CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

388 vulnerabilities with CWE-134
CVE-2016-10773 HIGH
cPanel 59.9999.58-60.0.24 - Format String Injection in Exception Message Handling
CVSS 8.8
CVE-2016-10745 HIGH
Jinja < 2.8.1 - Sandbox Escape via str.format
CVSS 8.6
CVE-2016-1895 MEDIUM
NetApp Data ONTAP <8.2.5, <8.3.2P12 - DoS
CVSS 6.5
CVE-2016-5716 HIGH
Puppet Enterprise 2015.x-2016.x < 2016.4.0 - Remote Code Execution via Unsafe String Reads
CVSS 8.8
CVE-2016-4864 HIGH
Dena H2o < 2.0.3 - Format String Vulnerability
CVSS 7.5
CVE-2016-5074 CRITICAL
CloudView NMS < 2.10a - Format String Vulnerability via SNMP
CVSS 9.8
CVE-2016-4448 CRITICAL
HP Icewall Federation Agent < 2.2.1 - Format String Vulnerability
CVSS 9.8
CVE-2015-10088 MEDIUM
ayttm < 0.5.0-89 - Format String Vulnerability in http_connect Function
CVSS 5.0
CVE-2015-9238 MEDIUM
secure-compare < 3.0.1 - Incorrect String Comparison
CVSS 5.3
CVE-2015-8107 HIGH
GNU a2ps 4.14 - Remote Code Execution via Format String Vulnerability
CVSS 7.8
CVE-2015-7271 CRITICAL
Dell Integrated Remote Access Controller Firmware < 2.21.21.21 - Format String Vulnerability via racadm getsystinfo
CVSS 9.8
CVE-2015-8106 HIGH
latex2rtf - Remote Code Execution via Format String Specifiers in \keywords Command
CVSS 7.8
CVE-2015-8617 CRITICAL
PHP 7.x < 7.0.1 - Remote Code Execution via Format String Specifiers in Class Name
CVSS 9.8
CVE-2015-2894 MEDIUM
Idera Uptime Infrastructure Monitor <7.2 - DoS
CVSS 5.3
CVE-2015-6285
Cisco Email Security Appliance 7.6.0 and 8.0.0 - Denial of Service via Format String Specifiers
CVE-2014-6262 HIGH
Zenoss Core < 4.2.5 - Remote Code Execution via RRDtool Python Module Format String
CVSS 7.5
CVE-2014-8170 HIGH
ovirt-node 3.0.0-474-gb852fd7 - Authenticated Command Injection via Unquoted Input String
CVSS 8.8
CVE-2014-8625
dpkg < 1.17.21 - Use-After-Free via Format String Specifiers in Package or Architecture Name
CVE-2014-9157
Graphviz - Format String
CVE-2014-1315
Apple OS X 10.9.x-10.9.2 - Remote Code Execution via Format String Specifiers in URL
CVE-2014-1683
SkyBlueCanvas CMS <1.1 r248-04 - RCE
CVE-2013-2131
rrdtool 1.4.7 - Denial of Service via Format String Specifiers in rrdtool.graph
CVE-2013-7386
BOINC - Use-After-Free via Format String Specifiers in Account File
CVE-2013-1886
Red Hat Certificate System 8.1 - Authenticated Format String Vulnerability in Token Processing System
CVE-2013-6809
Tftpd32 < 4.50 - Remote Code Execution via Format String in Remote File Field
Details
Vulnerabilities 388
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits