CVE & Exploit Intelligence Database

CVE-2008-7316 5.5 MEDIUM EPSS 0.00

mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length.

CWE-20 May 02, 2016

CVE-2016-4421 5.9 MEDIUM EPSS 0.01

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.

CWE-20 May 01, 2016

CVE-2016-4420 5.9 MEDIUM EPSS 0.00

The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

CWE-20 May 01, 2016

CVE-2016-4419 5.9 MEDIUM EPSS 0.00

epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.

CWE-399 May 01, 2016

CVE-2016-4418 5.9 MEDIUM EPSS 0.00

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.

CWE-119 May 01, 2016

CVE-2016-4417 5.9 MEDIUM EPSS 0.00

Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.

CWE-119 May 01, 2016

CVE-2016-4416 5.9 MEDIUM EPSS 0.00

epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

CWE-119 May 01, 2016

CVE-2016-4415 5.9 MEDIUM EPSS 0.00

wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.

CWE-119 May 01, 2016

CVE-2016-2820 4.3 MEDIUM EPSS 0.00

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.

CWE-284 Apr 30, 2016

CVE-2016-2817 5.4 MEDIUM EPSS 0.00

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.

CWE-264 Apr 30, 2016

CVE-2016-2816 6.5 MEDIUM EPSS 0.00

Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.

CWE-284 Apr 30, 2016

CVE-2016-2813 6.5 MEDIUM EPSS 0.00

Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.

CWE-200 Apr 30, 2016

CVE-2016-2810 5.0 MEDIUM EPSS 0.00

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.

CWE-264 Apr 30, 2016

CVE-2016-2809 5.5 MEDIUM EPSS 0.00

The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.

CWE-264 Apr 30, 2016

CVE-2016-1200 6.3 MEDIUM EPSS 0.00

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.

CWE-284 Apr 30, 2016

CVE-2016-1199 5.3 MEDIUM EPSS 0.00

The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.

CWE-200 Apr 30, 2016

CVE-2016-1205 6.1 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 28, 2016

CVE-2016-0211 4.3 MEDIUM EPSS 0.02

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.

CWE-20 Apr 28, 2016

CVE-2016-3156 5.5 MEDIUM 1 Writeup EPSS 0.00

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

CWE-399 Apr 27, 2016

CVE-2016-3139 4.6 MEDIUM 1 PoC Analysis EPSS 0.00

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Apr 27, 2016