Max CVSS 10.0 Min CVSS 3.5 Total Count39
IDCVSSSummaryLast (major) updatePublished
CVE-2018-0141 7.2
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system.
08-03-2018 - 02:29 08-03-2018 - 02:29
CVE-2018-7420 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7419 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7418 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7417 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7337 5.0
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7336 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7335 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7334 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7332 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7324 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7323 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7322 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7225 7.5
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
19-02-2018 - 10:29 19-02-2018 - 10:29
CVE-2016-6814 7.5
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f
18-01-2018 - 13:29 18-01-2018 - 13:29
CVE-2017-5754 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
04-01-2018 - 08:29 04-01-2018 - 08:29
CVE-2017-5715 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
04-01-2018 - 08:29 04-01-2018 - 08:29
CVE-2017-1000253 7.2
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4f
04-10-2017 - 21:29 04-10-2017 - 21:29
CVE-2017-14491 7.5
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
03-10-2017 - 21:29 03-10-2017 - 21:29
CVE-2017-12166 6.8
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
03-10-2017 - 21:29 03-10-2017 - 21:29
CVE-2017-14496 7.8
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
02-10-2017 - 21:29 02-10-2017 - 21:29
CVE-2017-14495 5.0
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
02-10-2017 - 21:29 02-10-2017 - 21:29
CVE-2017-14494 4.3
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
02-10-2017 - 21:29 02-10-2017 - 21:29
CVE-2017-14493 7.5
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
02-10-2017 - 21:29 02-10-2017 - 21:29
CVE-2017-14492 7.5
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
02-10-2017 - 21:29 02-10-2017 - 21:29
CVE-2017-6362 5.0
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
07-09-2017 - 09:29 07-09-2017 - 09:29
CVE-2017-7890 4.3
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitia
02-08-2017 - 15:29 02-08-2017 - 15:29
CVE-2016-5195 7.2
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in Oc
09-05-2017 - 21:29 10-11-2016 - 16:59
CVE-2015-7547 6.8
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrar
16-02-2017 - 21:59 18-02-2016 - 16:59
CVE-2014-7169 10.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
06-01-2017 - 22:00 24-09-2014 - 21:55
CVE-2016-2776 7.8
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted
02-01-2017 - 22:00 28-09-2016 - 06:59
CVE-2016-2775 4.3
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight reso
02-01-2017 - 22:00 19-07-2016 - 18:59
CVE-2014-7187 10.0
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deepl
02-01-2017 - 21:59 28-09-2014 - 15:55
CVE-2014-7186 10.0
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here doc
02-01-2017 - 21:59 28-09-2014 - 15:55
CVE-2016-3119 3.5
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users
22-12-2016 - 10:52 25-03-2016 - 21:59
CVE-2015-7613 6.9
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and uti
07-12-2016 - 22:13 19-10-2015 - 06:59
CVE-2015-2925 6.9
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a
07-12-2016 - 13:10 16-11-2015 - 06:59
CVE-2015-8787 10.0
The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending
05-12-2016 - 22:04 07-02-2016 - 22:59
CVE-2016-3120 4.0
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows r
28-11-2016 - 15:06 31-07-2016 - 22:59
Back to Top Mark selected
Back to Top