12.3

DATE	CVE	VULNERABILITY TITLE	RISK
2013-03-07	CVE-2013-2481	Numeric Errors vulnerability in multiple products Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. wireshark debian opensuse CWE-189	2.9
2013-03-07	CVE-2013-2480	Denial of Service vulnerability in Wireshark RTPS And RTPS2 Dissectors The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. low complexity debian opensuse wireshark	3.3
2013-03-07	CVE-2013-2479	Denial of Service vulnerability in Wireshark MPLS Echo Dissector The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. low complexity wireshark opensuse	3.3
2013-03-07	CVE-2013-2478	Numeric Errors vulnerability in multiple products The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. low complexity debian opensuse wireshark CWE-189	3.3
2013-03-07	CVE-2013-2477	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. low complexity wireshark opensuse CWE-119	3.3
2013-03-07	CVE-2013-2476	Resource Management Errors vulnerability in multiple products The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. low complexity wireshark opensuse CWE-399	6.1
2013-03-07	CVE-2013-2475	Denial of Service vulnerability in Wireshark TCP Dissector The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. low complexity wireshark opensuse	3.3
2012-12-28	CVE-2012-4528	The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. network low complexity trustwave opensuse fedoraproject	5.0
2012-10-10	CVE-2012-4183	USE After Free vulnerability in multiple products Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. network mozilla canonical redhat opensuse suse CWE-416 critical	9.3
2012-07-22	CVE-2009-5031	Cross-Site Scripting vulnerability in multiple products ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. network trustwave opensuse CWE-79	4.3