Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-20 | CVE-2018-12590 | Use of Externally-Controlled Format String vulnerability in UI Edgeswitch Firmware 1.7.3 Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. | 7.2 |
| 2018-05-31 | CVE-2015-9238 | Use of Externally-Controlled Format String vulnerability in Secure-Compare Project Secure-Compare secure-compare 3.0.0 and below do not actually compare two strings properly. | 5.3 |
| 2018-04-03 | CVE-2018-8778 | Use of Externally-Controlled Format String vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. | 7.5 |
| 2018-03-28 | CVE-2018-0175 | Use of Externally-Controlled Format String vulnerability in Cisco Ios, IOS XE and IOS XR Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. | 8.0 |
| 2018-03-16 | CVE-2018-7544 | Use of Externally-Controlled Format String vulnerability in Openvpn A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. | 9.1 |
| 2018-03-14 | CVE-2018-6875 | Use of Externally-Controlled Format String vulnerability in Shapeshift Keepkey Firmware 4.0.0 Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks. | 7.5 |
| 2018-03-05 | CVE-2017-17132 | Use of Externally-Controlled Format String vulnerability in Huawei Vp9660 Firmware V500R002C10 Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. | 5.5 |
| 2018-02-09 | CVE-2018-1000052 | Use of Externally-Controlled Format String vulnerability in FMT fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. | 7.5 |
| 2018-02-09 | CVE-2018-6508 | Use of Externally-Controlled Format String vulnerability in Puppet Enterprise 2017.3.0/2017.3.1/2017.3.2 Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. | 8.0 |
| 2018-02-02 | CVE-2018-6317 | Use of Externally-Controlled Format String vulnerability in Claymore Dual Miner Project Claymore Dual Miner The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service. | 9.1 |