Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-01 | CVE-2023-25492 | Use of Externally-Controlled Format String vulnerability in Lenovo products A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. | 8.8 |
| 2023-04-25 | CVE-2023-25815 | Use of Externally-Controlled Format String vulnerability in multiple products In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. | 2.2 |
| 2023-03-29 | CVE-2022-43619 | Use of Externally-Controlled Format String vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
| 2023-03-05 | CVE-2015-10088 | Use of Externally-Controlled Format String vulnerability in Ayttm Project Ayttm A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. | 8.1 |
| 2023-02-16 | CVE-2023-23783 | Use of Externally-Controlled Format String vulnerability in Fortinet Fortiweb A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | 7.8 |
| 2023-02-12 | CVE-2022-43869 | Use of Externally-Controlled Format String vulnerability in IBM Elastic Storage System and Spectrum Scale IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. | 6.5 |
| 2023-02-09 | CVE-2023-21420 | Use of Externally-Controlled Format String vulnerability in Samsung Android 10.0/11.0 Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. | 7.8 |
| 2023-02-01 | CVE-2023-22374 | Use of Externally-Controlled Format String vulnerability in F5 products A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. | 8.5 |
| 2022-12-21 | CVE-2022-4639 | Use of Externally-Controlled Format String vulnerability in Sslh Project Sslh 2.0 A vulnerability, which was classified as critical, has been found in sslh. | 9.8 |
| 2022-12-19 | CVE-2020-36619 | Use of Externally-Controlled Format String vulnerability in Multimon-Ng Project Multimon-Ng A vulnerability was found in multimon-ng. | 9.8 |