| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2006-6895 |
|
|
|
2006-12-31 |
2018-10-17 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses. |
|
2 |
CVE-2007-0524 |
20 |
|
DoS |
2007-01-25 |
2018-10-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. |
|
3 |
CVE-2007-2037 |
399 |
|
DoS |
2007-04-16 |
2018-11-01 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. |
|
4 |
CVE-2010-2244 |
|
|
DoS |
2010-07-08 |
2010-11-06 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. |
|
5 |
CVE-2010-2506 |
79 |
|
XSS |
2010-06-28 |
2018-10-10 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. |
|
6 |
CVE-2010-4211 |
287 |
|
|
2010-11-08 |
2017-08-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. |
|
7 |
CVE-2012-0042 |
|
|
DoS |
2012-04-11 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. |
|
8 |
CVE-2012-1820 |
|
|
DoS |
2012-06-13 |
2013-03-01 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. |
|
9 |
CVE-2012-1945 |
200 |
|
+Info |
2012-06-05 |
2017-12-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. |
|
10 |
CVE-2012-2286 |
|
|
+Info |
2012-10-10 |
2013-02-12 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. |
|
11 |
CVE-2012-2422 |
200 |
|
+Info |
2012-04-25 |
2017-12-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality. |
|
12 |
CVE-2012-3582 |
264 |
|
|
2012-09-04 |
2013-02-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. |
|
13 |
CVE-2012-4049 |
94 |
|
DoS |
2012-07-24 |
2018-10-30 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. |
|
14 |
CVE-2012-4454 |
264 |
|
|
2012-10-10 |
2017-08-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp. |
|
15 |
CVE-2012-6334 |
264 |
|
|
2012-12-31 |
2015-11-10 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." |
|
16 |
CVE-2013-0274 |
|
|
DoS |
2013-02-16 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. |
|
17 |
CVE-2013-0570 |
200 |
|
+Info |
2018-07-13 |
2018-09-10 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166. |
|
18 |
CVE-2013-0571 |
79 |
|
XSS |
2013-04-26 |
2017-08-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
|
19 |
CVE-2013-1572 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
20 |
CVE-2013-1573 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
21 |
CVE-2013-1574 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
22 |
CVE-2013-1575 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
23 |
CVE-2013-1576 |
310 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
24 |
CVE-2013-1577 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
25 |
CVE-2013-1578 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. |
|
26 |
CVE-2013-1579 |
399 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
27 |
CVE-2013-1580 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
28 |
CVE-2013-1581 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. |
|
29 |
CVE-2013-1582 |
189 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. |
|
30 |
CVE-2013-1583 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
31 |
CVE-2013-1584 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
32 |
CVE-2013-1585 |
20 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
33 |
CVE-2013-1586 |
|
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
34 |
CVE-2013-1587 |
|
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
35 |
CVE-2013-1588 |
119 |
|
DoS Overflow |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
36 |
CVE-2013-1589 |
399 |
|
DoS |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
37 |
CVE-2013-1590 |
119 |
|
DoS Overflow |
2013-02-02 |
2017-09-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
38 |
CVE-2013-1615 |
200 |
|
+Info |
2013-07-08 |
2013-07-08 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls. |
|
39 |
CVE-2013-2481 |
189 |
|
DoS |
2013-03-07 |
2018-10-30 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. |
|
40 |
CVE-2013-3984 |
200 |
|
+Info |
2014-05-26 |
2017-08-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
|
41 |
CVE-2013-3985 |
264 |
|
|
2013-11-08 |
2017-08-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable. |
|
42 |
CVE-2013-5218 |
79 |
|
XSS |
2013-12-29 |
2013-12-30 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. |
|
43 |
CVE-2014-0131 |
399 |
|
+Info |
2014-03-24 |
2015-03-25 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. |
|
44 |
CVE-2014-0905 |
264 |
|
|
2014-08-17 |
2017-08-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
|
45 |
CVE-2014-2568 |
399 |
|
+Info |
2014-03-24 |
2017-12-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced. |
|
46 |
CVE-2014-3970 |
|
|
DoS |
2014-06-11 |
2017-01-06 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet. |
|
47 |
CVE-2014-4364 |
310 |
|
|
2014-09-18 |
2017-08-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. |
|
48 |
CVE-2014-4750 |
200 |
|
+Info |
2014-08-20 |
2017-08-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network. |
|
49 |
CVE-2014-5171 |
310 |
|
+Info |
2014-07-31 |
2018-10-09 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. |
|
50 |
CVE-2014-6381 |
20 |
|
DoS |
2014-12-12 |
2014-12-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors. |
