| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-17336 |
134 |
|
DoS Mem. Corr. +Info |
2018-09-22 |
2018-11-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. |
|
2 |
CVE-2018-15749 |
134 |
|
|
2018-09-06 |
2018-11-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. |
|
3 |
CVE-2018-14661 |
134 |
|
DoS |
2018-10-31 |
2019-01-23 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. |
|
4 |
CVE-2018-12590 |
134 |
|
Exec Code |
2018-06-20 |
2018-08-10 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code. |
|
5 |
CVE-2018-7544 |
134 |
|
DoS Exec Code +Info |
2018-03-16 |
2018-04-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning. |
|
6 |
CVE-2018-6508 |
134 |
|
|
2018-02-09 |
2018-05-24 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability. |
|
7 |
CVE-2018-6317 |
134 |
|
DoS |
2018-02-02 |
2018-02-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service. |
|
8 |
CVE-2018-5704 |
134 |
|
Exec Code XSS |
2018-01-16 |
2018-02-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site. |
|
9 |
CVE-2018-5207 |
134 |
|
|
2018-01-06 |
2018-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. |
|
10 |
CVE-2018-5205 |
134 |
|
|
2018-01-06 |
2018-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. |
|
11 |
CVE-2018-1566 |
134 |
|
Exec Code |
2018-07-10 |
2018-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023. |
|
12 |
CVE-2018-0175 |
134 |
|
DoS Exec Code |
2018-03-28 |
2018-04-23 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664. |
|
13 |
CVE-2017-17407 |
134 |
|
Exec Code |
2018-01-22 |
2018-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080. |
|
14 |
CVE-2017-17132 |
134 |
|
DoS |
2018-03-05 |
2018-03-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a denial of service. |
|
15 |
CVE-2017-16608 |
134 |
|
Exec Code |
2018-01-22 |
2018-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749. |
|
16 |
CVE-2017-16602 |
134 |
|
Exec Code Bypass |
2018-01-22 |
2018-02-06 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193. |
|
17 |
CVE-2017-16516 |
134 |
|
DoS |
2017-11-03 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. |
|
18 |
CVE-2017-15191 |
134 |
|
|
2017-10-10 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. |
|
19 |
CVE-2017-12702 |
134 |
|
Exec Code |
2017-08-30 |
2017-09-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. |
|
20 |
CVE-2017-12588 |
134 |
|
|
2017-08-06 |
2017-08-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. |
|
21 |
CVE-2017-7519 |
134 |
|
|
2018-07-27 |
2018-11-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. |
|
22 |
CVE-2017-5613 |
134 |
|
Exec Code |
2017-03-03 |
2017-03-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. |
|
23 |
CVE-2017-3859 |
134 |
|
DoS |
2017-03-22 |
2017-07-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385. |
|
24 |
CVE-2017-2403 |
134 |
|
Exec Code |
2017-04-01 |
2017-07-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL. |
|
25 |
CVE-2017-0898 |
134 |
|
Mem. Corr. |
2017-09-15 |
2018-07-14 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. |
|
26 |
CVE-2016-5716 |
134 |
|
Exec Code |
2017-08-09 |
2017-08-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. |
|
27 |
CVE-2016-5074 |
134 |
|
|
2017-04-09 |
2017-06-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CloudView NMS before 2.10a has a format string issue exploitable over SNMP. |
|
28 |
CVE-2016-4864 |
134 |
|
|
2017-05-12 |
2017-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. |
|
29 |
CVE-2016-1895 |
134 |
|
DoS |
2017-09-01 |
2017-09-06 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. |
|
30 |
CVE-2015-9238 |
134 |
|
|
2018-05-31 |
2018-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length. |
|
31 |
CVE-2015-8617 |
134 |
|
Exec Code |
2016-01-19 |
2017-09-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. |
|
32 |
CVE-2015-8107 |
134 |
|
Exec Code |
2017-04-13 |
2017-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. |
|
33 |
CVE-2015-8106 |
134 |
|
Exec Code |
2016-04-18 |
2016-05-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. |
|
34 |
CVE-2015-7271 |
134 |
|
|
2017-04-09 |
2017-04-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. |
|
35 |
CVE-2015-6285 |
134 |
|
DoS |
2015-09-13 |
2017-01-04 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. |
|
36 |
CVE-2015-2894 |
134 |
|
DoS |
2015-12-31 |
2015-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. |
|
37 |
CVE-2014-9157 |
134 |
|
|
2014-12-03 |
2017-09-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. |
|
38 |
CVE-2014-8625 |
134 |
|
DoS Exec Code |
2015-01-20 |
2017-09-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. |
|
39 |
CVE-2014-8170 |
134 |
|
Exec Code |
2017-09-25 |
2017-10-11 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. |
|
40 |
CVE-2014-1683 |
134 |
2
|
Exec Code |
2014-01-29 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php. |
|
41 |
CVE-2014-1315 |
134 |
|
DoS Exec Code |
2014-04-23 |
2014-04-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. |
|
42 |
CVE-2013-7386 |
134 |
|
DoS Exec Code |
2014-06-02 |
2014-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. |
|
43 |
CVE-2013-6809 |
134 |
|
DoS Exec Code |
2013-12-13 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field. |
|
44 |
CVE-2013-5135 |
134 |
|
Exec Code |
2013-10-23 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. |
|
45 |
CVE-2013-4389 |
134 |
|
DoS |
2013-10-16 |
2014-04-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. |
|
46 |
CVE-2013-4258 |
134 |
|
DoS Exec Code |
2013-10-09 |
2016-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog. |
|
47 |
CVE-2013-4147 |
134 |
|
DoS Exec Code |
2013-08-09 |
2017-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c. |
|
48 |
CVE-2013-3560 |
134 |
|
DoS |
2013-05-24 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
49 |
CVE-2013-2852 |
134 |
|
+Priv |
2013-06-07 |
2017-11-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. |
|
50 |
CVE-2013-2851 |
134 |
|
+Priv |
2013-06-07 |
2014-03-26 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
|
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. |
