CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-134

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43041 134 2021-12-06 2021-12-06
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.
2 CVE-2021-36161 134 2021-09-09 2021-09-17
7.5
None Remote Low Not required Partial Partial Partial
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13
3 CVE-2021-35331 134 Exec Code 2021-07-05 2021-09-20
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.
4 CVE-2021-33535 134 Exec Code Overflow 2021-06-25 2021-07-27
6.5
None Remote Low ??? Partial Partial Partial
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
5 CVE-2021-30145 134 Exec Code 2021-05-18 2021-07-20
6.8
None Remote Medium Not required Partial Partial Partial
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
6 CVE-2021-29740 134 Exec Code 2021-06-01 2021-06-07
7.2
None Local Low Not required Complete Complete Complete
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.
7 CVE-2021-20307 134 2021-04-05 2021-07-20
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
8 CVE-2020-36323 134 2021-04-14 2021-04-27
6.4
None Remote Low Not required Partial None Partial
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
9 CVE-2020-35869 134 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.
10 CVE-2020-29018 134 2021-01-14 2021-01-20
6.5
None Remote Low ??? Partial Partial Partial
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
11 CVE-2020-27853 134 DoS Exec Code 2020-10-27 2020-12-07
7.5
None Remote Low Not required Partial Partial Partial
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.
12 CVE-2020-13160 134 Exec Code 2020-06-09 2021-03-15
7.5
None Remote Low Not required Partial Partial Partial
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
13 CVE-2020-3118 134 Exec Code Overflow 2020-02-05 2020-02-10
8.3
None Local Network Low Not required Complete Complete Complete
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
14 CVE-2020-1992 134 DoS Exec Code 2020-04-08 2020-04-10
9.3
None Remote Medium Not required Complete Complete Complete
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls.
15 CVE-2019-18420 134 DoS 2019-10-31 2020-08-24
6.3
None Remote Medium ??? None None Complete
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.
16 CVE-2019-15547 134 2019-08-26 2019-08-29
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.
17 CVE-2019-15546 134 2019-08-26 2019-08-29
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.
18 CVE-2019-12297 134 2019-05-23 2019-05-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.
19 CVE-2019-6840 134 Exec Code 2019-09-17 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.
20 CVE-2019-5143 134 Exec Code Overflow 2020-02-25 2020-02-27
6.5
None Remote Low ??? Partial Partial Partial
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
21 CVE-2019-1579 134 Exec Code 2019-07-19 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
22 CVE-2018-16554 134 2018-09-16 2019-12-31
6.8
None Remote Medium Not required Partial Partial Partial
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
23 CVE-2018-12590 134 Exec Code 2018-06-20 2020-02-13
9.0
None Remote Low ??? Complete Complete Complete
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.
24 CVE-2018-10389 134 DoS Exec Code 2019-12-23 2020-01-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
25 CVE-2018-10388 134 DoS Exec Code 2019-12-23 2020-01-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
26 CVE-2018-7544 134 DoS Exec Code +Info 2018-03-16 2018-04-10
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.
27 CVE-2018-6508 134 2018-02-09 2022-01-24
6.0
None Remote Medium ??? Partial Partial Partial
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
28 CVE-2018-6317 134 DoS 2018-02-02 2018-02-15
6.4
None Remote Low Not required Partial None Partial
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
29 CVE-2018-5704 134 Exec Code XSS 2018-01-16 2018-02-09
9.3
None Remote Medium Not required Complete Complete Complete
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
30 CVE-2018-1352 134 Exec Code 2019-02-08 2019-02-08
7.5
None Remote Low Not required Partial Partial Partial
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
31 CVE-2018-0175 134 DoS Exec Code 2018-03-28 2019-10-09
7.9
None Local Network Medium Not required Complete Complete Complete
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.
32 CVE-2017-17407 134 Exec Code 2018-01-23 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080.
33 CVE-2017-16608 134 Exec Code 2018-01-23 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.
34 CVE-2017-16602 134 Exec Code Bypass 2018-01-23 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193.
35 CVE-2017-12702 134 Exec Code 2017-08-30 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.
36 CVE-2017-12588 134 2017-08-06 2017-08-14
7.5
None Remote Low Not required Partial Partial Partial
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
37 CVE-2017-10685 134 Exec Code 2017-06-29 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
38 CVE-2017-9212 134 2017-05-23 2019-10-03
7.8
None Remote Low Not required None None Complete
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
39 CVE-2017-5613 134 Exec Code 2017-03-03 2017-03-07
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
40 CVE-2017-3859 134 DoS 2017-03-22 2017-07-12
7.8
None Remote Low Not required None None Complete
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385.
41 CVE-2017-2403 134 Exec Code 2017-04-02 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.
42 CVE-2017-0898 134 Mem. Corr. 2017-09-15 2018-07-15
6.4
None Remote Low Not required Partial None Partial
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
43 CVE-2016-10773 134 2019-08-05 2019-08-09
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
44 CVE-2016-5716 134 Exec Code 2017-08-09 2019-07-10
6.5
None Remote Low ??? Partial Partial Partial
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.
45 CVE-2016-5074 134 2017-04-10 2017-06-02
7.5
None Remote Low Not required Partial Partial Partial
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.
46 CVE-2016-4448 134 2016-06-09 2019-12-27
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
47 CVE-2015-8617 134 Exec Code 2016-01-19 2017-09-10
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
48 CVE-2015-8107 134 Exec Code 2017-04-13 2017-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
49 CVE-2015-8106 134 Exec Code 2016-04-18 2016-05-18
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.
50 CVE-2015-7271 134 2017-04-10 2017-04-14
7.5
None Remote Low Not required Partial Partial Partial
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.
Total number of vulnerabilities : 180   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.