Format string

A format string vulnerability in the PAN-OS log daemon logd on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affect...

CVE-2020-1979

The CVE-2020-1979 entry describes a format-string vulnerability in Palo Alto Networks PAN-OS log daemon (logd) on Panorama. Affected are PAN-OS 8.1.x versions before 8.1.13; PAN-OS 7.1, 9.0, and later are not affected. An authenticated, local attacker with access to Panorama management interfaces...

PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation

A format string vulnerability in the PAN-OS log daemon logd on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affect...

The vulnerability of the Cisco Discovery protocol implementation in the Cisco IOS XR operating system allows a perpetrator to execute arbitrary code or trigger a reboot of the vulnerable device.

The vulnerability of the Cisco Discovery protocol implementation in the Cisco IOS XR operating system is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a restart of the vulnerable device remotely...

Debian: Security Advisory (DLA-2131-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2131-1] rrdtool security update

Package : rrdtool Version : 1.4.8-1.2+deb8u1 CVE ID : CVE-2014-6262 Multiple format string vulnerabilities in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argume...

CVE-2019-5143

An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...

CVE-2019-5143

An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...

Format string

An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...

CVE-2019-5143

An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...

CVE-2019-5143

The CVE-2019-5143 issue affects Moxa AWK-3131A firmware v1.13. It is a classic buffer overflow (CWE-120) in iw_console conio_writestr that occurs when a time-server entry is crafted; this can overflow the time server buffer and enable remote code execution. Exploitation requires authentication as...

Moxa AWK-3131A iw_console conio_writestr Remote Code Execution Vulnerability

Summary An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send...

FlightGear flightgear/src/Environment/fgclouds.cxx Cloud Name Handling Remote Format String

FlightGear contains a format string flaw in flightgear/src/Environment/fgclouds.cxx. The issue is triggered as format string specifiers e.g. %s and %x are not properly sanitized in user-supplied input during the handling of a specially crafted cloud name. This may allow a remote attacker to cause...

DEBIAN-CVE-2014-6262

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...

UBUNTU-CVE-2014-6262

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...

CVE-2014-6262

CVE-2014-6262 describes multiple format string vulnerabilities in the Python RRDtool module used by Zenoss Core (before 4.2.5) and other products. An attacker can exploit a crafted third argument to rrdtool.graph to execute arbitrary code or cause an application crash (DoS). Related to CVE-2013-2...

CVE-2014-6262

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issue...

CVE-2020-3118 Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution

Overview Cisco Discovery Protocol CDP is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras CVE-2020-3110, stack overflow...