Fortinet Fortigate Format String Bug in Fclicense daemon (FG-IR-23-119)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-119 advisory. - A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through...

Protect

A format string vulnerability CWE-134 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

Protect

A use of externally-controlled format string vulnerability CWE-134 in the Fclicense daemon of FortiOS may allow a remote authenticated attacker to execute arbitrary code or commands via specially crafted requests...

PT-2023-3353 · Fortinet · Fortiproxy +2

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0 through 6.2.14 FortiOS versions 6.0.0 through 6.0.16 FortiProxy versions 7.2.0 through 7.2.4 FortiProxy...

The vulnerability of the executable file GTWWebMonitor.exe in the SCADA system SCADA Data Gateway allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the GTWWebMonitor.exe executable in the SCADA system SCADA Data Gateway is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to cause service interruptions or execute arbitrary code by sending specially crafted...

The vulnerability of FortiWeb web applications’ network firewalls, related to the use of an uncontrolled format string, allows attackers to execute arbitrary code.

The vulnerability of FortiWeb web applications’ network firewalls is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a hacker to execute arbitrary code...

CVE-2023-2186

On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string...

Format string

On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string...

CVE-2023-2186

CVE-2023-2186 affects Triangle MicroWorks SCADA Data Gateway

Triangle MicroWorks SCADA Data Gateway 格式化字符串错误漏洞

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. A formatting string error vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which can be exploited by an attacker to execute arbitrary code and gain host privileges...

PT-2023-3606 · Zyxel · Zyxel Usg Flex Series +4

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 5.10 through 5.36 Patch 2 Zyxel USG FLEX series versions 5.00 through 5.36 Patch 2 Zyxel USG FLEX 50W series versions 5.10 through 5.36 Patch 2 Zyxel USG20W-VPN series versions 5.10 through 5.36 Patch 2 Zyxel VPN...

The vulnerability of the Zyxel NBG-418N v2 Wi-Fi router’s microprogramming software, related to the use of uncontrolled format strings, allows a hacker to trigger a service failure.

The vulnerability of the microprogrammed Wi-Fi router Zyxel NBG-418N v2 lies in the use of uncontrolled format strings when processing binary files. Exploiting this vulnerability allows a remote attacker to cause service interruptions by sending specially crafted packets...

Huawei EulerOS: Security Advisory for tcl (EulerOS-SA-2023-1728)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : tcl (EulerOS-SA-2023-1728)

According to the versions of the tcl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parti...

CVE-2023-21497

Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address...

Format string

Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address...

CVE-2023-21497

CVE-2023-21497 affects the mPOS TUI trustlet (Samsung devices) prior to SMR May-2023 Release 1. It arises from an externally-controlled format string vulnerability that could allow a local attacker to access memory addresses. Affected component: mPOS TUI trustlet; root cause: format string handli...

CVE-2023-21497

Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address...

PT-2023-18251 · Unknown · Mpos Tui Trustlet

Name of the Vulnerable Software and Affected Versions: mPOS TUI trustlet versions prior to SMR May-2023 Release 1 Description: The issue allows local attackers to access the memory address due to the use of an externally-controlled format string vulnerability in the mPOS TUI trustlet...

CVE-2023-22923

A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.14C0 could allow a remote authenticated attacker to cause denial-of-service DoS conditions on an affected device...