SUSE CVE-2009-1101

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allows remote attackers to cause a denial of service probably resource consumption for a JAX-WS service endpoint via a connection without...

SUSE CVE-2009-1191

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

SUSE CVE-2009-1958

charon/sa/tasks/childcreate.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKEAUTH request without a 1 TSi or 2 TSr traffic selector...

SUSE CVE-2009-2174

GUPnP 0.12.7 allows remote attackers to cause a denial of service crash via an empty 1 subscription or 2 control message...

SUSE CVE-2009-3231

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password...

SUSE CVE-2009-3704

ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service crash via a SIP INVITE request with an empty Call-Info header...

SUSE CVE-2009-3934

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclientimpl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated ...

SUSE CVE-2009-5028

Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted request containing an empty uri field...

SUSE CVE-2010-0408

The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...

SUSE CVE-2010-1868

The 1 sqlitesinglequery and 2 sqlitearrayquery functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory...

SUSE CVE-2010-4098

monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service crash via an empty argument to the mtn command...

SUSE CVE-2011-0421

The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service NULL pointer dereference via an empty ZIP archive that is processed with a...

SUSE CVE-2011-1002

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service infinite loop via an empty mDNS 1 IPv4 or 2 IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244...

SUSE CVE-2011-1081

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...

SUSE CVE-2011-2691

The pngerr function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service application crash vi...

SUSE CVE-2011-2753

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the empty trash implementation and 2 the Index Order aka optionsorder page, a different issue than...

SUSE CVE-2011-3024

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service application crash via an empty X.509 certificate...

SUSE CVE-2012-1954

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service heap memory...

SUSE CVE-2012-2388

The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a 1 empty or 2 zeroed RSA signature, aka "RSA signature verification vulnerability."...

SUSE CVE-2012-3422

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instancetoidmap hash is empty, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted web page, which causes an...