Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2018-6317 | Use of Externally-Controlled Format String vulnerability in Claymore Dual Miner Project Claymore Dual Miner The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service. | 9.1 |
| 2018-01-23 | CVE-2017-17407 | Use of Externally-Controlled Format String vulnerability in Netgain-Systems Enterprise Manager 7.2.699 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. | 9.8 |
| 2018-01-23 | CVE-2017-16608 | Use of Externally-Controlled Format String vulnerability in Netgain-Systems Enterprise Manager 7.2.699/7.2.730 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. | 9.8 |
| 2018-01-23 | CVE-2017-16602 | Use of Externally-Controlled Format String vulnerability in Netgain-Systems Enterprise Manager 7.2.730 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. | 8.8 |
| 2018-01-16 | CVE-2018-5704 | Use of Externally-Controlled Format String vulnerability in multiple products Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site. | 9.6 |
| 2018-01-06 | CVE-2018-5207 | Use of Externally-Controlled Format String vulnerability in multiple products When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | 7.5 |
| 2018-01-06 | CVE-2018-5205 | Use of Externally-Controlled Format String vulnerability in multiple products When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | 7.5 |
| 2017-11-03 | CVE-2017-16516 | Use of Externally-Controlled Format String vulnerability in multiple products In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. | 7.5 |
| 2017-10-10 | CVE-2017-15191 | Use of Externally-Controlled Format String vulnerability in multiple products In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. | 7.5 |
| 2017-09-26 | CVE-2014-8170 | Use of Externally-Controlled Format String vulnerability in Ovirt Ovirt-Node 3.0.0474Gb852Fd7 ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | 8.8 |