Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-27523 | Use of Externally-Controlled Format String vulnerability in Mersive Solstice POD Firmware Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. | 7.5 |
| 2020-10-27 | CVE-2020-27853 | Use of Externally-Controlled Format String vulnerability in Wire products Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. | 9.8 |
| 2020-09-25 | CVE-2020-15203 | Use of Externally-Controlled Format String vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. | 7.5 |
| 2020-08-27 | CVE-2020-16142 | Use of Externally-Controlled Format String vulnerability in Mercedes-Benz Comand On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. | 3.5 |
| 2020-08-20 | CVE-2020-15634 | Use of Externally-Controlled Format String vulnerability in Netgear R6700 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. | 6.3 |
| 2020-06-09 | CVE-2020-13160 | Use of Externally-Controlled Format String vulnerability in Anydesk AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | 9.8 |
| 2020-04-08 | CVE-2020-1992 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. | 9.8 |
| 2020-03-11 | CVE-2020-1979 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. | 7.8 |
| 2020-02-25 | CVE-2019-5143 | Use of Externally-Controlled Format String vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. | 8.8 |
| 2020-02-12 | CVE-2014-6262 | Use of Externally-Controlled Format String vulnerability in multiple products Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | 7.5 |