Total
352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0072 | 2 Gnome, Linux | 2 Evolution, Linux Kernel | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | |||||
| CVE-2008-1055 | 1 Netwin | 2 Surgemail, Webmail | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. | |||||
| CVE-2009-2446 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 8.5 HIGH | N/A |
| Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0344 | 1 Colloquy | 1 Colloquy | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. | |||||
| CVE-2008-7228 | 1 White Dune | 1 White Dune | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101. | |||||
| CVE-2008-0764 | 1 Larson Software Technology | 1 Network Print Server | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114. | |||||
| CVE-2009-2548 | 1 Bistudio | 2 Arma, Arma 2 | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message. | |||||
| CVE-2007-4832 | 1 Immersion Games | 1 Cellfactor Revolution | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. | |||||
| CVE-2007-0753 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | |||||
| CVE-2007-0051 | 1 Apple | 1 Iphoto | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed. | |||||
| CVE-2009-2191 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | |||||
| CVE-2008-0963 | 1 Emc | 1 Diskxtender | 2025-04-09 | 9.0 HIGH | N/A |
| Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | |||||
| CVE-2009-3275 | 1 Microsoft | 1 Enterprise Library | 2025-04-09 | 5.0 MEDIUM | N/A |
| Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. | |||||
| CVE-2008-1705 | 1 Ibm | 1 Soliddb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | |||||
| CVE-2008-6395 | 1 3com | 1 Wireless 8760 Dual-radio | 2025-04-09 | 7.8 HIGH | N/A |
| The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. | |||||
| CVE-2008-3116 | 1 Hanghai | 3 5th Street, High Street 5, Hot Step | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message. | |||||
| CVE-2024-35845 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-07 | N/A | 9.1 CRITICAL |
| In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it. | |||||
| CVE-2006-0082 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 5.1 MEDIUM | N/A |
| Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. | |||||
| CVE-2006-3573 | 1 Milan Mimica | 1 Sparklet | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname. | |||||
| CVE-2005-3656 | 1 Guiseppe Tanzilli And Matthias Eckermann | 1 Mod Auth Pgsql | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username. | |||||