Page 6 of 60 results (0.008 seconds)

CVSS: 10.0EPSS: 93%CPEs: 42EXPL: 2

Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de cadena de formato en el disector PROFINET/DCP (PN-DCP) en Wireshark versión 1.0.6 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un paquete PN-DCP con especificadores de cadena de formato en el nombre station. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/8308 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34542 http://secunia.com/advisories/34778 http://secunia.com/advisories/34970 http://secunia.com/advisories/35133 http://secunia.com/advisories/35224 http://secunia.com/advisories/35416 http://secunia.com/advisories/35464 http://wiki.rpath.com/Advisories:rPSA-2009-0062 http://www.debian.org/security/2009/dsa-1785 http://www.m • CWE-134: Use of Externally-Controlled Format String •

CVSS: 5.0EPSS: 0%CPEs: 41EXPL: 0

Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. Wireshark 1.0.4 y anteriores permite a atacantes remotos causar una denegación de servicio a través de una petición SMTP demasiado larga, lo que ocasiona un bucle infinito. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html http://secunia.com/advisories/32840 http://secunia.com/advisories/34144 http://securityreason.com/securityalert/4663 http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm http://wiki.rpath.com/Advisories:rPSA-2008-0336 http://www.mandriva.com/security/advisories?name=MDVSA-2008:242 http://www.openwall.com/lists/oss-security/2008/11/24/1 http://www.redhat.com/support/errata/RHSA-2009-0313.html h • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0

Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. Vulnerabilidad de uso después de la liberación en la función dissect_q931_cause_ie en packet-q931.c en el analizador Q.931 de Wireshark v0.10.3 a la v1.0.3, permite a atacantes remotos provocar una denegación de servicio (aborto o caída de aplicación) a través de determinados paquetes que lanzan una excepción. • http://secunia.com/advisories/32355 http://secunia.com/advisories/32944 http://secunia.com/advisories/34144 http://securitytracker.com/id?1021069 http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm http://wiki.rpath.com/Advisories:rPSA-2008-0336 http://www.debian.org/security/2008/dsa-1673 http://www.mandriva.com/security/advisories?name=MDVSA-2008:215 http://www.redhat.com/support/errata/RHSA-2009-0313.html http://www.securityfocus.com/archive/1/499154/100/0/th • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 29EXPL: 0

Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. Wireshark (anteriormente Ethereal) 0.9.7 hasta 1.0.2, permite a los atacantes causar una denegación de servicio (cuelgue), a través de un paquete NCP manipulado que provoca un bucle infinito. • http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675 http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http://www.mandriva.com/security/advisories?name=MDVSA-2008:199 http://www.redhat.com/support/errata/RHSA-2008 • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0

Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. Aplicación Wireshark (conocida como Ehtereal) 0.10.14 a la v 1.0.2, permite a atacantes provocar una denegación de servicio (caída) a través de un paquete con datos zlib-compressed manipulados que lanzan una lectura errónea en la función tvb_uncompress. • http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http://www.debian.org/security/2008/dsa-1673 http://www.mandriva.com/security/advisories?name=MDVSA-2008:199 http://www.redhat. • CWE-20: Improper Input Validation •