CVE-2025-46121

The CVE-2025-46121 affects CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139. The flaw arises in stamgr_cfg_adpt_addStaFavourite and stamgr_cfg_adpt_addStaIot that pass a client hostname directly to snprintf as the format string, enabling unauthenticated format-string process...

CVE-2025-46121

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions stamgrcfgadptaddStaFavourite and stamgrcfgadptaddStaIot pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sendin...

CVE-2025-46123

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint /admin/conf.jsp writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied...

PT-2025-30285 · Commscope · Ruckus Unleashed +1

Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 Description: An issue exists where the authenticated configuration endpoint /admin/ conf.jsp writes t...

CVE-2025-46123

CVE-2025-46123 affects CommScope Ruckus Unleashed (versions before 200.15.6.212.14 and 200.17.7.0.139) and Ruckus ZoneDirector (before 10.5.1.0.279). The issue arises from an authenticated configuration endpoint (/admin/_conf.jsp) that writes the Wi‑Fi guest password to memory using snprintf with...

CVE-2025-22482

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

CVE-2025-22482

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

CVE-2025-22482

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

CVE-2025-22482 Qsync Central

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

CVE-2025-22482

CVE-2025-22482 affects QNAP Qsync Central. A use of externally-controlled format string vulnerability could allow remote attackers who gain user access to obtain secret data or modify memory. The affected product is Qsync Central; vulnerable component is the formatting operation exposed to extern...

PT-2025-24293 · Qnap · Qsync Central

Name of the Vulnerable Software and Affected Versions: Qsync Central versions prior to 4.5.0.6 Description: A use of externally-controlled format string vulnerability has been reported. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data ...

CVE-2024-9129

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

CVE-2024-50399

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

CVE-2024-50403

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

CVE-2024-50396

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QT...

CVE-2024-31837

DMitry Deepmagic Information Gathering Tool 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938...

CVE-2023-37239

Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program...

CVE-2023-36640

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0...

CVE-2023-45583

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13,...