CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-134

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-40604 134 2022-09-21 2022-09-22
0.0
None ??? ??? ??? ??? ??? ???
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
2 CVE-2022-35887 134 DoS Mem. Corr. 2022-10-25 2022-10-27
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler.
3 CVE-2022-35886 134 DoS Mem. Corr. 2022-10-25 2022-10-27
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler.
4 CVE-2022-35885 134 DoS Mem. Corr. 2022-10-25 2022-10-27
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler.
5 CVE-2022-35884 134 DoS Mem. Corr. 2022-10-25 2022-10-27
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler.
6 CVE-2022-35881 134 DoS Mem. Corr. 2022-10-25 2022-10-27
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler.
7 CVE-2022-35880 134 DoS Mem. Corr. 2022-10-25 2022-10-27
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler.
8 CVE-2022-35879 134 DoS Mem. Corr. 2022-10-25 2022-10-27
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler.
9 CVE-2022-35878 134 DoS Mem. Corr. 2022-10-25 2022-10-27
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler.
10 CVE-2022-35877 134 DoS Mem. Corr. 2022-10-25 2022-10-28
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler
11 CVE-2022-35876 134 DoS Mem. Corr. 2022-10-25 2022-10-28
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler
12 CVE-2022-35875 134 DoS Mem. Corr. 2022-10-25 2022-10-28
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler
13 CVE-2022-35874 134 DoS Mem. Corr. 2022-10-25 2022-10-28
0.0
None ??? ??? ??? ??? ??? ???
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler
14 CVE-2022-35244 134 DoS Mem. Corr. 2022-10-25 2022-10-26
0.0
None ??? ??? ??? ??? ??? ???
A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.
15 CVE-2022-34747 134 Exec Code 2022-09-06 2022-09-08
0.0
None ??? ??? ??? ??? ??? ???
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
16 CVE-2022-33938 134 DoS Mem. Corr. 2022-10-25 2022-10-26
0.0
None ??? ??? ??? ??? ??? ???
A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.
17 CVE-2022-31753 134 2022-06-13 2022-06-27
5.0
None Remote Low Not required None None Partial
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.
18 CVE-2022-27177 134 Exec Code 2022-04-01 2022-04-11
7.5
None Remote Low Not required Partial Partial Partial
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2
19 CVE-2022-26674 134 Exec Code 2022-04-22 2022-05-04
7.5
None Remote Low Not required Partial Partial Partial
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.
20 CVE-2022-26393 134 DoS 2022-09-09 2022-09-15
0.0
None ??? ??? ??? ??? ??? ???
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.
21 CVE-2022-26392 134 2022-09-09 2022-09-15
0.0
None ??? ??? ??? ??? ??? ???
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.
22 CVE-2022-24051 134 Exec Code 2022-02-18 2022-06-30
4.6
None Local Low Not required Partial Partial Partial
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.
23 CVE-2022-22299 134 Exec Code 2022-08-05 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
24 CVE-2022-4639 134 2022-12-21 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability.
25 CVE-2022-3023 134 2022-11-04 2022-11-05
0.0
None ??? ??? ??? ??? ??? ???
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.
26 CVE-2022-2652 134 2022-08-04 2022-08-10
0.0
None ??? ??? ??? ??? ??? ???
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).
27 CVE-2022-1215 134 2022-06-02 2022-06-09
7.2
None Local Low Not required Complete Complete Complete
A format string vulnerability was found in libinput
28 CVE-2021-43041 134 2021-12-06 2022-11-28
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.
29 CVE-2021-42911 134 Exec Code 2022-03-29 2022-04-05
7.5
None Remote Low Not required Partial Partial Partial
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.
30 CVE-2021-41193 134 DoS Exec Code 2022-03-01 2022-03-09
7.5
None Remote Low Not required Partial Partial Partial
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.
31 CVE-2021-37735 134 DoS 2021-10-12 2021-11-24
5.0
None Remote Low Not required None None Partial
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.
32 CVE-2021-36161 134 2021-09-09 2021-09-17
7.5
None Remote Low Not required Partial Partial Partial
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13
33 CVE-2021-35331 134 Exec Code 2021-07-05 2021-09-20
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.
34 CVE-2021-33886 134 Bypass 2021-08-25 2022-07-12
5.8
None Local Network Low Not required Partial Partial Partial
An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device.
35 CVE-2021-33535 134 Exec Code Overflow 2021-06-25 2021-07-27
6.5
None Remote Low ??? Partial Partial Partial
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
36 CVE-2021-32785 134 DoS Exec Code 2021-07-22 2022-05-10
4.3
None Remote Medium Not required None None Partial
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.
37 CVE-2021-30145 134 Exec Code 2021-05-18 2022-05-20
6.8
None Remote Medium Not required Partial Partial Partial
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
38 CVE-2021-29740 134 Exec Code 2021-06-01 2021-06-07
7.2
None Local Low Not required Complete Complete Complete
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.
39 CVE-2021-28846 134 DoS 2021-08-10 2021-08-19
4.0
None Remote Low ??? None None Partial
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.
40 CVE-2021-25489 134 2021-10-06 2022-09-23
4.9
None Local Low Not required None None Complete
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
41 CVE-2021-20307 134 2021-04-05 2022-07-30
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
42 CVE-2020-36643 134 2023-01-06 2023-01-12
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563.
43 CVE-2020-36619 134 2022-12-19 2022-12-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.
44 CVE-2020-36323 134 2021-04-14 2021-04-27
6.4
None Remote Low Not required Partial None Partial
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
45 CVE-2020-35869 134 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.
46 CVE-2020-29018 134 2021-01-14 2021-01-20
6.5
None Remote Low ??? Partial Partial Partial
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
47 CVE-2020-27853 134 DoS Exec Code 2020-10-27 2020-12-07
7.5
None Remote Low Not required Partial Partial Partial
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.
48 CVE-2020-27524 134 2020-11-11 2020-12-30
4.8
None Local Network Low Not required Partial None Partial
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.
49 CVE-2020-15634 134 Exec Code 2020-08-20 2020-08-24
5.8
None Local Network Low Not required Partial Partial Partial
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755.
50 CVE-2020-15203 134 2020-09-25 2021-11-18
5.0
None Remote Low Not required None None Partial
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Total number of vulnerabilities : 287   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.