Total
323 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0364 | 1 Citadel | 1 Webcit | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2009-3617 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2023-12-10 | 7.6 HIGH | N/A |
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-3275 | 1 Microsoft | 1 Enterprise Library | 2023-12-10 | 5.0 MEDIUM | N/A |
Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. | |||||
CVE-2008-0965 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2023-12-10 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet. | |||||
CVE-2008-1658 | 1 Freedesktop | 1 Policykit | 2023-12-10 | 4.6 MEDIUM | N/A |
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password. | |||||
CVE-2008-6520 | 1 Imatix | 1 Xitami | 2023-12-10 | 10.0 HIGH | N/A |
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | |||||
CVE-2009-3294 | 2 Microsoft, Php | 4 Windows 7, Windows Server 2008, Windows Xp and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. | |||||
CVE-2008-1357 | 1 Mcafee | 4 Agent, Cma, Epolicy Orchestrator and 1 more | 2023-12-10 | 5.4 MEDIUM | N/A |
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8. | |||||
CVE-2008-3533 | 1 Gnome | 2 Gnome, Yelp | 2023-12-10 | 10.0 HIGH | N/A |
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | |||||
CVE-2009-2191 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | |||||
CVE-2009-0601 | 6 Apple, Freebsd, Linux and 3 more | 6 Mac Os X, Freebsd, Linux and 3 more | 2023-12-10 | 2.1 LOW | N/A |
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | |||||
CVE-2009-2548 | 1 Bistudio | 2 Arma, Arma 2 | 2023-12-10 | 10.0 HIGH | N/A |
Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message. | |||||
CVE-2009-1886 | 1 Samba | 1 Samba | 2023-12-10 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | |||||
CVE-2009-2446 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 8.5 HIGH | N/A |
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-1401 | 1 Mg-soft | 1 Net Inspector | 2023-12-10 | 4.3 MEDIUM | N/A |
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file. | |||||
CVE-2008-2310 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | |||||
CVE-2009-2916 | 1 2kgames | 1 Vietcong 2 | 2023-12-10 | 9.3 HIGH | N/A |
Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. | |||||
CVE-2008-7074 | 1 Memcode | 1 I.scribe | 2023-12-10 | 9.3 HIGH | N/A |
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." | |||||
CVE-2009-3663 | 1 Jasper | 1 Httpdx | 2023-12-10 | 10.0 HIGH | N/A |
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header. | |||||
CVE-2008-7160 | 1 Silcnet | 1 Silc Toolkit | 2023-12-10 | 5.8 MEDIUM | N/A |
The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. |