Denial Of Service (DoS)

libtiff.so is vulnerable to Denial Of Service DoS. The vulnerability exist due to the SEGV errors in the extractContigSamplesShifted24bits of tiffcrop.c, allowing an attacker to cause an application crash through a maliciously crafted tiff file...

Denial Of Service (DoS)

libtiff.so is vulnerable to Denial Of Service DoS. The vulnerability exist due to the SEGV errors in extractContigSamplesShifted8bits of tiffcrop.c, allowing an attacker to cause an application crash through a maliciously crafted tiff file...

CVE-2022-41734

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587...

CVE-2023-22580 Sequalize - Bad query filtering leading to SQL errors

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...

CURL-CVE-2023-23916 HTTP multi-header compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the cap was implemented on a per-header basis allowing a...

SUSE CVE-2004-0790

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service reset TCP connections via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks;...

SUSE CVE-2004-1018

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via 1 a negative offset value to the shmopwrite function, 2 an "integer overflow/underflow" in the pack function, or 3 an "integer...

SUSE CVE-2004-1268

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors...

SUSE CVE-2005-0068

The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using 1 blind connection-reset attacks with forged...

SUSE CVE-2005-0639

Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files...

SUSE CVE-2005-2531

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial o...

SUSE CVE-2006-0208

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

SUSE CVE-2006-3587

Unspecified vulnerability in Adobe Macromedia Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors...

SUSE CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via 1 certain negative argument numbers that arise in the phpformattedprint function because of 64 to 32 bit...

SUSE CVE-2007-3329

Multiple array index errors in the 1 getintrablock, 2 getinterblockh263, and 3 getinterblockmpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted a Avi, b H.263, or c MPEG file...

SUSE CVE-2007-4091

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function...

SUSE CVE-2007-5268

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use 1 logical instead of bitwise operations and 2 incorrect comparisons, which might allow remote attackers to cause a denial of service crash via a crafted PNG image...

SUSE CVE-2007-6242

Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."...

SUSE CVE-2008-1808

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via 1 a crafted table in a Printer Font Binary PFB file or 2 a crafted SHC instruction in a TrueType Font TTF file, which triggers a heap-based buffer overflow...

SUSE CVE-2008-3327

Moodle 1.6.5, when displayerrors is enabled, allows remote attackers to obtain sensitive information via a direct request to 1 blog/blogpage.php and 2 course/report/stats/report.php, which reveals the installation path in an error message...