Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
Max CVSS
7.5
EPSS Score
1.49%
Published
2015-11-13
Updated
2022-05-13
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
Max CVSS
4.7
EPSS Score
0.10%
Published
2015-11-16
Updated
2023-10-10
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
Max CVSS
5.0
EPSS Score
95.54%
Published
2015-12-16
Updated
2019-12-27
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.
Max CVSS
4.3
EPSS Score
0.43%
Published
2015-11-15
Updated
2017-09-15
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
Max CVSS
7.5
EPSS Score
4.88%
Published
2015-10-01
Updated
2021-07-07
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
4.3
EPSS Score
0.29%
Published
2015-08-24
Updated
2016-12-24
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-08-24
Updated
2019-12-27
The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Max CVSS
4.3
EPSS Score
0.29%
Published
2015-08-24
Updated
2016-12-24
The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-08-24
Updated
2019-12-27
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-08-24
Updated
2019-12-27
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-08-24
Updated
2019-12-27
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-08-24
Updated
2019-12-27
The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.
Max CVSS
4.3
EPSS Score
0.29%
Published
2015-08-24
Updated
2016-12-24
The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
4.3
EPSS Score
0.29%
Published
2015-08-24
Updated
2016-12-24
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
Max CVSS
5.0
EPSS Score
1.64%
Published
2015-08-24
Updated
2016-12-24
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
Max CVSS
5.0
EPSS Score
2.36%
Published
2015-08-24
Updated
2017-10-03
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
Max CVSS
4.3
EPSS Score
0.61%
Published
2015-07-14
Updated
2017-09-22
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
Max CVSS
7.8
EPSS Score
13.53%
Published
2015-07-14
Updated
2017-09-22
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
Max CVSS
3.5
EPSS Score
0.18%
Published
2015-10-22
Updated
2022-09-20
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820.
Max CVSS
4.6
EPSS Score
0.06%
Published
2015-10-22
Updated
2016-12-24
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD.
Max CVSS
4.6
EPSS Score
0.06%
Published
2015-10-21
Updated
2016-12-24
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
Max CVSS
4.6
EPSS Score
0.25%
Published
2015-10-21
Updated
2022-08-05
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
Max CVSS
4.0
EPSS Score
0.54%
Published
2015-10-21
Updated
2022-09-08
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel.
Max CVSS
4.9
EPSS Score
0.06%
Published
2015-10-21
Updated
2016-12-24
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
Max CVSS
3.5
EPSS Score
0.28%
Published
2015-10-21
Updated
2022-09-20
159 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!