National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:opensuse:opensuse:12.3
There are 135 matching records.
Displaying matches 121 through 135.
Vuln ID Summary CVSS Severity
CVE-2013-2488

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.

Published: March 07, 2013; 10:55:02 AM -05:00
    V2: 5.0 MEDIUM
CVE-2013-2487

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.

Published: March 07, 2013; 10:55:02 AM -05:00
    V2: 7.8 HIGH
CVE-2013-2486

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 6.1 MEDIUM
CVE-2013-2485

The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 6.1 MEDIUM
CVE-2013-2484

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 3.3 LOW
CVE-2013-2483

The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 3.3 LOW
CVE-2013-2482

The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 6.1 MEDIUM
CVE-2013-2481

Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 2.9 LOW
CVE-2013-2480

The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 3.3 LOW
CVE-2013-2479

The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 3.3 LOW
CVE-2013-2478

The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 3.3 LOW
CVE-2013-2477

The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 3.3 LOW
CVE-2013-2476

The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 6.1 MEDIUM
CVE-2013-2475

The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Published: March 07, 2013; 10:55:01 AM -05:00
    V2: 3.3 LOW
CVE-2008-4636

yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.

Published: November 26, 2008; 07:30:00 PM -05:00
    V2: 7.2 HIGH