Total
353 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0072 | 2 Gnome, Linux | 2 Evolution, Linux Kernel | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | |||||
| CVE-2009-1886 | 1 Samba | 1 Samba | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | |||||
| CVE-2007-5396 | 1 Miranda-im | 1 Miranda Im | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who). | |||||
| CVE-2009-3163 | 1 Silcnet | 2 Silc Client, Silc Toolkit | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. | |||||
| CVE-2007-5265 | 1 Dawnoftime | 1 Dawn Of Time | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions. | |||||
| CVE-2007-0753 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | |||||
| CVE-2008-7160 | 1 Silcnet | 1 Silc Toolkit | 2025-04-09 | 5.8 MEDIUM | N/A |
| The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. | |||||
| CVE-2007-2655 | 1 Netwin | 2 Surgemail, Webmail | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. | |||||
| CVE-2008-7074 | 1 Memcode | 1 I.scribe | 2025-04-09 | 9.3 HIGH | N/A |
| Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." | |||||
| CVE-2008-1333 | 1 Asterisk | 1 Open Source | 2025-04-09 | 5.8 MEDIUM | N/A |
| Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function. | |||||
| CVE-2007-5545 | 1 Tibco | 1 Smart Pgm Fx | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-1262 | 1 Fortinet | 1 Forticlient | 2025-04-09 | 7.2 HIGH | N/A |
| Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. | |||||
| CVE-2008-0945 | 1 Ipswitch | 2 Imserver, Instant Messaging | 2025-04-09 | 3.5 LOW | N/A |
| Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. | |||||
| CVE-2009-2548 | 1 Bistudio | 2 Arma, Arma 2 | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message. | |||||
| CVE-2007-3675 | 1 Kaspersky Lab | 1 Online Scanner | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. | |||||
| CVE-2007-5740 | 1 Vergenet | 1 Perdition Mail Retrieval Proxy | 2025-04-09 | 7.5 HIGH | N/A |
| The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. | |||||
| CVE-2009-2916 | 1 2kgames | 1 Vietcong 2 | 2025-04-09 | 9.3 HIGH | N/A |
| Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. | |||||
| CVE-2008-3533 | 1 Gnome | 2 Gnome, Yelp | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | |||||
| CVE-2008-2310 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | |||||
| CVE-2009-3275 | 1 Microsoft | 1 Enterprise Library | 2025-04-09 | 5.0 MEDIUM | N/A |
| Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. | |||||