Vulnerabilities (CVE)

Filtered by CWE-134
Total 332 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6285 1 Cisco 1 Email Security Appliance 2024-11-21 6.4 MEDIUM N/A
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.
CVE-2015-2894 1 Idera 1 Uptime Infrastructure Monitor 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.
CVE-2014-9157 2 Debian, Graphviz 2 Debian Linux, Graphviz 2024-11-21 7.5 HIGH N/A
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
CVE-2014-8625 1 Debian 1 Dpkg 2024-11-21 6.8 MEDIUM N/A
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
CVE-2014-8170 2 Ovirt, Redhat 2 Ovirt-node, Enterprise Virtualization 2024-11-21 9.0 HIGH 8.8 HIGH
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
CVE-2014-1683 1 Skybluecanvas 1 Skybluecanvas 2024-11-21 6.8 MEDIUM N/A
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
CVE-2014-1315 1 Apple 1 Mac Os X 2024-11-21 6.8 MEDIUM N/A
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.
CVE-2013-7386 1 Rom Walton 1 Boinc 2024-11-21 5.0 MEDIUM N/A
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.
CVE-2013-6809 1 Philippe Jounin 1 Tftpd32 2024-11-21 5.0 MEDIUM N/A
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.
CVE-2013-5135 1 Apple 2 Apple Remote Desktop, Mac Os X 2024-11-21 7.5 HIGH N/A
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
CVE-2013-4389 3 Debian, Opensuse, Rubyonrails 3 Debian Linux, Opensuse, Rails 2024-11-21 4.3 MEDIUM N/A
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
CVE-2013-4258 1 Radscan 1 Network Audio System 2024-11-21 7.5 HIGH N/A
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog.
CVE-2013-4147 1 Yard Radius Project 1 Yard Radius 2024-11-21 7.5 HIGH N/A
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
CVE-2013-3560 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2024-11-21 5.0 MEDIUM N/A
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-2852 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 6.9 MEDIUM N/A
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
CVE-2013-2851 1 Linux 1 Linux Kernel 2024-11-21 6.0 MEDIUM N/A
Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.
CVE-2013-2131 1 Rrdtool Project 1 Rrdtool 2024-11-21 5.0 MEDIUM N/A
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
CVE-2013-1886 1 Redhat 2 Certificate System, Dogtag Certificate System 2024-11-21 7.5 HIGH N/A
Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates.
CVE-2013-0929 1 Emc 1 Alphastor 2024-11-21 7.6 HIGH N/A
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command.
CVE-2012-4426 1 Mcrypt 1 Mcrypt 2024-11-21 6.8 MEDIUM N/A
Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c.