Search
Total
782 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2037 | 2 Debian, Gnu | 2 Debian Linux, Cpio | 2016-12-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. | |||||
| CVE-2016-4079 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. | |||||
| CVE-2016-4006 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. | |||||
| CVE-2016-4080 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
| CVE-2016-4082 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. | |||||
| CVE-2016-4417 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. | |||||
| CVE-2016-4418 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. | |||||
| CVE-2016-1734 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 7.2 HIGH | 6.8 MEDIUM |
| AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. | |||||
| CVE-2016-1732 | 1 Apple | 1 Mac Os X | 2016-12-03 | 2.1 LOW | 5.5 MEDIUM |
| AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2016-1737 | 1 Apple | 1 Mac Os X | 2016-12-03 | 6.8 MEDIUM | 6.3 MEDIUM |
| Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file. | |||||
| CVE-2016-0771 | 1 Samba | 1 Samba | 2016-12-03 | 4.9 MEDIUM | 5.9 MEDIUM |
| The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. | |||||
| CVE-2016-3941 | 2 Canonical, Videolan | 2 Ubuntu Linux, Vlc Media Player | 2016-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF." | |||||
| CVE-2016-5728 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2016-11-28 | 5.4 MEDIUM | 6.3 MEDIUM |
| Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. | |||||
| CVE-2016-5359 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. | |||||
| CVE-2016-5356 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2016-5232 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2016-11-28 | 7.1 HIGH | 5.5 MEDIUM |
| Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app. | |||||
| CVE-2016-4509 | 1 Eaton | 1 Elcsoft | 2016-11-28 | 6.0 MEDIUM | 6.0 MEDIUM |
| Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | |||||
| CVE-2016-4496 | 1 Panasonic | 1 Fpwin Pro | 2016-11-28 | 4.4 MEDIUM | 4.2 MEDIUM |
| Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. | |||||
| CVE-2016-4499 | 1 Panasonic | 1 Fpwin Pro | 2016-11-28 | 4.4 MEDIUM | 4.2 MEDIUM |
| Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2016-0830 | 1 Google | 1 Android | 2016-11-28 | 3.3 LOW | 6.5 MEDIUM |
| btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. | |||||
| CVE-2016-3638 | 1 Sap | 1 Sld Registration | 2016-10-14 | 2.1 LOW | 5.5 MEDIUM |
| SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | |||||
| CVE-2016-7176 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2016-09-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. | |||||
| CVE-2016-7177 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2016-09-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. | |||||
| CVE-2016-7179 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2016-09-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2015-8893 | 1 Google | 1 Android | 2016-07-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275. | |||||
| CVE-2016-4528 | 1 Advantech | 1 Webaccess | 2016-06-27 | 4.3 MEDIUM | 5.0 MEDIUM |
| Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | |||||
| CVE-2016-1424 | 1 Cisco | 1 Ios | 2016-06-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | |||||
| CVE-2016-1176 | 1 Sharp | 1 Eva Animator | 2016-05-09 | 6.8 MEDIUM | 6.3 MEDIUM |
| Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. | |||||
| CVE-2016-4416 | 1 Wireshark | 1 Wireshark | 2016-05-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. | |||||
| CVE-2016-4415 | 1 Wireshark | 1 Wireshark | 2016-05-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. | |||||
| CVE-2016-0869 | 1 Microsys | 1 Promotic | 2016-02-23 | 7.1 HIGH | 5.0 MEDIUM |
| Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. | |||||
| CVE-2015-7422 | 2 Ibm, Microsoft | 2 I Access, Windows | 2016-01-07 | 2.1 LOW | 5.5 MEDIUM |
| Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. | |||||