SUSE CVE-2004-1012

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command "bodyp" that is treated as a different command "body.peek" and causes an index increment error that leads to an out-of-bounds memory...

SUSE CVE-2004-1154

Integer overflow in the Samba daemon smbd in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service application crash and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer...

SUSE CVE-2006-4227

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE...

SUSE CVE-2006-5541

backend/parser/parsecoerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via a coercion of an unknown element to ANYARRAY...

SUSE CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

SUSE CVE-2006-5815

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vdproftpd.pm, a "ProFTPD remote exploit."...

SUSE CVE-2006-7216

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables...

SUSE CVE-2006-7217

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...

SUSE CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

SUSE CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in 1 X.Org libXfont before 20070403 and 2 freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow...

SUSE CVE-2007-3113

Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service CPU consumption via a large value of the 1 graphheight or 2 graphwidth parameter, different vectors than CVE-2007-3112...

SUSE CVE-2007-5969

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system...

SUSE CVE-2007-6350

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including 1 unison, 2 rsync, 3 svn, and 4 svnserve, as originally demonstrated by creating a Subversion SVN repository with malicious hooks, then using svn ...

SUSE CVE-2007-6415

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options...

SUSE CVE-2008-0887

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...

SUSE CVE-2008-6954

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

SUSE CVE-2009-0022

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name...

SUSE CVE-2009-3230

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the 1 RESET ROLE and 2 RESET SESSION AUTHORIZATION operations, which allows remote authenticated...

SUSE CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

SUSE CVE-2010-1321

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...