Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-3714 | 10.0 |
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "I
|
11-09-2024 - 11:11 | 05-05-2016 - 18:59 | |
CVE-2016-3715 | 5.8 |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
|
24-07-2024 - 17:06 | 05-05-2016 - 18:59 | |
CVE-2016-3718 | 4.3 |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
|
24-07-2024 - 17:05 | 05-05-2016 - 18:59 | |
CVE-2016-3627 | 5.0 |
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc
|
10-02-2024 - 02:43 | 17-05-2016 - 14:08 | |
CVE-2016-5118 | 10.0 |
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
|
01-08-2023 - 18:21 | 10-06-2016 - 15:59 | |
CVE-2016-5699 | 4.3 |
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
|
12-02-2023 - 23:24 | 02-09-2016 - 14:59 | |
CVE-2016-4971 | 4.3 |
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
|
12-02-2023 - 23:22 | 30-06-2016 - 17:59 | |
CVE-2016-4448 | 10.0 |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
|
12-02-2023 - 23:21 | 09-06-2016 - 16:59 | |
CVE-2016-4447 | 5.0 |
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
|
12-02-2023 - 23:21 | 09-06-2016 - 16:59 | |
CVE-2016-3717 | 7.1 |
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
|
12-02-2023 - 23:20 | 05-05-2016 - 18:59 | |
CVE-2016-3716 | 4.3 |
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
|
12-02-2023 - 23:20 | 05-05-2016 - 18:59 | |
CVE-2016-3705 | 5.0 |
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and applic
|
12-02-2023 - 23:18 | 17-05-2016 - 14:08 | |
CVE-2016-0718 | 7.5 |
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
|
12-02-2023 - 23:15 | 26-05-2016 - 16:59 | |
CVE-2016-3189 | 4.3 |
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
|
16-08-2022 - 13:17 | 30-06-2016 - 17:59 | |
CVE-2012-0876 | 4.3 |
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit
|
05-08-2022 - 14:52 | 03-07-2012 - 19:55 | |
CVE-2015-1283 | 6.8 |
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspec
|
05-07-2022 - 18:57 | 23-07-2015 - 00:59 | |
CVE-2015-8126 | 7.5 |
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a den
|
13-05-2022 - 14:57 | 13-11-2015 - 03:59 | |
CVE-2016-6185 | 4.6 |
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
|
17-09-2021 - 12:14 | 02-08-2016 - 14:59 | |
CVE-2016-5300 | 7.8 |
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists beca
|
31-07-2021 - 08:15 | 16-06-2016 - 18:59 | |
CVE-2016-3092 | 7.8 |
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (
|
17-07-2021 - 08:15 | 04-07-2016 - 22:59 | |
CVE-2015-8540 | 9.3 |
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impa
|
29-06-2021 - 15:15 | 14-04-2016 - 14:59 | |
CVE-2016-4483 | 5.0 |
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulne
|
29-06-2021 - 15:15 | 11-04-2017 - 16:59 | |
CVE-2016-5842 | 5.0 |
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
|
28-04-2021 - 16:33 | 13-12-2016 - 15:59 | |
CVE-2015-8806 | 5.0 |
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
|
11-09-2020 - 15:32 | 13-04-2016 - 17:59 | |
CVE-2016-2381 | 5.0 |
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
|
10-09-2020 - 13:20 | 08-04-2016 - 15:59 | |
CVE-2016-2073 | 4.3 |
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
|
23-04-2020 - 13:14 | 12-02-2016 - 15:59 | |
CVE-2016-2774 | 7.1 |
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establis
|
08-01-2020 - 17:17 | 09-03-2016 - 15:59 | |
CVE-2016-5844 | 4.3 |
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
|
27-12-2019 - 16:08 | 21-09-2016 - 14:25 | |
CVE-2015-7988 | 7.5 |
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
19-06-2019 - 16:46 | 26-06-2016 - 01:59 | |
CVE-2015-7987 | 6.8 |
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3Resour
|
19-06-2019 - 16:27 | 26-06-2016 - 01:59 | |
CVE-2013-2561 | 6.3 |
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiag
|
22-04-2019 - 17:48 | 23-11-2013 - 18:55 | |
CVE-2016-1840 | 6.8 |
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause
|
25-03-2019 - 17:27 | 20-05-2016 - 10:59 | |
CVE-2016-1839 | 4.3 |
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a craft
|
25-03-2019 - 17:27 | 20-05-2016 - 10:59 | |
CVE-2016-1838 | 4.3 |
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-
|
25-03-2019 - 17:26 | 20-05-2016 - 10:59 | |
CVE-2016-1837 | 4.3 |
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remot
|
25-03-2019 - 17:26 | 20-05-2016 - 10:59 | |
CVE-2016-1836 | 4.3 |
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via
|
25-03-2019 - 17:25 | 20-05-2016 - 10:59 | |
CVE-2016-1833 | 4.3 |
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafte
|
25-03-2019 - 17:22 | 20-05-2016 - 10:59 | |
CVE-2016-5636 | 10.0 |
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based bu
|
09-02-2019 - 11:29 | 02-09-2016 - 14:59 | |
CVE-2015-8853 | 5.0 |
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
|
02-05-2018 - 01:29 | 25-05-2016 - 15:59 | |
CVE-2016-4449 | 5.8 |
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con
|
18-01-2018 - 18:18 | 09-06-2016 - 16:59 | |
CVE-2015-8934 | 4.3 |
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
|
05-01-2018 - 02:30 | 20-09-2016 - 14:15 | |
CVE-2016-1835 | 6.8 |
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
|
05-01-2018 - 02:30 | 20-05-2016 - 10:59 | |
CVE-2016-1541 | 6.8 |
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
|
05-01-2018 - 02:30 | 07-05-2016 - 10:59 | |
CVE-2016-4302 | 6.8 |
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
|
04-11-2017 - 01:29 | 21-09-2016 - 14:25 | |
CVE-2016-4300 | 6.8 |
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buf
|
04-11-2017 - 01:29 | 21-09-2016 - 14:25 | |
CVE-2015-3228 | 6.8 |
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, whic
|
21-09-2017 - 01:29 | 11-08-2015 - 14:59 | |
CVE-2016-2531 | 4.3 |
Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that
|
08-09-2017 - 01:29 | 28-02-2016 - 04:59 | |
CVE-2016-2532 | 4.3 |
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memo
|
08-09-2017 - 01:29 | 28-02-2016 - 04:59 | |
CVE-2016-2521 | 7.2 |
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll fi
|
08-09-2017 - 01:29 | 28-02-2016 - 04:59 | |
CVE-2016-2530 | 4.3 |
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of se
|
08-09-2017 - 01:29 | 28-02-2016 - 04:59 | |
CVE-2016-6491 | 6.8 |
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
|
01-07-2017 - 01:30 | 13-12-2016 - 15:59 | |
CVE-2015-7981 | 5.0 |
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which trigge
|
01-07-2017 - 01:29 | 24-11-2015 - 20:59 | |
CVE-2016-4301 | 6.8 |
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
|
01-07-2017 - 01:29 | 21-09-2016 - 14:25 | |
CVE-2016-5687 | 7.5 |
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
|
16-12-2016 - 16:54 | 13-12-2016 - 15:59 | |
CVE-2016-5688 | 6.8 |
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer ov
|
16-12-2016 - 16:38 | 13-12-2016 - 15:59 | |
CVE-2016-5689 | 7.5 |
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
|
16-12-2016 - 16:37 | 13-12-2016 - 15:59 | |
CVE-2016-5691 | 7.5 |
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
|
16-12-2016 - 16:36 | 13-12-2016 - 15:59 | |
CVE-2016-5690 | 7.5 |
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
|
16-12-2016 - 14:14 | 13-12-2016 - 15:59 | |
CVE-2016-5841 | 7.5 |
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
|
15-12-2016 - 03:02 | 13-12-2016 - 15:59 | |
CVE-2015-8025 | 2.1 |
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
|
07-12-2016 - 18:25 | 10-11-2015 - 17:59 | |
CVE-2016-4418 | 4.3 |
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty
|
03-12-2016 - 03:27 | 01-05-2016 - 01:59 | |
CVE-2016-4078 | 4.3 |
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, rela
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4421 | 4.3 |
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifie
|
03-12-2016 - 03:27 | 01-05-2016 - 01:59 | |
CVE-2016-4079 | 4.3 |
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4082 | 4.3 |
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and appl
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4006 | 4.3 |
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4417 | 4.3 |
Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a craft
|
03-12-2016 - 03:27 | 01-05-2016 - 01:59 | |
CVE-2016-4081 | 4.3 |
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4080 | 4.3 |
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a craf
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2013-7447 | 4.3 |
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (
|
03-12-2016 - 03:00 | 17-02-2016 - 15:59 | |
CVE-2016-5357 | 4.3 |
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-5350 | 4.3 |
epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-5358 | 4.3 |
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-5356 | 4.3 |
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-5354 | 4.3 |
The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-5353 | 4.3 |
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-5351 | 4.3 |
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-5355 | 4.3 |
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-5352 | 4.3 |
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
28-11-2016 - 20:24 | 07-08-2016 - 16:59 | |
CVE-2016-4562 | 6.8 |
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and applicati
|
23-09-2016 - 02:00 | 04-06-2016 - 16:59 | |
CVE-2016-4564 | 7.5 |
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and
|
23-09-2016 - 02:00 | 04-06-2016 - 16:59 | |
CVE-2016-4563 | 6.8 |
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service
|
23-09-2016 - 02:00 | 04-06-2016 - 16:59 |