Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6317 | 1 Claymore Dual Miner Project | 1 Claymore Dual Miner | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service. | |||||
| CVE-2017-9212 | 1 Bavarian Motor Works | 1 Bluetooth Stack | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name. | |||||
| CVE-2018-5205 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | |||||
| CVE-2018-5207 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | |||||
| CVE-2017-12588 | 1 Rsyslog | 1 Rsyslog | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. | |||||
| CVE-2017-10685 | 1 Gnu | 1 Ncurses | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||||
| CVE-2017-12702 | 1 Advantech | 1 Webaccess | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2017-0898 | 1 Ruby-lang | 1 Ruby | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. | |||||
| CVE-2018-5704 | 2 Debian, Openocd | 2 Debian Linux, Open On-chip Debugger | 2024-02-28 | 9.3 HIGH | 9.6 CRITICAL |
| Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site. | |||||
| CVE-2017-16516 | 2 Debian, Yajl-ruby Project | 2 Debian Linux, Yajl-ruby | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. | |||||
| CVE-2016-5716 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. | |||||
| CVE-2014-8170 | 2 Ovirt, Redhat | 2 Ovirt-node, Enterprise Virtualization | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | |||||
| CVE-2017-15191 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. | |||||
| CVE-2016-1895 | 1 Netapp | 1 Data Ontap | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. | |||||
| CVE-2016-5074 | 1 Cloudviewnms | 1 Cloudview Nms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| CloudView NMS before 2.10a has a format string issue exploitable over SNMP. | |||||
| CVE-2015-7271 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. | |||||
| CVE-2017-5524 | 1 Plone | 1 Plone | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. | |||||
| CVE-2017-5613 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. | |||||
| CVE-2017-3859 | 1 Cisco | 9 Asr-920-12cz-a, Asr-920-12cz-d, Asr-920-12sz-im and 6 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385. | |||||
| CVE-2016-4864 | 1 Dena | 1 H2o | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. | |||||