CVE-2018-9267

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.

Source: CVE-2018-9267

CVE-2018-9238 (yahei_php_prober)

proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.

Source: CVE-2018-9238 (yahei_php_prober)

CVE-2018-9237

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.

Source: CVE-2018-9237

CVE-2018-9263

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.

Source: CVE-2018-9263

CVE-2018-9262

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

Source: CVE-2018-9262

CVE-2018-9259

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

Source: CVE-2018-9259

CVE-2018-9260

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.

Source: CVE-2018-9260

CVE-2018-9257

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.

Source: CVE-2018-9257

CVE-2018-9258

In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.

Source: CVE-2018-9258

CVE-2018-9264

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.

Source: CVE-2018-9264