Total
322 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8106 | 2 Fedoraproject, Latex2rtf Project | 2 Fedora, Latex2rtf | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | |||||
CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||||
CVE-2015-8617 | 1 Php | 1 Php | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. | |||||
CVE-2015-2894 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. | |||||
CVE-2013-2131 | 1 Rrdtool Project | 1 Rrdtool | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. | |||||
CVE-2013-1886 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates. | |||||
CVE-2009-5141 | 1 Jgaa | 1 Warftpd | 2024-02-04 | 4.0 MEDIUM | N/A |
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | |||||
CVE-2013-7386 | 1 Rom Walton | 1 Boinc | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. | |||||
CVE-2014-1315 | 1 Apple | 1 Mac Os X | 2024-02-04 | 6.8 MEDIUM | N/A |
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | |||||
CVE-2011-4930 | 3 Condor Project, Fedoraproject, Redhat | 3 Condor, Fedora, Enterprise Mrg | 2024-02-04 | 4.4 MEDIUM | N/A |
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. | |||||
CVE-2014-1683 | 1 Skybluecanvas | 1 Skybluecanvas | 2024-02-04 | 6.8 MEDIUM | N/A |
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php. | |||||
CVE-2014-8625 | 1 Debian | 1 Dpkg | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. | |||||
CVE-2013-0929 | 1 Emc | 1 Alphastor | 2024-02-04 | 7.6 HIGH | N/A |
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command. | |||||
CVE-2013-2852 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 6.9 MEDIUM | N/A |
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. | |||||
CVE-2012-1151 | 1 Perl | 1 Perl | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. | |||||
CVE-2012-2090 | 2 Flightgear, Simgear | 2 Flightgear, Simgear | 2024-02-04 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx. | |||||
CVE-2012-1152 | 1 Ingy | 1 Yaml\ | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. | |||||
CVE-2012-2288 | 1 Emc | 1 Networker | 2024-02-04 | 9.3 HIGH | N/A |
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message. | |||||
CVE-2013-4258 | 1 Radscan | 1 Network Audio System | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog. | |||||
CVE-2012-1851 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." |