CVE-2018-1000822

codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...

Xxe

KeePassDX version = 2.5.0.0beta17 contains a XML External Entity XXE vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

CVE-2018-1000835

KeePassDX version = 2.5.0.0beta17 contains a XML External Entity XXE vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

CVE-2018-1000822

CVE-2018-1000822 : The vulnerability affects codelibs fess version before the commit faa265b, where the GSA XML file parser is vulnerable to XML External Entity (XXE). This can lead to disclosure of confidential data, denial of service, SSRF, and port scanning when processing specially crafted GS...

DEBIAN-CVE-2018-19627

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary...

CVE-2018-19627

Wireshark CVE-2018-19627 affects the IxVeriWave file parser in Wireshark versions 2.6.0–2.6.4 and 2.4.0–2.4.10. The root cause is an out-of-bounds read in the IxVeriWave parser (wiretap/vwr.c) due to a boundary handling issue, which could be triggered by crafted packets or trace files. Reported i...

CVE-2018-19627

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary...

CVE-2018-19627

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary...

KLA11377 Multiple vulnerabilities in Wireshark

Multiple serious vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A heap buffer over-read vulnerability in the Wireshark dissection engine can be...

[SECURITY] Fedora 29 Update: libconfuse-3.2.2-1.fc29

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

Debian: Security Advisory (DLA-1470-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1470-1 : confuse security update

An out of bound read was discoverd in libConfuse, a configuration file parser library. CVE-2018-14447 An out of bound read in trimwhitespace, fixed thanks to Sebastian Roland . For Debian 8 'Jessie', this problem has been fixed in version 2.7-5+deb8u1. We recommend that you upgrade your confuse...

Denial Of Service (DoS)

Apache OCR is vulnerable to denial of service DoS. A flaw in the JAVA or C++ OCR file parser can cause an infinite recursive loop that triggers a stack overflow if a malicious OCR file is being parsed...

CVE-2018-8015

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the...

Code injection

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks...

CVE-2018-7420

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks...

CVE-2018-7420

CVE-2018-7420 affects Wireshark 2.2.0–2.2.12 and 2.4.0–2.4.4, where the pcapng file parser could crash. The root cause is a missing/insufficient block-size check for sysdig event blocks in the wiretap/pcapng.c parser, enabling a crash with crafted/malformed input. The issue is addressed in later ...

CVE-2018-7420

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks...

KLA11201 Multiple vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. An improper operand validation offsets in the SIGCOMP protocol dissector can be exploited remotely via...

CVE-2018-5334

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks...