CVE-2023-22374

HIGH Year: 2023
CVSS v3 Score
8.5
High
Weakness Type
CWE-134
View all →

Vulnerability Description

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2016-10745

HIGH
CVSS:8.6(High)

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

CWE-1342016

CVE-2021-29740

HIGH
CVSS:8.4(High)

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context ...

CWE-1342021

CVE-2024-31837

HIGH
CVSS:8.4(High)

DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938.

CWE-1342024

CVE-2025-24359

HIGH
CVSS:8.4(High)

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute ...

CWE-1342025

CVE-2014-8170

HIGH
CVSS:8.8(High)

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, w...

CWE-1342014

CVE-2016-10773

HIGH
CVSS:8.8(High)

cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).

CWE-1342016