...
CVE-2019-14412
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...