Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2022-26674 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 7.5 |
| 2022-04-01 | CVE-2022-27177 | Use of Externally-Controlled Format String vulnerability in Netflix Consoleme A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 | 7.5 |
| 2022-03-29 | CVE-2021-42911 | Use of Externally-Controlled Format String vulnerability in Draytek products A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. | 7.5 |
| 2022-03-01 | CVE-2021-41193 | Use of Externally-Controlled Format String vulnerability in Wire Wire-Audio Video Signaling wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. | 7.5 |
| 2022-02-18 | CVE-2022-24051 | Use of Externally-Controlled Format String vulnerability in multiple products MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. | 7.8 |
| 2021-12-06 | CVE-2021-43041 | Use of Externally-Controlled Format String vulnerability in Kaseya Unitrends Backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. | 8.8 |
| 2021-10-12 | CVE-2021-37735 | Use of Externally-Controlled Format String vulnerability in multiple products A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. | 5.0 |
| 2021-10-06 | CVE-2021-25489 | Use of Externally-Controlled Format String vulnerability in Google Android Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | 4.9 |
| 2021-09-09 | CVE-2021-36161 | Use of Externally-Controlled Format String vulnerability in Apache Dubbo Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. | 7.5 |
| 2021-08-25 | CVE-2021-33886 | Use of Externally-Controlled Format String vulnerability in Bbraun Spacecom2 An improper sanitization of input vulnerability in B. | 5.8 |