CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

387 vulnerabilities with CWE-134
CVE-2024-4641 MEDIUM
Moxa OnCell G3470A-LTE Series Firmware < 1.7.7 - Denial of Service via Format String Injection
CVSS 6.3
CVE-2024-6145 HIGH
Actiontec WCB6200Q Firmware - Unauthenticated Remote Code Execution via Cookie Format String
CVSS 8.8
CVE-2024-35845 CRITICAL
Linux Kernel 5.5-6.8.1 Use-After-Free in iwl_fw_ini_debug_info_tlv
CVSS 9.1
CVE-2024-23914 MEDIUM
Merge DICOM Toolkit - Buffer Overflow
CVSS 5.7
CVE-2024-31837 HIGH
DMitry 1.3a - Format String Vulnerability
CVSS 8.4
CVE-2024-23113 CRITICAL KEV
Fortinet FortiOS/FortiProxy/FortiPAM/FortiSwitchManager Format String Vulnerability via Crafted Packets
CVSS 9.8
CVE-2023-53966 CRITICAL
SOUND4 LinkAndShare Transmitter 1.1.2 - Memory Corruption
CVSS 9.8
CVE-2023-40721 MEDIUM
FortiOS 6.2.0-7.0.13 - Authenticated Remote Code Execution via Format String Vulnerability
CVSS 6.7
CVE-2023-45583 MEDIUM
Fortinet FortiProxy <=7.2.5, <=7.0.11, <=2.0.13, <=1.2.13, <=1.1.6 - Format String Vulnerability via CLI/HTTP
CVSS 6.7
CVE-2023-36640 MEDIUM
Fortinet FortiProxy <7.2.5 - Code Injection
CVSS 6.7
CVE-2023-48784 MEDIUM
FortiOS <7.4.1, <7.2.7, All 6.4 - Code Injection
CVSS 6.7
CVE-2023-41842 MEDIUM
Fortinet FortiAnalyzer 6.2.0-6.4.7 & FortiManager 6.2.0-7.0.10 - Remote Code Execution via Format String Injection
CVSS 6.7
CVE-2023-29181 HIGH
FortiOS 6.0.0-6.2.14, FortiProxy 1.0.0-2.0.12, FortiPAM 1.0.0-1.0.3 - Use of Externally-Controlled Format String
CVSS 8.8
CVE-2023-6764 HIGH
Zyxel ATP/USG FLEX Series Firmware 4.32-5.37 Patch 1 - Remote Code Execution via IPSec VPN Format String
CVSS 8.1
CVE-2023-6399 MEDIUM
Zyxel ATP-USG FLEX- USG20-W-H <5.37.1 - DoS
CVSS 5.7
CVE-2023-24590 HIGH
Gallagher Controller 6000 <8.60.231116a - Use After Free
CVSS 7.5
CVE-2023-36639 HIGH
Fortinet FortiProxy 7.0.0-7.0.10 and 7.2.0-7.2.4 - Use of Externally-Controlled Format String via API Requests
CVSS 7.2
CVE-2023-48221 HIGH
wire-avs < 9.2.22 - Remote Format String Vulnerability
CVSS 7.3
CVE-2023-5746 CRITICAL
Synology BC500 and TC500 Firmware < 1.0.5-0185 - Remote Code Execution via Format String in CGI Component
CVSS 9.8
CVE-2023-41349 HIGH
ASUS router RT-AX88U - Format String Attack
CVSS 8.8
CVE-2023-39240 HIGH
ASUS RT-AX56U V2 Firmware - Authenticated Remote Code Execution via Format String in iperf Client API
CVSS 7.2
CVE-2023-39239 HIGH
ASUS RT-AX56U V2 Firmware - Authenticated Remote Code Execution via Format String in General Function API
CVSS 7.2
CVE-2023-39238 HIGH
ASUS RT-AX56U V2 - Authenticated Remote Code Execution via Format String in set_iperf3_svr.cgi
CVSS 7.2
CVE-2023-4746 HIGH
TOTOLINK N200RE V5 9.3.5u.6437_B20230519 - Format String Vulnerability in Validity_check Function
CVSS 8.8
CVE-2023-35087 CRITICAL
ASUS RT-AX56U V2 & RT-AC86U Firmware - Remote Code Execution via Format String in AiMesh
CVSS 9.8
Details
Vulnerabilities 387
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits