CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2525 – Gentoo Linux Security Advisory 201604-05
https://notcve.org/view.php?id=CVE-2016-2525
28 Feb 2016 — epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. epan/dissectors/packet-http2.c en el disector HTTP/2 en Wireshark 2.0.x en versiones anteriores a 2.0.2 no limita la cantidad de datos de cabecera, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria o caída de aplicación... • http://www.securitytracker.com/id/1035118 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2526 – Gentoo Linux Security Advisory 201604-05
https://notcve.org/view.php?id=CVE-2016-2526
28 Feb 2016 — epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. epan/dissectors/packet-hiqnet.c en el disector HiQnet en Wireshark 2.0.x en versiones anteriores a 2.0.2 no valida el tipo de datos, lo que permite a ataca remotos provocar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un paque... • http://www.securitytracker.com/id/1035118 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2524 – Gentoo Linux Security Advisory 201604-05
https://notcve.org/view.php?id=CVE-2016-2524
28 Feb 2016 — epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/dissectors/packet-x509af.c en el disector X.509AF en Wireshark 2.0.x en versiones anteriores a 2.0.2 no maneja correctamente el ID de algoritmo, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. Multiple vulner... • http://www.securitytracker.com/id/1035118 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2528 – Gentoo Linux Security Advisory 201604-05
https://notcve.org/view.php?id=CVE-2016-2528
28 Feb 2016 — The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. La función dissect_nhdr_extopt en epan/dissectors/packet-lbmc.c en el disector LBMC en Wireshark 2.0.x en versiones anteriores a 2.0.2 no valida los valores de longitud, lo que permite a atacantes remotos provocar una denegaci... • http://www.securitytracker.com/id/1035118 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8734 – Gentoo Linux Security Advisory 201604-05
https://notcve.org/view.php?id=CVE-2015-8734
04 Jan 2016 — The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_nwp en epan/dissectors/packet-nwp.c en el disector NWP en Wireshark 2.0.x en versiones anteriores a 2.0.1 no maneja correctamente el tipo de paquete, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de u... • http://www.securitytracker.com/id/1034551 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8718 – Debian Security Advisory 3505-1
https://notcve.org/view.php?id=CVE-2015-8718
04 Jan 2016 — Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad de liberación doble en epan/dissectors/packet-nlm.c en el disector NLM en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anterioers a 2.0.1, cuando la opción "Match MSG/RES pa... • http://www.debian.org/security/2016/dsa-3505 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8716 – Debian Security Advisory 3505-1
https://notcve.org/view.php?id=CVE-2015-8716
04 Jan 2016 — The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función init_t38_info_conv en epan/dissectors/packet-t38.c en el disector T.38 en Wireshark 1.12.x en versiones anteriores a 1.12.9 no asegura que exista una conversación, lo que permite a atacantes remotos provocar una denegación de servicio (... • http://www.debian.org/security/2016/dsa-3505 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8738 – Gentoo Linux Security Advisory 201604-05
https://notcve.org/view.php?id=CVE-2015-8738
04 Jan 2016 — The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. La función s7comm_decode_ud_cpu_szl_subfunc en epan/dissectors/packet-s7comm_szl_ids.c en el disector S7COMM en Wireshark 2.0.x en versiones anteriores a 2.0.1 no valida el recuento de lis... • http://www.securitytracker.com/id/1034551 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8735 – Wireshark - memcpy 'get_value / dissect_btatt' SIGSEGV
https://notcve.org/view.php?id=CVE-2015-8735
04 Jan 2016 — The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. La función get_value en epan/dissectors/packet-btatt.c en el disector Bluetooth Attribute (también conocido como BT ATT) en Wireshark 2.0.x en versiones anteriores a 2.0.1 utiliza un tipo de datos de entero ... • https://www.exploit-db.com/exploits/38998 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8737 – Gentoo Linux Security Advisory 201604-05
https://notcve.org/view.php?id=CVE-2015-8737
04 Jan 2016 — The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. La función mp2t_open en wiretap/mp2t.c en el analizador de archivo MP2T en Wireshark 2.0.x en versiones anteriores a 2.0.1 no valida la tasa de bits, lo que permite a atacantes remotos causar una denegación de servicio (error de división por cero y caída de a... • http://www.securitytracker.com/id/1034551 • CWE-20: Improper Input Validation •