EUVD-2019-16394

Malware in sbrugna...

CVE-2019-6840

A Format String: CWE-134 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to send a crafted messa...

CVE-2023-4856

The CVE-2023-4856 entry concerns a format-string vulnerability in Lenovo SMM/SMM2 and FPC. An authenticated user could trigger execution of arbitrary commands via a specific API endpoint, due to improper handling of format strings in the affected components. The connected Red Hat, NVD, CVE lists ...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

CVE-2023-41842

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...

Format string

A use of externally-controlled format string vulnerability CWE-134 in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData...

CVE-2023-41842

CVE-2023-41842 is a CWE-134 externally-controlled format string vulnerability affecting Fortinet FortiManager, FortiAnalyzer, FortiAnalyzer-BigData, and FortiPortal. Concrete details from connected docs: FortiManager versions 7.2.0–7.2.3 and 7.4.0–7.4.1 (and before 7.0.10) are affected; FortiAnal...

CVE-2023-41842

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...

PT-2024-2113 · Fortinet · Fortiportal +3

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer-BigData before 7.2.5 Fortinet...

Siemens SCALANCE W1750D Improper Limitation of a Pathname to a Restricted Directory (CVE-2021-37735)

A remote denial of service vulnerability was discovered in Aruba Instant versions: Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant IAP that address this security...

FortiWeb - format string vulnerability in the CLI

A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

While following up our previous work on F5's BIG-IP devices, Rapid7 found an additional vulnerability in the appliance-mode REST interface; the vulnerability was assigned CVE-2023-22374. We reported it to F5 on December 6, 2022, and are now disclosing it in accordance with our vulnerability...

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect format string injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1585 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35885,CVE-2022-35886,CVE-2022-35884,CVE-2022-35887 SUMMARY Four format string injection...

Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1583 Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35879,CVE-2022-35878,CVE-2022-35881,CVE-2022-35880 SUMMARY Four format string injection vulnerabilities exist in th...

Baxter Sigma Spectrum Infusion Pump (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A part 1 of 3 --------- CVSS v3 7.5 --------- End Update A part 1 of 3 --------- ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Sigma and Baxter Spectrum Infusion Pumps Vulnerabilities: Missing Encryption of Sensitive Data, Use of Externally...

CVE-2022-22299

A format string vulnerability CWE-134 in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 throu...

CVE-2022-22299

CVE-2022-22299 is a format-string vulnerability (CWE-134) affecting the CLI interpreters of FortiADC, FortiProxy, FortiOS, and FortiMail. Affected ranges include FortiADC 6.0.0–6.2.1; FortiProxy 1.0.0–2.0.7 and 7.0.0–7.0.1; FortiOS 6.0.0–6.4.8 and 7.0.0–7.0.2; FortiMail 6.4.0–7.0.2. The issue ari...

Format string

A Format String: CWE-134 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to send a crafted messa...

CVE-2019-6840

A Format String: CWE-134 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to send a crafted messa...

CVE-2019-6840

CVE-2019-6840 is a Format String (CWE-134) vulnerability affecting Schneider Electric U.motion Server family (including MEG6501-0001, MEG6501-0002, MEG6260-0410, MEG6260-0415, plus Touch 10/15 variants). The issue allows an attacker to send a crafted message to the target server, potentially lead...