Page 7 of 53 results (0.009 seconds)

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions. • https://www.exploit-db.com/exploits/874 http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707 http://marc.info/?l=bugtraq&m=111066805726551&w=2 http://security.lss.hr/index.php?page=details&ID=LSS-2005-03-05 http://www.debian.org/security/2005/dsa-718 http://www.ethereal.com/appnotes/enpa-sa-00018.html http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:053 http://www.redhat.com/ • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 3%CPEs: 38EXPL: 0

Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet. • http://secunia.com/advisories/13946 http://www.ciac.org/ciac/bulletins/p-106.shtml http://www.debian.org/security/2005/dsa-653 http://www.ethereal.com/appnotes/enpa-sa-00017.html http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:013 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://www.redhat.com/support/errata/RHSA-2005-037.html http://www.securityfocus.com/bid •

CVSS: 5.0EPSS: 0%CPEs: 29EXPL: 0

Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file. • http://secunia.com/advisories/11185 http://www.ethereal.com/appnotes/enpa-sa-00013.html http://www.kb.cert.org/vuls/id/695486 http://www.redhat.com/support/errata/RHSA-2004-136.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15572 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10013 https://access.redhat.com/security/cve/CVE-2004-1761 https://bugzilla.redhat.com/show_bug.cgi?id=1617416 •

CVSS: 5.0EPSS: 4%CPEs: 37EXPL: 0

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read. El diseccionador SNMP de Ethereal 0.8.15 a 0.10.4 permite a atacantes remotos causar una denegación de servicio (caída del proceso) mediante cadenas de comunidad (1) malformadas o (2) inexistentes, lo que causa una lectura fuera de límites. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://secunia.com/advisories/12024 http://securitytracker.com/id?1010655 http://www.debian.org/security/2004/dsa-528 http://www.ethereal.com/appnotes/enpa-sa-00015.html http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml http://www.kb.cert.org/vuls/id/835846 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067 http& •

CVSS: 7.5EPSS: 28%CPEs: 1EXPL: 0

The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. La función dissect_attribue_value_pairs en packet-radius.c de Ethereal 0.8.13 a 0.10.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante un paquete RADIUS malformado que dispara una desreferencia nula. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835 http://marc.info/?l=bugtraq&m=108058005324316&w=2 http://marc.info/?l=bugtraq&m=108213710306260&w=2 http://marc.info/?l=ethereal-dev&m=107962966700423&w=2 http://secunia.com/advisories/11185 http://security.gentoo.org/glsa/glsa-200403-07.xml http://www.ethereal.com/appnotes/enpa-sa-00013.html http://www.kb.cert.org/vuls/id/124454 http://www.mandriva.com/security/advisories? • CWE-476: NULL Pointer Dereference •