CWE-134
Use of Externally-Controlled Format String
Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-135 · CAPEC-67
CVEs mapped to this weakness (252)
page 10 of 13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4013 | 0.00 | — | 0.02 | Jan 10, 2011 | Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. | |||
| CVE-2010-2950 | 0.00 | — | 0.06 | Sep 28, 2010 | Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the… | |||
| CVE-2010-2451 | 0.00 | — | 0.03 | Jun 29, 2010 | Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. | |||
| CVE-2010-1376 | 0.00 | — | 0.03 | Jun 17, 2010 | Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. | |||
| CVE-2010-2271 | 0.00 | — | 0.01 | Jun 15, 2010 | Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter. | |||
| CVE-2009-4811 | 0.00 | — | 0.03 | Apr 27, 2010 | VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6… | |||
| CVE-2010-1139 | 0.00 | — | 0.00 | Apr 12, 2010 | Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges… | |||
| CVE-2010-0743 | 0.00 | — | 0.03 | Apr 8, 2010 | Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or… | |||
| CVE-2009-4014 | 0.00 | — | 0.03 | Feb 2, 2010 | Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module. | |||
| CVE-2009-3617 | 0.00 | — | 0.05 | Oct 20, 2009 | Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a… | |||
| CVE-2009-3294 | 0.00 | — | 0.03 | Sep 22, 2009 | The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument… | |||
| CVE-2009-3275 | 0.00 | — | 0.04 | Sep 21, 2009 | Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash)… | |||
| CVE-2008-7228 | 0.00 | — | 0.01 | Sep 14, 2009 | Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101. | |||
| CVE-2009-3163 | 0.00 | — | 0.05 | Sep 10, 2009 | Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to… | |||
| CVE-2008-7160 | 0.00 | — | 0.04 | Sep 10, 2009 | The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted… | |||
| CVE-2008-7159 | 0.00 | — | 0.03 | Sep 10, 2009 | The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu… | |||
| CVE-2009-3051 | 0.00 | — | 0.05 | Sep 10, 2009 | Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to… | |||
| CVE-2009-2916 | 0.00 | — | 0.03 | Aug 21, 2009 | Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. | |||
| CVE-2009-2191 | 0.00 | — | 0.04 | Aug 6, 2009 | Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | |||
| CVE-2009-2548 | 0.00 | — | 0.04 | Jul 20, 2009 | Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and… |
- CVE-2010-4013Jan 10, 2011risk 0.00cvss —epss 0.02
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.
- CVE-2010-2950Sep 28, 2010risk 0.00cvss —epss 0.06
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the…
- CVE-2010-2451Jun 29, 2010risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.
- CVE-2010-1376Jun 17, 2010risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.
- CVE-2010-2271Jun 15, 2010risk 0.00cvss —epss 0.01
Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter.
- CVE-2009-4811Apr 27, 2010risk 0.00cvss —epss 0.03
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6…
- CVE-2010-1139Apr 12, 2010risk 0.00cvss —epss 0.00
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges…
- CVE-2010-0743Apr 8, 2010risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or…
- CVE-2009-4014Feb 2, 2010risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.
- CVE-2009-3617Oct 20, 2009risk 0.00cvss —epss 0.05
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a…
- CVE-2009-3294Sep 22, 2009risk 0.00cvss —epss 0.03
The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument…
- CVE-2009-3275Sep 21, 2009risk 0.00cvss —epss 0.04
Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash)…
- CVE-2008-7228Sep 14, 2009risk 0.00cvss —epss 0.01
Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101.
- CVE-2009-3163Sep 10, 2009risk 0.00cvss —epss 0.05
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to…
- CVE-2008-7160Sep 10, 2009risk 0.00cvss —epss 0.04
The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted…
- CVE-2008-7159Sep 10, 2009risk 0.00cvss —epss 0.03
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu…
- CVE-2009-3051Sep 10, 2009risk 0.00cvss —epss 0.05
Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to…
- CVE-2009-2916Aug 21, 2009risk 0.00cvss —epss 0.03
Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname.
- CVE-2009-2191Aug 6, 2009risk 0.00cvss —epss 0.04
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
- CVE-2009-2548Jul 20, 2009risk 0.00cvss —epss 0.04
Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and…