Total
353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4746 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2024-11-21 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635. | ||||
| CVE-2023-48221 | 1 Wire | 1 Audio\, Video\, And Signaling | 2024-11-21 | 7.3 High |
| wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available. | ||||
| CVE-2023-45583 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2024-11-21 | 6.5 Medium |
| A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests. | ||||
| CVE-2023-41842 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Bigdata, Fortimanager and 1 more | 2024-11-21 | 6.3 Medium |
| A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
| CVE-2023-41349 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-11-21 | 8.8 High |
| ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service. | ||||
| CVE-2023-39240 | 1 Asus | 6 Rt-ac86u, Rt-ac86u Firmware, Rt-ax55 and 3 more | 2024-11-21 | 7.2 High |
| It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | ||||
| CVE-2023-39239 | 1 Asus | 6 Rt-ac86u, Rt-ac86u Firmware, Rt-ax55 and 3 more | 2024-11-21 | 7.2 High |
| It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | ||||
| CVE-2023-39238 | 1 Asus | 6 Rt-ac86u, Rt-ac86u Firmware, Rt-ax55 and 3 more | 2024-11-21 | 7.2 High |
| It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | ||||
| CVE-2023-36640 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2024-11-21 | 6.5 Medium |
| A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands | ||||
| CVE-2023-36639 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2024-11-21 | 7 High |
| A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. | ||||
| CVE-2023-35087 | 1 Asus | 4 Rt-ac86u, Rt-ac86u Firmware, Rt-ax56u V2 and 1 more | 2024-11-21 | 9.8 Critical |
| It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529. | ||||
| CVE-2023-35086 | 1 Asus | 4 Rt-ac86u, Rt-ac86u Firmware, Rt-ax56u V2 and 1 more | 2024-11-21 | 7.2 High |
| It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529. | ||||
| CVE-2023-33011 | 1 Zyxel | 49 Atp100 Firmware, Usg20w-vpn Firmware, Usg 20w-vpn and 46 more | 2024-11-21 | 8.8 High |
| A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled. | ||||
| CVE-2023-24590 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2024-11-21 | 7.5 High |
| A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | ||||
| CVE-2023-23783 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.5 Medium |
| A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
| CVE-2022-4639 | 1 Sslh Project | 1 Sslh | 2024-11-21 | 5.6 Medium |
| A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability. | ||||
| CVE-2022-43953 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 6.3 Medium |
| A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands. | ||||
| CVE-2022-40604 | 1 Apache | 1 Airflow | 2024-11-21 | 7.5 High |
| In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. | ||||
| CVE-2022-3724 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2024-11-21 | 6.3 Medium |
| Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows | ||||
| CVE-2022-3023 | 1 Pingcap | 1 Tidb | 2024-11-21 | 9.8 Critical |
| Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. | ||||