CVE-2022-1215
7.8HIGH
A format string vulnerability was found in libinput
A format string vulnerability was found in libinput
6/2/2022CWE-134, CWE-134
Schwachstellentyp
CWE-134
Alle CVE-Schwachstellen, die unter diesen Schwachstellentyp fallen.
Auf MITRE CWE ansehenGesamt CVEs
27
Kritisch
8
In KEV
0
Mit Exploits
0
CVE-2023-40721
6.7MEDIUM
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.
2/11/2025CWE-134
CVE-2023-41842
6.7MEDIUM
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command argu
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command argu...
3/12/2024CWE-134
CVE-2022-3023
9.8CRITICAL
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.
11/4/2022CWE-134, CWE-134
CVE-2019-6840
9.8CRITICAL
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG626
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG626...
9/17/2019CWE-134, CWE-134
CVE-2018-1000052
7.5HIGH
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can r
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can r...
2/9/2018CWE-134
CVE-2022-40604
7.5HIGH
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
9/21/2022CWE-134, CWE-134
CVE-2023-48784
6.7MEDIUM
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a ...
4/9/2024CWE-134
CVE-2022-3724
6.3MEDIUM
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
12/9/2022CWE-134, CWE-134
CVE-2017-7519
2.3LOW
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.
7/27/2018CWE-134, CWE-134
CVE-2023-21497
4.4MEDIUM
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.
5/4/2023CWE-134, CWE-134
CVE-2022-34747
9.8CRITICAL
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
9/6/2022CWE-134, CWE-134
CVE-2022-26674
9.8CRITICAL
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system oper
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system oper...
4/22/2022CWE-134, CWE-134
CVE-2021-20307
9.8CRITICAL
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
4/5/2021CWE-134, CWE-134
CVE-2017-12702
8.8HIGH
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, wh
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, wh...
8/30/2017CWE-134, CWE-134
CVE-2023-23783
6.7MEDIUM
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted ...
2/16/2023CWE-134, CWE-134
CVE-2012-0824
9.8CRITICAL
gnusound 0.7.5 has format string issue
gnusound 0.7.5 has format string issue
11/19/2019CWE-134
CVE-2023-22923
6.5MEDIUM
A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions o
A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions o...
5/1/2023CWE-134, CWE-134
CVE-2022-26941
9.6CRITICAL
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anythin
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anythin...
10/19/2023CWE-134, CWE-134
CVE-2019-1579
8.1HIGH
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthe
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthe...
7/19/2019CWE-134, CWE-134
CVE-2016-10745
8.6HIGH
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
4/8/2019CWE-134
CVE-2016-5074
9.8CRITICAL
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.
4/10/2017CWE-134
CVE-2016-10773
8.8HIGH
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
8/5/2019CWE-134
CVE-2015-8107
7.8HIGH
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
4/13/2017CWE-134
CVE-2023-24590
7.5HIGH
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Servic
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Servic...
12/18/2023CWE-134, CWE-134
CVE-2022-26393
5.0MEDIUM
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Ser
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Ser...
9/9/2022CWE-134, CWE-134
CVE-2020-1979
8.1HIGH
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to ...
3/11/2020CWE-134, CWE-134