CVSS: 5.3EPSS: 3%CPEs: 2EXPL: 0CVE-2019-15162
https://notcve.org/view.php?id=CVE-2019-15162
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, en plataformas diferentes de Windows proporciona detalles sobre por qué falló la autenticación, lo que podría hacer más fácil para que atacantes enumeren nombres de usuario válidos. • http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 0CVE-2019-15161
https://notcve.org/view.php?id=CVE-2019-15161
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request. El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, maneja inapropiadamente ciertos valores de longitud debido a la reutilización de una variable. Esto puede abrir un vector de ataque involucrando datos adicionales al final de una petición. • http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16227 – tcpdump: Buffer over-read in print-802_11.c
https://notcve.org/view.php?id=CVE-2018-16227
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. El analizador IEEE 802.11 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en el archivo print-802_11.c para el subcampo Mesh Flags. An out-of-bounds read vulnerability was discovered in tcpdump while printing IEEE 802.11 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-14464 – tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c
https://notcve.org/view.php?id=CVE-2018-14464
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). El analizador LMP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-lmp.c:lmp_print_data_link_subobjs(). An out-of-bounds read vulnerability was discovered in tcpdump while printing LMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-10103 – tcpdump: SMB data printing mishandled
https://notcve.org/view.php?id=CVE-2018-10103
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). tcpdump versiones anteriores a 4.9.3, maneja inapropiadamente la impresión de datos SMB (problema 1 de 2). • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN https://lists.fedoraproject.org/archives/list/package&# • CWE-20: Improper Input Validation •