CWE:
 

Topic
Date
Author
High
ABB IDAL HTTP Server Uncontrolled Format String
25.06.2019
Eldar Marcussen
High
Claymore Dual GPU Miner 10.5 Format String
03.02.2018
res1n
Med.
nsd Format String
18.12.2017
bashis
Low
OpenSSH 6.8 Insecure Functions
04.04.2015
NicholasL
Med.
War FTP Daemon Format String DoS (LIST command)
01.04.2014
corelanc0d3r
High
Tftpd32 Client Side Format String
04.12.2013
Fara Rustein
High
Flightgear 2.0 / 2.4 Format String
09.05.2013
Kurono
High
Polycom H.323 Format String
16.03.2013
Moritz Jodeit
High
VMWare OVF Tools Format String
07.02.2013
Juan vazquez
High
EMC NetWorker Format String
01.09.2012
Aaron Portnoy
High
XM Easy Personal FTP Server 5.30 Format String
15.06.2012
mr_me
High
ComSndFTP 1.3.7 Beta Format String Overflow
09.06.2012
Dark2S Security Team/H...
High
sudo 1.8.3p1 Format String
31.01.2012
Phenoelit Group
High
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
07.04.2011
Luigi Auriemma
High
rpc.pcnfsd Remote Format String Exploit
21.07.2010
Rodrigo Rubira Branco
High
HP OpenView Network Node Manager Arbitrary Code
24.05.2010
HP
Low
Ipswitch WS_FTP 12 Professional Remote Format String
23.04.2010
AKA
High
aria2 upstream 1.6.1 remote Denial of Service
22.10.2009
Jan Lieskovsky
Med.
VMware Authorization Service <= 2.5.3 (vmware-authd.exe) Format String DoS
16.10.2009
shinnai
Med.
Regular Expression Denial of Service
23.09.2009
Alex Roichman
High
i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC
27.08.2009
grTs;SiD.psycho
High
Vietcong 2 Format String
25.08.2009
null
Med.
MySQL <= 5.0.45 post auth format string vulnerability
10.07.2009
Kingcope
High
Format String Vulnerability: FortiClient Version 3
11.04.2009
dh layereddefense com
High
Wireshark <= 1.0.6 PN-DCP Format String Exploit PoC
03.04.2009
THCX
Med.
GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access
28.03.2009
trotzkista
High
Xitami Web Server v2.5c2 LRWP Processing Format String PoC
26.03.2009
bratax
High
BMC PatrolAgent Version Logging Format String Vulnerability
31.01.2009
Anonymous
High
WS_FTP Home/Professional FTP Client Remote Format String PoC
22.08.2008
securfrog
High
Format string vulnerability in 5th street
12.07.2008
Nam Nguyen


CVEMAP Search Results

CVE
Details
Description
2021-01-14
Medium
CVE-2020-29018

Vendor: Fortinet
Software: Fortiweb
 

 
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

 
2020-12-31
Medium
CVE-2020-35869

Vendor: Rusqlite project
Software: Rusqlite
 

 
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.

 
2020-10-27
Medium
CVE-2020-27853

Vendor: WIRE
Software: WIRE
 

 
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.

 
2020-08-20
Medium
CVE-2020-15634

Updating...
 

 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755.

 
2020-06-09
Medium
CVE-2020-13160

Updating...
 

 
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

 
2020-04-08
High
CVE-2020-1992

Updating...
 

 
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls.

 
2020-03-11
Medium
CVE-2020-1979

Vendor: Paloaltonetworks
Software: Pan-os
 

 
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.

 
2020-02-25
Medium
CVE-2019-5143

Updating...
 

 
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

 
2020-02-05
High
CVE-2020-3118

Vendor: Cisco
Software: Ios xr
 

 
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

 
2019-12-23
Medium
CVE-2018-10389

Vendor: Open tftp server project
Software: Open tftp server
 

 
Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top