CVE-2018-17878

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf function...

CVE-2025-1370

A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to be approached...

MicroWorld eScan Antivirus 安全漏洞

MicroWorld eScan Antivirus is an antivirus software from MicroWorld, Inc. A security vulnerability exists in MicroWorld eScan Antivirus version 7.0.32, which originates from a buffer overflow in the sprintf function of the USB Password Handler component...

PT-2025-6897 · Microworld · Microword Escan Antivirus

Name of the Vulnerable Software and Affected Versions: MicroWord eScan Antivirus version 7.0.32 Description: A critical issue has been discovered affecting the sprintf function of the USB Password Handler component. This issue leads to a buffer overflow. The attack must be approached locally,...

CVE-2024-50180

In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains...

CVE-2024-50180

In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains...

CVE-2024-50180

Technical details about CVE-2024-50180 are not publicly provided in the connected documents. Please monitor official updates and vendor advisories for the affected Linux kernel components and remediation guidance.

CVE-2024-50180 fbdev: sisfb: Fix strbuf array overflow

In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains...

CVE-2024-50074 parport: Proper fix for array out-of-bounds access

In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf calls blindly with snprintf. However, since snprintf returns the would-be-printed size, not the actually output...

BIT-PYTHON-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

kernel: scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

kernel: scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

CVE-2024-8210 D-Link DNS-1550-04 hd_config.cgi sprintf command injection

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This...

CVE-2024-8210 D-Link DNS-1550-04 hd_config.cgi sprintf command injection

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This...

CVE-2024-8210

The CVE-2024-8210 issue affects a broad set of D-Link NAS products (DNS-120, DNR-202L, DNS-315L, DNS-320/DNS-320L/DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04) up to 2024-08-14. The vulnerab...

D-Link多款产品 命令注入漏洞

D-Link DNS-320 and others are products of China-based AUO D-Link.D-Link DNS-320 is a NAS Network Attached Storage device.D-Link DNS-120 is a network storage adapter.D-Link DNS-315L is a network attached storage. A command injection vulnerability exists in various D-Link products. The vulnerabilit...

CVE-2024-43839

A vulnerability was found in the Linux kernel involving insufficient buffer size in the bnatcb and bnaccb structures. The buffer, named name, was originally 16 bytes, which was inadequate for all possible sprintf arguments, especially when handling %s and %d specifiers. This limitation could...

CVE-2024-43839

In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bnatcb and bnaccb structures To have enough space to write all possible sprintf args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since...

CVE-2024-43839

In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bnatcb and bnaccb structures To have enough space to write all possible sprintf args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since...

CVE-2024-43839

CVE-2024-43839 : Linux kernel vulnerability fixed by increasing the internal name buffer in bna_tcb and bna_ccb from 16 to accommodate longer sprintf arguments, and replacing sprintf with snprintf. The change accounts for bnad->netdev->name and expected expansions for %d specifiers, using B...