Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-14 | CVE-2020-29018 | USE of Externally-Controlled Format String vulnerability in Fortinet Fortiweb 6.3.0/6.3.5 A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. | 6.5 |
| 2020-12-31 | CVE-2020-35869 | USE of Externally-Controlled Format String vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. | 7.5 |
| 2020-11-11 | CVE-2020-27524 | USE of Externally-Controlled Format String vulnerability in Audi MMI Multiplayer N+Rcnaup0395 On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. | 4.8 |
| 2020-10-27 | CVE-2020-27853 | USE of Externally-Controlled Format String vulnerability in Wire products Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. | 7.5 |
| 2020-08-20 | CVE-2020-15634 | USE of Externally-Controlled Format String vulnerability in Netgear R6700 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. | 5.8 |
| 2020-06-09 | CVE-2020-13160 | USE of Externally-Controlled Format String vulnerability in Anydesk AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | 7.5 |
| 2020-04-08 | CVE-2020-1992 | USE of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. | 9.3 |
| 2020-03-11 | CVE-2020-1979 | USE of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. | 4.6 |
| 2020-02-25 | CVE-2019-5143 | USE of Externally-Controlled Format String vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. | 6.5 |
| 2020-02-12 | CVE-2014-6262 | USE of Externally-Controlled Format String vulnerability in Zenoss Core 4.2.4 Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | 5.0 |