Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-12 | CVE-2021-37735 | Use of Externally-Controlled Format String vulnerability in multiple products A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. | 5.3 |
| 2021-10-06 | CVE-2021-25489 | Use of Externally-Controlled Format String vulnerability in Google Android Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | 5.5 |
| 2021-09-09 | CVE-2021-36161 | Use of Externally-Controlled Format String vulnerability in Apache Dubbo Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. | 9.8 |
| 2021-08-25 | CVE-2021-33886 | Use of Externally-Controlled Format String vulnerability in Bbraun Spacecom2 An improper sanitization of input vulnerability in B. | 8.8 |
| 2021-08-10 | CVE-2021-28846 | Use of Externally-Controlled Format String vulnerability in Trendnet products A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. | 6.5 |
| 2021-07-05 | CVE-2021-35331 | Use of Externally-Controlled Format String vulnerability in TCL 8.6.11 In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. | 7.8 |
| 2021-06-01 | CVE-2021-29740 | Use of Externally-Controlled Format String vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. | 7.8 |
| 2021-05-18 | CVE-2021-30145 | Use of Externally-Controlled Format String vulnerability in MPV A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. | 7.8 |
| 2021-04-14 | CVE-2020-36323 | Use of Externally-Controlled Format String vulnerability in multiple products In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. | 8.2 |
| 2021-01-14 | CVE-2020-29018 | Use of Externally-Controlled Format String vulnerability in Fortinet Fortiweb A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. | 8.8 |