CVE-2023-33011

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...

CVE-2023-2186

On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string...

CVE-2022-43869

IBM Spectrum Scale 5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1 and IBM Elastic Storage System 6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1 could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539...

CVE-2022-3023

Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3...

CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

CVE-2021-30145

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

CVE-2021-43041

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application...

CVE-2020-13160

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution...

CVE-2010-1376

Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service application crash via format string specifiers in a 1 afp, 2 cifs, or 3 smb URL...

CVE-2019-15547

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled...

CVE-2019-6840

A Format String: CWE-134 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to send a crafted messa...

CVE-2019-14410

Maketext in cPanel before 78.0.2 allows format-string injection in the Email storefilter UAPI SEC-472...

CVE-2019-15546

An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...

CVE-2019-7715

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf. Setting this variable using the sysvar command results in a...

CVE-2017-9212

The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name...

CVE-2018-14713

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter...

CVE-2012-0824

gnusound 0.7.5 has format string issue...

CVE-2016-10773

cPanel before 60.0.25 allows format-string injection in exception-message handling SEC-171...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2010-4235

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...