Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20307 | 3 Debian, Fedoraproject, Libpano13 Project | 3 Debian Linux, Fedora, Libpano13 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | |||||
| CVE-2021-32785 | 4 Apache, Debian, Netapp and 1 more | 4 Http Server, Debian Linux, Cloud Backup and 1 more | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. | |||||
| CVE-2020-36323 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
| In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. | |||||
| CVE-2021-28846 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body. | |||||
| CVE-2021-33535 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2021-30145 | 1 Mpv | 1 Mpv | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. | |||||
| CVE-2021-33886 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device. | |||||
| CVE-2021-29740 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474. | |||||
| CVE-2020-15203 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | |||||
| CVE-2020-27524 | 1 Audi | 2 A7, Mmi Multiplayer | 2024-02-28 | 4.8 MEDIUM | 7.1 HIGH |
| On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. | |||||
| CVE-2020-29018 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. | |||||
| CVE-2020-35869 | 1 Rusqlite Project | 1 Rusqlite | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. | |||||
| CVE-2020-27523 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service. | |||||
| CVE-2020-27853 | 1 Wire | 3 Wire, Wire - Audio\, Video\, And Signaling, Wire Secure Messenger | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c. | |||||
| CVE-2020-16142 | 1 Mercedes-benz | 2 C220, Comand | 2024-02-28 | 2.9 LOW | 3.5 LOW |
| On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. | |||||
| CVE-2020-1992 | 1 Paloaltonetworks | 3 Pa-7050, Pa-7080, Pan-os | 2024-02-28 | 9.3 HIGH | 9.8 CRITICAL |
| A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls. | |||||
| CVE-2020-13160 | 3 Anydesk, Freebsd, Linux | 3 Anydesk, Freebsd, Linux Kernel | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | |||||
| CVE-2020-15634 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-02-28 | 5.8 MEDIUM | 6.3 MEDIUM |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755. | |||||
| CVE-2010-3438 | 3 Debian, Fedoraproject, Libpoe-component-irc-perl Project | 3 Debian Linux, Fedora, Libpoe-component-irc-perl | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. | |||||
| CVE-2011-1588 | 3 Debian, Opensuse, Xfce | 3 Debian Linux, Opensuse, Thunar | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | |||||