CWE:
 

Topic
Date
Author
Med.
Slurp 1.10.2 Format String
15.02.2022
Milad Karimi
High
ABB IDAL HTTP Server Uncontrolled Format String
25.06.2019
Eldar Marcussen
High
Claymore Dual GPU Miner 10.5 Format String
03.02.2018
res1n
Med.
nsd Format String
18.12.2017
bashis
Low
OpenSSH 6.8 Insecure Functions
04.04.2015
NicholasL
Med.
War FTP Daemon Format String DoS (LIST command)
01.04.2014
corelanc0d3r
High
Tftpd32 Client Side Format String
04.12.2013
Fara Rustein
High
Flightgear 2.0 / 2.4 Format String
09.05.2013
Kurono
High
Polycom H.323 Format String
16.03.2013
Moritz Jodeit
High
VMWare OVF Tools Format String
07.02.2013
Juan vazquez
High
EMC NetWorker Format String
01.09.2012
Aaron Portnoy
High
XM Easy Personal FTP Server 5.30 Format String
15.06.2012
mr_me
High
ComSndFTP 1.3.7 Beta Format String Overflow
09.06.2012
Dark2S Security Team/H...
High
sudo 1.8.3p1 Format String
31.01.2012
Phenoelit Group
High
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
07.04.2011
Luigi Auriemma
High
rpc.pcnfsd Remote Format String Exploit
21.07.2010
Rodrigo Rubira Branco
High
HP OpenView Network Node Manager Arbitrary Code
24.05.2010
HP
Low
Ipswitch WS_FTP 12 Professional Remote Format String
23.04.2010
AKA
High
aria2 upstream 1.6.1 remote Denial of Service
22.10.2009
Jan Lieskovsky
Med.
VMware Authorization Service <= 2.5.3 (vmware-authd.exe) Format String DoS
16.10.2009
shinnai
Med.
Regular Expression Denial of Service
23.09.2009
Alex Roichman
High
i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC
27.08.2009
grTs;SiD.psycho
High
Vietcong 2 Format String
25.08.2009
null
Med.
MySQL <= 5.0.45 post auth format string vulnerability
10.07.2009
Kingcope
High
Format String Vulnerability: FortiClient Version 3
11.04.2009
dh layereddefense com
High
Wireshark <= 1.0.6 PN-DCP Format String Exploit PoC
03.04.2009
THCX
Med.
GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access
28.03.2009
trotzkista
High
Xitami Web Server v2.5c2 LRWP Processing Format String PoC
26.03.2009
bratax
High
BMC PatrolAgent Version Logging Format String Vulnerability
31.01.2009
Anonymous
High
WS_FTP Home/Professional FTP Client Remote Format String PoC
22.08.2008
securfrog
High
Format string vulnerability in 5th street
12.07.2008
Nam Nguyen


CVEMAP Search Results

CVE
Details
Description
2022-08-04
Waiting for details
CVE-2022-2652

Updating...
 

 
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

 
2022-06-02
Medium
CVE-2022-1215

Vendor: Freedesktop
Software: Libinput
 

 
A format string vulnerability was found in libinput

 
2022-03-29
Medium
CVE-2021-42911

Updating...
 

 
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.

 
2022-03-01
Medium
CVE-2021-41193

Vendor: WIRE
Software: Wire-audio v...
 

 
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.

 
2022-02-18
Waiting for details
CVE-2022-24051

Updating...
 

 
This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.

 
2021-12-06
Medium
CVE-2021-43041

Vendor: Kaseya
Software: Unitrends backup
 

 
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.

 
2021-10-12
Medium
CVE-2021-37735

Vendor: Arubanetworks
Software: Aruba instant
 

 
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

 
2021-09-09
Medium
CVE-2021-36161

Vendor: Apache
Software: Dubbo
 

 
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13

 
2021-07-05
Medium
CVE-2021-35331

Vendor: TCL
Software: TCL
 

 
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding.

 
2021-06-25
Medium
CVE-2021-33535

Updating...
 

 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top