Total
353 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0185 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.4 MEDIUM | N/A |
| Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. | |||||
| CVE-2012-2090 | 2 Flightgear, Simgear | 2 Flightgear, Simgear | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx. | |||||
| CVE-2009-4775 | 1 Ipswitch | 1 Ws Ftp | 2025-04-11 | 4.3 MEDIUM | N/A |
| Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | |||||
| CVE-2009-4014 | 1 Debian | 1 Lintian | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module. | |||||
| CVE-2012-1151 | 1 Perl | 1 Perl | 2025-04-11 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. | |||||
| CVE-2010-4013 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
| Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. | |||||
| CVE-2011-2475 | 1 Sybase | 1 Onebridge Mobile Data Suite | 2025-04-11 | 10.0 HIGH | N/A |
| Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging. | |||||
| CVE-2013-5135 | 1 Apple | 2 Apple Remote Desktop, Mac Os X | 2025-04-11 | 7.5 HIGH | N/A |
| Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. | |||||
| CVE-2009-4769 | 1 Jasper | 1 Httpdx | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component. | |||||
| CVE-2010-1376 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. | |||||
| CVE-2008-0945 | 1 Ipswitch | 2 Imserver, Instant Messaging | 2025-04-09 | 3.5 LOW | N/A |
| Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. | |||||
| CVE-2008-1055 | 1 Netwin | 2 Surgemail, Webmail | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. | |||||
| CVE-2009-3707 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6273 | 1 Sonicwall | 1 Global Vpn Client | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. | |||||
| CVE-2008-1120 | 1 Icq | 1 Mirabilis Icq | 2025-04-09 | 9.3 HIGH | N/A |
| Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation. | |||||
| CVE-2009-2446 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 8.5 HIGH | N/A |
| Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3275 | 1 Microsoft | 1 Enterprise Library | 2025-04-09 | 5.0 MEDIUM | N/A |
| Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. | |||||
| CVE-2008-5982 | 1 Bmc | 1 Patrol Agent | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message. | |||||
| CVE-2009-0364 | 1 Citadel | 1 Webcit | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-3533 | 1 Gnome | 2 Gnome, Yelp | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | |||||