Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | |||||
| CVE-2016-4083 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-4078 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. | |||||
| CVE-2016-4072 | 2 Apple, Php | 2 Mac Os X, Php | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c. | |||||
| CVE-2016-4071 | 2 Apple, Php | 2 Mac Os X, Php | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. | |||||
| CVE-2016-3959 | 3 Fedoraproject, Golang, Opensuse | 3 Fedora, Go, Leap | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. | |||||
| CVE-2016-3185 | 1 Php | 1 Php | 2023-11-07 | 6.4 MEDIUM | 7.1 HIGH |
| The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. | |||||
| CVE-2016-3088 | 1 Apache | 1 Activemq | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | |||||
| CVE-2016-2848 | 1 Isc | 1 Bind | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. | |||||
| CVE-2016-2844 | 1 Google | 1 Chrome | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2016-2781 | 1 Gnu | 1 Coreutils | 2023-11-07 | 2.1 LOW | 6.5 MEDIUM |
| chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | |||||
| CVE-2016-2775 | 4 Fedoraproject, Hp, Isc and 1 more | 9 Fedora, Hp-ux, Bind and 6 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |||||
| CVE-2016-2528 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | |||||
| CVE-2016-2527 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. | |||||
| CVE-2016-2526 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
| CVE-2016-2525 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. | |||||
| CVE-2016-2524 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-2170 | 1 Apache | 1 Ofbiz | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2016-2161 | 1 Apache | 1 Http Server | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | |||||
| CVE-2016-2125 | 2 Redhat, Samba | 8 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 5 more | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. | |||||