Vulnerabilities (CVE)

CWE filter

CWE-134

Filter

218 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6840 2019-10-09 7.5
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15),...
CVE-2019-13318 1 Foxitsoftware 2 Phantompdf, Reader 2019-10-09 4.3
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...
CVE-2018-1566 1 Ibm 1 Db2 2019-10-09 4.6
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.
CVE-2018-14799 1 Philips 5 Pagewriter Tc10 Firmware, Pagewriter Tc20 Firmware, Pagewriter Tc30 Firmware and 2 more 2019-10-09 4.6
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.
CVE-2018-0175 1 Cisco 3 Ios, Ios Xe, Ios Xr 2019-10-09 7.9
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)...
CVE-2017-7519 2 Ceph, Debian 2 Ceph, Debian Linux 2019-10-09 2.1
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.
CVE-2017-17407 1 Netgain-systems 1 Enterprise Manager 2019-10-09 7.5
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2017-16608 2019-10-09 7.5
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue...
CVE-2017-16602 1 Netgain-systems 1 Enterprise Manager 2019-10-09 6.5
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing...
CVE-2017-12702 1 Advantech 1 Webaccess 2019-10-09 6.8
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.
CVE-2015-9238 2019-10-09 5.0
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.
CVE-2009-2446 2 Mysql, Oracle 2 Mysql, Mysql 2019-10-07 8.5
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified...
CVE-2017-5524 1 Plone 1 Plone 2019-10-03 4.0
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
CVE-2017-10685 1 Gnu 1 Ncurses 2019-10-03 7.5
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVE-2018-16554 1 Jhead Project 1 Jhead 2019-10-03 6.8
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf...
CVE-2018-8778 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-10-03 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack...
CVE-2018-6875 1 Keepkey 1 Keepkey Firmware 2019-10-03 5.0
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.
CVE-2017-9212 1 Bavarian Motor Works 1 Bluetooth Stack 2019-10-03 7.8
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
CVE-2016-4448 11 Apple, Slackware, Oracle and 8 more 31 Libxml2, Tvos, Suse Linux Enterprise Software Development Kit and 28 more 2019-09-25 10.0
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2019-15546 1 Pancurses Project 1 Pancurses 2019-08-29 6.4
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.