Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF bytes to inject forged log lines, breaking the one-request-per-line structure of access logs and enabl…

CVSS: 5.3 · CWE: CWE-117

View on NVD

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a

table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#") and the text value (used as the visible link label) are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs are de…

CVSS: 6.1 · CWE: CWE-79

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-7835 https://nvd.nist.gov/vuln/detail/CVE-2026-7835 Thu, 21 May 2026 08:16:23 +0000 Low CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.

CVSS: 3.1 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-6474 https://nvd.nist.gov/vuln/detail/CVE-2026-6474 Thu, 14 May 2026 14:16:24 +0000 Medium CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

CVSS: 4.3 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-35453 https://nvd.nist.gov/vuln/detail/CVE-2026-35453 Tue, 05 May 2026 20:16:38 +0000 Medium CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars() output escaping when a cell uses a custom number format containing the @ text placeholder with additional literal text (e.g., @ "items"). The escaping is only applie…

CVSS: 5.4 · CWE: CWE-79

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-6539 https://nvd.nist.gov/vuln/detail/CVE-2026-6539 Thu, 30 Apr 2026 21:16:33 +0000 Medium CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through community channels that triggers format string interpretation when a user performs search operations, leadi…

CVSS: 4.4 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-33448 https://nvd.nist.gov/vuln/detail/CVE-2026-33448 Thu, 30 Apr 2026 20:16:24 +0000 Low CVE-2026-33448

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets.

CVSS: 3.3 · CWE: CWE-200

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-6843 https://nvd.nist.gov/vuln/detail/CVE-2026-6843 Wed, 22 Apr 2026 09:16:26 +0000 Medium CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.

CVSS: 5.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-3509 https://nvd.nist.gov/vuln/detail/CVE-2026-3509 Tue, 24 Mar 2026 08:16:01 +0000 High CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.

CVSS: 7.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-33210 https://nvd.nist.gov/vuln/detail/CVE-2026-33210 Fri, 20 Mar 2026 23:16:46 +0000 Critical CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

CVSS: 9.1 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-68648 https://nvd.nist.gov/vuln/detail/CVE-2025-68648 Tue, 10 Mar 2026 18:18:00 +0000 High CVE-2025-68648

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-0400 https://nvd.nist.gov/vuln/detail/CVE-2026-0400 Tue, 24 Feb 2026 15:21:37 +0000 Medium CVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

CVSS: 4.9 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-30269 https://nvd.nist.gov/vuln/detail/CVE-2025-30269 Wed, 11 Feb 2026 13:15:51 +0000 High CVE-2025-30269

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

CVSS: 8.1 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-64157 https://nvd.nist.gov/vuln/detail/CVE-2025-64157 Tue, 10 Feb 2026 16:16:09 +0000 Medium CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

CVSS: 6.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-21640 https://nvd.nist.gov/vuln/detail/CVE-2026-21640 Tue, 20 Jan 2026 21:16:06 +0000 Low CVE-2026-21640

HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error.

CVSS: 2.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-68816 https://nvd.nist.gov/vuln/detail/CVE-2025-68816 Tue, 13 Jan 2026 16:16:03 +0000 Unknown CVE-2025-68816

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fw_tracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from firmware. The firmware tracer receives format strings from the device firmware and uses them to format t…

CVSS: N/A · CWE: N/A

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2026-22190 https://nvd.nist.gov/vuln/detail/CVE-2026-22190 Wed, 07 Jan 2026 21:16:03 +0000 High CVE-2026-22190

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into genera…

CVSS: 7.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-53591 https://nvd.nist.gov/vuln/detail/CVE-2025-53591 Fri, 02 Jan 2026 15:16:01 +0000 Medium CVE-2025-53591

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 202…

CVSS: 6.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-54057 https://nvd.nist.gov/vuln/detail/CVE-2023-54057 Wed, 24 Dec 2025 13:16:07 +0000 Unknown CVE-2023-54057

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter The 'acpiid' buffer in the parse_ivrs_acpihid function may overflow, because the string specifier in the format string sscanf() has no width limitation. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

CVSS: N/A · CWE: N/A

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-53966 https://nvd.nist.gov/vuln/detail/CVE-2023-53966 Mon, 22 Dec 2025 22:16:01 +0000 Critical CVE-2023-53966

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.

CVSS: 9.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-54307 https://nvd.nist.gov/vuln/detail/CVE-2025-54307 Thu, 04 Dec 2025 15:15:59 +0000 High CVE-2025-54307

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The plupload_file_upload function handles these file uploads and constructs the destination file path by using either the name parameter or the uploade…

CVSS: 8.8 · CWE: CWE-22

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-48826 https://nvd.nist.gov/vuln/detail/CVE-2025-48826 Tue, 07 Oct 2025 14:15:36 +0000 High CVE-2025-48826

A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVSS: 8.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-53407 https://nvd.nist.gov/vuln/detail/CVE-2025-53407 Fri, 03 Oct 2025 19:15:48 +0000 Medium CVE-2025-53407

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 202…

CVSS: 6.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-53406 https://nvd.nist.gov/vuln/detail/CVE-2025-53406 Fri, 03 Oct 2025 19:15:48 +0000 Medium CVE-2025-53406

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 202…

CVSS: 6.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-52429 https://nvd.nist.gov/vuln/detail/CVE-2025-52429 Fri, 03 Oct 2025 19:15:45 +0000 Medium CVE-2025-52429

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 202…

CVSS: 6.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-48730 https://nvd.nist.gov/vuln/detail/CVE-2025-48730 Fri, 03 Oct 2025 19:15:45 +0000 Medium CVE-2025-48730

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 202…

CVSS: 6.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-9494 https://nvd.nist.gov/vuln/detail/CVE-2025-9494 Tue, 23 Sep 2025 02:15:47 +0000 High CVE-2025-9494

An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the `/cgi-bin/vitogate.cgi` endpoint is affected, when the `form` JSON parameter is set to `form-0-2`. The vulnerability stems from the fact that that function at offset 0x21c24 does not properly sanitize supplied input before…

CVSS: 8.5 · CWE: CWE-78

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-36202 https://nvd.nist.gov/vuln/detail/CVE-2025-36202 Mon, 22 Sep 2025 16:15:43 +0000 High CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

CVSS: 7.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-58763 https://nvd.nist.gov/vuln/detail/CVE-2025-58763 Tue, 09 Sep 2025 21:15:38 +0000 High CVE-2025-58763

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to have been cloned from GitHub and installed manually. When Tautulli is cloned directly from GitHub and…

CVSS: 8.0 · CWE: CWE-78

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-55298 https://nvd.nist.gov/vuln/detail/CVE-2025-55298 Tue, 26 Aug 2025 18:15:47 +0000 High CVE-2025-55298

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks fro…

CVSS: 7.5 · CWE: CWE-123

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2011-10029 https://nvd.nist.gov/vuln/detail/CVE-2011-10029 Wed, 20 Aug 2025 16:15:35 +0000 High CVE-2011-10029

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.

CVSS: 8.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-38539 https://nvd.nist.gov/vuln/detail/CVE-2025-38539 Sat, 16 Aug 2025 12:15:29 +0000 Medium CVE-2025-38539

In the Linux kernel, the following vulnerability has been resolved: tracing: Add down_write(trace_event_sem) when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the modules trace printk formats to replace enum names with their values. If two modules are loaded at the same time, the adding of the event to the ftrace_events list…

CVSS: 5.5 · CWE: N/A

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-38528 https://nvd.nist.gov/vuln/detail/CVE-2025-38528 Sat, 16 Aug 2025 12:15:28 +0000 Medium CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt[] = "%p%"; bpf_trace_printk(fmt, sizeof(fmt)); The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in format string WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x4…

CVSS: 5.5 · CWE: N/A

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2012-10055 https://nvd.nist.gov/vuln/detail/CVE-2012-10055 Wed, 13 Aug 2025 21:15:29 +0000 Critical CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, u…

CVSS: 9.3 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-40600 https://nvd.nist.gov/vuln/detail/CVE-2025-40600 Tue, 29 Jul 2025 22:15:24 +0000 Critical CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

CVSS: 9.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-46123 https://nvd.nist.gov/vuln/detail/CVE-2025-46123 Mon, 21 Jul 2025 15:15:28 +0000 High CVE-2025-46123

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied value as the format string; a crafted password therefore triggers uncontrolled format-string process…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-46121 https://nvd.nist.gov/vuln/detail/CVE-2025-46121 Mon, 21 Jul 2025 15:15:28 +0000 Critical CVE-2025-46121

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authenticat…

CVSS: 9.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-53014 https://nvd.nist.gov/vuln/detail/CVE-2025-53014 Mon, 14 Jul 2025 18:15:23 +0000 Low CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix th…

CVSS: 3.7 · CWE: CWE-125

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-22482 https://nvd.nist.gov/vuln/detail/CVE-2025-22482 Fri, 06 Jun 2025 16:15:24 +0000 High CVE-2025-22482

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

CVSS: 8.1 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-24199 https://nvd.nist.gov/vuln/detail/CVE-2025-24199 Mon, 31 Mar 2025 23:15:18 +0000 Medium CVE-2025-24199

An uncontrolled format string issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause a denial-of-service.

CVSS: 5.5 · CWE: CWE-400

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-1040 https://nvd.nist.gov/vuln/detail/CVE-2025-1040 Thu, 20 Mar 2025 10:15:53 +0000 High CVE-2025-1040

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw…

CVSS: 8.8 · CWE: CWE-1336

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-45324 https://nvd.nist.gov/vuln/detail/CVE-2024-45324 Tue, 11 Mar 2025 15:15:41 +0000 High CVE-2024-45324

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb ver…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2025-1471 https://nvd.nist.gov/vuln/detail/CVE-2025-1471 Fri, 21 Feb 2025 10:15:11 +0000 High CVE-2025-1471

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.

CVSS: 7.8 · CWE: CWE-787

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-40721 https://nvd.nist.gov/vuln/detail/CVE-2023-40721 Tue, 11 Feb 2025 17:15:21 +0000 Medium CVE-2023-40721

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.

CVSS: 6.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-12805 https://nvd.nist.gov/vuln/detail/CVE-2024-12805 Thu, 09 Jan 2025 08:15:26 +0000 High CVE-2024-12805

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-50403 https://nvd.nist.gov/vuln/detail/CVE-2024-50403 Fri, 06 Dec 2024 17:15:09 +0000 High CVE-2024-50403

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 buil…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-50402 https://nvd.nist.gov/vuln/detail/CVE-2024-50402 Fri, 06 Dec 2024 17:15:09 +0000 High CVE-2024-50402

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-50401 https://nvd.nist.gov/vuln/detail/CVE-2024-50401 Fri, 22 Nov 2024 16:15:33 +0000 High CVE-2024-50401

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 buil…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-50400 https://nvd.nist.gov/vuln/detail/CVE-2024-50400 Fri, 22 Nov 2024 16:15:33 +0000 High CVE-2024-50400

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 buil…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-50399 https://nvd.nist.gov/vuln/detail/CVE-2024-50399 Fri, 22 Nov 2024 16:15:33 +0000 High CVE-2024-50399

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 buil…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-50398 https://nvd.nist.gov/vuln/detail/CVE-2024-50398 Fri, 22 Nov 2024 16:15:32 +0000 High CVE-2024-50398

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 buil…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-50397 https://nvd.nist.gov/vuln/detail/CVE-2024-50397 Fri, 22 Nov 2024 16:15:32 +0000 High CVE-2024-50397

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 2024102…

CVSS: 8.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-50396 https://nvd.nist.gov/vuln/detail/CVE-2024-50396 Fri, 22 Nov 2024 16:15:32 +0000 High CVE-2024-50396

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

CVSS: 8.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-46953 https://nvd.nist.gov/vuln/detail/CVE-2024-46953 Sun, 10 Nov 2024 22:15:12 +0000 High CVE-2024-46953

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

CVSS: 7.8 · CWE: CWE-190

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-9129 https://nvd.nist.gov/vuln/detail/CVE-2024-9129 Tue, 22 Oct 2024 17:15:06 +0000 Critical CVE-2024-9129

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino

CVSS: 9.3 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-47742 https://nvd.nist.gov/vuln/detail/CVE-2024-47742 Mon, 21 Oct 2024 13:15:04 +0000 High CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through fr…

CVSS: 7.8 · CWE: CWE-22

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-45330 https://nvd.nist.gov/vuln/detail/CVE-2024-45330 Tue, 08 Oct 2024 15:15:15 +0000 High CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-39529 https://nvd.nist.gov/vuln/detail/CVE-2024-39529 Thu, 11 Jul 2024 16:15:04 +0000 High CVE-2024-39529

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received…

CVSS: 7.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-29510 https://nvd.nist.gov/vuln/detail/CVE-2024-29510 Wed, 03 Jul 2024 19:15:03 +0000 Medium CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

CVSS: 6.3 · CWE: CWE-693

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-4641 https://nvd.nist.gov/vuln/detail/CVE-2024-4641 Tue, 25 Jun 2024 10:15:21 +0000 Medium CVE-2024-4641

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

CVSS: 6.3 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-6145 https://nvd.nist.gov/vuln/detail/CVE-2024-6145 Wed, 19 Jun 2024 00:15:50 +0000 High CVE-2024-6145

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. A crafted Cookie header in an HTTP request can trigger the use of a format…

CVSS: 8.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-45583 https://nvd.nist.gov/vuln/detail/CVE-2023-45583 Tue, 14 May 2024 17:15:22 +0000 Medium CVE-2023-45583

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 throu…

CVSS: 6.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-36640 https://nvd.nist.gov/vuln/detail/CVE-2023-36640 Tue, 14 May 2024 17:15:16 +0000 Medium CVE-2023-36640

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized cod…

CVSS: 6.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2021-34970 https://nvd.nist.gov/vuln/detail/CVE-2021-34970 Tue, 07 May 2024 23:15:11 +0000 Medium CVE-2021-34970

Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

CVSS: 5.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-23914 https://nvd.nist.gov/vuln/detail/CVE-2024-23914 Fri, 03 May 2024 09:15:08 +0000 Medium CVE-2024-23914

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.

CVSS: 5.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-4856 https://nvd.nist.gov/vuln/detail/CVE-2023-4856 Mon, 15 Apr 2024 18:15:09 +0000 High CVE-2023-4856

A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint.

CVSS: 8.8 · CWE: CWE-78

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-48784 https://nvd.nist.gov/vuln/detail/CVE-2023-48784 Tue, 09 Apr 2024 15:15:28 +0000 Medium CVE-2023-48784

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.

CVSS: 6.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-41842 https://nvd.nist.gov/vuln/detail/CVE-2023-41842 Tue, 12 Mar 2024 15:15:45 +0000 Medium CVE-2023-41842

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

CVSS: 6.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-29181 https://nvd.nist.gov/vuln/detail/CVE-2023-29181 Thu, 22 Feb 2024 10:15:08 +0000 High CVE-2023-29181

A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands…

CVSS: 8.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-6764 https://nvd.nist.gov/vuln/detail/CVE-2023-6764 Tue, 20 Feb 2024 03:15:07 +0000 High CVE-2023-6764

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized r…

CVSS: 8.1 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-6399 https://nvd.nist.gov/vuln/detail/CVE-2023-6399 Tue, 20 Feb 2024 02:15:49 +0000 Medium CVE-2023-6399

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authe…

CVSS: 5.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2024-23113 https://nvd.nist.gov/vuln/detail/CVE-2024-23113 Thu, 15 Feb 2024 14:15:46 +0000 Critical CVE-2024-23113

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized c…

CVSS: 9.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-40546 https://nvd.nist.gov/vuln/detail/CVE-2023-40546 Mon, 29 Jan 2024 17:15:08 +0000 Medium CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.

CVSS: 6.2 · CWE: CWE-476

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-7101 https://nvd.nist.gov/vuln/detail/CVE-2023-7101 Sun, 24 Dec 2023 22:15:07 +0000 High CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing…

CVSS: 7.8 · CWE: CWE-95

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-24590 https://nvd.nist.gov/vuln/detail/CVE-2023-24590 Mon, 18 Dec 2023 22:15:08 +0000 High CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.

CVSS: 7.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-36639 https://nvd.nist.gov/vuln/detail/CVE-2023-36639 Wed, 13 Dec 2023 07:15:12 +0000 High CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-48221 https://nvd.nist.gov/vuln/detail/CVE-2023-48221 Mon, 20 Nov 2023 18:15:06 +0000 High CVE-2023-48221

wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workaround…

CVSS: 7.3 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-5746 https://nvd.nist.gov/vuln/detail/CVE-2023-5746 Wed, 25 Oct 2023 18:17:44 +0000 Critical CVE-2023-5746

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.

CVSS: 9.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2022-26941 https://nvd.nist.gov/vuln/detail/CVE-2022-26941 Thu, 19 Oct 2023 10:15:09 +0000 Critical CVE-2022-26941

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

CVSS: 9.6 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-41349 https://nvd.nist.gov/vuln/detail/CVE-2023-41349 Mon, 18 Sep 2023 03:15:08 +0000 High CVE-2023-41349

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

CVSS: 8.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-39240 https://nvd.nist.gov/vuln/detail/CVE-2023-39240 Thu, 07 Sep 2023 08:15:07 +0000 High CVE-2023-39240

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-39239 https://nvd.nist.gov/vuln/detail/CVE-2023-39239 Thu, 07 Sep 2023 08:15:07 +0000 High CVE-2023-39239

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-39238 https://nvd.nist.gov/vuln/detail/CVE-2023-39238 Thu, 07 Sep 2023 08:15:07 +0000 High CVE-2023-39238

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-41050 https://nvd.nist.gov/vuln/detail/CVE-2023-41050 Wed, 06 Sep 2023 18:15:08 +0000 Medium CVE-2023-41050

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_ge…

CVSS: 6.8 · CWE: CWE-200

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-4746 https://nvd.nist.gov/vuln/detail/CVE-2023-4746 Mon, 04 Sep 2023 01:15:07 +0000 High CVE-2023-4746

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been dis…

CVSS: 8.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-41039 https://nvd.nist.gov/vuln/detail/CVE-2023-41039 Wed, 30 Aug 2023 18:15:09 +0000 High CVE-2023-41039

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the…

CVSS: 8.3 · CWE: CWE-74

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-35087 https://nvd.nist.gov/vuln/detail/CVE-2023-35087 Fri, 21 Jul 2023 08:15:09 +0000 Critical CVE-2023-35087

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system ope…

CVSS: 9.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-35086 https://nvd.nist.gov/vuln/detail/CVE-2023-35086 Fri, 21 Jul 2023 07:15:10 +0000 High CVE-2023-35086

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt…

CVSS: 7.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-33011 https://nvd.nist.gov/vuln/detail/CVE-2023-33011 Mon, 17 Jul 2023 18:15:09 +0000 High CVE-2023-33011

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based atta…

CVSS: 8.8 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-25096 https://nvd.nist.gov/vuln/detail/CVE-2023-25096 Thu, 06 Jul 2023 15:15:13 +0000 High CVE-2023-25096

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two poss…

CVSS: 7.2 · CWE: CWE-121

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-25095 https://nvd.nist.gov/vuln/detail/CVE-2023-25095 Thu, 06 Jul 2023 15:15:13 +0000 High CVE-2023-25095

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two poss…

CVSS: 7.2 · CWE: CWE-121

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-37239 https://nvd.nist.gov/vuln/detail/CVE-2023-37239 Thu, 06 Jul 2023 13:15:10 +0000 High CVE-2023-37239

Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.

CVSS: 7.5 · CWE: CWE-200

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2022-43953 https://nvd.nist.gov/vuln/detail/CVE-2022-43953 Tue, 13 Jun 2023 09:15:16 +0000 Medium CVE-2022-43953

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.

CVSS: 6.7 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-2186 https://nvd.nist.gov/vuln/detail/CVE-2023-2186 Wed, 07 Jun 2023 07:15:08 +0000 High CVE-2023-2186

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authen…

CVSS: 8.2 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-21497 https://nvd.nist.gov/vuln/detail/CVE-2023-21497 Thu, 04 May 2023 21:15:10 +0000 Medium CVE-2023-21497

Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.

CVSS: 4.4 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-22923 https://nvd.nist.gov/vuln/detail/CVE-2023-22923 Mon, 01 May 2023 17:15:09 +0000 Medium CVE-2023-22923

A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device.

CVSS: 6.5 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-25492 https://nvd.nist.gov/vuln/detail/CVE-2023-25492 Mon, 01 May 2023 15:15:09 +0000 Medium CVE-2023-25492

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

CVSS: 6.3 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-27853 https://nvd.nist.gov/vuln/detail/CVE-2023-27853 Fri, 10 Mar 2023 18:15:17 +0000 Critical CVE-2023-27853

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.

CVSS: 9.8 · CWE: CWE-120

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2015-10088 https://nvd.nist.gov/vuln/detail/CVE-2015-10088 Sun, 05 Mar 2023 05:15:09 +0000 Medium CVE-2015-10088

A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It…

CVSS: 5.0 · CWE: CWE-134

View on NVD

]]> https://nvd.nist.gov/vuln/detail/CVE-2023-26033 https://nvd.nist.gov/vuln/detail/CVE-2023-26033 Sat, 25 Feb 2023 00:15:11 +0000 High CVE-2023-26033

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_history` cookie is used as a base64 encoded comma separated list of atoms. These are string loaded directly into the SQL query wi…

CVSS: 7.5 · CWE: CWE-89

View on NVD

]]>