Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-134
Total 295 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35331 1 Tcl 1 Tcl 2021-09-20 6.8 MEDIUM 7.8 HIGH
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.
CVE-2021-36161 1 Apache 1 Dubbo 2021-09-17 7.5 HIGH 9.8 CRITICAL
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13
CVE-2021-28846 1 Trendnet 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more 2021-08-19 4.0 MEDIUM 6.5 MEDIUM
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.
CVE-2021-33535 1 Weidmueller 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more 2021-07-27 6.5 MEDIUM 8.8 HIGH
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2020-27523 1 Mersive 2 Solstice Pod, Solstice Pod Firmware 2021-07-21 5.0 MEDIUM 7.5 HIGH
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
CVE-2020-16142 1 Mercedes-benz 2 C220, Comand 2021-07-21 2.9 LOW 3.5 LOW
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
CVE-2021-29740 1 Ibm 1 Spectrum Scale 2021-06-07 7.2 HIGH 7.8 HIGH
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.
CVE-2020-36323 2 Fedoraproject, Rust-lang 2 Fedora, Rust 2021-04-27 6.4 MEDIUM 8.2 HIGH
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
CVE-2020-13160 3 Anydesk, Freebsd, Linux 3 Anydesk, Freebsd, Linux Kernel 2021-03-15 7.5 HIGH 9.8 CRITICAL
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
CVE-2020-29018 1 Fortinet 1 Fortiweb 2021-01-20 6.5 MEDIUM 8.8 HIGH
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
CVE-2020-27524 1 Audi 2 A7, Mmi Multiplayer 2020-12-30 4.8 MEDIUM 7.1 HIGH
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.
CVE-2004-1628 1 Pizzashack 1 Rssh 2020-12-08 9.0 HIGH N/A
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
CVE-2020-27853 1 Wire 3 Wire, Wire - Audio\, Video\, And Signaling, Wire Secure Messenger 2020-12-07 7.5 HIGH 9.8 CRITICAL
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.
CVE-2004-0179 3 Apache, Debian, Webdav 5 Openoffice, Subversion, Debian Linux and 2 more 2020-10-13 6.8 MEDIUM N/A
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
CVE-2012-1851 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2020-09-28 10.0 HIGH N/A
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
CVE-2020-15634 1 Netgear 2 R6700, R6700 Firmware 2020-08-24 5.8 MEDIUM 6.3 MEDIUM
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755.
CVE-2019-1579 1 Paloaltonetworks 1 Pan-os 2020-08-24 6.8 MEDIUM 8.1 HIGH
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
CVE-2019-7711 1 Ghs 1 Integrity Rtos 2020-08-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.
CVE-2018-1000052 1 Fmt 1 Fmt 2020-08-24 5.0 MEDIUM 7.5 HIGH
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7.
CVE-2019-7712 1 Ghs 1 Integrity Rtos 2020-08-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.