CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2012-4291 – wireshark: DoS via excessive system resource consumption in CIP dissector (wnpa-sec-2012-20)
https://notcve.org/view.php?id=CVE-2012-4291
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. El disector CIP en Wireshark v1.4.x antes de v1.4.15, v1.6.x antes de v1.6.10 y v1.8.x antes de v1.8.2 permite a atacantes remotos causar una denegación de servicio (por excesivo consumo de memoria) a través de un paquete con formato erróneo. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html http://rhn.redhat.com/errata/RHSA-2013-0125.html http://secunia.com/advisories/50276 http://secunia.com/advisories/51363 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bid/55035 http://www.wireshark.org/security/wnpa-sec-2012-20.html https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3 https://bugs.wireshark.or • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 1CVE-2012-4285 – wireshark: crash due to zero division in DCP ETSI dissector (wnpa-sec-2012-13)
https://notcve.org/view.php?id=CVE-2012-4285
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. La función dissect_pft en epan/dissectors/packet-dcp-etsi.c en el (DCP ETSI dissector) en Wireshark v1.4.x anterior a v1.4.15, v1.6.x anterior a v1.6.10, y v1.8.x anterior a v1.8.2 permite a atacantes remotos causar una denegación de servicio (error de división por cero y caída de la aplicación) a través de un mensaje con longitud cero. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=44247&r2=44246&pathrev=44247 http://anonsvn.wireshark.org/viewvc?view=revision&revision=44247 http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html http://rhn.redhat.com/errata/RHSA-2013-0125.html http://secunia.com/advisories/50276 http://secunia.com/advisories/51363 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bi • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2012-4290 – wireshark: DoS via excessive CPU consumption in CTDB dissector (wnpa-sec-2012-23)
https://notcve.org/view.php?id=CVE-2012-4290
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. El (dissector CTDB) en Wireshark v1.4.x anterior a v1.4.15, v1.6.x anterior a v1.6.10, y v1.8.x anterior a v1.8.2 permite a atacantes remotos causar una denegación de servicio, bucle y consumo de CPU a través de un paquete mal construido. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html http://rhn.redhat.com/errata/RHSA-2013-0125.html http://secunia.com/advisories/50276 http://secunia.com/advisories/51363 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bid/55035 http://www.wireshark.org/security/wnpa-sec-2012-23.html https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3 https://bugs.wireshark.or • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2012-4289 – wireshark: DoS via excessive CPU consumption in AFP dissector (wnpa-sec-2012-17)
https://notcve.org/view.php?id=CVE-2012-4289
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. epan/dissectors/packet-afp.c en el AFP dissector en Wireshark v1.4.x anterior a v1.4.15, v1.6.x anterior a v1.6.10, y v1.8.x anterior a v1.8.2 permite a atacantes remotos causar una denegación de servicio, bucle y consumo de CPU, a través de un número grande de entradas en una lista de control de acceso (ACL). • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-afp.c?r1=44317&r2=44316&pathrev=44317 http://anonsvn.wireshark.org/viewvc?view=revision&revision=44317 http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html http://rhn.redhat.com/errata/RHSA-2013-0125.html http://secunia.com/advisories/50276 http://secunia.com/advisories/51363 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bid/55 • CWE-399: Resource Management Errors •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 1CVE-2012-3440 – sudo: insecure temporary file use in RPM %postun script
https://notcve.org/view.php?id=CVE-2012-3440
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. Una secuencia de comandos seguro de Red Hat para sudo v1.7.2 sobre Red Hat Enterprise Linux (RHEL) v5 permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlace simbólico en el directorio temporal /var/tmp/nsswitch.conf.bak • http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/54868 https://bugzilla.redhat.com/show_bug.cgi?id=844442 https://access.redhat.com/security/cve/CVE-2012-3440 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •