Page 3 of 37 results (0.013 seconds)

CVSS: 9.3EPSS: 1%CPEs: 31EXPL: 2

Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. Una vulnerabilidad de ruta de búsqueda no confiable en Wireshark versiones 0.8.4 hasta 1.0.15 y versiones 1.2.0 hasta 1.2.10 permite a los usuarios locales, y posiblemente a atacantes remotos, ejecutar código arbitrario y conducir ataques de secuestro de DLL por medio de un archivo airpcap.dll de tipo caballo de Troya, y posiblemente otros DLL, que se encuentra en la misma carpeta que un archivo que inicia automáticamente Wireshark. • https://www.exploit-db.com/exploits/14721 http://secunia.com/advisories/41064 http://www.exploit-db.com/exploits/14721 http://www.vupen.com/english/advisories/2010/2165 http://www.vupen.com/english/advisories/2010/2243 http://www.wireshark.org/security/wnpa-sec-2010-09.html http://www.wireshark.org/security/wnpa-sec-2010-10.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498 •

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0

Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. Desbordamiento de buffer de pila en el componente "ASN.1 BER dissector" de Wireshark v0.10.13 hasta la versión v1.0.14 y v1.2.0 hasta la v1.2.9 tiene un impacto desconocido y vectores de ataque en remoto. NOTA: esta vulnerabilidad existe debido a la regresión de CVE-2010-2284. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42877 http://secunia.com/advisories/43068 http://www.vupen.com/english/advisories/2011/0076 http://www.vupen.com/english/advisories/2011/0212 http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12047 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 33EXPL: 0

The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. El Universal Decompressor Virtual Machine (UDVM) de SigComp en Wireshark versiones 0.10.8 hasta 1.0.14 y versiones 1.2.0 hasta 1.2.9, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de vectores relacionados con el archivo sigcomp-udvm.c y un error por un paso, lo que desencadena un desbordamiento del búfer, vulnerabilidades diferentes de CVE-2010-2287. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42877 http://secunia.com/advisories/43068 http://www.vupen.com/english/advisories/2011/0076 http://www.vupen.com/english/advisories/2011/0212 http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4867 https://oval.cisecurity.org/repository/search • CWE-189: Numeric Errors •

CVSS: 3.3EPSS: 0%CPEs: 41EXPL: 0

The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. El analizador de protocolo SigComp Universal Decompressor Virtual Machine en Wireshark v0.10.7 hasta v1.0.13 y v1.2.0 hasta v1.2.8 permite a atacantes remotos provocar una denegación de servicio (búcle infinito) a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40112 http://secunia.com/advisories/42877 http://secunia.com/advisories/43068 http://www.mandriva.com/security/advisories?name=MDVSA-2010:113 http://www.openwall.com/lists/oss-security/2010/06/11/1 http://www.securityfocus.com/bid/40728 http://www.vupen.com/english/advisories/2010/1418 http://www. • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 3.3EPSS: 0%CPEs: 35EXPL: 0

The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. El disector de SMB PIPE en Wireshark v0.8.20 a 1.0.13 y v1.2.0 a v1.2.8 permite a atacantes remotos provocar una denegación de servicio (desreferencia de puntero nulo) a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40112 http://secunia.com/advisories/42877 http://secunia.com/advisories/43068 http://www.mandriva.com/security/advisories?name=MDVSA-2010:113 http://www.openwall.com/lists/oss-security/2010/06/11/1 http://www.securityfocus.com/bid/40728 http://www.vupen.com/english/advisories/2010/1418 http://www. •