Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-7715 | Use of Externally-Controlled Format String vulnerability in GHS Integrity Rtos 5.0.4 An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. | 7.5 |
| 2019-03-26 | CVE-2019-7712 | Use of Externally-Controlled Format String vulnerability in GHS Integrity Rtos 5.0.4 An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. | 7.5 |
| 2019-03-26 | CVE-2019-7711 | Use of Externally-Controlled Format String vulnerability in GHS Integrity Rtos 5.0.4 An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. | 7.5 |
| 2019-02-08 | CVE-2018-1352 | Use of Externally-Controlled Format String vulnerability in Fortinet Fortios 5.6.0 A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | 9.8 |
| 2018-09-22 | CVE-2018-17336 | Use of Externally-Controlled Format String vulnerability in multiple products UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. | 7.8 |
| 2018-09-16 | CVE-2018-16554 | Use of Externally-Controlled Format String vulnerability in Jhead Project Jhead 3.00 The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling. | 7.8 |
| 2018-09-06 | CVE-2018-15749 | Use of Externally-Controlled Format String vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. | 5.5 |
| 2018-08-22 | CVE-2018-14799 | Use of Externally-Controlled Format String vulnerability in Philips products In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. | 3.7 |
| 2018-07-27 | CVE-2017-7519 | Use of Externally-Controlled Format String vulnerability in multiple products In Ceph, a format string flaw was found in the way libradosstriper parses input from user. | 4.4 |
| 2018-07-10 | CVE-2018-1566 | Use of Externally-Controlled Format String vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. | 7.8 |