Max CVSS 10.0 Min CVSS 1.9 Total Count148
IDCVSSSummaryLast (major) updatePublished
CVE-2018-19359 6.5
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
25-04-2019 - 17:29 25-04-2019 - 17:29
CVE-2018-18643 4.3
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
25-04-2019 - 17:29 25-04-2019 - 17:29
CVE-2017-5427 1.9
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and act
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5426 5.0
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5425 5.0
The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been up
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5422 5.0
If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5421 5.0
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5420 4.3
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnera
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5419 7.8
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5418 5.0
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 a
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5417 5.0
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for sp
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5416 5.0
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5415 5.0
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5414 4.9
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5413 7.5
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5412 5.0
A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5411 5.0
A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This is
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5410 7.5
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5409 3.6
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5408 5.0
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR <
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5407 4.3
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violate
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5406 5.0
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5405 5.0
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5404 7.5
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 4
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5403 7.5
When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thun
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5402 7.5
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5401 7.5
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 4
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5400 7.5
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5399 10.0
Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Th
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5398 10.0
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2015-5594 4.3
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.
25-07-2017 - 14:29 25-07-2017 - 14:29
CVE-2015-8477 4.3
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2015-4054 5.0
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2016-5584 3.5
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
11-01-2017 - 15:19 25-10-2016 - 10:30
CVE-2016-7440 2.1
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
06-01-2017 - 22:00 13-12-2016 - 11:59
CVE-2013-6450 5.8
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a differe
06-01-2017 - 21:59 01-01-2014 - 11:05
CVE-2013-6449 4.3
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 cl
06-01-2017 - 21:59 23-12-2013 - 17:55
CVE-2013-4353 4.3
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
06-01-2017 - 21:59 08-01-2014 - 20:55
CVE-2013-0787 9.3
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey
06-01-2017 - 21:59 11-03-2013 - 06:55
CVE-2014-1586 5.0
content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information
23-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1585 5.0
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows
23-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1581 7.5
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the in
23-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1577 6.4
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from proc
23-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1576 7.5
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token se
23-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1574 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or
23-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1584 4.3
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site
21-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1583 5.0
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the J
21-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1582 4.3
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an inte
21-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1580 5.0
Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GI
21-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1575 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper
21-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2016-5103
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4552. Reason: This candidate is a reservation duplicate of CVE-2016-4552. Notes: All CVE users should reference CVE-2016-4552 instead of this candidate. All references and descr
21-12-2016 - 11:59 21-12-2016 - 11:59
CVE-2009-3563 6.4
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang
07-12-2016 - 22:01 09-12-2009 - 13:30
CVE-2016-4421 4.3
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifie
02-12-2016 - 22:27 30-04-2016 - 21:59
CVE-2016-4418 4.3
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty
02-12-2016 - 22:27 30-04-2016 - 21:59
CVE-2016-4417 4.3
Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a craft
02-12-2016 - 22:27 30-04-2016 - 21:59
CVE-2016-4084 4.3
Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an une
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4083 4.3
epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4082 4.3
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and appl
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4081 4.3
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4080 4.3
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a craf
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4079 4.3
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4078 4.3
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, rela
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4077 4.3
epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted pa
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4076 4.3
epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-4006 4.3
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.
02-12-2016 - 22:27 25-04-2016 - 06:59
CVE-2016-2532 4.3
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memo
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2531 4.3
Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2530 4.3
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of se
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2529 4.3
The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (o
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2528 4.3
The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and appli
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2527 4.3
wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-b
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2526 4.3
epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2525 4.3
epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2524 4.3
epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2523 7.1
The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2522 4.3
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (ou
02-12-2016 - 22:25 27-02-2016 - 23:59
CVE-2016-2315 10.0
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
02-12-2016 - 22:24 08-04-2016 - 10:59
CVE-2016-6513 4.3
epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6512 4.3
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6511 4.3
epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6510 4.3
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packe
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6509 4.3
epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6508 4.3
epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6506 4.3
epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6505 4.3