Page 54 of 400 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-10897

https://notcve.org/view.php?id=CVE-2019-10897

In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. En Wireshark 3.0.0, el disector IEEE 802.11 podía entrar en un bucle infinito. Esto se abordó en epan/disectores/packet-ieee80211.c mediante la detección de casos en los que el desplazamiento de bits no avanza. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107836 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15553 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=00d5e9e9fb377f52ab7696f25c1dbc011ef0244d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R https:& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1

CVE-2019-10896

https://notcve.org/view.php?id=CVE-2019-10896

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector DOF podría fallar. Esto fue tratado en epan/disectores/packet-dof.c manejando adecuadamente los bytes IID y OID generados. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=441b6d9071d6341e58dfe10719375489c5b8e3f0 https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html https:/ • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2019-10895

https://notcve.org/view.php?id=CVE-2019-10895

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el analizador de archivos de NetScaler puede fallar. Esto se abordó en wiretap/netscaler.c mejorando la validación de los datos. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2fbbde780e5d5d82e31dca656217daf278cf62bb https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=38680c4c6 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2019-10894

https://notcve.org/view.php?id=CVE-2019-10894

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector GSS-API puede fallar. Esto fue tratado en epan/disectors/packet-gssapi.c asegurándose de que llama a un disector válido. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-617: Reachable Assertion •

CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0

CVE-2019-3887 – Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS

https://notcve.org/view.php?id=CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. Se encontró un error en la forma en que el hipervisor KVM manejaba el acceso a x2APIC Machine Specific Rregister (MSR) con la virtualización anidada (=1) habilitada. • http://www.securityfocus.com/bid/107850 https://access.redhat.com/errata/RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2741 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE https://usn.ubuntu.com/3979-1 https://usn.ubuntu.com/3980-1 https://usn.ubuntu.com/3980-2 https://access.redhat.com/security/cve/CVE-2019-3887 https://bugzilla • CWE-863: Incorrect Authorization •