Vulnerabilities > Use of Externally-Controlled Format String

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2023-36640 Use of Externally-Controlled Format String vulnerability in Fortinet Fortiproxy
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands
local
low complexity
fortinet CWE-134
6.7
2024-05-14 CVE-2023-45583 Use of Externally-Controlled Format String vulnerability in Fortinet products
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.
network
low complexity
fortinet CWE-134
7.2
2024-03-12 CVE-2023-41842 Use of Externally-Controlled Format String vulnerability in Fortinet products
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
local
low complexity
fortinet CWE-134
6.7
2024-02-20 CVE-2023-6399 A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
low complexity
CWE-134
5.7
2024-02-15 CVE-2024-23113 Use of Externally-Controlled Format String vulnerability in Fortinet products
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet CWE-134
critical
9.8
2023-12-18 CVE-2023-24590 Use of Externally-Controlled Format String vulnerability in Gallagher Controller 6000 Firmware
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
network
low complexity
gallagher CWE-134
8.8
2023-12-13 CVE-2023-36639 Use of Externally-Controlled Format String vulnerability in Fortinet Fortios
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
network
low complexity
fortinet CWE-134
8.8
2023-11-20 CVE-2023-48221 Use of Externally-Controlled Format String vulnerability in Wire Audio, Video, and Signaling
wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire.
network
low complexity
wire CWE-134
8.8
2023-10-25 CVE-2023-5746 Use of Externally-Controlled Format String vulnerability in Synology Bc500 Firmware and Tc500 Firmware
A vulnerability regarding use of externally-controlled format string is found in the cgi component.
network
low complexity
synology CWE-134
critical
9.8
2023-10-19 CVE-2022-26941 Use of Externally-Controlled Format String vulnerability in Motorola Mtm5400 Firmware and Mtm5500 Firmware
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command.
low complexity
motorola CWE-134
8.8