CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

388 vulnerabilities with CWE-134
CVE-2018-0175 HIGH KEV
Cisco IOS, IOS XE, and IOS XR - Format String Vulnerability in LLDP Subsystem
CVSS 8.0
CVE-2018-7544 CRITICAL
OpenVPN < 2.4.5 - Unauthenticated Remote Code Execution via Management Interface
CVSS 9.1
CVE-2018-6875 HIGH
KeepKey Firmware 4.0.0 - Information Disclosure via Format String Vulnerability
CVSS 7.5
CVE-2018-1000052 HIGH
fmt < 4.1.0 - Memory Corruption via Invalid Format Specifier in fmt::print()
CVSS 7.5
CVE-2018-6508 HIGH
Puppet Enterprise 2017.3.0-2017.3.2 - Remote Code Execution via facter_task or puppet_conf Tasks
CVSS 8.0
CVE-2018-6317 CRITICAL
Claymore Dual Miner < 10.5 - Unauthenticated Format String Vulnerability
CVSS 9.1
CVE-2018-5704 CRITICAL
OpenOCD 0.10.0 - CSRF
CVSS 9.6
CVE-2018-5207 HIGH
irssi < 1.0.6 - Use of Externally-Controlled Format String
CVSS 7.5
CVE-2018-5205 HIGH
irssi < 1.0.6 - Use-After-Free via Incomplete Escape Codes
CVSS 7.5
CVE-2017-7519 LOW
Ceph - Denial of Service via Format String Vulnerability in libradosstriper
CVSS 2.3
CVE-2017-17132 MEDIUM
Huawei VP9660 V500R002C10 - Buffer Overflow
CVSS 5.5
CVE-2017-17407 CRITICAL
NetGain Systems Enterprise Manager v7.2.699 - RCE
CVSS 9.8
CVE-2017-16608 CRITICAL
Netgain Enterprise Manager < 7.2.766 - Unauthenticated Remote Code Execution via exec.jsp
CVSS 9.8
CVE-2017-16602 HIGH
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 8.8
CVE-2017-16516 HIGH
yajl-ruby 1.3.0 - Memory Corruption
CVSS 7.5
CVE-2017-15191 HIGH
Wireshark 2.0.0-2.0.15 - Denial of Service in DMP Dissector
CVSS 7.5
CVE-2017-0898 CRITICAL
Ruby <2.4.2, 2.3.5, 2.2.8 - Buffer Overflow/Info Disclosure
CVSS 9.1
CVE-2017-12702 HIGH
Advantech WebAccess < 8.2 - Remote Code Execution via Format String Vulnerability
CVSS 8.8
CVE-2017-12588 CRITICAL
rsyslog < 8.27.0 - Format String Vulnerability in ZMQ3 Input/Output Modules
CVSS 9.8
CVE-2017-10685 CRITICAL
ncurses 6.0 - Remote Code Execution via Format String in fmt_entry Function
CVSS 9.8
CVE-2017-9212 HIGH
BMW 330i 2011 Bluetooth Stack - Denial of Service via Format String in Device Name
CVSS 7.5
CVE-2017-2403 HIGH
macOS < 10.12.4 - Remote Code Execution via Printing Component Format String
CVSS 8.8
CVE-2017-5524 MEDIUM
Plone 4.x-4.3.11 and 5.x-5.0.6 - Sandbox Protection Bypass via Python String Format Method
CVSS 4.3
CVE-2017-3859 HIGH
Cisco IOS XE 3.13-3.18 - Unauthenticated Denial of Service via DHCP Zero Touch Provisioning Format String
CVSS 7.5
CVE-2017-5613 HIGH
cPanel cgiecho and cgiemail - Remote Code Execution via Format String Specifiers in Template File
CVSS 7.8
Details
Vulnerabilities 388
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits