Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2023-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||||
| CVE-2009-3732 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2023-01-24 | 10.0 HIGH | N/A |
| Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2019-6840 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2022-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed. | |||||
| CVE-2019-7230 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2022-11-30 | 5.8 MEDIUM | 8.8 HIGH |
| The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. | |||||
| CVE-2019-7228 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2022-11-30 | 5.8 MEDIUM | 8.8 HIGH |
| The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. | |||||
| CVE-2021-43041 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. | |||||
| CVE-2022-3023 | 1 Pingcap | 1 Tidb | 2022-11-05 | N/A | 9.8 CRITICAL |
| Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. | |||||
| CVE-2022-35875 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler | |||||
| CVE-2022-35876 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler | |||||
| CVE-2022-35874 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler | |||||
| CVE-2022-35877 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler | |||||
| CVE-2022-35879 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-27 | N/A | 8.8 HIGH |
| Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. | |||||
| CVE-2022-35880 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-27 | N/A | 8.8 HIGH |
| Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. | |||||
| CVE-2022-35881 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-27 | N/A | 8.8 HIGH |
| Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. | |||||
| CVE-2022-35878 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-27 | N/A | 8.8 HIGH |
| Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. | |||||
| CVE-2022-35886 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-27 | N/A | 8.8 HIGH |
| Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. | |||||
| CVE-2022-35885 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-27 | N/A | 8.8 HIGH |
| Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. | |||||
| CVE-2022-35884 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-27 | N/A | 8.8 HIGH |
| Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. | |||||
| CVE-2022-35887 | 1 Goabode | 1 Iota All-in-one Security Kit Firmware | 2022-10-27 | N/A | 8.8 HIGH |
| Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. | |||||
| CVE-2022-33938 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2022-10-26 | N/A | 9.8 CRITICAL |
| A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. | |||||