8515 matches found
PT-2024-34173 · Qnap · Qnap Qts +1
Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.1.2930 build 20241025 QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025 Description: A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system...
Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy
FortiOS and FortiProxy Format String Vulnerability to RCE CV...
CVE-2024-46953
CVE-2024-46953 concerns Ghostscript before 10.04.0, where an integer overflow while parsing the output filename format string in base/gsdevice.c can cause path truncation, enabling path traversal and potential code execution. Affected: Ghostscript PS/PDF interpreter, notably ghostpdl-10.04.0 and ...
CVE-2024-46953
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string for the output filename results in path truncation, and possible path traversal and code execution...
curl: Exploitable Format String Vulnerability in curl_mfprintf Function
Vulnerability description not provided...
Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy
CVE-2024-23113 The script is designed to detect CVE-2024-2311...
The vulnerability of the FortiAnalyzer device, a security event monitoring and analysis tool, allows a intruder to execute arbitrary code or commands.
The vulnerability of the FortiAnalyzer security event monitoring and analysis tool, the Fazsvcd module, is related to the use of an uncontrolled format string. Exploiting this vulnerability allows a attacker to execute arbitrary code or commands using specially created requests...
Fortinet FortiWeb ] Format string vulnerability found on multiple paths (FG-IR-20-123)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-123 advisory. - A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the conten...
Fortinet Fortigate Format string vulnerability in command line interpreter (FG-IR-21-235)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-235 advisory. - A format string vulnerability CWE-134 in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC...
[SECURITY] [DLA 3933-1] dmitry security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3933-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk October 22, 2024 https://wiki.debian.org/LTS -...
CVE-2024-9129
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...
CVE-2024-9129 Format String Injection in Zend Server
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...
CVE-2024-9129 Format String Injection in Zend Server
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...
CVE-2024-9129
CVE-2024-9129 affects Zend Server versions 8.5 and earlier than 9.2. The vulnerability is a format string injection in Zend Server. According to the provided metrics, the CVSS 4.0 base score is 9.3 (CRITICAL) with NETWORK attack vector, no privileges required, no user interaction, and impacts to ...
Debian dla-3933 : dmitry - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3933 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3933-1 [email protected]...
CVE-2024-47742
CVE-2024-47742 : Linux kernel firmware_loader path traversal vulnerability. Several code paths construct firmware filenames from device or userspace data (e.g., lpfc_sli4_request_firmware_update, nfp_net_fw_find, module_flash_fw_schedule). The issue arises when dynamic firmware names can include ...
Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy
CVE-2024-23113 The script is designed to detect CVE-2024-2311...
VulnCheck KEV: CVE-2024-23113
Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...
Fortinet Multiple Products Format String Vulnerability
Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...
CVE-2024-45330
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...