SUSE CVE-2016-7406

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...

SUSE CVE-2016-9586

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks...

SUSE CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

SUSE CVE-2017-7519

In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library...

SUSE CVE-2017-10685

In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

SUSE CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

SUSE CVE-2018-16554

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling...

SUSE CVE-2018-17336

UDisks 2.8.0 has a format string vulnerability in udiskslog in udiskslogging.c, allowing attackers to obtain sensitive information stack contents, cause a denial of service memory corruption, or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n...

SUSE CVE-2019-9717

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

SUSE CVE-2019-9721

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handleopenbrace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

SUSE CVE-2020-15203

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

SUSE CVE-2020-36619

A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function addch of the file demodflex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is...

SUSE CVE-2021-20307

Format string vulnerability in panoFileOutputNamesCreate in libpano13 2.9.20rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values...

SUSE CVE-2021-30145

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

SUSE CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

SUSE CVE-2022-1215

A format string vulnerability was found in libinput...

SUSE CVE-2022-4639

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

SUSE CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

CVE-2022-43869

IBM Spectrum Scale 5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1 and IBM Elastic Storage System 6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1 could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539...

CVE-2022-43869

IBM Spectrum Scale 5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1 and IBM Elastic Storage System 6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1 could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539...