CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

387 vulnerabilities with CWE-134
CVE-2019-6840 CRITICAL
Schneider Electric U.motion Server - Format String
CVSS 9.8
CVE-2019-15547 HIGH
ncurses < 5.99.0 - Use of Externally-Controlled Format String in printw Functions
CVSS 7.5
CVE-2019-15546 HIGH
pancurses < 0.16.1 - Use of Externally-Controlled Format String via printw and mvprintw
CVSS 7.5
CVE-2019-14412 LOW
cPanel < 78.0.2 - Format String Injection via DCV check_domains_via_dns UAPI
CVSS 3.3
CVE-2019-14410 LOW
cPanel < 78.0.2 - Format String Injection via Email Store Filter UAPI
CVSS 3.3
CVE-2019-1579 HIGH KEV
PAN-OS < 7.1.19 - Unauthenticated Remote Code Execution via GlobalProtect Portal/Gateway Interface
CVSS 8.1
CVE-2019-7228 HIGH
ABB IDAL HTTP Server - Buffer Overflow
CVSS 8.8
CVE-2019-7230 HIGH
ABB IDAL FTP Server - Buffer Overflow
CVSS 8.8
CVE-2019-12297 CRITICAL
Motorola CX2/M2 <1.01 - Format String
CVSS 9.8
CVE-2019-7715 HIGH
Green Hills INTEGRITY RTOS 5.0.4 - Info Disclosure
CVSS 7.5
CVE-2019-7712 HIGH
Green Hills INTEGRITY RTOS 5.0.4 - Info Disclosure
CVSS 7.5
CVE-2019-7711 HIGH
Green Hills INTEGRITY RTOS 5.0.4 - Info Disclosure
CVSS 7.5
CVE-2018-10389 CRITICAL
Open TFTP Server < 1.65 - Remote Code Execution via Format String in TFTP Error Packet
CVSS 9.8
CVE-2018-10388 CRITICAL
Open TFTP Server < 1.66 - Remote Code Execution via Format String in TFTP Error Packet
CVSS 9.8
CVE-2018-14713 HIGH
ASUS RT-AC3200 <3.0.0.4.382.50010 - Memory Corruption
CVSS 8.1
CVE-2018-1352 CRITICAL
FortiOS 5.6.0 - Remote Code Execution via SSH Username Format String
CVSS 9.8
CVE-2018-14661 MEDIUM
GlusterFS 3.8.4 - Format String Attack
CVSS 6.5
CVE-2018-17336 HIGH
UDisks 2.8.0 - Format String Vulnerability via Filesystem Label
CVSS 7.8
CVE-2018-16554 HIGH
jhead 3.00 - Denial of Service via GPS Info Format String Mismatch
CVSS 7.8
CVE-2018-15749 MEDIUM
Pulse Secure Desktop (macOS) < 5.3R5 and 9.0R1 - Format String Vulnerability
CVSS 5.5
CVE-2018-14799 LOW
Philips PageWriter - Buffer Overflow
CVSS 3.7
CVE-2018-1566 HIGH
IBM DB2 9.7, 10.1, 10.5, 11.1 - Local Arbitrary Code Execution via Format String Error
CVSS 8.4
CVE-2018-12590 HIGH
Ubiquiti Networks EdgeSwitch <1.7.3 - Code Injection
CVSS 7.2
CVE-2018-8778 HIGH
Ruby <2.2.10-2.6.0-preview1 - Info Disclosure
CVSS 7.5
CVE-2018-0175 HIGH KEV
Cisco IOS, IOS XE, and IOS XR - Format String Vulnerability in LLDP Subsystem
CVSS 8.0
Details
Vulnerabilities 387
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits