National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Category (CWE): CWE-134 - Format String Vulnerability
There are 202 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2016-10745

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

Published: April 08, 2019; 09:29:00 AM -04:00
V3: 8.6 HIGH
V2: 5.0 MEDIUM
CVE-2019-7715

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.

Published: March 25, 2019; 10:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1352

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.

Published: February 08, 2019; 01:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

Published: October 31, 2018; 04:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-17336

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

Published: September 22, 2018; 12:29:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-15749

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.

Published: September 06, 2018; 07:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-7519

In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.

Published: July 27, 2018; 10:29:00 AM -04:00
V3: 4.4 MEDIUM
V2: 2.1 LOW
CVE-2018-1566

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

Published: July 10, 2018; 12:29:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.

Published: June 20, 2018; 08:29:00 AM -04:00
V3: 7.2 HIGH
V2: 9.0 HIGH
CVE-2015-9238

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.

Published: May 31, 2018; 04:29:00 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-0175

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

Published: March 28, 2018; 06:29:01 PM -04:00
V3: 8.0 HIGH
V2: 7.9 HIGH
CVE-2018-7544

** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.

Published: March 16, 2018; 11:29:00 AM -04:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2017-17132

Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a denial of service.

Published: March 05, 2018; 02:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

Published: February 09, 2018; 03:29:00 PM -05:00
V3: 8.0 HIGH
V2: 6.0 MEDIUM
CVE-2018-6317

The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.

Published: February 02, 2018; 04:29:00 PM -05:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2017-17407

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080.

Published: January 22, 2018; 08:29:01 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-16608

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.

Published: January 22, 2018; 08:29:01 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-16602

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193.

Published: January 22, 2018; 08:29:00 PM -05:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2018-5704

Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.

Published: January 16, 2018; 04:29:00 AM -05:00
V3: 9.6 CRITICAL
V2: 9.3 HIGH
CVE-2018-5207

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.

Published: January 06, 2018; 11:29:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM