Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-09 | CVE-2016-5716 | Use of Externally-Controlled Format String vulnerability in Puppet Enterprise The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. | 6.5 |
| 2017-08-06 | CVE-2017-12588 | Use of Externally-Controlled Format String vulnerability in Rsyslog The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. | 7.5 |
| 2017-06-29 | CVE-2017-10685 | Use of Externally-Controlled Format String vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. | 7.5 |
| 2017-05-23 | CVE-2017-9212 | Use of Externally-Controlled Format String vulnerability in Bavarian Motor Works Bluetooth Stack The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name. | 7.8 |
| 2017-05-12 | CVE-2016-4864 | Use of Externally-Controlled Format String vulnerability in Dena H2O H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. | 5.0 |
| 2017-04-13 | CVE-2015-8107 | Use of Externally-Controlled Format String vulnerability in GNU A2Ps 4.14 Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. | 6.8 |
| 2017-04-10 | CVE-2016-5074 | Use of Externally-Controlled Format String vulnerability in Cloudviewnms Cloudview NMS CloudView NMS before 2.10a has a format string issue exploitable over SNMP. | 7.5 |
| 2017-04-10 | CVE-2015-7271 | Use of Externally-Controlled Format String vulnerability in Dell Integrated Remote Access Controller Firmware Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. | 7.5 |
| 2017-04-02 | CVE-2017-2403 | Use of Externally-Controlled Format String vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
| 2017-03-23 | CVE-2017-5524 | Use of Externally-Controlled Format String vulnerability in Plone Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. | 4.0 |