8515 matches found
CVE-2022-35886
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...
CVE-2022-35244
A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...
CVE-2019-5143
An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...
CVE-2020-15203
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...
CVE-2024-23937 Silicon Labs Gecko OS Debug Interface Format String
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper...
Silicon Labs Gecko OS 安全漏洞
Silicon Labs Gecko OS is a highly optimized and feature-rich operating system for the Internet of Things from Silicon Labs, USA. A security vulnerability exists in Silicon Labs Gecko OS that stems from a missing debug interface format string validation...
The vulnerability of the QuTS operating systems and QTS network devices allows unauthorized access to protected information with root privileges, due to insufficient handling of format lines.
The vulnerability of the QuTS operating systems and QTS network devices involves insufficient handling of the format string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information with root privileges...
The vulnerability of the QuTS operating systems and QTS network devices allows unauthorized access to protected information with root privileges, due to insufficient handling of format lines.
The vulnerability of the QuTS operating systems and QTS network devices involves insufficient handling of the format string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information with root privileges...
Unspecified Vulnerability in SonicWall SonicOS (CNVD-2025-01661)
SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS, which stems from a format string issue that can be exploited by an authenticated, remote attacker to crash the firewall and...
CVE-2024-12805
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...
CVE-2024-12805
CVE-2024-12805 is a post-authentication format-string vulnerability in SonicOS management affecting SonicWall SonicOS devices. The issue, described in connected sources as a format string flaw, can allow a remote, authenticated attacker to crash the firewall and potentially achieve code execution...
CVE-2024-12805
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...
CVE-2024-12805
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...
SonicWALL SonicOS 安全漏洞
SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS, which stems from a format string issue that can be exploited by an authenticated, remote attacker to crash the firewall and...
SonicOS Multiple Post-authentication Vulnerabilities
1 CVE-2024-12803 - SonicOS Post-authentication Stack-based buffer overflow vulnerabilityA post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. CVSS Score: 6.0 CVSS Vector:...
The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.
The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software system involves the use of uncontrolled format strings. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
Important: ghostscript
Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...
Important: ghostscript
Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...
Important: ghostscript
Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...
Advisory ROSA-SA-2024-2541
software: tcl 8.6.13 WASP: ROSA-CHROME packageevrstring: tcl-8.6.13-1 CVE-ID: CVE-2021-35331 BDU-ID: 2022-01774 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nmakehlp.c component of the Tcl programming language is related to insufficient format string handling. Exploitation of the...