CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8488 matches found

OSV•added 2024/03/12 3:15 p.m.•0 views

CVE-2023-41842

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...

6.7CVSS5.9AI score

Exploits0References1

NVD•added 2024/03/12 3:15 p.m.•13 views

CVE-2023-41842

6.7CVSS6.8AI score0.00074EPSS

Exploits0References1

Cvelist•added 2024/03/12 3:9 p.m.•19 views

CVE-2023-41842

6.7CVSS7AI score0.00074EPSS

Exploits0References1

Positive Technologies•added 2024/03/12 12:0 a.m.•3 views

PT-2024-2113 · Fortinet · Fortiportal +3

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer-BigData before 7.2.5 Fortinet...

6.7CVSS7.6AI score0.00074EPSS

Exploits0References7

Fedora•added 2024/03/07 10:33 p.m.•20 views

[SECURITY] Fedora 40 Update: jFormatString-0-0.49.20131227gitf159b88.fc40

This project is derived from Sun's implementation of java.util.Formatter. It is designed to allow compile time checks as to whether or not a use of a format string will be erroneous when executed at runtime...

8.8CVSS8.3AI score0.45835EPSS

Exploits3

OSV•added 2024/03/06 11:20 a.m.•19 views

BIT-TENSORFLOW-2020-15203 Denial of Service in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

7.5CVSS7.2AI score0.0036EPSS

Exploits1References5

OSV•added 2024/03/06 11:4 a.m.•21 views

BIT-MYSQL-CLIENT-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS8.1AI score0.00057EPSS

Exploits0References7

BDU FSTEC•added 2024/02/29 12:0 a.m.•0 views

The vulnerability of the IPSec VPN microprogramming software for network devices such as ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, and ATP allows a hacker to execute arbitrary code.

The vulnerability of the IPSec VPN microprogramming software for ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, and ATP is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a sequence of specially crafted...

8.1CVSS0.02332EPSS

Exploits0References3

Tenable Nessus•added 2024/02/29 12:0 a.m.•18 views

CentOS 9 : libinput-1.19.3-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libinput-1.19.3-2.el9 build changelog. - fix a format string vulnerability 2076816 CVE-2022-1215 Note that Nessus has not tested for this issue but has instead relied only on the...

7.8CVSS7.3AI score0.00043EPSS

Exploits0References2

NVD•added 2024/02/22 10:15 a.m.•12 views

CVE-2023-29181

A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0....

8.8CVSS8.8AI score0.00363EPSS

Exploits0References1

OSV•added 2024/02/22 10:15 a.m.•1 views

CVE-2023-29181

8.8CVSS5.9AI score

Exploits0References1

CVE•added 2024/02/22 9:40 a.m.•4140 views

CVE-2023-29181

CVE-2023-29181 is a vulnerability caused by a use of an externally-controlled format string (CWE-134) in Fortinet products, including FortiOS, FortiProxy, and FortiPAM, across multiple versions (FortiOS 7.x/6.x, FortiProxy, FortiPAM) that allows a remote attacker to execute arbitrary code or comm...

8.8CVSS8.8AI score0.00363EPSS

Exploits0References1Affected Software1

OSV•added 2024/02/21 12:4 a.m.•9 views

GHSA-Q3GG-M8HR-H4X4 Externally Controlled Format String in Scripting Functions

The rquickjs crate used by SurrealDB implements Rust bindings to the QuickJS C library and is used to execute SurrealDB scripting functions. The rquickjs function Exception::throwtype takes a string and returns an error object. Prior to version 0.4.2 of the crate, this string would be fed directl...

8.5CVSS8AI score

Exploits0References4

Github Security Blog•added 2024/02/21 12:4 a.m.•11 views

Externally Controlled Format String in Scripting Functions

8AI score

Exploits0References4Affected Software1

NVD•added 2024/02/20 3:15 a.m.•10 views

CVE-2023-6764

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, and USG20W-VPN series...

8.1CVSS8.3AI score0.02332EPSS

Exploits0References1

OSV•added 2024/02/20 3:15 a.m.•2 views

CVE-2023-6764

8.1CVSS6.3AI score

Exploits0References1

Prion•added 2024/02/20 3:15 a.m.•13 views

Format string

5.1CVSS8.1AI score0.02332EPSS

Exploits0References1

OSV•added 2024/02/20 2:15 a.m.•2 views

CVE-2023-6399

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...

6.5CVSS5.8AI score0.00306EPSS

Exploits0References1

NVD•added 2024/02/20 2:15 a.m.•11 views

CVE-2023-6399

6.5CVSS5.4AI score0.00306EPSS

Exploits0References1