Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-7712 | Use of Externally-Controlled Format String vulnerability in GHS Integrity Rtos 5.0.4 An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. | 5.0 |
| 2019-03-26 | CVE-2019-7711 | Use of Externally-Controlled Format String vulnerability in GHS Integrity Rtos 5.0.4 An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. | 5.0 |
| 2019-02-08 | CVE-2018-1352 | Use of Externally-Controlled Format String vulnerability in Fortinet Fortios 5.6.0 A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | 7.5 |
| 2018-09-22 | CVE-2018-17336 | Use of Externally-Controlled Format String vulnerability in multiple products UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. | 4.6 |
| 2018-09-16 | CVE-2018-16554 | Use of Externally-Controlled Format String vulnerability in Jhead Project Jhead 3.00 The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling. | 6.8 |
| 2018-09-06 | CVE-2018-15749 | Use of Externally-Controlled Format String vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. | 2.1 |
| 2018-07-27 | CVE-2017-7519 | Use of Externally-Controlled Format String vulnerability in multiple products In Ceph, a format string flaw was found in the way libradosstriper parses input from user. | 2.1 |
| 2018-07-10 | CVE-2018-1566 | Use of Externally-Controlled Format String vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. | 4.6 |
| 2018-06-20 | CVE-2018-12590 | Use of Externally-Controlled Format String vulnerability in UI Edgeswitch Firmware 1.7.3 Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. | 9.0 |
| 2018-05-31 | CVE-2015-9238 | Use of Externally-Controlled Format String vulnerability in Secure-Compare Project Secure-Compare secure-compare 3.0.0 and below do not actually compare two strings properly. | 5.0 |