8515 matches found
Lenovo SMM/SMM2/FPC 安全漏洞
Lenovo SMM/SMM2/FPC is an application from Lenovo China. A security vulnerability exists in Lenovo SMM/SMM2/FPC that stems from a format string vulnerability. An attacker can use this vulnerability to execute arbitrary commands on specific API endpoints...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
PT-2024-3562 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.4.1 and below FortiOS versions 7.2.7 and below FortiOS versions 7.0.14 and below FortiOS versions 6.4.15 and below Description: A use of externally-controlled format string vulnerability in FortiOS command line interface ma...
The vulnerability of the software for centralized device management in Fortinet’s FortiManager, the security event monitoring and analysis tools FortiAnalyzer, FortiAnalyzer-BigData, and the security analytics and management tool FortiPortal, arises due to the use of an uncontrolled format string. This allows a malicious individual to execute arbitrary codes or commands.
The vulnerability of the software for centralized device management in Fortinet’s FortiManager, the security event monitoring and analysis tool FortiAnalyzer, FortiAnalyzer-BigData, and the security analytics and management tool FortiPortal is related to the use of an uncontrolled format string...
CVE-2023-41842
A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...
CVE-2023-41842
A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...
CVE-2023-41842
A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...
PT-2024-2113 · Fortinet · Fortiportal +3
Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer-BigData before 7.2.5 Fortinet...
[SECURITY] Fedora 40 Update: jFormatString-0-0.49.20131227gitf159b88.fc40
This project is derived from Sun's implementation of java.util.Formatter. It is designed to allow compile time checks as to whether or not a use of a format string will be erroneous when executed at runtime...
BIT-TENSORFLOW-2020-15203 Denial of Service in Tensorflow
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...
BIT-MYSQL-CLIENT-2022-24051
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...
The vulnerability of the IPSec VPN microprogramming software for network devices such as ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, and ATP allows a hacker to execute arbitrary code.
The vulnerability of the IPSec VPN microprogramming software for ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, and ATP is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a sequence of specially crafted...
CentOS 9 : libinput-1.19.3-2.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libinput-1.19.3-2.el9 build changelog. - fix a format string vulnerability 2076816 CVE-2022-1215 Note that Nessus has not tested for this issue but has instead relied only on the...
CVE-2023-29181
A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0....
CVE-2023-29181
A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0....
CVE-2023-29181
CVE-2023-29181 is a vulnerability caused by a use of an externally-controlled format string (CWE-134) in Fortinet products, including FortiOS, FortiProxy, and FortiPAM, across multiple versions (FortiOS 7.x/6.x, FortiProxy, FortiPAM) that allows a remote attacker to execute arbitrary code or comm...
GHSA-Q3GG-M8HR-H4X4 Externally Controlled Format String in Scripting Functions
The rquickjs crate used by SurrealDB implements Rust bindings to the QuickJS C library and is used to execute SurrealDB scripting functions. The rquickjs function Exception::throwtype takes a string and returns an error object. Prior to version 0.4.2 of the crate, this string would be fed directl...