CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

387 vulnerabilities with CWE-134

CVE-2022-35877 CRITICAL

Abode Systems iota - Format String Injection

CVSS 9.8

CVE-2022-35876 CRITICAL

Abode Systems iota - Format String Injection

CVSS 9.8

CVE-2022-35875 CRITICAL

Abode Systems iota - Format String Injection

CVSS 9.8

CVE-2022-35874 CRITICAL

Abode Systems iota - Format String Injection

CVSS 9.8

CVE-2022-35244 CRITICAL

abode systems iota All-In-One Security Kit 6.9X and 6.9Z - Format String Injection via XCMD getVarHA

CVSS 9.8

CVE-2022-33938 CRITICAL

Abode Systems, Inc. iota - Format String Injection

CVSS 9.8

CVE-2022-40604 HIGH

Apache Airflow 2.3.0-2.3.4 - Information Exposure via URL Format String

CVSS 7.5

CVE-2022-26393 MEDIUM

Baxter Spectrum WBM - Format String

CVSS 5.0

CVE-2022-26392 LOW

Baxter Spectrum WBM - Format String

CVSS 3.1

CVE-2022-34747 CRITICAL

Zyxel NAS326 Firmware < 5.21(aazf.12)c0 - Remote Code Execution via UDP Packet Format String

CVSS 9.8

CVE-2022-22299 HIGH

FortiADC/FortiProxy <6.3 - Format String

CVSS 7.8

CVE-2022-2652 MEDIUM

v4l2loopback < 0.12.6 - Kernel Stack Memory Leak and Denial of Service via Card Label Format String

CVSS 6.0

CVE-2022-31753 HIGH

Huawei EMUI - Denial of Service via Voice Wakeup Format String

CVSS 7.5

CVE-2022-1215 HIGH

libinput 1.10.0-1.18.1 - Use of Externally-Controlled Format String

CVSS 7.8

CVE-2022-26674 CRITICAL

ASUS RT-AX88U Firmware < 3.0.0.4.386.46065 - Unauthenticated Remote Code Execution via Format String Vulnerability

CVSS 9.8

CVE-2022-27177 CRITICAL

ConsoleMe < 1.2.2 - Use of Externally-Controlled Format String

CVSS 9.8

CVE-2022-24051 HIGH

MariaDB CONNECT - Privilege Escalation

CVSS 7.8

CVE-2021-34970 MEDIUM

Foxit PDF Editor and Reader - Information Disclosure via Print Method Format String

CVSS 5.5

CVE-2021-42911 CRITICAL

DrayTek Vigor 2960, 3900, and 300B <= 1.5.1.3 - Remote Code Execution via Format String in mainfunction.cgi

CVSS 9.8

CVE-2021-41193 CRITICAL

wire-avs < 7.1.12 - Remote Format String Vulnerability

CVSS 9.8

CVE-2021-43041 HIGH

Kaseya Unitrends Backup <10.5.5 - Format String

CVSS 8.8

CVE-2021-37735 MEDIUM

Aruba Instant - Denial of Service via Format String Vulnerability

CVSS 5.3

CVE-2021-25489 LOW KEV

Modem Interface Driver <SMR Oct-2021 Release 1 - Buffer Overflow

CVSS 3.3

CVE-2021-36161 CRITICAL

Apache Dubbo < 2.7.13 - Remote Code Execution via Format String Injection in toString Call

CVSS 9.8

CVE-2021-33886 HIGH

B. Braun SpaceCom2 < 012U000062 - Unauthenticated Remote Code Execution via Format String Injection

CVSS 8.1

Details

Vulnerabilities 387

Exploit Likelihood High

Links