Lucene search
K

224 matches found

OSV
OSV
added 2024/08/02 11:8 a.m.2 views

OESA-2024-1930 mpv security update

Mpv is a movie player based on MPlayer and mplayer2. It supports a wide variety of video file formats, audio and video codecs, and subtitle types. Special input URL types are available to read input from a variety of sources other than disk files. Depending on platform, a variety of different vid...

7.8CVSS7.6AI score0.02409EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.13 views

RHEL 6 : libproxy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libproxy: format string flaw in bin/proxy CVE-2012-5580 Note that Nessus has not tested for this issue but has...

7.5CVSS6.5AI score0.03125EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 6 : a2ps (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - a2ps: outputfile format string flaw CVE-2015-8107 - The fixps script in a2ps 4.14 does not use the -dSAFE...

7.8CVSS8.2AI score0.0286EPSS
Exploits1References2
OSV
OSV
added 2024/04/09 3:15 p.m.3 views

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

6.7CVSS6AI score0.00771EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/02/29 12:0 a.m.9 views

The vulnerability of the IPSec VPN microprogramming software for network devices such as ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, and ATP allows a hacker to execute arbitrary code.

The vulnerability of the IPSec VPN microprogramming software for ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, and ATP is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a sequence of specially crafted...

8.1CVSS7.9AI score0.00889EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/14 12:0 a.m.7 views

The vulnerabilities of the input/output modules in the Rsyslog software utility for logging processing allow a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the input/output modules of the Rsyslog log processing software is related to insufficient handling of the format string. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

10CVSS7.8AI score0.02834EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/09/21 12:0 a.m.8 views

The vulnerability of the Advanced Open VPN function in the microprogramming software for Wi-Fi routers from ASUS, RT-AX88U, allows a intruder to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the Advanced Open VPN function in the microprogramming software for Wi-Fi routers from ASUS, the RT-AX88U, is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected...

9CVSS7.9AI score0.00645EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/09/07 12:0 a.m.8 views

ASUS RT-AX56U Formatting String Error Vulnerability

The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U suffers from a format string error vulnerability that stems from a lack of validation of specific values in its setiperf3svr.cgi module, resulting in a format string vulnerability...

7.2CVSS6.8AI score0.01187EPSS
Exploits0References2
OSV
OSV
added 2023/07/21 8:15 a.m.4 views

CVE-2023-35087

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cmprocessChangedConfigMsg in ccmprocessREQCHANGEDCONFIG function in AiMesh system. An unauthenticated remote attacker can exploit thi...

9.8CVSS6AI score0.01059EPSS
Exploits0References1
OSV
OSV
added 2023/07/17 6:15 p.m.3 views

CVE-2023-33011

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...

8.8CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.3 views

PT-2023-3353 · Fortinet · Fortiproxy +2

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0 through 6.2.14 FortiOS versions 6.0.0 through 6.0.16 FortiProxy versions 7.2.0 through 7.2.4 FortiProxy...

9CVSS7.9AI score0.00724EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 6:22 a.m.7 views

SUSE CVE-2000-0666

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges...

10CVSS7.3AI score0.26322EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2003-0289

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter...

7.2CVSS7.1AI score0.01059EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.5 views

SUSE CVE-2005-1463

Multiple format string vulnerabilities in the 1 DHCP and 2 ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code...

7.5CVSS7.7AI score0.03473EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.3 views

SUSE CVE-2005-2710

Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the 1 image handle or 2 timeformat attribute in a RealPix .rp or RealText .rt file...

5.1CVSS8AI score0.13181EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2006-0082

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name...

5.1CVSS7.6AI score0.04344EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.2 views

SUSE CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus ClamAV before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized...

10CVSS7.8AI score0.11352EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.5 views

SUSE CVE-2006-3628

Multiple format string vulnerabilities in Wireshark aka Ethereal 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the 1 ANSI MAP, 2 Checkpoint FW-1, 3 MQ, 4 XML, and 5 NTP dissectors...

10CVSS8AI score0.05931EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2008-0072

Format string vulnerability in the emfmultipartencrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field...

6.8CVSS7.9AI score0.06018EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.5 views

SUSE CVE-2012-5580

Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...

7.5CVSS7.5AI score0.03125EPSS
Exploits1References3
Rows per page
Query Builder