CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-20

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4085 20 DoS Overflow 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.
2 CVE-2016-4083 20 DoS 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
3 CVE-2016-4078 20 DoS 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.
4 CVE-2016-4061 20 DoS 2016-04-22 2016-04-28
5.0
None Remote Low Not required None None Partial
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.
5 CVE-2016-3980 20 DoS 2016-04-08 2016-04-14
5.0
None Remote Low Not required None None Partial
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2259547.
6 CVE-2016-3979 20 DoS 2016-04-08 2016-04-25
5.0
None Remote Low Not required None None Partial
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2256185.
7 CVE-2016-3961 20 DoS 2016-04-15 2016-04-18
2.1
None Local Low Not required None None Partial
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
8 CVE-2016-3950 20 DoS 2016-04-18 2016-04-19
6.8
None Remote Low Single system None None Complete
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
9 CVE-2016-3678 20 DoS 2016-04-11 2016-04-14
7.8
None Remote Low Not required None None Complete
Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.
10 CVE-2016-3654 20 Exec Code 2016-04-12 2016-04-20
9.0
User Remote Low Single system Complete Complete Complete
The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.
11 CVE-2016-3071 20 DoS 2016-04-18 2016-04-20
5.0
None Remote Low Not required None None Partial
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.
12 CVE-2016-3069 20 Exec Code 2016-04-13 2016-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
13 CVE-2016-3068 20 Exec Code 2016-04-13 2016-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
14 CVE-2016-2844 20 DoS 2016-03-05 2016-03-08
9.3
None Remote Medium Not required Complete Complete Complete
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
15 CVE-2016-2774 20 DoS 2016-03-09 2016-03-22
7.1
None Remote Medium Not required None None Complete
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
16 CVE-2016-2572 20 DoS 2016-02-27 2016-03-03
5.0
None Remote Low Not required None None Partial
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
17 CVE-2016-2571 20 DoS 2016-02-27 2016-03-14
5.0
None Remote Low Not required None None Partial
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
18 CVE-2016-2570 20 DoS 2016-02-27 2016-03-14
5.0
None Remote Low Not required None None Partial
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
19 CVE-2016-2569 20 DoS 2016-02-27 2016-03-14
5.0
None Remote Low Not required None None Partial
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
20 CVE-2016-2562 20 +Info 2016-03-01 2016-03-03
5.8
None Remote Medium Not required Partial Partial None
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
21 CVE-2016-2537 20 DoS 2016-02-23 2016-02-29
5.0
None Remote Low Not required None None Partial
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.
22 CVE-2016-2533 20 DoS Overflow 2016-04-13 2016-04-18
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
23 CVE-2016-2528 20 DoS Overflow 2016-02-27 2016-03-03
4.3
None Remote Medium Not required None None Partial
The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
24 CVE-2016-2527 20 DoS Overflow 2016-02-27 2016-03-03
4.3
None Remote Medium Not required None None Partial
wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.
25 CVE-2016-2526 20 DoS 2016-02-27 2016-03-01
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
26 CVE-2016-2525 20 DoS 2016-02-27 2016-03-01
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
27 CVE-2016-2524 20 DoS 2016-02-27 2016-03-01
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
28 CVE-2016-2424 20 DoS 2016-04-17 2016-04-25
7.1
None Remote Medium Not required None None Complete
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719.
29 CVE-2016-2414 20 DoS Mem. Corr. 2016-04-17 2016-04-21
4.9
None Local Low Not required None None Complete
The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177.
30 CVE-2016-2411 20 +Priv 2016-04-17 2016-04-19
9.3
None Remote Medium Not required Complete Complete Complete
A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
31 CVE-2016-2390 20 DoS 2016-04-19 2016-04-22
4.3
None Remote Medium Not required None None Partial
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
32 CVE-2016-2381 20 Bypass 2016-04-08 2016-04-25
5.0
None Remote Low Not required None Partial None
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
33 CVE-2016-2270 20 DoS 2016-02-19 2016-02-29
4.6
None Local Low Single system None None Complete
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
34 CVE-2016-2216 20 Http R.Spl. Bypass 2016-04-07 2016-04-11
4.3
None Remote Medium Not required None Partial None
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
35 CVE-2016-2201 20 Bypass 2016-02-08 2016-02-18
5.0
None Remote Low Not required None Partial None
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
36 CVE-2016-2200 20 DoS 2016-02-08 2016-02-18
7.8
None Remote Low Not required None None Complete
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
37 CVE-2016-2170 20 Exec Code 2016-04-12 2016-04-14
7.5
None Remote Low Not required Partial Partial Partial
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
38 CVE-2016-2145 20 DoS 2016-04-15 2016-04-25
5.0
None Remote Low Not required None None Partial
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.
39 CVE-2016-2098 20 Exec Code 2016-04-07 2016-04-11
7.5
None Remote Low Not required Partial Partial Partial
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
40 CVE-2016-2089 20 DoS 2016-02-08 2016-02-12
4.3
None Remote Medium Not required None None Partial
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
41 CVE-2016-2088 20 DoS 2016-03-09 2016-04-04
4.3
None Remote Medium Not required None None Partial
resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.
42 CVE-2016-2086 20 2016-04-07 2016-04-11
5.0
None Remote Low Not required None Partial None
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
43 CVE-2016-1998 20 Exec Code 2016-03-22 2016-03-22
10.0
None Remote Low Not required Complete Complete Complete
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
44 CVE-2016-1997 20 Exec Code 2016-03-22 2016-03-22
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
45 CVE-2016-1987 20 DoS 2016-02-18 2016-03-07
2.6
None Remote High Not required None None Partial
HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.
46 CVE-2016-1983 20 DoS 2016-01-27 2016-01-31
5.0
None Remote Low Not required None None Partial
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
47 CVE-2016-1982 20 DoS 2016-01-27 2016-01-31
5.0
None Remote Low Not required None None Partial
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
48 CVE-2016-1942 20 2016-01-31 2016-02-10
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.
49 CVE-2016-1929 20 DoS 2016-01-20 2016-01-22
8.5
None Remote Low Not required None Partial Complete
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.
50 CVE-2016-1763 20 +Info 2016-03-23 2016-03-25
3.5
None Remote Medium Single system Partial None None
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
Total number of vulnerabilities : 3694   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.