| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-40604 |
134 |
|
|
2022-09-21 |
2022-09-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. |
|
2 |
CVE-2022-35887 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. |
|
3 |
CVE-2022-35886 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. |
|
4 |
CVE-2022-35885 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. |
|
5 |
CVE-2022-35884 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. |
|
6 |
CVE-2022-35881 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. |
|
7 |
CVE-2022-35880 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. |
|
8 |
CVE-2022-35879 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. |
|
9 |
CVE-2022-35878 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. |
|
10 |
CVE-2022-35877 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler |
|
11 |
CVE-2022-35876 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler |
|
12 |
CVE-2022-35875 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler |
|
13 |
CVE-2022-35874 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler |
|
14 |
CVE-2022-35244 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. |
|
15 |
CVE-2022-34747 |
134 |
|
Exec Code |
2022-09-06 |
2022-09-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. |
|
16 |
CVE-2022-33938 |
134 |
|
DoS Mem. Corr. |
2022-10-25 |
2022-10-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. |
|
17 |
CVE-2022-31753 |
134 |
|
|
2022-06-13 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. |
|
18 |
CVE-2022-27177 |
134 |
|
Exec Code |
2022-04-01 |
2022-04-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 |
|
19 |
CVE-2022-26674 |
134 |
|
Exec Code |
2022-04-22 |
2022-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. |
|
20 |
CVE-2022-26393 |
134 |
|
DoS |
2022-09-09 |
2022-09-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM. |
|
21 |
CVE-2022-26392 |
134 |
|
|
2022-09-09 |
2022-09-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information. |
|
22 |
CVE-2022-24051 |
134 |
|
Exec Code |
2022-02-18 |
2022-06-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. |
|
23 |
CVE-2022-22299 |
134 |
|
Exec Code |
2022-08-05 |
2022-08-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. |
|
24 |
CVE-2022-4639 |
134 |
|
|
2022-12-21 |
2022-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability. |
|
25 |
CVE-2022-3023 |
134 |
|
|
2022-11-04 |
2022-11-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. |
|
26 |
CVE-2022-2652 |
134 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). |
|
27 |
CVE-2022-1215 |
134 |
|
|
2022-06-02 |
2022-06-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A format string vulnerability was found in libinput |
|
28 |
CVE-2021-43041 |
134 |
|
|
2021-12-06 |
2022-11-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. |
|
29 |
CVE-2021-42911 |
134 |
|
Exec Code |
2022-03-29 |
2022-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. |
|
30 |
CVE-2021-41193 |
134 |
|
DoS Exec Code |
2022-03-01 |
2022-03-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds. |
|
31 |
CVE-2021-37735 |
134 |
|
DoS |
2021-10-12 |
2021-11-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. |
|
32 |
CVE-2021-36161 |
134 |
|
|
2021-09-09 |
2021-09-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13 |
|
33 |
CVE-2021-35331 |
134 |
|
Exec Code |
2021-07-05 |
2021-09-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding. |
|
34 |
CVE-2021-33886 |
134 |
|
Bypass |
2021-08-25 |
2022-07-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device. |
|
35 |
CVE-2021-33535 |
134 |
|
Exec Code Overflow |
2021-06-25 |
2021-07-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. |
|
36 |
CVE-2021-32785 |
134 |
|
DoS Exec Code |
2021-07-22 |
2022-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. |
|
37 |
CVE-2021-30145 |
134 |
|
Exec Code |
2021-05-18 |
2022-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. |
|
38 |
CVE-2021-29740 |
134 |
|
Exec Code |
2021-06-01 |
2021-06-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474. |
|
39 |
CVE-2021-28846 |
134 |
|
DoS |
2021-08-10 |
2021-08-19 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body. |
|
40 |
CVE-2021-25489 |
134 |
|
|
2021-10-06 |
2022-09-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. |
|
41 |
CVE-2021-20307 |
134 |
|
|
2021-04-05 |
2022-07-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. |
|
42 |
CVE-2020-36643 |
134 |
|
|
2023-01-06 |
2023-01-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563. |
|
43 |
CVE-2020-36619 |
134 |
|
|
2022-12-19 |
2022-12-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability. |
|
44 |
CVE-2020-36323 |
134 |
|
|
2021-04-14 |
2021-04-27 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. |
|
45 |
CVE-2020-35869 |
134 |
|
|
2020-12-31 |
2022-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. |
|
46 |
CVE-2020-29018 |
134 |
|
|
2021-01-14 |
2021-01-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. |
|
47 |
CVE-2020-27853 |
134 |
|
DoS Exec Code |
2020-10-27 |
2020-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c. |
|
48 |
CVE-2020-27524 |
134 |
|
|
2020-11-11 |
2020-12-30 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
None |
Partial |
|
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. |
|
49 |
CVE-2020-15634 |
134 |
|
Exec Code |
2020-08-20 |
2020-08-24 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755. |
|
50 |
CVE-2020-15203 |
134 |
|
|
2020-09-25 |
2021-11-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. |
