Total
322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4013 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 6.8 MEDIUM | N/A |
| Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. | |||||
| CVE-2009-4775 | 1 Ipswitch | 1 Ws Ftp | 2024-02-04 | 4.3 MEDIUM | N/A |
| Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | |||||
| CVE-2011-1568 | 1 7t | 1 Igss | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4769 | 1 Jasper | 1 Httpdx | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component. | |||||
| CVE-2010-0743 | 2 Iscsitarget, Zaal | 2 Iscsitarget, Tgt | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. | |||||
| CVE-2011-1764 | 1 Exim | 1 Exim | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. | |||||
| CVE-2010-1139 | 2 Linux, Vmware | 6 Linux Kernel, Fusion, Player and 3 more | 2024-02-04 | 7.2 HIGH | N/A |
| Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata. | |||||
| CVE-2012-0242 | 1 Advantech | 1 Advantech Webaccess | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | |||||
| CVE-2011-4357 | 1 Brandon Long | 1 Clearsilver | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function. | |||||
| CVE-2010-2094 | 1 Php | 1 Php | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. | |||||
| CVE-2010-0388 | 1 Sun | 1 Java System Web Server | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. | |||||
| CVE-2010-1039 | 3 Hp, Ibm, Sgi | 5 Hp-ux, Nfs\/oncplus, Aix and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. | |||||
| CVE-2009-4014 | 1 Debian | 1 Lintian | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module. | |||||
| CVE-2010-2271 | 1 Accoria | 1 Rock Web Server | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter. | |||||
| CVE-2010-4235 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. | |||||
| CVE-2009-3732 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-3663 | 1 Jasper | 1 Httpdx | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header. | |||||
| CVE-2009-1262 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 7.2 HIGH | N/A |
| Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. | |||||
| CVE-2008-3963 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 4.0 MEDIUM | N/A |
| MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. | |||||
| CVE-2008-5982 | 1 Bmc | 1 Patrol Agent | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message. | |||||