CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

379 vulnerabilities with CWE-134
CVE-2017-7519 LOW
Ceph - Memory Corruption
CVSS 2.3
CVE-2017-17132 MEDIUM
Huawei VP9660 V500R002C10 - Buffer Overflow
CVSS 5.5
CVE-2017-17407 CRITICAL
NetGain Systems Enterprise Manager v7.2.699 - RCE
CVSS 9.8
CVE-2017-16608 CRITICAL
Netgain Enterprise Manager - RCE
CVSS 9.8
CVE-2017-16602 HIGH
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 8.8
CVE-2017-16516 HIGH
yajl-ruby 1.3.0 - Memory Corruption
CVSS 7.5
CVE-2017-15191 HIGH
Wireshark < 2.0.15 - Format String Vulnerability
CVSS 7.5
CVE-2017-0898 CRITICAL
Ruby <2.4.2, 2.3.5, 2.2.8 - Buffer Overflow/Info Disclosure
CVSS 9.1
CVE-2017-12702 HIGH
Advantech Webaccess < 8.2 - Format String Vulnerability
CVSS 8.8
CVE-2017-12588 CRITICAL
Rsyslog < 8.27.0 - Format String Vulnerability
CVSS 9.8
CVE-2017-10685 CRITICAL
GNU Ncurses - Format String Vulnerability
CVSS 9.8
CVE-2017-9212 HIGH
BMW 330i 2011 - Buffer Overflow
CVSS 7.5
CVE-2017-2403 HIGH
Apple <10.12.4 - RCE
CVSS 8.8
CVE-2017-5524 MEDIUM
Plone < 4.3.12 - Format String Vulnerability
CVSS 4.3
CVE-2017-3859 HIGH
Cisco ASR 920 - DoS
CVSS 7.5
CVE-2017-5613 HIGH
Cpanel Cgiecho - Format String Vulnerability
CVSS 7.8
CVE-2016-10773 HIGH
Cpanel < 60.0.25 - Format String Vulnerability
CVSS 8.8
CVE-2016-10745 HIGH
Palletsprojects Jinja < 2.8.1 - Format String Vulnerability
CVSS 8.6
CVE-2016-1895 MEDIUM
NetApp Data ONTAP <8.2.5, <8.3.2P12 - DoS
CVSS 6.5
CVE-2016-5716 HIGH
Puppet Enterprise <2016.4.0 - RCE
CVSS 8.8
CVE-2016-4864 HIGH
Dena H2o < 2.0.3 - Format String Vulnerability
CVSS 7.5
CVE-2016-5074 CRITICAL
Cloudviewnms Cloudview Nms < 2.09b - Format String Vulnerability
CVSS 9.8
CVE-2016-4448 CRITICAL
HP Icewall Federation Agent < 2.2.1 - Format String Vulnerability
CVSS 9.8
CVE-2015-10088 MEDIUM
ayttm <0.5.0.89 - Format String
CVSS 5.0
CVE-2015-9238 MEDIUM
Secure-compare < 3.0.1 - Format String Vulnerability
CVSS 5.3
Details
Vulnerabilities 379
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits