Vulnerabilities > Use of Externally-Controlled Format String

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-25815 Use of Externally-Controlled Format String vulnerability in multiple products
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer.
2.2
2023-03-29 CVE-2022-43619 Use of Externally-Controlled Format String vulnerability in Dlink Dir-1935 Firmware 1.03
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers.
low complexity
dlink CWE-134
6.8
2023-03-05 CVE-2015-10088 Use of Externally-Controlled Format String vulnerability in Ayttm Project Ayttm
A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89.
network
high complexity
ayttm-project CWE-134
8.1
2023-02-16 CVE-2023-23783 Use of Externally-Controlled Format String vulnerability in Fortinet Fortiweb
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
local
low complexity
fortinet CWE-134
7.8
2023-02-12 CVE-2022-43869 Use of Externally-Controlled Format String vulnerability in IBM Elastic Storage System and Spectrum Scale
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.
network
low complexity
ibm CWE-134
6.5
2023-02-09 CVE-2023-21420 Use of Externally-Controlled Format String vulnerability in Samsung Android 10.0/11.0
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
local
low complexity
samsung CWE-134
7.8
2023-02-01 CVE-2023-22374 Use of Externally-Controlled Format String vulnerability in F5 products
A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code.
network
high complexity
f5 CWE-134
8.5
2022-12-21 CVE-2022-4639 Use of Externally-Controlled Format String vulnerability in Sslh Project Sslh 2.0
A vulnerability, which was classified as critical, has been found in sslh.
network
low complexity
sslh-project CWE-134
critical
9.8
2022-12-19 CVE-2020-36619 Use of Externally-Controlled Format String vulnerability in Multimon-Ng Project Multimon-Ng
A vulnerability was found in multimon-ng.
network
low complexity
multimon-ng-project CWE-134
critical
9.8
2022-12-09 CVE-2022-3724 Use of Externally-Controlled Format String vulnerability in Wireshark
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
network
low complexity
wireshark CWE-134
7.5