Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-14 | CVE-2012-3569 | USE of Externally-Controlled Format String vulnerability in VMWare OVF Tool, Player and Workstation Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. | 9.3 |
| 2012-09-09 | CVE-2012-1152 | USE of Externally-Controlled Format String vulnerability in Ingy Yaml::Libyaml 0.38 Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. | 5.0 |
| 2012-09-09 | CVE-2012-1151 | USE of Externally-Controlled Format String vulnerability in Perl Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. | 5.0 |
| 2012-09-04 | CVE-2012-2288 | USE of Externally-Controlled Format String vulnerability in EMC Networker 7.6.3/7.6.4/8.0 Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message. | 9.3 |
| 2012-06-17 | CVE-2012-2090 | USE of Externally-Controlled Format String vulnerability in multiple products Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx. | 9.3 |
| 2012-05-23 | CVE-2012-2369 | USE of Externally-Controlled Format String vulnerability in Cypherpunks Pidgin-Otr 3.2.0 Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. | 7.5 |
| 2012-03-08 | CVE-2012-0646 | USE of Externally-Controlled Format String vulnerability in Apple Iphone OS Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | 9.3 |
| 2012-02-21 | CVE-2012-0242 | USE of Externally-Controlled Format String vulnerability in Advantech Webaccess 5.0/6.0 Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | 10.0 |
| 2012-02-01 | CVE-2012-0809 | USE of Externally-Controlled Format String vulnerability in Todd Miller Sudo Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. | 7.2 |
| 2011-12-10 | CVE-2011-4357 | USE of Externally-Controlled Format String vulnerability in Brandon Long Clearsilver Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function. | 7.5 |