Lucene search
K

224 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.2 views

SUSE CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string...

7.5CVSS7.3AI score0.05569EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.4 views

SUSE CVE-2017-7519

In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library...

4.3CVSS6.8AI score0.00501EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.4 views

SUSE CVE-2018-17336

UDisks 2.8.0 has a format string vulnerability in udiskslog in udiskslogging.c, allowing attackers to obtain sensitive information stack contents, cause a denial of service memory corruption, or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n...

7.1CVSS7.4AI score0.00622EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS8.3AI score0.00657EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2022/12/21 12:0 a.m.4 views

PT-2022-27847 · Sslh · Sslh

Name of the Vulnerable Software and Affected Versions: sslh affected versions not specified Description: A critical issue has been found in the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg info leads to a format string issue. T...

9.8CVSS9.3AI score0.00855EPSS
Exploits0References9
OSV
OSV
added 2022/09/06 2:15 a.m.4 views

CVE-2022-34747

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21AAZF.12C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet...

9.8CVSS6.3AI score0.01539EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/05 12:0 a.m.5 views

PT-2022-4660 · Zyxel · Zyxel Nas326 +2

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 firmware versions prior to V5.21AAZF.12C0 Zyxel NAS540 firmware versions prior to V5.21AAZF.12C0 Zyxel NAS542 firmware versions prior to V5.21AAZF.12C0 Description: A format string vulnerability could allow an attacker to achieve...

9.8CVSS9.6AI score0.01539EPSS
Exploits0References8
OSV
OSV
added 2022/04/22 7:15 a.m.5 views

CVE-2022-26674

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service...

9.8CVSS7.5AI score0.02597EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/03/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-0175

Format string vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated...

8CVSS7.5AI score0.03547EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/11/02 12:0 a.m.8 views

The vulnerability of the RabbitMQ message broker’s web-management plugin, related to insufficient processing of the format string, allows a attacker to trigger a service failure.

The vulnerability of the plugin for the RabbitMQ message broker’s web management system is related to an error in the HTTP header “X-Reason”. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.5CVSS5.8AI score0.04519EPSS
Exploits1References8Affected Software3
Positive Technologies
Positive Technologies
added 2021/07/21 12:0 a.m.10 views

PT-2021-8206 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 versions 1.5.1.3 and earlier DrayTek Vigor 3900 versions 1.5.1.3 and earlier DrayTek Vigor 300B versions 1.5.1.3 and earlier Description: The issue is related to a Format String vulnerability in the mainfunction.cgi file of...

10CVSS7.5AI score0.03302EPSS
Exploits1References6
OSV
OSV
added 2021/06/01 2:15 p.m.2 views

CVE-2021-29740

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the...

7.8CVSS6AI score0.00329EPSS
Exploits0References2
OSV
OSV
added 2021/05/18 2:15 p.m.1 views

DEBIAN-CVE-2021-30145

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

7.8CVSS7.9AI score0.02409EPSS
Exploits1References1
OSV
OSV
added 2021/05/18 2:15 p.m.11 views

UBUNTU-CVE-2021-30145

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

7.8CVSS6.2AI score0.02409EPSS
Exploits1References3
OSV
OSV
added 2021/04/05 10:15 p.m.1 views

DEBIAN-CVE-2021-20307

Format string vulnerability in panoFileOutputNamesCreate in libpano13 2.9.20rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values...

9.8CVSS8.6AI score0.01941EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/06 12:0 a.m.6 views

Fortinet FortiWeb 格式化字符串错误漏洞

FortiWeb is a Web Application Firewall WAF that protects hosted web applications from attacks targeting known and unknown vulnerabilities. A format string vulnerability exists in FortiWeb 6.3.0 - 6.3.5. A remote attacker can exploit this vulnerability to read the contents of memory and retrieve...

8.8CVSS7.3AI score0.02028EPSS
Exploits0References3
OSV
OSV
added 2020/08/20 1:17 a.m.6 views

CVE-2020-15634

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.8410.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads...

6.3CVSS6.9AI score0.01386EPSS
Exploits0References2
Veracode
Veracode
added 2020/04/10 12:42 a.m.19 views

Denial Of Service (DoS)

scsi-target-utils is vulnerable to denial of service. A format string flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending a carefully-crafted Internet Storage Name Service iSNS request, causing the tgtd daemon to crash...

5CVSS3AI score0.03381EPSS
Exploits0References17Affected Software1
Veracode
Veracode
added 2020/04/10 12:34 a.m.29 views

Arbitrary Code Execution

wireshark is vulnerable to arbitrary code execution. The vulnerability exists as a format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark...

10CVSS3.3AI score0.1523EPSS
Exploits2References25Affected Software1
Veracode
Veracode
added 2020/04/10 12:20 a.m.16 views

Arbitrary Code Execution

evolution is vulnerable to arbitrary code execution. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution...

6.8CVSS2.5AI score0.06018EPSS
Exploits0References30Affected Software1
Rows per page
Query Builder