Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-25 | CVE-2022-35887 | Use of Externally-Controlled Format String vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. | 8.8 |
| 2022-06-13 | CVE-2022-31753 | Use of Externally-Controlled Format String vulnerability in Huawei Emui, Harmonyos and Magic UI The voice wakeup module has a vulnerability of using externally-controlled format strings. | 5.0 |
| 2022-06-02 | CVE-2022-1215 | Use of Externally-Controlled Format String vulnerability in Freedesktop Libinput A format string vulnerability was found in libinput | 7.8 |
| 2022-04-22 | CVE-2022-26674 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 7.5 |
| 2022-04-01 | CVE-2022-27177 | Use of Externally-Controlled Format String vulnerability in Netflix Consoleme A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 | 7.5 |
| 2022-03-29 | CVE-2021-42911 | Use of Externally-Controlled Format String vulnerability in Draytek products A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. | 7.5 |
| 2022-03-01 | CVE-2021-41193 | Use of Externally-Controlled Format String vulnerability in Wire Wire-Audio Video Signaling wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. | 7.5 |
| 2022-02-18 | CVE-2022-24051 | Use of Externally-Controlled Format String vulnerability in multiple products MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. | 7.8 |
| 2021-12-06 | CVE-2021-43041 | Use of Externally-Controlled Format String vulnerability in Kaseya Unitrends Backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. | 8.8 |
| 2021-10-12 | CVE-2021-37735 | Use of Externally-Controlled Format String vulnerability in multiple products A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. | 5.0 |