Total
365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3569 | 2 Microsoft, Vmware | 4 Windows, Ovf Tool, Player and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. | |||||
| CVE-2010-1039 | 3 Hp, Ibm, Sgi | 5 Hp-ux, Nfs\/oncplus, Aix and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. | |||||
| CVE-2012-1152 | 1 Ingy | 1 Yaml\ | 2025-04-11 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. | |||||
| CVE-2010-1550 | 1 Hp | 1 Openview Network Node Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter. | |||||
| CVE-2013-4389 | 3 Debian, Opensuse, Rubyonrails | 3 Debian Linux, Opensuse, Rails | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. | |||||
| CVE-2011-0185 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.4 MEDIUM | N/A |
| Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. | |||||
| CVE-2010-2094 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. | |||||
| CVE-2013-4258 | 1 Radscan | 1 Network Audio System | 2025-04-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog. | |||||
| CVE-2012-2369 | 2 Cypherpunks, Pidgin | 2 Pidgin-otr, Pidgin | 2025-04-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. | |||||
| CVE-2009-4811 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2451 | 1 Kvirc | 1 Kvirc | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. | |||||
| CVE-2013-6809 | 1 Philippe Jounin | 1 Tftpd32 | 2025-04-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field. | |||||
| CVE-2012-0242 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 10.0 HIGH | N/A |
| Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | |||||
| CVE-2009-3732 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-0743 | 2 Iscsitarget, Zaal | 2 Iscsitarget, Tgt | 2025-04-11 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. | |||||
| CVE-2007-0753 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | |||||
| CVE-2008-7228 | 1 White Dune | 1 White Dune | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101. | |||||
| CVE-2009-2916 | 1 2kgames | 1 Vietcong 2 | 2025-04-09 | 9.3 HIGH | N/A |
| Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. | |||||
| CVE-2009-3617 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2025-04-09 | 7.6 HIGH | N/A |
| Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0601 | 6 Apple, Freebsd, Linux and 3 more | 6 Mac Os X, Freebsd, Linux Kernel and 3 more | 2025-04-09 | 2.1 LOW | N/A |
| Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | |||||