Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-22 | CVE-2017-3859 | Use of Externally-Controlled Format String vulnerability in Cisco IOS XE A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.8 |
| 2017-03-03 | CVE-2017-5613 | Use of Externally-Controlled Format String vulnerability in Cpanel Cgiecho and Cgiemail Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. | 6.8 |
| 2016-06-09 | CVE-2016-4448 | Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | 9.8 |
| 2016-04-18 | CVE-2015-8106 | Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | 9.3 |
| 2016-01-19 | CVE-2015-8617 | Use of Externally-Controlled Format String vulnerability in PHP 7.0.1 Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. | 10.0 |
| 2015-12-31 | CVE-2015-2894 | Use of Externally-Controlled Format String vulnerability in Idera Uptime Infrastructure Monitor 6.0/7.2 Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. | 5.0 |
| 2015-09-14 | CVE-2015-6285 | Use of Externally-Controlled Format String vulnerability in Cisco Email Security Appliance 7.6.0/8.0.0 Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | 6.4 |
| 2015-01-20 | CVE-2014-8625 | Use of Externally-Controlled Format String vulnerability in Debian Dpkg Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. | 6.8 |
| 2015-01-04 | CVE-2013-2131 | Use of Externally-Controlled Format String vulnerability in Rrdtool Project Rrdtool 1.4.7 Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. | 5.0 |
| 2014-04-23 | CVE-2014-1315 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2 Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | 6.8 |