Max CVSS | 8.3 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-2497 | 8.3 |
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small comman
|
13-02-2023 - 01:19 | 29-08-2011 - 18:55 | |
CVE-2011-2501 | 4.3 |
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers
|
06-08-2020 - 15:43 | 17-07-2011 - 20:55 | |
CVE-2018-14369 | 5.0 |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14368 | 7.8 |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14367 | 5.0 |
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14344 | 5.0 |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14343 | 5.0 |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14370 | 5.0 |
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14341 | 7.8 |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14342 | 7.8 |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14340 | 5.0 |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2018-14339 | 5.0 |
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
|
20-03-2020 - 01:15 | 19-07-2018 - 02:29 | |
CVE-2007-3704 | 7.5 |
Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator."
|
15-10-2018 - 21:29 | 11-07-2007 - 23:30 | |
CVE-2002-0641 | 7.5 |
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSER
|
12-10-2018 - 21:31 | 23-07-2002 - 04:00 | |
CVE-2005-2985 | 7.5 |
SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter.
|
11-07-2017 - 01:33 | 20-09-2005 - 00:03 | |
CVE-2005-2986 | 7.5 |
The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain
|
11-07-2017 - 01:33 | 20-09-2005 - 00:03 | |
CVE-2008-6797 | 7.8 |
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.
|
08-05-2009 - 04:00 | 07-05-2009 - 18:30 |