Total
339 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35331 | 1 Tcl | 1 Tcl | 2024-08-04 | 7.8 High |
| In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding | ||||
| CVE-2021-36161 | 1 Apache | 1 Dubbo | 2024-08-04 | 9.8 Critical |
| Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13 | ||||
| CVE-2021-34970 | 2024-08-04 | N/A | ||
| Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the print method. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14849. | ||||
| CVE-2021-33886 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2024-08-04 | 8.1 High |
| An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device. | ||||
| CVE-2021-32785 | 4 Apache, Debian, Netapp and 1 more | 4 Http Server, Debian Linux, Cloud Backup and 1 more | 2024-08-03 | 5.3 Medium |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. | ||||
| CVE-2021-30145 | 1 Mpv | 1 Mpv | 2024-08-03 | 7.8 High |
| A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. | ||||
| CVE-2021-28846 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2024-08-03 | 6.5 Medium |
| A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body. | ||||
| CVE-2021-25489 | 2 Google, Samsung | 2 Android, Exynos | 2024-08-03 | 3.3 Low |
| Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | ||||
| CVE-2021-20307 | 3 Debian, Fedoraproject, Libpano13 Project | 3 Debian Linux, Fedora, Libpano13 | 2024-08-03 | 9.8 Critical |
| Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | ||||
| CVE-2021-3442 | 1 Redhat | 2 3scale Amp, Openshift Api Management | 2024-08-03 | 5.4 Medium |
| A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2022-43869 | 2 Ibm, Linux | 3 Elastic Storage System, Spectrum Scale, Linux Kernel | 2024-08-03 | 6.5 Medium |
| IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539. | ||||
| CVE-2022-43619 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2024-08-03 | 6.8 Medium |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of ConfigFileUpload requests to the web management portal. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16141. | ||||
| CVE-2022-40604 | 1 Apache | 1 Airflow | 2024-08-03 | 7.5 High |
| In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. | ||||
| CVE-2022-34747 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-08-03 | 9.8 Critical |
| A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. | ||||
| CVE-2022-31753 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-03 | 7.5 High |
| The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. | ||||
| CVE-2022-27177 | 1 Netflix | 1 Consoleme | 2024-08-03 | 9.8 Critical |
| A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 | ||||
| CVE-2022-24051 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.8 High |
| MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. | ||||
| CVE-2022-4639 | 1 Sslh Project | 1 Sslh | 2024-08-03 | 5.6 Medium |
| A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability. | ||||
| CVE-2022-3724 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2024-08-03 | 6.3 Medium |
| Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows | ||||
| CVE-2022-3023 | 1 Pingcap | 1 Tidb | 2024-08-03 | 9.8 Critical |
| Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. | ||||