SUSE CVE-2007-6109

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service application crash and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval...

SUSE CVE-2007-6682

Format string vulnerability in the httpdFileCallBack function network/httpd.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter...

SUSE CVE-2008-0072

Format string vulnerability in the emfmultipartencrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field...

SUSE CVE-2008-1333

Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by 1 the astverbose logging API call, or 2 the astmanappend function...

SUSE CVE-2008-1658

Format string vulnerability in the grant helper polkit-grant-helper.c in PolicyKit 0.7 and earlier allows attackers to cause a denial of service crash and possibly execute arbitrary code via format strings in a password...

SUSE CVE-2008-3533

Format string vulnerability in the windowerror function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within 1 man or 2 ghelp URI...

SUSE CVE-2008-4748

Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in the irc:// URI...

SUSE CVE-2008-5660

Format string vulnerability in the vinagreutilsshowerror function src/vinagre-utils.c in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response...

SUSE CVE-2008-7159

The silcasn1encoder function in lib/silcasn1/silcasn1encode.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string...

SUSE CVE-2008-7160

The silchttpserverparse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing SILC Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header,...

SUSE CVE-2009-0601

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service application crash via format string specifiers in the HOME environment variable...

SUSE CVE-2009-1210

Format string vulnerability in the PROFINET/DCP PN-DCP dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information...

SUSE CVE-2009-1886

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename...

SUSE CVE-2009-2446

Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...

SUSE CVE-2009-3163

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to 1...

SUSE CVE-2009-4881

Integer overflow in the vstrfmonl function in stdlib/strfmonl.c in the strfmon implementation in the GNU C Library aka glibc or libc6 before 2.10.1 allows context-dependent attackers to cause a denial of service application crash via a crafted format string, as demonstrated by the...

SUSE CVE-2009-4880

Multiple integer overflows in the strfmon implementation in the GNU C Library aka glibc or libc6 2.10.1 and earlier allow context-dependent attackers to cause a denial of service memory consumption or application crash via a crafted format string, as demonstrated by a crafted first argument to th...

SUSE CVE-2010-0393

The cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with...

SUSE CVE-2010-0743

Multiple format string vulnerabilities in isns.c in 1 Linux SCSI target framework aka tgt or scsi-target-utils 1.0.3, 0.9.5, and earlier and 2 iSCSI Enterprise Target aka iscsitarget 0.4.16 allow remote attackers to cause a denial of service tgtd daemon crash or possibly have unspecified other...

SUSE CVE-2010-2094

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...