Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-01 | CVE-2016-1895 | Use of Externally-Controlled Format String vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. | 6.5 |
| 2017-08-30 | CVE-2017-12702 | Use of Externally-Controlled Format String vulnerability in Advantech Webaccess An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 8.8 |
| 2017-08-09 | CVE-2016-5716 | Use of Externally-Controlled Format String vulnerability in Puppet Enterprise The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. | 8.8 |
| 2017-08-06 | CVE-2017-12588 | Use of Externally-Controlled Format String vulnerability in Rsyslog The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. | 9.8 |
| 2017-06-29 | CVE-2017-10685 | Use of Externally-Controlled Format String vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. | 9.8 |
| 2017-05-23 | CVE-2017-9212 | Use of Externally-Controlled Format String vulnerability in Bavarian Motor Works Bluetooth Stack The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name. | 7.5 |
| 2017-05-12 | CVE-2016-4864 | Use of Externally-Controlled Format String vulnerability in Dena H2O H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. | 7.5 |
| 2017-04-13 | CVE-2015-8107 | Use of Externally-Controlled Format String vulnerability in GNU A2Ps 4.14 Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. | 7.8 |
| 2017-04-10 | CVE-2016-5074 | Use of Externally-Controlled Format String vulnerability in Cloudviewnms Cloudview NMS CloudView NMS before 2.10a has a format string issue exploitable over SNMP. | 9.8 |
| 2017-04-10 | CVE-2015-7271 | Use of Externally-Controlled Format String vulnerability in Dell Integrated Remote Access Controller Firmware 1.99/2.20.20.20 Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. | 9.8 |