http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
Source: MITRE
Max CVSS
7.5
EPSS Score
67.46%
Published
2016-02-27
Updated
2018-01-05
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
Source: MITRE
Max CVSS
7.5
EPSS Score
59.10%
Published
2016-02-27
Updated
2018-03-16
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
Source: MITRE
Max CVSS
7.5
EPSS Score
66.60%
Published
2016-02-27
Updated
2018-03-16
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
Source: MITRE
Max CVSS
7.5
EPSS Score
95.67%
Published
2016-02-27
Updated
2018-03-16
Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-02-24
Updated
2021-06-14
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.43%
Published
2016-02-23
Updated
2016-02-29
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
Source: MITRE
Max CVSS
8.8
EPSS Score
10.52%
Published
2016-02-22
Updated
2016-05-20
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.39%
Published
2016-02-28
Updated
2017-09-08
Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.39%
Published
2016-02-28
Updated
2017-09-08
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.39%
Published
2016-02-28
Updated
2017-09-08
The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.31%
Published
2016-02-28
Updated
2017-09-08
The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.36%
Published
2016-02-28
Updated
2017-09-08
wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.32%
Published
2016-02-28
Updated
2017-09-08
epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.35%
Published
2016-02-28
Updated
2017-09-08
epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.35%
Published
2016-02-28
Updated
2017-09-08
epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.35%
Published
2016-02-28
Updated
2017-09-08
The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Source: MITRE
Max CVSS
7.1
EPSS Score
0.39%
Published
2016-02-28
Updated
2017-09-08
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.76%
Published
2016-02-28
Updated
2017-09-08
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-02-28
Updated
2017-09-08
The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.
Source: CERT/CC
Max CVSS
5.3
EPSS Score
0.17%
Published
2016-02-18
Updated
2016-03-23
Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.06%
Published
2016-02-17
Updated
2016-03-04
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
Source: MITRE
Max CVSS
10.0
EPSS Score
9.68%
Published
2016-02-17
Updated
2018-03-12
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
Source: MITRE
Max CVSS
9.9
EPSS Score
2.22%
Published
2016-02-17
Updated
2018-03-12
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
Source: MITRE
Max CVSS
7.8
EPSS Score
24.15%
Published
2016-02-16
Updated
2018-12-10

CVE-2016-2388

Known exploited
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
Source: MITRE
Max CVSS
5.3
EPSS Score
1.26%
Published
2016-02-16
Updated
2021-05-05
CISA KEV Added
2022-06-09
380 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!