CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2018-19623 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-19623
29 Nov 2018 — In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el disector LBMPDM podría cerrarse inesperadamente. Además, un atacante remoto podría escribir datos arbitrarios a cualquier ubicación de memoria antes de la memoria en el alc... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19624 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-19624
29 Nov 2018 — In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el disector PVFS podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-pvfs2.c evitando una desreferencia de puntero NULL. Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19625 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-19625
29 Nov 2018 — In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el motor de disección podría cerrarse inesperadamente. Esto se abordó en epan/tvbuff_composite.c evitando una sobrelectura de búfer basada en memoria dinámica (heap). Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of serv... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19626 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-19626
29 Nov 2018 — In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el disector DCOM podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-dcom.c añadiendo la terminación "\0". Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 10%CPEs: 10EXPL: 1CVE-2018-14629 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-14629
27 Nov 2018 — A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. Se ha descubierto una vulnerabilidad de denegación de servicio (DoS) en el servidor LDAP de Samba en versiones anteriores a la 4.7.12, 4.8.7, y 4.9.3. Un bucle CNAME podría conducir a una recursión infinita en el servidor. • http://www.securityfocus.com/bid/106022 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 5%CPEs: 10EXPL: 0CVE-2018-16851 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-16851
27 Nov 2018 — Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. Samba, desd... • http://www.securityfocus.com/bid/106027 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16862 – Ubuntu Security Notice USN-4094-1
https://notcve.org/view.php?id=CVE-2018-16862
26 Nov 2018 — A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. Se ha detectado un fallo de seguridad en el kernel de Linux de manera que el subsistema "cleancache" borre un inode después del truncado de archivos final (eliminación). El nuevo archivo creado con el mismo inode podría contener páginas r... • http://www.securityfocus.com/bid/106009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2018-19540
https://notcve.org/view.php?id=CVE-2018-19540
26 Nov 2018 — An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 1CVE-2018-19539 – openSUSE Security Advisory - openSUSE-SU-2019:1315-1
https://notcve.org/view.php?id=CVE-2018-19539
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una violación de acceso en la función jas_image_readcmpt en libjasper/base/jas_image.c, provocando una denegación de servicio (DoS). An update that fixes three vulnerabilities is now available. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 1CVE-2018-19542 – Ubuntu Security Notice USN-4688-1
https://notcve.org/view.php?id=CVE-2018-19542
26 Nov 2018 — An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la función jp2_decode en libjasper/jp2/jp2_dec.c, provocando una denegación de servicio (DoS). It was discovered that Jasper incorrectly certain files. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html • CWE-476: NULL Pointer Dereference •