Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-05 | CVE-2016-10773 | Use of Externally-Controlled Format String vulnerability in Cpanel cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). | 6.5 |
| 2019-07-30 | CVE-2019-14412 | Use of Externally-Controlled Format String vulnerability in Cpanel Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). | 2.1 |
| 2019-07-30 | CVE-2019-14410 | Use of Externally-Controlled Format String vulnerability in Cpanel Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). | 2.1 |
| 2019-07-19 | CVE-2019-1579 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | 8.1 |
| 2019-06-27 | CVE-2019-7228 | Use of Externally-Controlled Format String vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367 The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. | 8.8 |
| 2019-06-24 | CVE-2019-7230 | Use of Externally-Controlled Format String vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367 The ABB IDAL FTP server mishandles format strings in a username during the authentication process. | 8.8 |
| 2019-05-23 | CVE-2019-12297 | Use of Externally-Controlled Format String vulnerability in Motorola CX2 Firmware and M2 Firmware An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. | 7.5 |
| 2019-05-13 | CVE-2018-14713 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010 Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter. | 5.5 |
| 2019-04-08 | CVE-2016-10745 | Use of Externally-Controlled Format String vulnerability in Palletsprojects Jinja In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | 5.0 |
| 2019-03-26 | CVE-2019-7715 | Use of Externally-Controlled Format String vulnerability in GHS Integrity Rtos 5.0.4 An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. | 5.0 |