224 matches found
OESA-2024-1930 mpv security update
Mpv is a movie player based on MPlayer and mplayer2. It supports a wide variety of video file formats, audio and video codecs, and subtitle types. Special input URL types are available to read input from a variety of sources other than disk files. Depending on platform, a variety of different vid...
RHEL 6 : libproxy (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libproxy: format string flaw in bin/proxy CVE-2012-5580 Note that Nessus has not tested for this issue but has...
RHEL 6 : a2ps (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - a2ps: outputfile format string flaw CVE-2015-8107 - The fixps script in a2ps 4.14 does not use the -dSAFE...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
The vulnerability of the IPSec VPN microprogramming software for network devices such as ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, and ATP allows a hacker to execute arbitrary code.
The vulnerability of the IPSec VPN microprogramming software for ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, and ATP is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a sequence of specially crafted...
The vulnerabilities of the input/output modules in the Rsyslog software utility for logging processing allow a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the input/output modules of the Rsyslog log processing software is related to insufficient handling of the format string. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Advanced Open VPN function in the microprogramming software for Wi-Fi routers from ASUS, RT-AX88U, allows a intruder to gain unauthorized access to protected information and execute arbitrary code.
The vulnerability of the Advanced Open VPN function in the microprogramming software for Wi-Fi routers from ASUS, the RT-AX88U, is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected...
ASUS RT-AX56U Formatting String Error Vulnerability
The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U suffers from a format string error vulnerability that stems from a lack of validation of specific values in its setiperf3svr.cgi module, resulting in a format string vulnerability...
CVE-2023-35087
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cmprocessChangedConfigMsg in ccmprocessREQCHANGEDCONFIG function in AiMesh system. An unauthenticated remote attacker can exploit thi...
CVE-2023-33011
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...
PT-2023-3353 · Fortinet · Fortiproxy +2
Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0 through 6.2.14 FortiOS versions 6.0.0 through 6.0.16 FortiProxy versions 7.2.0 through 7.2.4 FortiProxy...
SUSE CVE-2000-0666
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges...
SUSE CVE-2003-0289
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter...
SUSE CVE-2005-1463
Multiple format string vulnerabilities in the 1 DHCP and 2 ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code...
SUSE CVE-2005-2710
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the 1 image handle or 2 timeformat attribute in a RealPix .rp or RealText .rt file...
SUSE CVE-2006-0082
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name...
SUSE CVE-2006-1615
Multiple format string vulnerabilities in the logging code in Clam AntiVirus ClamAV before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized...
SUSE CVE-2006-3628
Multiple format string vulnerabilities in Wireshark aka Ethereal 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the 1 ANSI MAP, 2 Checkpoint FW-1, 3 MQ, 4 XML, and 5 NTP dissectors...
SUSE CVE-2008-0072
Format string vulnerability in the emfmultipartencrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field...
SUSE CVE-2012-5580
Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...