SUSE CVE-2007-3389

Wireshark before 0.99.6 allows remote attackers to cause a denial of service crash via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload...

SUSE CVE-2008-3824

Cross-site scripting XSS vulnerability in 1 TextFilter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and 2 externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / slash characters as replacements for spaces in an...

SUSE CVE-2008-5712

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...

SUSE CVE-2009-3546

The gdGetColors function in gdgd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different...

SUSE CVE-2010-0639

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via crafted packets to the HTCP port...

SUSE CVE-2010-1757

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document...

SUSE CVE-2010-1864

The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference feature...

SUSE CVE-2010-2225

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...

SUSE CVE-2010-4645

strtod.c, as used in the zendstrtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service infinite loop via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU...

SUSE CVE-2011-2369

Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity...

SUSE CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

SUSE CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

SUSE CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

SUSE CVE-2016-5273

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site...

SUSE CVE-2016-5301

The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...

SUSE CVE-2016-9430

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service segmentation fault and crash via a crafted HTML page...

SUSE CVE-2017-5078

Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as have an...

SUSE CVE-2017-5083

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page...

SUSE CVE-2017-11114

The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

SUSE CVE-2017-15395

A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference...