CVE-2022-43928

The IBM Toolbox for Java Db2 Mirror for i 7.4 and 7.5 could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memor...

CVE-2019-15547

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled...

CVE-2019-13177

verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...

CVE-2012-0824

gnusound 0.7.5 has format string issue...

CVE-2025-24199

CVE-2025-24199 describes an uncontrolled format string issue in macOS components that is fixed by Apple in macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. The root cause relates to insufficient input validation, with the public description noting that an application may be able...

CVE-2025-30208 Vite bypasses server.fs.deny when using `?raw??`

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

CVE-2024-45324

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0...

CVE-2024-23937 Silicon Labs Gecko OS Debug Interface Format String

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper...

Unspecified Vulnerability in SonicWall SonicOS (CNVD-2025-01661)

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS, which stems from a format string issue that can be exploited by an authenticated, remote attacker to crash the firewall and...

CVE-2024-12805

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...

UBUNTU-CVE-2024-34403

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string...

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

Format string

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

CVE-2023-24590

CVE-2023-24590 describes a format-string vulnerability in Gallagher Controller 6000’s optional diagnostic web interface. The issue allows write/read access to memory and can crash the device, potentially causing a Denial of Service. Affected are Gallagher Controller 6000 versions 8.60 prior to vC...

Format string

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437B20230519. This affects the function Validitycheck. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the...

PT-2023-33288 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.24 through 5.10.158 Description: The issue is related to a NULL string after live migration in xen-netfront. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

SUSE-SU-2023:0073-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string bsc1206958...

SUSE-SU-2023:0072-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string bsc1206958...

PT-2023-11813 · Unknown · Intgr Uqm-Wasm

Name of the Vulnerable Software and Affected Versions: intgr uqm-wasm affected versions not specified Description: A critical vulnerability was found in intgr uqm-wasm, affecting the function log displayBox in the library sc2/src/libs/log/msgbox macosx.m. The manipulation leads to a format string...

PT-2022-9015 · Unknown +2 · Multimon-Ng +2

Name of the Vulnerable Software and Affected Versions: multimon-ng versions prior to 1.2.0 Description: A critical issue affects the function add ch of the file demod flex.c. The manipulation of the argument ch leads to a format string issue. Recommendations: For versions prior to 1.2.0, upgrade ...