CVSS: 7.5EPSS: 4%CPEs: 13EXPL: 1CVE-2019-10895
https://notcve.org/view.php?id=CVE-2019-10895
09 Apr 2019 — In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el analizador de archivos de NetScaler puede fallar. Esto se abordó en wiretap/netscaler.c mejorando la validación de los datos. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 12EXPL: 1CVE-2019-10896
https://notcve.org/view.php?id=CVE-2019-10896
09 Apr 2019 — In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector DOF podría fallar. Esto fue tratado en epan/disectores/packet-dof.c manejando adecuadamente los bytes IID y OID generados. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-10897
https://notcve.org/view.php?id=CVE-2019-10897
09 Apr 2019 — In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. En Wireshark 3.0.0, el disector IEEE 802.11 podía entrar en un bucle infinito. Esto se abordó en epan/disectores/packet-ieee80211.c mediante la detección de casos en los que el desplazamiento de bits no avanza. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-10898
https://notcve.org/view.php?id=CVE-2019-10898
09 Apr 2019 — In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. En Wireshark 3.0.0, el disector GSUP podía entrar en un bucle infinito. Esto fue tratado en epan/disectors/packet-gsm_gsup.c rechazando una longitud inválida del Elemento de Información. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 1CVE-2019-10899
https://notcve.org/view.php?id=CVE-2019-10899
09 Apr 2019 — In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector SRVLOC podría fallar. Esto se abordó en epan/disectors/packet-srvloc.c evitando una lectura insuficiente del búfer basado en pilas. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-10900
https://notcve.org/view.php?id=CVE-2019-10900
09 Apr 2019 — In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. En Wireshark 3.0.0, el disector Rbm podía entrar en un bucle infinito. Esto fue tratado en epan/disectors/file-rbm.c manejando tipos de objetos desconocidos de forma segura. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 1CVE-2019-10901 – Ubuntu Security Notice USN-3986-1
https://notcve.org/view.php?id=CVE-2019-10901
09 Apr 2019 — In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector LDSS podría cerrarse de forma inesperada. Esto fue tratado en epan/disectores/packet-ldsss.c mediante el manejo adecuado de los archivos de digest. It was discovered that Wireshark improperly handled certain input. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-10902
https://notcve.org/view.php?id=CVE-2019-10902
09 Apr 2019 — In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. En Wireshark 3.0.0, el disector TSDNS podría cerrarse de forma inesperada. Esto fue tratado en epan/disectors/packet-tsdns.c dividiendo las cadenas de forma segura. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 4%CPEs: 13EXPL: 1CVE-2019-10903
https://notcve.org/view.php?id=CVE-2019-10903
09 Apr 2019 — In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7, y 3.0.0, el disector DCERPC SPOOLSS podría cerrarse inesperadamente. Esto fue tratado en epan/disectores/packet-dcerpc-spoolss.c añadiendo una comprobación de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0CVE-2019-3887 – Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS
https://notcve.org/view.php?id=CVE-2019-3887
09 Apr 2019 — A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. Se encontró un error en la forma en que el hipervisor KVM manejaba el acceso a x2APIC Machine Specific Rre... • http://www.securityfocus.com/bid/107850 • CWE-863: Incorrect Authorization •