Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-31 | CVE-2020-35869 | Use of Externally-Controlled Format String vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. | 9.8 |
| 2020-11-11 | CVE-2020-27524 | Use of Externally-Controlled Format String vulnerability in Audi MMI Multiplayer N+Rcnaup0395 On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. | 7.1 |
| 2020-11-11 | CVE-2020-27523 | Use of Externally-Controlled Format String vulnerability in Mersive Solstice POD Firmware Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. | 7.5 |
| 2020-10-27 | CVE-2020-27853 | Use of Externally-Controlled Format String vulnerability in Wire products Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. | 9.8 |
| 2020-09-25 | CVE-2020-15203 | Use of Externally-Controlled Format String vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. | 7.5 |
| 2020-08-27 | CVE-2020-16142 | Use of Externally-Controlled Format String vulnerability in Mercedes-Benz Comand On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. | 3.5 |
| 2020-06-09 | CVE-2020-13160 | Use of Externally-Controlled Format String vulnerability in Anydesk AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | 9.8 |
| 2020-04-08 | CVE-2020-1992 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. | 9.8 |
| 2020-03-11 | CVE-2020-1979 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. | 7.8 |
| 2020-02-25 | CVE-2019-5143 | Use of Externally-Controlled Format String vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. | 8.8 |