Total
329 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2403 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL. | |||||
CVE-2015-8107 | 1 Gnu | 1 A2ps | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. | |||||
CVE-2015-8106 | 2 Fedoraproject, Latex2rtf Project | 2 Fedora, Latex2rtf | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | |||||
CVE-2015-2894 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. | |||||
CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||||
CVE-2015-8617 | 1 Php | 1 Php | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. | |||||
CVE-2015-6285 | 1 Cisco | 1 Email Security Appliance | 2024-02-28 | 6.4 MEDIUM | N/A |
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | |||||
CVE-2013-7386 | 1 Rom Walton | 1 Boinc | 2024-02-28 | 5.0 MEDIUM | N/A |
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. | |||||
CVE-2011-4930 | 3 Condor Project, Fedoraproject, Redhat | 3 Condor, Fedora, Enterprise Mrg | 2024-02-28 | 4.4 MEDIUM | N/A |
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. | |||||
CVE-2013-1886 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates. | |||||
CVE-2013-2131 | 1 Rrdtool Project | 1 Rrdtool | 2024-02-28 | 5.0 MEDIUM | N/A |
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. | |||||
CVE-2014-1683 | 1 Skybluecanvas | 1 Skybluecanvas | 2024-02-28 | 6.8 MEDIUM | N/A |
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php. | |||||
CVE-2014-1315 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | N/A |
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | |||||
CVE-2014-8625 | 1 Debian | 1 Dpkg | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. | |||||
CVE-2009-5141 | 1 Jgaa | 1 Warftpd | 2024-02-28 | 4.0 MEDIUM | N/A |
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | |||||
CVE-2012-2090 | 2 Flightgear, Simgear | 2 Flightgear, Simgear | 2024-02-28 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx. | |||||
CVE-2013-4147 | 1 Yard Radius Project | 1 Yard Radius | 2024-02-28 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c. | |||||
CVE-2012-1152 | 1 Ingy | 1 Yaml\ | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. | |||||
CVE-2013-0929 | 1 Emc | 1 Alphastor | 2024-02-28 | 7.6 HIGH | N/A |
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command. | |||||
CVE-2012-1851 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." |