Total
359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0963 | 1 Emc | 1 Diskxtender | 2025-04-09 | N/A |
| Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | ||||
| CVE-2008-0965 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet. | ||||
| CVE-2008-1055 | 1 Netwin | 2 Surgemail, Webmail | 2025-04-09 | N/A |
| Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. | ||||
| CVE-2007-3917 | 1 Wesnoth | 1 Wesnoth | 2025-04-09 | N/A |
| The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers. | ||||
| CVE-2009-0601 | 6 Apple, Freebsd, Linux and 3 more | 6 Mac Os X, Freebsd, Linux Kernel and 3 more | 2025-04-09 | N/A |
| Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | ||||
| CVE-2008-0755 | 1 Cyan Soft | 6 Cyanprintip Basic, Cyanprintip Easy Opi, Cyanprintip Professional and 3 more | 2025-04-09 | N/A |
| Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request. | ||||
| CVE-2009-3707 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | N/A |
| VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0072 | 3 Gnome, Linux, Redhat | 4 Evolution, Linux Kernel, Enterprise Linux and 1 more | 2025-04-09 | N/A |
| Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | ||||
| CVE-2007-5825 | 1 Firefly | 1 Media Server | 2025-04-09 | N/A |
| Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. | ||||
| CVE-2007-4550 | 1 Altools | 1 Alpass | 2025-04-09 | N/A |
| Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | ||||
| CVE-2007-5740 | 1 Vergenet | 1 Perdition Mail Retrieval Proxy | 2025-04-09 | N/A |
| The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. | ||||
| CVE-2007-5561 | 1 Oracle | 2 Enterprise Grid Console Server, Opmn Daemon | 2025-04-09 | N/A |
| Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure. | ||||
| CVE-2008-2310 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | ||||
| CVE-2008-6441 | 1 Epicgames | 1 Unreal Engine | 2025-04-09 | N/A |
| Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. | ||||
| CVE-2007-5545 | 1 Tibco | 1 Smart Pgm Fx | 2025-04-09 | N/A |
| Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-5265 | 1 Dawnoftime | 1 Dawn Of Time | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions. | ||||
| CVE-2007-5248 | 2 Id Software, Take2games | 3 Doom 3, Quake 4, Prey | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | ||||
| CVE-2008-6520 | 1 Imatix | 1 Xitami | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | ||||
| CVE-2009-3617 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2025-04-09 | N/A |
| Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5184 | 1 Smbftpd | 1 Smbftpd | 2025-04-09 | N/A |
| Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name. | ||||