CWE-134
Use of Externally-Controlled Format String
Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-135 · CAPEC-67
CVEs mapped to this weakness (252)
page 13 of 13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-1840 | 0.00 | — | 0.01 | Apr 19, 2006 | Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | |||
| CVE-2006-0743 | 0.00 | — | 0.06 | Mar 9, 2006 | Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | |||
| CVE-2006-0771 | 0.00 | — | 0.03 | Feb 18, 2006 | Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values,… | |||
| CVE-2006-0150 | 0.00 | — | 0.05 | Jan 9, 2006 | Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username. | |||
| CVE-2006-0082 | 0.00 | — | 0.04 | Jan 4, 2006 | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as… | |||
| CVE-2005-3154 | 0.00 | — | 0.04 | Oct 5, 2005 | Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name. | |||
| CVE-2005-1122 | 0.00 | — | 0.03 | Apr 14, 2005 | Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). | |||
| CVE-2004-2714 | 0.00 | — | 0.01 | Dec 31, 2004 | Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. | |||
| CVE-2004-2386 | 0.00 | — | 0.03 | Dec 31, 2004 | Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function. | |||
| CVE-2004-1628 | 0.00 | — | 0.05 | Oct 23, 2004 | Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code. | |||
| CVE-2003-0738 | 0.00 | — | 0.01 | Oct 20, 2003 | The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter. | |||
| CVE-2002-0159 | 0.00 | — | 0.05 | Apr 22, 2002 | Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or… |
- CVE-2006-1840Apr 19, 2006risk 0.00cvss —epss 0.01
Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions.
- CVE-2006-0743Mar 9, 2006risk 0.00cvss —epss 0.06
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
- CVE-2006-0771Feb 18, 2006risk 0.00cvss —epss 0.03
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values,…
- CVE-2006-0150Jan 9, 2006risk 0.00cvss —epss 0.05
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
- CVE-2006-0082Jan 4, 2006risk 0.00cvss —epss 0.04
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as…
- CVE-2005-3154Oct 5, 2005risk 0.00cvss —epss 0.04
Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
- CVE-2005-1122Apr 14, 2005risk 0.00cvss —epss 0.03
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
- CVE-2004-2714Dec 31, 2004risk 0.00cvss —epss 0.01
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.
- CVE-2004-2386Dec 31, 2004risk 0.00cvss —epss 0.03
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.
- CVE-2004-1628Oct 23, 2004risk 0.00cvss —epss 0.05
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
- CVE-2003-0738Oct 20, 2003risk 0.00cvss —epss 0.01
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
- CVE-2002-0159Apr 22, 2002risk 0.00cvss —epss 0.05
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or…