Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-04-28
Updated
2016-05-04
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.20%
Published
2016-04-25
Updated
2016-12-03
Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.38%
Published
2016-04-25
Updated
2016-12-03
epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.40%
Published
2016-04-25
Updated
2016-12-03
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.33%
Published
2016-04-25
Updated
2016-12-03
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.36%
Published
2016-04-25
Updated
2016-12-03
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.35%
Published
2016-04-25
Updated
2016-12-03
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.33%
Published
2016-04-25
Updated
2016-12-03
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.36%
Published
2016-04-25
Updated
2016-12-03
epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.82%
Published
2016-04-25
Updated
2016-12-03
epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.38%
Published
2016-04-25
Updated
2016-12-03
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.35%
Published
2016-04-22
Updated
2016-11-08
Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.
Source: MITRE
Max CVSS
7.8
EPSS Score
6.07%
Published
2016-04-22
Updated
2016-11-28
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.
Source: MITRE
Max CVSS
7.8
EPSS Score
6.54%
Published
2016-04-22
Updated
2016-11-28
Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.16%
Published
2016-04-22
Updated
2016-11-28
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.25%
Published
2016-04-22
Updated
2016-11-28
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.24%
Published
2016-04-22
Updated
2016-11-28
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.
Source: MITRE
Max CVSS
7.8
EPSS Score
4.87%
Published
2016-04-22
Updated
2016-11-28
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
Source: MITRE
Max CVSS
8.1
EPSS Score
22.88%
Published
2016-04-25
Updated
2019-12-27
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.55%
Published
2016-04-25
Updated
2019-12-27
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
Source: MITRE
Max CVSS
8.1
EPSS Score
4.29%
Published
2016-04-25
Updated
2016-11-30
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
Source: MITRE
Max CVSS
8.8
EPSS Score
1.36%
Published
2016-04-25
Updated
2019-12-27
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
Source: MITRE
Max CVSS
7.2
EPSS Score
0.17%
Published
2016-04-19
Updated
2016-04-22
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-04-18
Updated
2018-10-30
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.20%
Published
2016-04-14
Updated
2018-12-10
653 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!