CWE:
 

Topic
Date
Author
High
Claymore Dual GPU Miner 10.5 Format String
03.02.2018
res1n
Med.
nsd Format String
18.12.2017
bashis
Low
OpenSSH 6.8 Insecure Functions
04.04.2015
Nicholas Lemonias
Med.
War FTP Daemon Format String DoS (LIST command)
01.04.2014
corelanc0d3r
High
Tftpd32 Client Side Format String
04.12.2013
Fara Rustein
High
Flightgear 2.0 / 2.4 Format String
09.05.2013
Kurono
High
Polycom H.323 Format String
16.03.2013
Moritz Jodeit
High
VMWare OVF Tools Format String
07.02.2013
Juan vazquez
High
EMC NetWorker Format String
01.09.2012
Aaron Portnoy
High
XM Easy Personal FTP Server 5.30 Format String
15.06.2012
mr_me
High
ComSndFTP 1.3.7 Beta Format String Overflow
09.06.2012
Dark2S Security Team/H...
High
sudo 1.8.3p1 Format String
31.01.2012
Phenoelit Group
High
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
07.04.2011
Luigi Auriemma
High
rpc.pcnfsd Remote Format String Exploit
21.07.2010
Rodrigo Rubira Branco
High
HP OpenView Network Node Manager Arbitrary Code
24.05.2010
HP
Low
Ipswitch WS_FTP 12 Professional Remote Format String
23.04.2010
AKA
High
aria2 upstream 1.6.1 remote Denial of Service
22.10.2009
Jan Lieskovsky
Med.
VMware Authorization Service <= 2.5.3 (vmware-authd.exe) Format String DoS
16.10.2009
shinnai
Med.
Regular Expression Denial of Service
23.09.2009
Alex Roichman
High
i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC
27.08.2009
grTs;SiD.psycho
High
Vietcong 2 Format String
25.08.2009
null
Med.
MySQL <= 5.0.45 post auth format string vulnerability
10.07.2009
Kingcope
High
Format String Vulnerability: FortiClient Version 3
11.04.2009
dh layereddefense com
High
Wireshark <= 1.0.6 PN-DCP Format String Exploit PoC
03.04.2009
THCX
Med.
GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access
28.03.2009
trotzkista
High
Xitami Web Server v2.5c2 LRWP Processing Format String PoC
26.03.2009
bratax
High
BMC PatrolAgent Version Logging Format String Vulnerability
31.01.2009
Anonymous
High
WS_FTP Home/Professional FTP Client Remote Format String PoC
22.08.2008
securfrog
High
Format string vulnerability in 5th street
12.07.2008
Nam Nguyen


CVEMAP Search Results

CVE
Details
Description
2019-05-13
Medium
CVE-2018-14713

Vendor: ASUS
Software: Rt-ac3200 fi...
 

 
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.

 
2019-04-08
Medium
CVE-2016-10745

Updating...
 

 
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

 
2019-03-25
Medium
CVE-2019-7715

Vendor: GHS
Software: Integrity rtos
 

 
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.

 
2019-02-08
Medium
CVE-2018-1352

Vendor: Fortinet
Software: Fortios
 

 
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.

 
2018-10-31
Low
CVE-2018-14661

Vendor: Gluster
Software: Glusterfs
 

 
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

 
2018-09-22
Medium
CVE-2018-17336

Vendor: Freedesktop
Software: Udisks
 

 
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

 
2018-09-06
Low
CVE-2018-15749

Vendor: Pulsesecure
Software: Pulse secure...
 

 
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.

 
2018-07-27
Low
CVE-2017-7519

Vendor: CEPH
Software: CEPH
 

 
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.

 
2018-07-10
Medium
CVE-2018-1566

Vendor: IBM
Software: DB2
 

 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

 
2018-06-20
High
CVE-2018-12590

Vendor: UBNT
Software: Edgeswitch f...
 

 
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top