Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-23 | CVE-2017-17407 | Use of Externally-Controlled Format String vulnerability in Netgain-Systems Enterprise Manager 7.2.699 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. | 9.8 |
| 2018-01-23 | CVE-2017-16608 | Use of Externally-Controlled Format String vulnerability in Netgain-Systems Enterprise Manager 7.2.699/7.2.730 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. | 9.8 |
| 2018-01-23 | CVE-2017-16602 | Use of Externally-Controlled Format String vulnerability in Netgain-Systems Enterprise Manager 7.2.730 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. | 8.8 |
| 2018-01-16 | CVE-2018-5704 | Use of Externally-Controlled Format String vulnerability in multiple products Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site. | 9.6 |
| 2018-01-06 | CVE-2018-5207 | Use of Externally-Controlled Format String vulnerability in multiple products When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | 7.5 |
| 2018-01-06 | CVE-2018-5205 | Use of Externally-Controlled Format String vulnerability in multiple products When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | 7.5 |
| 2017-11-03 | CVE-2017-16516 | Use of Externally-Controlled Format String vulnerability in multiple products In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. | 7.5 |
| 2017-10-10 | CVE-2017-15191 | Use of Externally-Controlled Format String vulnerability in multiple products In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. | 7.5 |
| 2017-09-26 | CVE-2014-8170 | Use of Externally-Controlled Format String vulnerability in Ovirt Ovirt-Node 3.0.0474Gb852Fd7 ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | 8.8 |
| 2017-09-15 | CVE-2017-0898 | Use of Externally-Controlled Format String vulnerability in Ruby-Lang Ruby Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. | 9.1 |