SUSE CVE-2006-7216

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables...

SUSE CVE-2006-7226

Perl-Compatible Regular Expression PCRE library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of...

SUSE CVE-2007-1006

Multiple format string vulnerabilities in the gmmainwindowflashmessage function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet...

SUSE CVE-2007-1660

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...

SUSE CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

SUSE CVE-2007-1869

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service cpu and resource consumption by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption...

SUSE CVE-2007-2264

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM .ra or .ram file with a large size value in the RA header...

SUSE CVE-2007-2510

Buffer overflow in the makehttpsoaprequest function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" slash characters...

SUSE CVE-2007-2748

The substrcount function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375...

SUSE CVE-2007-3392

Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed 1 SSL or 2 MMS packets that trigger an infinite loop...

SUSE CVE-2007-3477

The a imagearc and b imagefilledarc functions in GD Graphics Library libgd before 2.0.35 allow attackers to cause a denial of service CPU consumption via a large 1 start or 2 end angle degree value...

SUSE CVE-2007-3656

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

SUSE CVE-2007-3947

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service daemon crash by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault...

SUSE CVE-2007-4771

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode ICU 3.8.1 and earlier allows context-dependent attackers to cause a denial of service memory consumption and possibly have unspecified other impact via a regular expression that...

SUSE CVE-2007-4825

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass openbasedir restrictions and possibly execute arbitrary code via a .. dot dot in the dl function...

SUSE CVE-2007-5360

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUSUSEPAMSTANDALONEPROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than...

SUSE CVE-2007-5795

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a...

SUSE CVE-2007-5959

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors that trigger memory corruption...

SUSE CVE-2007-6036

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service daemon crash via a short RTSP query, which causes a negative number to be used during memory allocation...

SUSE CVE-2007-6521

Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates...