Total
339 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7715 | 1 Ghs | 1 Integrity Rtos | 2024-08-04 | N/A |
| An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses. | ||||
| CVE-2019-7228 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2024-08-04 | 8.8 High |
| The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. | ||||
| CVE-2019-7230 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2024-08-04 | 8.8 High |
| The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. | ||||
| CVE-2019-6840 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2024-08-04 | 9.8 Critical |
| A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed. | ||||
| CVE-2019-5143 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-08-04 | 8.8 High |
| An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | ||||
| CVE-2019-1579 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.1 High |
| Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | ||||
| CVE-2020-36619 | 1 Multimon-ng Project | 1 Multimon-ng | 2024-08-04 | 5.5 Medium |
| A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability. | ||||
| CVE-2020-36323 | 3 Fedoraproject, Redhat, Rust-lang | 4 Fedora, Devtools, Enterprise Linux and 1 more | 2024-08-04 | 8.2 High |
| In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. | ||||
| CVE-2020-35869 | 1 Rusqlite Project | 1 Rusqlite | 2024-08-04 | 9.8 Critical |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. | ||||
| CVE-2020-27853 | 1 Wire | 3 Wire, Wire - Audio\, Video\, And Signaling, Wire Secure Messenger | 2024-08-04 | 9.8 Critical |
| Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c. | ||||
| CVE-2020-27523 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2024-08-04 | 7.5 High |
| Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service. | ||||
| CVE-2020-27524 | 1 Audi | 2 A7, Mmi Multiplayer | 2024-08-04 | 7.1 High |
| On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. | ||||
| CVE-2020-16142 | 1 Mercedes-benz | 2 C220, Comand | 2024-08-04 | 3.5 Low |
| On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. | ||||
| CVE-2020-15634 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-08-04 | 6.3 Medium |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755. | ||||
| CVE-2020-15203 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-08-04 | 7.5 High |
| In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | ||||
| CVE-2020-13160 | 3 Anydesk, Freebsd, Linux | 3 Anydesk, Freebsd, Linux Kernel | 2024-08-04 | 9.8 Critical |
| AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | ||||
| CVE-2021-43041 | 1 Kaseya | 1 Unitrends Backup | 2024-08-04 | 8.8 High |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. | ||||
| CVE-2021-42911 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-08-04 | 9.8 Critical |
| A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2021-41193 | 1 Wire | 1 Wire-audio Video Signaling | 2024-08-04 | 9.8 Critical |
| wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds. | ||||
| CVE-2021-37735 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-08-04 | 5.3 Medium |
| A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | ||||