| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-2572 |
20 |
|
DoS |
2016-02-27 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. |
|
2 |
CVE-2016-2571 |
20 |
|
DoS |
2016-02-27 |
2018-03-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. |
|
3 |
CVE-2016-2570 |
20 |
|
DoS |
2016-02-27 |
2018-03-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. |
|
4 |
CVE-2016-2569 |
20 |
|
DoS |
2016-02-27 |
2018-03-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. |
|
5 |
CVE-2016-2542 |
|
|
+Priv |
2016-02-24 |
2021-06-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file. |
|
6 |
CVE-2016-2537 |
20 |
|
DoS |
2016-02-23 |
2016-02-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. |
|
7 |
CVE-2016-2536 |
399 |
|
Exec Code |
2016-02-22 |
2016-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. |
|
8 |
CVE-2016-2532 |
119 |
|
DoS Overflow |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. |
|
9 |
CVE-2016-2531 |
119 |
|
DoS Overflow |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. |
|
10 |
CVE-2016-2530 |
119 |
|
DoS Overflow |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. |
|
11 |
CVE-2016-2529 |
119 |
|
DoS Overflow |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. |
|
12 |
CVE-2016-2528 |
20 |
|
DoS Overflow |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. |
|
13 |
CVE-2016-2527 |
20 |
|
DoS Overflow |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. |
|
14 |
CVE-2016-2526 |
20 |
|
DoS |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. |
|
15 |
CVE-2016-2525 |
20 |
|
DoS |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. |
|
16 |
CVE-2016-2524 |
20 |
|
DoS |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
|
17 |
CVE-2016-2523 |
399 |
|
DoS |
2016-02-28 |
2017-09-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. |
|
18 |
CVE-2016-2522 |
119 |
|
DoS Overflow |
2016-02-28 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. |
|
19 |
CVE-2016-2521 |
264 |
|
+Priv |
2016-02-28 |
2017-09-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. |
|
20 |
CVE-2016-2509 |
200 |
|
+Info |
2016-02-18 |
2016-03-23 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
21 |
CVE-2016-2398 |
254 |
|
|
2016-02-17 |
2016-03-04 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions. |
|
22 |
CVE-2016-2397 |
77 |
|
Exec Code |
2016-02-17 |
2018-03-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. |
|
23 |
CVE-2016-2396 |
77 |
|
Exec Code |
2016-02-17 |
2018-03-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. |
|
24 |
CVE-2016-2389 |
22 |
|
Dir. Trav. |
2016-02-16 |
2018-12-10 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. |
|
25 |
CVE-2016-2388 |
200 |
|
+Info |
2016-02-16 |
2021-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. |
|
26 |
CVE-2016-2387 |
79 |
|
XSS |
2016-02-16 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. |
|
27 |
CVE-2016-2386 |
89 |
|
Exec Code Sql |
2016-02-16 |
2021-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. |
|
28 |
CVE-2016-2330 |
119 |
|
DoS Overflow |
2016-02-12 |
2016-12-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions. |
|
29 |
CVE-2016-2329 |
119 |
|
DoS Overflow |
2016-02-12 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. |
|
30 |
CVE-2016-2328 |
119 |
|
DoS Overflow |
2016-02-12 |
2016-12-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. |
|
31 |
CVE-2016-2327 |
119 |
|
DoS Overflow |
2016-02-12 |
2016-12-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions. |
|
32 |
CVE-2016-2326 |
190 |
|
DoS Overflow |
2016-02-12 |
2017-07-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. |
|
33 |
CVE-2016-2316 |
191 |
|
DoS |
2016-02-22 |
2017-11-04 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values. |
|
34 |
CVE-2016-2314 |
17 |
|
DoS |
2016-02-15 |
2016-03-22 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
|
GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands. |
|
35 |
CVE-2016-2275 |
284 |
|
|
2016-02-21 |
2016-03-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code. |
|
36 |
CVE-2016-2271 |
|
|
DoS |
2016-02-19 |
2017-07-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. |
|
37 |
CVE-2016-2270 |
20 |
|
DoS |
2016-02-19 |
2017-07-01 |
4.6 |
None |
Local |
Low |
??? |
None |
None |
Complete |
|
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. |
|
38 |
CVE-2016-2268 |
310 |
|
+Info |
2016-02-08 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
39 |
CVE-2016-2232 |
|
|
DoS |
2016-02-22 |
2017-11-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost. |
|
40 |
CVE-2016-2231 |
19 |
|
DoS |
2016-02-15 |
2016-03-10 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
|
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701. |
|
41 |
CVE-2016-2230 |
255 |
|
|
2016-02-08 |
2016-02-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. |
|
42 |
CVE-2016-2214 |
79 |
|
XSS |
2016-02-08 |
2016-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
|
43 |
CVE-2016-2213 |
119 |
|
DoS Overflow |
2016-02-03 |
2016-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. |
|
44 |
CVE-2016-2201 |
20 |
|
Bypass |
2016-02-08 |
2020-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. |
|
45 |
CVE-2016-2200 |
20 |
|
DoS |
2016-02-08 |
2020-02-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. |
|
46 |
CVE-2016-2199 |
352 |
|
CSRF |
2016-02-01 |
2016-03-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. |
|
47 |
CVE-2016-2091 |
125 |
|
DoS |
2016-02-08 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. |
|
48 |
CVE-2016-2089 |
20 |
|
DoS |
2016-02-08 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. |
|
49 |
CVE-2016-2073 |
119 |
|
DoS Overflow |
2016-02-12 |
2020-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. |
|
50 |
CVE-2016-2072 |
254 |
|
|
2016-02-17 |
2016-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
