SUSE CVE-2010-4341

The pamparseindatav2 function in src/responder/pam/pamsrvcmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service infinite loop, crash, and login prevention via a crafted packet...

SUSE CVE-2011-1006

Heap-based buffer overflow in the parsecgroupspec function in tools/tools-common.c in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear wheth...

SUSE CVE-2012-3461

The 1 otrlbase64otrdecode function in src/b64.c; 2 otrlprotodatareadflags and 3 otrlprotoacceptdata functions in src/proto.c; and 4 decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a deni...

SUSE CVE-2012-5669

The bdfparseglyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read...

SUSE CVE-2013-0852

The parsepicturesegment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access...

SUSE CVE-2013-4164

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...

SUSE CVE-2013-6712

The scan function in ext/date/lib/parseisointervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service heap-based buffer over-read via a crafted interval specification...

SUSE CVE-2014-7187

Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via deeply nested for loops, aka the "wordlineno" issue...

SUSE CVE-2014-9471

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

SUSE CVE-2014-9660

The bdfparseglyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service NULL pointer dereference or possibly have unspecified other impact via a crafted BDF font...

SUSE CVE-2014-9672

Array index error in the parsefond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file...

SUSE CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

SUSE CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...

SUSE CVE-2015-1545

The derefparseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an empty attribute list in a deref control in a search request...

SUSE CVE-2015-3307

The pharparsemetadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service heap metadata corruption or possibly have unspecified other impact via a crafted tar archive...

SUSE CVE-2015-4021

The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service integer underflow and memory...

SUSE CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

SUSE CVE-2015-5522

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving a command character in an href...

SUSE CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure...

SUSE CVE-2015-7804

Off-by-one error in the pharparsezipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service uninitialized pointer dereference and application crash by including the / filename in a .zip PHAR archive...