Total
380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8170 | 2 Ovirt, Redhat | 2 Ovirt-node, Enterprise Virtualization | 2026-05-13 | 9.0 HIGH | 8.8 HIGH |
| ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | |||||
| CVE-2016-5074 | 1 Cloudviewnms | 1 Cloudview Nms | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| CloudView NMS before 2.10a has a format string issue exploitable over SNMP. | |||||
| CVE-2017-12588 | 1 Rsyslog | 1 Rsyslog | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. | |||||
| CVE-2016-4864 | 1 Dena | 1 H2o | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. | |||||
| CVE-2025-64157 | 1 Fortinet | 1 Fortios | 2026-05-12 | N/A | 6.7 MEDIUM |
| A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. | |||||
| CVE-2024-35845 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-05-12 | N/A | 9.1 CRITICAL |
| In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it. | |||||
| CVE-2026-44407 | 1 Zte | 1 Zxcloud Irai | 2026-05-11 | N/A | 4.7 MEDIUM |
| A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service. | |||||
| CVE-2009-5141 | 1 Jgaa | 1 Warftpd | 2026-05-06 | 4.0 MEDIUM | N/A |
| Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | |||||
| CVE-2014-1315 | 1 Apple | 1 Mac Os X | 2026-05-06 | 6.8 MEDIUM | N/A |
| Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | |||||
| CVE-2015-2894 | 1 Idera | 1 Uptime Infrastructure Monitor | 2026-05-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. | |||||
| CVE-2013-2131 | 1 Rrdtool Project | 1 Rrdtool | 2026-05-06 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. | |||||
| CVE-2013-7386 | 1 Universityofcalifornia | 1 Boinc Client | 2026-05-06 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. | |||||
| CVE-2015-6285 | 1 Cisco | 1 Email Security Appliance | 2026-05-06 | 6.4 MEDIUM | N/A |
| Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | |||||
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||||
| CVE-2015-8617 | 1 Php | 1 Php | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. | |||||
| CVE-2015-8106 | 2 Fedoraproject, Latex2rtf Project | 2 Fedora, Latex2rtf | 2026-05-06 | 9.3 HIGH | 7.8 HIGH |
| Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | |||||
| CVE-2014-8625 | 1 Debian | 1 Dpkg | 2026-05-06 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. | |||||
| CVE-2014-9157 | 2 Debian, Graphviz | 2 Debian Linux, Graphviz | 2026-05-06 | 7.5 HIGH | N/A |
| Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. | |||||
| CVE-2026-6539 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2026-05-01 | N/A | 4.4 MEDIUM |
| Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through community channels that triggers format string interpretation when a user performs search operations, leading to access violations and potential leakage of stack or register contents. | |||||
| CVE-2012-0809 | 1 Todd Miller | 1 Sudo | 2026-04-29 | 7.2 HIGH | N/A |
| Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. | |||||