Page 22 of 127 results (0.374 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8741

https://notcve.org/view.php?id=CVE-2015-8741

The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_ppi en epan/dissectors/packet-ppi.c en el disector PPI en Wireshark 2.0.x en versiones anteriores a 2.0.1 no inicializa una estructura de datos de cabecera de paquete, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-59.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11876 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2290eba5cb25f927f9142680193ac1158d35506e https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8742

https://notcve.org/view.php?id=CVE-2015-8742

The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. La función dissect_CPMSetBindings en epan/dissectors/packet-mswsp.c en el disector MS-WSP en Wireshark 2.0.x en versiones anteriores a 2.0.1 no valida el tamaño de la columna, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria o caída de aplicación) a través de un paquete manipulado. • http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-60.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11931 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d48b0eff28c995947ac3f8d842ddd9b50dd5798d https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-8740 – Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow

https://notcve.org/view.php?id=CVE-2015-8740

The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. La función dissect_tds7_colmetadata_token en epan/dissectors/packet-tds.c en el disector TDS en Wireshark 2.0.x en versiones anteriores a 2.0.1 no valida el número de columnas, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en pila y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/39003 http://www.securityfocus.com/bid/79382 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-58.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11846 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e78093f69f1e95df919bbe644baa06c7e4e720c0 https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2015-8711

https://notcve.org/view.php?id=CVE-2015-8711

epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. epan/dissectors/packet-nbap.c en el disector NBAP en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida datos de conversación, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79814 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-31.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841 https://code.wireshark.org/review/gitweb?p=wir • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2015-8716

https://notcve.org/view.php?id=CVE-2015-8716

The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función init_t38_info_conv en epan/dissectors/packet-t38.c en el disector T.38 en Wireshark 1.12.x en versiones anteriores a 1.12.9 no asegura que exista una conversación, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79816 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-35.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eb6ccb1b0c4ad02b828652c3fe6e8d51c30a315e https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •