Page 25 of 295 results (0.030 seconds)

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

CVE-2013-4075 – wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33)

https://notcve.org/view.php?id=CVE-2013-4075

epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/dissectors/packet-gmr1_bcch.c en el dissector GMR-1 BCCH en Wireshark v1.8.x anterior a v1.8.8 no inicializa correctamente memoria, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquetes especialmente diseñado. A flaw was found in GMR (Geo-Mobile Radio) 1 BCCH protocol dissector of wireshark which an attacker can trigger a denial of service attack and crash wireshark by sending a specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674 http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2017-0631.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gent • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 2%CPEs: 5EXPL: 2

CVE-2013-2765 – ModSecurity - Remote Null Pointer Dereference

https://notcve.org/view.php?id=CVE-2013-2765

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. El módulo ModSecurity anterior a 2.7.4 para Apache HTTP Server, permite a atacantes remotos provocar una denegación de servicio (deferencia a puntero NULO, caída de proceso y consumo de disco) a través de una petición POST con un cuerpo (body) de gran tamaño y una cabecera Content-Type manipulada. • https://www.exploit-db.com/exploits/25852 http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html http://sourceforge.net/mailarchive/message.php?msg_id=30900019 http://www.modsecurity.org http://www.shookalabs.com https://bugzilla.redhat.com/show_bug.cgi?id=967615 https://github • CWE-476: NULL Pointer Dereference •

CVSS: 2.6EPSS: 0%CPEs: 16EXPL: 1

CVE-2013-2061

https://notcve.org/view.php?id=CVE-2013-2061

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. La función openvpn_decrypt en el archivo crypto.c en OpenVPN versiones 2.3.0 y anteriores, cuando se ejecuta en modo UDP, permite a los atacantes remotos obtener información confidencial por medio de un ataque de sincronización que implica una función de comparación HMAC que no se ejecuta en tiempo constante y un ataque de tipo padding oracle en el cifrado en modo CBC. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:167 http://www.openwall.com/lists/oss-security/2013/05/06/6 https://bugs.gentoo.org/show_bug.cgi?id=468756 https://bugzilla.redhat.com/show_ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2013-3561 – wireshark: Multiple Denial of Service flaws

https://notcve.org/view.php?id=CVE-2013-3561

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. Múltiples desbordamientos de enteros en Wireshark v1.8.x antes de v1.8.7 permite a atacantes remotos provocar una denegación de servicio (bucle o caída de aplicación) a través de un paquete mal formado, en relación con una caída del disector Websocket, un bucle infinito en el disector de MySQL, y un gran bucle en el disector ETCH. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336 http://anonsvn.wireshark.org/viewvc? • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 1

CVE-2013-3557 – wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599)

https://notcve.org/view.php?id=CVE-2013-3557

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. La función dissect_ber_choice en epan/dissectors/packet-ber.c en el disector ASN.1 BER en Wireshark v1.6.x antes de v1.6.15 y v1.8.x antes de v1.8.7 no inicializa correctamente una determinada variable, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete mal formado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=48944&r2=48943&pathrev=48944 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48944 http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •