CWE-134
High likelihoodUse of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
387 vulnerabilities with CWE-134
CVE-2023-35086
HIGH
ASUS RT-AX56U V2 & RT-AC86U RCE via Format String in logmessage_normal
CVSS 7.2
CVE-2023-33011
HIGH
Zyxel Firewalls and WLAN Controllers 5.00-5.36 Patch 2 - Unauthenticated Remote Code Execution via PPPoE Configuration
CVSS 8.8
CVE-2023-2186
HIGH
Triangle MicroWorks' SCADA Data Gateway <= v5.01.03 - Info Disclosu...
CVSS 8.2
CVE-2023-21497
MEDIUM
Samsung Android - Use of Externally-Controlled Format String in mPOS TUI Trustlet
CVSS 4.4
CVE-2023-22923
MEDIUM
Zyxel NBG-418N v2 Firmware < V1.00(AARP.14)C0 - Authenticated Denial of Service via Format String Vulnerability
CVSS 6.5
CVE-2023-25492
MEDIUM
Lenovo ThinkAgile Firmware - Authenticated Denial of Service via Format String Injection
CVSS 6.3
CVE-2023-25815
LOW
Git for Windows < 2.40.1 - Path Traversal via Fake Localized Messages
CVSS 3.3
CVE-2023-23783
MEDIUM
FortiWeb 6.4.0-6.4.1 and 7.0.0-7.0.1 - Remote Code Execution via Format String Injection
CVSS 6.7
CVE-2023-21420
HIGH
Samsung Android STST TA - Use of Externally-Controlled Format String
CVSS 7.3
CVE-2023-22374
HIGH
F5 BIG-IP Access Policy Manager 14.1.4.6-14.1.5 - Authenticated Format String Injection via iControl SOAP
CVSS 8.5
CVE-2022-26941
CRITICAL
Motorola MTM5000 Series Firmware - Format String Vulnerability via AT+CTGL Command
CVSS 9.6
CVE-2022-43953
MEDIUM
Fortinet FortiOS <7.2.4 - Code Injection
CVSS 6.7
CVE-2022-43619
MEDIUM
D-Link DIR-1935 < 1.03 - Authenticated Remote Code Execution via ConfigFileUpload Format String
CVSS 6.8
CVE-2022-43869
MEDIUM
IBM Spectrum Scale & Elastic Storage System <5.1.2.8, <6.1.4.1 - DoS
CVSS 6.5
CVE-2022-4639
MEDIUM
sslh - Format String Vulnerability in Packet Dumping Handler
CVSS 5.6
CVE-2022-3724
MEDIUM
Wireshark 3.6.0-3.6.8 - Denial of Service via USB HID Protocol Dissector
CVSS 6.3
CVE-2022-3023
CRITICAL
GitHub pingcap/tidb <6.4.0-6.1.3. - Buffer Overflow
CVSS 9.8
CVE-2022-35887
HIGH
Abode Systems iota - Format String Injection
CVSS 8.8
CVE-2022-35886
HIGH
Abode Systems iota - Format String Injection
CVSS 8.8
CVE-2022-35885
HIGH
Abode Systems iota - Format String Injection
CVSS 8.8
CVE-2022-35884
HIGH
Abode Systems iota - Format String Injection
CVSS 8.8
CVE-2022-35881
HIGH
Abode Systems iota - Format String Injection
CVSS 8.8
CVE-2022-35880
HIGH
Abode Systems iota - Format String Injection
CVSS 8.8
CVE-2022-35879
HIGH
Abode Systems iota - Format String Injection
CVSS 8.8
CVE-2022-35878
HIGH
Abode Systems iota - Format String Injection
CVSS 8.8
Details
Vulnerabilities
387
Exploit Likelihood
High