SUSE CVE-2008-5660

Format string vulnerability in the vinagreutilsshowerror function src/vinagre-utils.c in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response...

SUSE CVE-2008-7159

The silcasn1encoder function in lib/silcasn1/silcasn1encode.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string...

SUSE CVE-2008-7160

The silchttpserverparse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing SILC Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header,...

SUSE CVE-2009-0601

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service application crash via format string specifiers in the HOME environment variable...

SUSE CVE-2009-1210

Format string vulnerability in the PROFINET/DCP PN-DCP dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information...

SUSE CVE-2009-1886

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename...

SUSE CVE-2009-2446

Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...

SUSE CVE-2009-3163

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to 1...

SUSE CVE-2009-4880

Multiple integer overflows in the strfmon implementation in the GNU C Library aka glibc or libc6 2.10.1 and earlier allow context-dependent attackers to cause a denial of service memory consumption or application crash via a crafted format string, as demonstrated by a crafted first argument to th...

SUSE CVE-2009-4881

Integer overflow in the vstrfmonl function in stdlib/strfmonl.c in the strfmon implementation in the GNU C Library aka glibc or libc6 before 2.10.1 allows context-dependent attackers to cause a denial of service application crash via a crafted format string, as demonstrated by the...

SUSE CVE-2010-0393

The cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with...

SUSE CVE-2010-0743

Multiple format string vulnerabilities in isns.c in 1 Linux SCSI target framework aka tgt or scsi-target-utils 1.0.3, 0.9.5, and earlier and 2 iSCSI Enterprise Target aka iscsitarget 0.4.16 allow remote attackers to cause a denial of service tgtd daemon crash or possibly have unspecified other...

SUSE CVE-2010-2094

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...

SUSE CVE-2010-2451

Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors...

SUSE CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error...

SUSE CVE-2011-1764

Format string vulnerability in the dkimeximverifyfinish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service daemon crash via format string specifiers in data used in DKIM logging, as demonstrated by an identity field...

SUSE CVE-2012-0021

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

SUSE CVE-2012-0809

Format string vulnerability in the sudodebug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo...

SUSE CVE-2012-0864

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFYSOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments...

SUSE CVE-2012-1152

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML aka YAML-LibYAML and perl-YAML-LibYAML module 0.38 for Perl allow remote attackers to cause a denial of service process crash via format string specifiers in a 1 YAML stream to the Load function, 2 YA...