CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

379 vulnerabilities with CWE-134
CVE-2020-36323 HIGH
Rust < 1.52.0 - Format String Vulnerability
CVSS 8.2
CVE-2020-29018 HIGH
Fortinet Fortiweb < 6.3.5 - Format String Vulnerability
CVSS 8.8
CVE-2020-35869 CRITICAL
Rusqlite < 0.23.0 - Format String Vulnerability
CVSS 9.8
CVE-2020-27524 HIGH
Audi A7 MMI <N+R_CN_AU_P0395 - Info Disclosure
CVSS 7.1
CVE-2020-27523 HIGH
Solstice-Pod <5.0.2 - DoS
CVSS 7.5
CVE-2020-27853 CRITICAL
Wire < 3.21.2936 - Format String Vulnerability
CVSS 9.8
CVE-2020-15203 HIGH
Tensorflow <2.3.1 - Memory Corruption
CVSS 7.5
CVE-2020-16142 LOW
Mercedes-benz Comand - Format String Vulnerability
CVSS 3.5
CVE-2020-15634 MEDIUM
Netgear R6700 Firmware < 1.0.4.98 - Format String Vulnerability
CVSS 6.3
CVE-2020-13160 CRITICAL
AnyDesk <5.5.3 - RCE
CVSS 9.8
CVE-2020-1992 HIGH
Paloaltonetworks Pan-os < 9.0.7 - Format String Vulnerability
CVSS 8.1
CVE-2020-1979 HIGH
Paloaltonetworks Pan-os < 8.1.13 - Format String Vulnerability
CVSS 8.1
CVE-2020-3118 HIGH KEV
Cisco IOS XR - RCE
CVSS 8.8
CVE-2019-5143 HIGH
Moxa AWK-3131A <1.13 - RCE
CVSS 8.8
CVE-2019-11287 HIGH
Broadcom Rabbitmq Server < 3.8.1 - Denial of Service
CVSS 7.5
CVE-2019-18420 MEDIUM
Xen <4.12.x - DoS
CVSS 6.5
CVE-2019-13318 MEDIUM
Foxitsoftware Reader < 9.5.0.20723 - Format String Vulnerability
CVSS 5.5
CVE-2019-6840 CRITICAL
Schneider Electric U.motion Server - Format String
CVSS 9.8
CVE-2019-15547 HIGH
Ncurses < 5.99.0 - Format String Vulnerability
CVSS 7.5
CVE-2019-15546 HIGH
Pancurses < 0.16.1 - Format String Vulnerability
CVSS 7.5
CVE-2019-14412 LOW
Maketext <78.0.2 - Code Injection
CVSS 3.3
CVE-2019-14410 LOW
cPanel <78.0.2 - Code Injection
CVSS 3.3
CVE-2019-1579 HIGH KEV
PAN-OS <7.1.18, <8.0.11-h1, <8.1.2 - RCE
CVSS 8.1
CVE-2019-7228 HIGH
ABB IDAL HTTP Server - Buffer Overflow
CVSS 8.8
CVE-2019-7230 HIGH
ABB IDAL FTP Server - Buffer Overflow
CVSS 8.8
Details
Vulnerabilities 379
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits