Total
295 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2894 | 1 Idera | 1 Uptime Infrastructure Monitor | 2015-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. | |||||
CVE-2013-1886 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2015-08-26 | 7.5 HIGH | N/A |
Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates. | |||||
CVE-2013-2131 | 1 Rrdtool Project | 1 Rrdtool | 2015-05-19 | 5.0 MEDIUM | N/A |
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. | |||||
CVE-2013-7386 | 1 Rom Walton | 1 Boinc | 2014-06-03 | 5.0 MEDIUM | N/A |
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. | |||||
CVE-2014-1315 | 1 Apple | 1 Mac Os X | 2014-04-23 | 6.8 MEDIUM | N/A |
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | |||||
CVE-2009-5141 | 1 Jgaa | 1 Warftpd | 2014-04-01 | 4.0 MEDIUM | N/A |
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | |||||
CVE-2013-2851 | 1 Linux | 1 Linux Kernel | 2014-03-25 | 6.0 MEDIUM | N/A |
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. | |||||
CVE-2011-1764 | 1 Exim | 1 Exim | 2014-02-20 | 7.5 HIGH | N/A |
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. | |||||
CVE-2010-1139 | 2 Linux, Vmware | 6 Linux Kernel, Fusion, Player and 3 more | 2013-05-14 | 7.2 HIGH | N/A |
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata. | |||||
CVE-2009-4811 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2013-05-14 | 5.0 MEDIUM | N/A |
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-3707 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2013-05-14 | 5.0 MEDIUM | N/A |
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-2288 | 1 Emc | 1 Networker | 2013-03-05 | 9.3 HIGH | N/A |
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message. | |||||
CVE-2010-2451 | 1 Kvirc | 1 Kvirc | 2012-11-05 | 10.0 HIGH | N/A |
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. | |||||
CVE-2009-3163 | 1 Silcnet | 2 Silc Client, Silc Toolkit | 2012-10-22 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. | |||||
CVE-2009-3051 | 1 Silcnet | 2 Silc Client, Silc Toolkit | 2012-10-22 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. | |||||
CVE-2008-7160 | 1 Silcnet | 1 Silc Toolkit | 2012-10-22 | 5.8 MEDIUM | N/A |
The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. | |||||
CVE-2011-0185 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 4.4 MEDIUM | N/A |
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. | |||||
CVE-2011-1568 | 1 7t | 1 Igss | 2011-09-21 | 10.0 HIGH | N/A |
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-2475 | 1 Sybase | 1 Onebridge Mobile Data Suite | 2011-06-13 | 10.0 HIGH | N/A |
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging. | |||||
CVE-2010-2950 | 1 Php | 1 Php | 2011-05-03 | 6.8 MEDIUM | N/A |
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. |