Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-134
Total 295 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22374 1 F5 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more 2023-03-15 N/A 8.5 HIGH
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2015-10088 1 Ayttm Project 1 Ayttm 2023-03-13 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.
CVE-2023-23783 1 Fortinet 1 Fortiweb 2023-02-24 N/A 7.8 HIGH
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
CVE-2019-18420 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2023-02-22 6.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.
CVE-2022-43869 2 Ibm, Linux 3 Elastic Storage System, Spectrum Scale, Linux Kernel 2023-02-21 N/A 6.5 MEDIUM
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.
CVE-2023-21420 1 Samsung 1 Android 2023-02-17 N/A 7.8 HIGH
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
CVE-2010-0743 2 Iscsitarget, Zaal 2 Iscsitarget, Tgt 2023-02-12 5.0 MEDIUM N/A
Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.
CVE-2011-4930 3 Condor Project, Fedoraproject, Redhat 3 Condor, Fedora, Enterprise Mrg 2023-02-12 4.4 MEDIUM N/A
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
CVE-2009-3617 1 Tatsuhiro Tsujikawa 1 Aria2 2023-02-12 7.6 HIGH N/A
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
CVE-2014-8170 2 Ovirt, Redhat 2 Ovirt-node, Enterprise Virtualization 2023-02-12 9.0 HIGH 8.8 HIGH
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
CVE-2021-3442 1 Redhat 1 Openshift Api Management 2023-02-12 N/A 5.4 MEDIUM
A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality.
CVE-2016-4448 9 Apple, Hp, Mcafee and 6 more 21 Icloud, Iphone Os, Itunes and 18 more 2023-02-12 10.0 HIGH 9.8 CRITICAL
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2009-3732 2 Microsoft, Vmware 5 Windows, Ace, Player and 2 more 2023-01-24 10.0 HIGH N/A
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-4639 1 Sslh Project 1 Sslh 2022-12-28 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability.
CVE-2020-36619 1 Multimon-ng Project 1 Multimon-ng 2022-12-27 N/A 9.8 CRITICAL
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.
CVE-2019-6840 1 Schneider-electric 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more 2022-11-30 7.5 HIGH 9.8 CRITICAL
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.
CVE-2019-7228 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2019-7230 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2021-43041 1 Kaseya 1 Unitrends Backup 2022-11-28 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.
CVE-2022-3023 1 Pingcap 1 Tidb 2022-11-04 N/A 9.8 CRITICAL
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.