Original release date: January 11, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
google -- android
mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
2016-01-06
10.0
CVE-2015-6636
CONFIRM
google -- android
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
2016-01-06
9.3
CVE-2015-6637
CONFIRM
google -- android
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
2016-01-06
9.3
CVE-2015-6638
CONFIRM
google -- android
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
2016-01-06
9.3
CVE-2015-6639
CONFIRM
google -- android
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
2016-01-06
9.3
CVE-2015-6640
CONFIRM
CONFIRM
google -- android
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.
2016-01-06
7.8
CVE-2015-6642
CONFIRM
google -- android
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
2016-01-06
7.2
CVE-2015-6643
CONFIRM
google -- android
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
2016-01-06
7.1
CVE-2015-6645
CONFIRM
google -- android
The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613.
2016-01-06
7.8
CVE-2015-6646
CONFIRM
google -- android
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
2016-01-06
9.3
CVE-2015-6647
CONFIRM
hp -- j8692a
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.
2016-01-05
7.2
CVE-2015-6860
HP
hp -- ucmdb_browser
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
2016-01-07
7.2
CVE-2015-6862
HP
ibm -- i_access
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
2016-01-02
7.2
CVE-2015-2023
AIXAPAR
CONFIRM
ibm -- tivoli_monitoring
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.
2016-01-03
8.5
CVE-2015-5003
CONFIRM
AIXAPAR
ibm -- security_access_manager_9.0_firmware
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.
2016-01-02
8.5
CVE-2015-5018
CONFIRM
AIXAPAR
AIXAPAR
ibm -- connections
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
2016-01-03
7.8
CVE-2015-5038
CONFIRM
AIXAPAR
ibm -- spectrum_protect_for_virtual_environments
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
2016-01-02
10.0
CVE-2015-7426
CONFIRM
ibm -- tivoli_common_reporting
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
2016-01-02
10.0
CVE-2015-7450
CONFIRM
ipswitch -- whatsup_gold
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
2016-01-07
7.5
CVE-2015-8261
CERT-VN
pcre -- perl_compatible_regular_expression_library
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
2016-01-02
7.5
CVE-2016-1283
CONFIRM
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apache -- hadoop
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.
2016-01-02
4.6
CVE-2015-7430
CONFIRM
cisco -- ios_xr
Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486.
2016-01-04
5.0
CVE-2015-6432
CISCO
cisco -- unified_communications_manager
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
2016-01-07
4.0
CVE-2015-6433
CISCO
cisco -- prime_infrastructure
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856.
2016-01-07
4.3
CVE-2015-6434
CISCO
dx_library_project -- dx_library
Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Library before 3.16 allows remote attackers to execute arbitrary code via a crafted string.
2016-01-07
6.8
CVE-2016-1131
JVNDB
JVN
CONFIRM
eucalyptus -- eucalyptus
HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.
2016-01-04
4.6
CVE-2014-5040
CONFIRM
HP
eucalyptus -- eucalyptus
HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.
2016-01-05
4.6
CVE-2015-6861
HP
google -- android
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
2016-01-06
4.3
CVE-2015-6644
CONFIRM
hp -- jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd
HP H3C Comware 5 and 7 devices allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
2016-01-05
6.4
CVE-2015-5434
HP
hp -- storeonce_backup_system_software
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
2016-01-05
6.8
CVE-2015-5445
HP
hp -- storeonce_backup_system_software
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.
2016-01-05
5.8
CVE-2015-5446
HP
hp -- insight_management
HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.
2016-01-05
4.3
CVE-2015-6858
HP
hp -- network_switch_software
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
2016-01-05
4.6
CVE-2015-6859
HP
ibm -- qradar_security_information_and_event_manager
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.
2016-01-02
4.0
CVE-2015-2007
CONFIRM
ibm -- websphere_mq_light
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.
2016-01-01
5.0
CVE-2015-4941
CONFIRM
ibm -- websphere_mq_light
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions.
2016-01-01
5.0
CVE-2015-4943
CONFIRM
ibm -- tealeaf_customer_experience
The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.
2016-01-02
5.0
CVE-2015-4989
CONFIRM
ibm -- change_and_configuration_management_database
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
2016-01-03
5.5
CVE-2015-5017
CONFIRM
ibm -- infosphere_biginsights
The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.
2016-01-02
4.0
CVE-2015-5020
CONFIRM
ibm -- curam_social_program_management
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
2016-01-03
6.5
CVE-2015-5023
CONFIRM
ibm -- connections
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
2016-01-03
6.8
CVE-2015-5037
CONFIRM
AIXAPAR
ibm -- openpages_grc_platform
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
2016-01-01
6.5
CVE-2015-5049
CONFIRM
ibm -- maximo_asset_management
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
2016-01-03
4.0
CVE-2015-5051
CONFIRM
ibm -- maximo_asset_management
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
2016-01-02
5.5
CVE-2015-7396
CONFIRM
ibm -- mashups_center
The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
2016-01-02
6.8
CVE-2015-7400
CONFIRM
AIXAPAR
ibm -- mashups_center
Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
2016-01-02
6.8
CVE-2015-7407
CONFIRM
AIXAPAR
ibm -- sterling_b2b_integrator
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
2016-01-01
5.8
CVE-2015-7410
CONFIRM
ibm -- mq_appliance_m2000
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.
2016-01-01
5.0
CVE-2015-7420
CONFIRM
ibm -- mq_appliance_m2000
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.
2016-01-01
5.0
CVE-2015-7421
CONFIRM
ibm -- spectrum_protect_for_virtual_environments
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory.
2016-01-02
4.0
CVE-2015-7429
CONFIRM
ibm -- sterling_b2b_integrator
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
2016-01-02
4.3
CVE-2015-7431
CONFIRM
AIXAPAR
ibm -- installation_manager
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
2016-01-02
6.2
CVE-2015-7442
CONFIRM
ibm -- maximo_asset_management
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.
2016-01-02
4.0
CVE-2015-7452
CONFIRM
ibm -- spectrum_scale
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.
2016-01-01
4.0
CVE-2015-7456
AIXAPAR
CONFIRM
mozilla -- bugzilla
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.
2016-01-03
4.3
CVE-2015-8509
CONFIRM
BUGTRAQ
nodejs -- node.js
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.
2016-01-02
5.0
CVE-2015-8027
CONFIRM
CONFIRM
CONFIRM
AIXAPAR
wireshark -- wireshark
epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-3182
CONFIRM
CONFIRM
wireshark -- wireshark
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8711
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8712
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8713
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8714
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
2016-01-04
4.3
CVE-2015-8715
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8716
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8717
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8718
CONFIRM
CONFIRM
wireshark -- wireshark
The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8719
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8720
CONFIRM
CONFIRM
wireshark -- wireshark
Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.
2016-01-04
4.3
CVE-2015-8721
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
2016-01-04
4.3
CVE-2015-8722
CONFIRM
<a href="https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b32d505a59475d51d9b2bed5f086