News aggregator

CVE-2019-10898

National Vulnerability Database - Tue, 04/09/2019 - 00:29
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
Categories: Security News

CVE-2019-10899

National Vulnerability Database - Tue, 04/09/2019 - 00:29
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
Categories: Security News

CVE-2019-10900

National Vulnerability Database - Tue, 04/09/2019 - 00:29
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
Categories: Security News

CVE-2019-10901

National Vulnerability Database - Tue, 04/09/2019 - 00:29
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
Categories: Security News

CVE-2019-10902

National Vulnerability Database - Tue, 04/09/2019 - 00:29
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
Categories: Security News

CVE-2019-10903

National Vulnerability Database - Tue, 04/09/2019 - 00:29
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
Categories: Security News

CVE-2019-10894

National Vulnerability Database - Tue, 04/09/2019 - 00:29
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
Categories: Security News

Vuln: Apache HTTP Server CVE-2019-0211 Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Tue, 04/09/2019 - 00:00
Apache HTTP Server CVE-2019-0211 Local Privilege Escalation Vulnerability
Categories: Security News

CVE-2019-0770

National Vulnerability Database - Mon, 04/08/2019 - 23:29
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.
Categories: Security News

CVE-2019-0771

National Vulnerability Database - Mon, 04/08/2019 - 23:29
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0773, CVE-2019-0783.
Categories: Security News

CVE-2019-0772

National Vulnerability Database - Mon, 04/08/2019 - 23:29
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667.
Categories: Security News

CVE-2019-0773

National Vulnerability Database - Mon, 04/08/2019 - 23:29
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0783.
Categories: Security News

CVE-2019-0774

National Vulnerability Database - Mon, 04/08/2019 - 23:29
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0614.
Categories: Security News

CVE-2019-0775

National Vulnerability Database - Mon, 04/08/2019 - 23:29
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.
Categories: Security News

CVE-2019-0776

National Vulnerability Database - Mon, 04/08/2019 - 23:29
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
Categories: Security News

CVE-2019-0777

National Vulnerability Database - Mon, 04/08/2019 - 23:29
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Categories: Security News

CVE-2019-0778

National Vulnerability Database - Mon, 04/08/2019 - 23:29
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
Categories: Security News

CVE-2019-0779

National Vulnerability Database - Mon, 04/08/2019 - 23:29
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.
Categories: Security News

CVE-2019-0780

National Vulnerability Database - Mon, 04/08/2019 - 23:29
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
Categories: Security News

CVE-2019-0782

National Vulnerability Database - Mon, 04/08/2019 - 23:29
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.
Categories: Security News

Pages