Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-08-07 CVE-2016-5356 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
network
wireshark CWE-119
4.3
2016-08-07 CVE-2016-5355 Improper Input Validation vulnerability in Wireshark
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
network
wireshark CWE-20
4.3
2016-08-07 CVE-2016-5354 NULL Pointer Dereference vulnerability in Wireshark
The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
wireshark CWE-476
4.3
2016-08-07 CVE-2016-5353 Improper Input Validation vulnerability in Wireshark
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
wireshark CWE-20
4.3
2016-08-07 CVE-2016-5352 Out-of-bounds Read vulnerability in Wireshark
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
wireshark CWE-125
4.3
2016-08-07 CVE-2016-5351 Improper Input Validation vulnerability in Wireshark
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
wireshark CWE-20
4.3
2016-08-07 CVE-2016-5350 Resource Management Errors vulnerability in Wireshark
epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
network
wireshark CWE-399
4.3
2016-08-07 CVE-2016-6128 Improper Input Validation vulnerability in multiple products
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
network
low complexity
debian opensuse libgd canonical CWE-20
5.0
2016-08-07 CVE-2016-5767 Integer Overflow or Wraparound vulnerability in Libgd
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.
network
libgd php CWE-190
6.8
2016-08-07 CVE-2016-5766 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
6.8