CWE-134— Use of Externally-Controlled Format String
354 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-134page 5 of 8
- CVE-2019-12297CRITICALCVSS 9.8EG 9.82019-05-23
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.
- CVE-2019-13318MEDIUMCVSS 5.5EG 5.52019-10-04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o…
- CVE-2019-14410LOWCVSS 3.3EG 3.32019-07-30
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).
- CVE-2019-14412LOWCVSS 3.3EG 3.32019-07-30
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).
- CVE-2019-15546HIGHCVSS 7.5EG 7.52019-08-26
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.
- CVE-2019-15547HIGHCVSS 7.5EG 7.52019-08-26
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.
- CVE-2019-1579HIGHCVSS 8.1EG 9.0⚠ KEV2019-07-19
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arb…
- CVE-2019-18420MEDIUMCVSS 6.5EG 6.52019-10-31
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to i…
- CVE-2019-5143HIGHCVSS 8.8EG 8.82020-02-25
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting …
- CVE-2019-6840CRITICALCVSS 9.8EG 9.82019-09-17
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touc…
- CVE-2019-7228HIGHCVSS 8.8EG 8.82019-06-27
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory …
- CVE-2019-7230HIGHCVSS 8.8EG 8.82019-06-24
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the st…
- CVE-2019-7711HIGHCVSS 7.5EG 7.52019-03-26
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to print…
- CVE-2019-7712HIGHCVSS 7.5EG 7.52019-03-26
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() with…
- CVE-2019-7715HIGHCVSS 7.5EG 7.52019-03-26
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setti…
- CVE-2020-13160CRITICALCVSS 9.8EG 9.82020-06-09
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
- CVE-2020-15203HIGHCVSS 7.5EG 7.52020-09-25
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use i…
- CVE-2020-15634MEDIUMCVSS 6.3EG 6.32020-08-20
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific fl…
- CVE-2020-16142LOWCVSS 3.5EG 3.52020-08-27
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
- CVE-2020-1979HIGHCVSS 8.1EG 8.12020-03-11
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the r…
- CVE-2020-1992HIGHCVSS 8.1EG 8.12020-04-08
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with ro…
- CVE-2020-27523HIGHCVSS 7.5EG 7.52020-11-11
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and…
- CVE-2020-27524HIGHCVSS 7.1EG 7.12020-11-11
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the ser…
- CVE-2020-27853CRITICALCVSS 9.8EG 9.82020-10-27
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wir…
- CVE-2020-29018HIGHCVSS 8.8EG 8.82021-01-14
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
- CVE-2020-3118HIGHCVSS 8.8EG 9.0⚠ KEV2020-02-05
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to impro…
- CVE-2020-35869CRITICALCVSS 9.8EG 9.82020-12-31
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.
- CVE-2020-36323HIGHCVSS 8.2EG 8.22021-04-14
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
- CVE-2020-36619MEDIUMCVSS 5.5EG 9.82022-12-19
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to add…
- CVE-2021-20307CRITICALCVSS 9.8EG 9.82021-04-05
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
- CVE-2021-25489LOWCVSS 3.3EG 9.0⚠ KEV2021-10-06
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
- CVE-2021-28846MEDIUMCVSS 6.5EG 6.52021-08-10
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40d…
- CVE-2021-29740HIGHCVSS 7.8EG 7.82021-06-01
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalati…
- CVE-2021-30145HIGHCVSS 7.8EG 7.82021-05-18
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
- CVE-2021-32785MEDIUMCVSS 5.3EG 5.32021-07-22
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2…
- CVE-2021-33535HIGHCVSS 8.8EG 8.82021-06-25
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server bu…
- CVE-2021-33886HIGHCVSS 8.1EG 8.82021-08-25
An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statement…
- CVE-2021-3442MEDIUMCVSS 5.4EG 5.42022-08-22
A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to d…
- CVE-2021-34970MEDIUMCVSS 5.5EG 3.32024-05-07
Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User…
- CVE-2021-35331HIGHCVSS 7.8EG 7.82021-07-05
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding
- CVE-2021-36161CRITICALCVSS 9.8EG 9.82021-09-09
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout,…
- CVE-2021-37735MEDIUMCVSS 5.3EG 5.32021-10-12
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches…
- CVE-2021-41193CRITICALCVSS 9.8EG 9.82022-03-01
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. …
- CVE-2021-42911CRITICALCVSS 9.8EG 9.82022-03-29
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could …
- CVE-2021-43041HIGHCVSS 8.8EG 8.82021-12-06
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.
- CVE-2022-1215HIGHCVSS 7.8EG 7.82022-06-02
A format string vulnerability was found in libinput
- CVE-2022-22299HIGHCVSS 7.8EG 7.82022-08-05
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy…
- CVE-2022-24051HIGHCVSS 7.8EG 7.82022-02-18
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerabilit…
- CVE-2022-26392LOWCVSS 3.1EG 6.52022-09-09
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to…
- CVE-2022-26393MEDIUMCVSS 5.0EG 8.12022-09-09
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.
Map vulnerabilities like CWE-134 to your infrastructure
EchelonGraph correlates every CVE — across CWE-134 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →