Vulnerabilities > Use of Externally-Controlled Format String

DATE CVE VULNERABILITY TITLE RISK
2021-01-14 CVE-2020-29018 USE of Externally-Controlled Format String vulnerability in Fortinet Fortiweb 6.3.0/6.3.5
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
network
low complexity
fortinet CWE-134
6.5
2020-12-31 CVE-2020-35869 USE of Externally-Controlled Format String vulnerability in Rusqlite Project Rusqlite
An issue was discovered in the rusqlite crate before 0.23.0 for Rust.
network
low complexity
rusqlite-project CWE-134
7.5
2020-11-11 CVE-2020-27524 USE of Externally-Controlled Format String vulnerability in Audi MMI Multiplayer N+Rcnaup0395
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name.
low complexity
audi CWE-134
4.8
2020-10-27 CVE-2020-27853 USE of Externally-Controlled Format String vulnerability in Wire products
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string.
network
low complexity
wire CWE-134
7.5
2020-08-20 CVE-2020-15634 USE of Externally-Controlled Format String vulnerability in Netgear R6700 Firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58.
low complexity
netgear CWE-134
5.8
2020-06-09 CVE-2020-13160 USE of Externally-Controlled Format String vulnerability in Anydesk
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
network
low complexity
anydesk CWE-134
7.5
2020-04-08 CVE-2020-1992 USE of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges.
network
paloaltonetworks CWE-134
critical
9.3
2020-03-11 CVE-2020-1979 USE of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges.
local
low complexity
paloaltonetworks CWE-134
4.6
2020-02-25 CVE-2019-5143 USE of Externally-Controlled Format String vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-134
6.5
2020-02-12 CVE-2014-6262 USE of Externally-Controlled Format String vulnerability in Zenoss Core 4.2.4
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
network
low complexity
zenoss CWE-134
5.0