SUSE CVE-2012-4465

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via an empty username in the "Author" field in a commit...

SUSE CVE-2012-5529

TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service NULL pointer dereference and crash by preparing an empty dynamic SQL query...

SUSE CVE-2012-5533

The httprequestsplitvalue function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service infinite loop via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header...

SUSE CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

SUSE CVE-2013-2124

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...

SUSE CVE-2013-2157

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

SUSE CVE-2013-4130

The 1 redchannelpipesaddtype and 2 redchannelpipesaddemptymsg functions in server/redchannel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service reachable assertion and server exit by triggering a network error...

SUSE CVE-2013-7112

The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

SUSE CVE-2014-0979

The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...

SUSE CVE-2014-2285

The perltrapdhandler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service snmptrapd crash via an empty community string in an SNMP trap, which triggers a NULL pointer dereference...

SUSE CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...

SUSE CVE-2014-3970

The partprecv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service assertion failure and abort via an empty UDP packet...

SUSE CVE-2014-6423

The tvbrawtextadd function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service infinite loop via an empty line...

SUSE CVE-2014-6429

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service application crash via a crafted file...

SUSE CVE-2014-9116

The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup function...

SUSE CVE-2015-1545

The derefparseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an empty attribute list in a deref control in a search request...

SUSE CVE-2015-2047

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value...

SUSE CVE-2015-3982

The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...

SUSE CVE-2015-5185

The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty className in a packet...

SUSE CVE-2015-5523

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation...