» 2018 » 5월

CVE-2018-11359

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-11359

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.

Source: CVE-2018-11359

CVE-2018-11356

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-11356

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.

Source: CVE-2018-11356

CVE-2018-11361

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-11361

In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.

Source: CVE-2018-11361

CVE-2018-11355

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-11355

In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.

Source: CVE-2018-11355

CVE-2018-11362

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-11362

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing ‘{$content}’ character.

Source: CVE-2018-11362

CVE-2018-11360

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-11360

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.

Source: CVE-2018-11360

CVE-2018-11358

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-11358

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.

Source: CVE-2018-11358

CVE-2018-11357

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-11357

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.

Source: CVE-2018-11357

CVE-2018-9019

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-9019

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.

Source: CVE-2018-9019

CVE-2018-10095

Posted on 2018년 5월 23일2018년 5월 23일 by admin

CVE-2018-10095

Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.

Source: CVE-2018-10095