Vulnerabilities > Use of Externally-Controlled Format String

DATE CVE VULNERABILITY TITLE RISK
2022-03-01 CVE-2021-41193 Use of Externally-Controlled Format String vulnerability in Wire Wire-Audio Video Signaling
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger.
network
low complexity
wire CWE-134
7.5
2022-02-18 CVE-2022-24051 Use of Externally-Controlled Format String vulnerability in multiple products
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability.
local
low complexity
mariadb fedoraproject CWE-134
7.8
2021-12-06 CVE-2021-43041 Use of Externally-Controlled Format String vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya CWE-134
8.8
2021-10-12 CVE-2021-37735 Use of Externally-Controlled Format String vulnerability in multiple products
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below.
network
low complexity
arubanetworks siemens CWE-134
5.0
2021-10-06 CVE-2021-25489 Use of Externally-Controlled Format String vulnerability in Google Android
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
local
low complexity
google CWE-134
4.9
2021-09-09 CVE-2021-36161 Use of Externally-Controlled Format String vulnerability in Apache Dubbo
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method.
network
low complexity
apache CWE-134
7.5
2021-08-25 CVE-2021-33886 Use of Externally-Controlled Format String vulnerability in Bbraun Spacecom2
An improper sanitization of input vulnerability in B.
low complexity
bbraun CWE-134
5.8
2021-07-22 CVE-2021-32785 Use of Externally-Controlled Format String vulnerability in multiple products
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider.
network
low complexity
openidc netapp debian CWE-134
7.5
2021-07-05 CVE-2021-35331 Use of Externally-Controlled Format String vulnerability in TCL 8.6.11
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file.
local
low complexity
tcl CWE-134
7.8
2021-06-25 CVE-2021-33535 Use of Externally-Controlled Format String vulnerability in Weidmueller products
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality.
network
low complexity
weidmueller CWE-134
6.5