Total
349 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10745 | 1 Palletsprojects | 1 Jinja | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | |||||
| CVE-2015-9238 | 1 Secure-compare Project | 1 Secure-compare | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length. | |||||
| CVE-2015-10088 | 1 Ayttm Project | 1 Ayttm | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
| A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267. | |||||
| CVE-2014-6262 | 2 Debian, Zenoss | 2 Debian Linux, Zenoss Core | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | |||||
| CVE-2012-0824 | 1 Gnu | 1 Gnusound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| gnusound 0.7.5 has format string issue | |||||
| CVE-2011-1588 | 3 Debian, Opensuse, Xfce | 3 Debian Linux, Opensuse, Thunar | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | |||||
| CVE-2010-3438 | 3 Debian, Fedoraproject, Libpoe-component-irc-perl Project | 3 Debian Linux, Fedora, Libpoe-component-irc-perl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. | |||||
| CVE-2024-9129 | 2024-10-23 | N/A | N/A | ||
| In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino | |||||
| CVE-2024-45330 | 1 Fortinet | 2 Fortianalyzer, Fortianalyzer Cloud | 2024-10-19 | N/A | 7.2 HIGH |
| A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | |||||