Sun Sunos vulnerabilities

CVE-2012-4294 [MEDIUM] CWE-119 CVE-2012-4294: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.

CVE-2012-4287 [MEDIUM] CWE-399 CVE-2012-4287: epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remot epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.

CVE-2012-4286 [MEDIUM] CWE-189 CVE-2012-4286: The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1. The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file.

CVE-2012-4293 [LOW] CWE-189 CVE-2012-4293: plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.

CVE-2012-4291 [LOW] CWE-399 CVE-2012-4291: The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allo The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

CVE-2012-4290 [LOW] CWE-399 CVE-2012-4290: The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 all The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.

CVE-2012-4288 [LOW] CWE-189 CVE-2012-4288: Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissec Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.

CVE-2012-4295 [LOW] CWE-20 CVE-2012-4295: Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c i Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.

CVE-2012-4289 [LOW] CWE-399 CVE-2012-4289: epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6 epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.

CVE-2012-4285 [LOW] CWE-189 CVE-2012-4285: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.

CVE-2012-4292 [LOW] CWE-20 CVE-2012-4292: The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshar The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

CVE-2012-4296 [LOW] CWE-399 CVE-2012-4296: Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1 Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.

CVE-2012-3120 [HIGH] CVE-2012-3120: Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, re Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP.

CVE-2012-3125 [HIGH] CVE-2012-3125: Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect avail Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP.

CVE-2012-3124 [MEDIUM] CVE-2012-3124: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, r Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL.

CVE-2012-1765 [MEDIUM] CVE-2012-1765: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknow Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone.

CVE-2012-3127 [MEDIUM] CVE-2012-3127: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, r Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP.

CVE-2012-3123 [MEDIUM] CVE-2012-3123: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.

CVE-2012-3121 [MEDIUM] CVE-2012-3121: Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availabil Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer.

CVE-2012-3131 [MEDIUM] CVE-2012-3131: Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect conf Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS.