Vulnerabilities > Use of Externally-Controlled Format String

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-21497 Use of Externally-Controlled Format String vulnerability in Samsung Android 13.0
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.
local
low complexity
samsung CWE-134
7.8
2023-05-01 CVE-2023-22923 Use of Externally-Controlled Format String vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0
A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device.
network
low complexity
zyxel CWE-134
6.5
2023-05-01 CVE-2023-25492 Use of Externally-Controlled Format String vulnerability in Lenovo products
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
network
low complexity
lenovo CWE-134
8.8
2023-04-25 CVE-2023-25815 Use of Externally-Controlled Format String vulnerability in multiple products
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer.
2.2
2023-03-29 CVE-2022-43619 Use of Externally-Controlled Format String vulnerability in Dlink Dir-1935 Firmware 1.03
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers.
low complexity
dlink CWE-134
6.8
2023-03-05 CVE-2015-10088 Use of Externally-Controlled Format String vulnerability in Ayttm Project Ayttm
A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89.
network
high complexity
ayttm-project CWE-134
8.1
2023-02-16 CVE-2023-23783 Use of Externally-Controlled Format String vulnerability in Fortinet Fortiweb
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
local
low complexity
fortinet CWE-134
7.8
2023-02-12 CVE-2022-43869 Use of Externally-Controlled Format String vulnerability in IBM Elastic Storage System and Spectrum Scale
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.
network
low complexity
ibm CWE-134
6.5
2023-02-09 CVE-2023-21420 Use of Externally-Controlled Format String vulnerability in Samsung Android 10.0/11.0
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
local
low complexity
samsung CWE-134
7.8
2023-02-01 CVE-2023-22374 Use of Externally-Controlled Format String vulnerability in F5 products
A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code.
network
high complexity
f5 CWE-134
8.5