CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

379 vulnerabilities with CWE-134
CVE-2015-8107 HIGH
GNU a2ps 4.14 - RCE
CVSS 7.8
CVE-2015-7271 CRITICAL
Dell Integrated Remote Access Control... - Format String Vulnerability
CVSS 9.8
CVE-2015-8106 HIGH
latex2rtf <2.3.10 - RCE
CVSS 7.8
CVE-2015-8617 CRITICAL
PHP <7.0.1 - RCE
CVSS 9.8
CVE-2015-2894 MEDIUM
Idera Uptime Infrastructure Monitor <7.2 - DoS
CVSS 5.3
CVE-2015-6285
Cisco Email Security Appliance - Format String Vulnerability
CVE-2014-6262 HIGH
RRDtool <4.2.5 - RCE
CVSS 7.5
CVE-2014-8170 HIGH
Ovirt-node - Format String Vulnerability
CVSS 8.8
CVE-2014-8625
Debian Dpkg < 1.17.21 - Format String Vulnerability
CVE-2014-9157
Graphviz - Format String
CVE-2014-1315
Apple Mac OS X - Format String Vulnerability
CVE-2014-1683
SkyBlueCanvas CMS <1.1 r248-04 - RCE
CVE-2013-2131
Rrdtool - Format String Vulnerability
CVE-2013-7386
BOINC <7.2.33 - RCE
CVE-2013-1886
Redhat Certificate System - Format String Vulnerability
CVE-2013-6809
Philippe Jounin Tftpd32 < 4.00 - Format String Vulnerability
CVE-2013-5135
Apple Mac OS X <10.9 - RCE
CVE-2013-4389
Rails < 3.2.15 - Format String Vulnerability
CVE-2013-4258
Radscan Network Audio System - Format String Vulnerability
CVE-2013-4147
Yard Radius - Format String Vulnerability
CVE-2013-2852
Linux kernel <3.9.4 - Privilege Escalation
CVE-2013-2851
Linux kernel <3.9.4 - Privilege Escalation
CVE-2013-3560
Debian Linux - Format String Vulnerability
CVE-2013-0929
EMC AlphaStor <4.0 - RCE
CVE-2012-10055 CRITICAL
ComSndFTP FTP Server <1.3.7 Beta - Code Injection
Details
Vulnerabilities 379
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits