Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-23 | CVE-2018-10389 | Use of Externally-Controlled Format String vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.65 Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet. | 9.8 |
| 2019-12-23 | CVE-2018-10388 | Use of Externally-Controlled Format String vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66 Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet. | 9.8 |
| 2019-11-23 | CVE-2019-11287 | Use of Externally-Controlled Format String vulnerability in multiple products Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. | 7.5 |
| 2019-11-19 | CVE-2012-0824 | Use of Externally-Controlled Format String vulnerability in GNU Gnusound 0.7.5 gnusound 0.7.5 has format string issue | 9.8 |
| 2019-11-14 | CVE-2011-1588 | Use of Externally-Controlled Format String vulnerability in multiple products Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | 7.8 |
| 2019-11-12 | CVE-2010-3438 | Use of Externally-Controlled Format String vulnerability in multiple products libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. | 9.8 |
| 2019-10-31 | CVE-2019-18420 | Use of Externally-Controlled Format String vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. | 6.5 |
| 2019-10-04 | CVE-2019-13318 | Use of Externally-Controlled Format String vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. | 5.5 |
| 2019-09-17 | CVE-2019-6840 | Use of Externally-Controlled Format String vulnerability in Schneider-Electric products A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed. | 9.8 |
| 2019-08-26 | CVE-2019-15547 | Use of Externally-Controlled Format String vulnerability in Ncurses Project Ncurses An issue was discovered in the ncurses crate through 5.99.0 for Rust. | 7.5 |