Vulnerabilities (CVE)

Filtered by CWE-134
Total 332 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13318 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544.
CVE-2018-10389 1 Open Tftp Server Project 1 Open Tftp Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
CVE-2014-6262 2 Debian, Zenoss 2 Debian Linux, Zenoss Core 2024-02-28 5.0 MEDIUM 7.5 HIGH
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
CVE-2019-11287 5 Debian, Fedoraproject, Pivotal Software and 2 more 5 Debian Linux, Fedora, Rabbitmq and 2 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
CVE-2012-0824 1 Gnu 1 Gnusound 2024-02-28 7.5 HIGH 9.8 CRITICAL
gnusound 0.7.5 has format string issue
CVE-2020-1979 1 Paloaltonetworks 1 Pan-os 2024-02-28 4.6 MEDIUM 7.8 HIGH
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.
CVE-2019-5143 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 6.5 MEDIUM 8.8 HIGH
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-18420 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-02-28 6.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.
CVE-2019-14410 1 Cpanel 1 Cpanel 2024-02-28 2.1 LOW 3.3 LOW
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).
CVE-2019-7230 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2024-02-28 5.8 MEDIUM 8.8 HIGH
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2019-7712 1 Ghs 1 Integrity Rtos 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.
CVE-2019-15547 1 Ncurses Project 1 Ncurses 2024-02-28 6.4 MEDIUM 7.5 HIGH
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.
CVE-2019-7715 1 Ghs 1 Integrity Rtos 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.
CVE-2016-10773 1 Cpanel 1 Cpanel 2024-02-28 6.5 MEDIUM 8.8 HIGH
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
CVE-2019-12297 1 Motorola 4 Cx2, Cx2 Firmware, M2 and 1 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.
CVE-2019-7711 1 Ghs 1 Integrity Rtos 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.
CVE-2019-15546 1 Pancurses Project 1 Pancurses 2024-02-28 6.4 MEDIUM 7.5 HIGH
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.
CVE-2016-10745 1 Palletsprojects 1 Jinja 2024-02-28 5.0 MEDIUM 8.6 HIGH
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2019-7228 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2024-02-28 5.8 MEDIUM 8.8 HIGH
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2018-14713 1 Asus 2 Rt-ac3200, Rt-ac3200 Firmware 2024-02-28 5.5 MEDIUM 8.1 HIGH
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.