CVE-2019-10899
- EPSS 5.59%
- Veröffentlicht 09.04.2019 04:29:01
- Zuletzt bearbeitet 21.11.2024 04:20:05
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
CVE-2019-10900
- EPSS 4.52%
- Veröffentlicht 09.04.2019 04:29:01
- Zuletzt bearbeitet 21.11.2024 04:20:05
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
CVE-2019-10901
- EPSS 5.59%
- Veröffentlicht 09.04.2019 04:29:01
- Zuletzt bearbeitet 21.11.2024 04:20:05
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
CVE-2019-10902
- EPSS 4.66%
- Veröffentlicht 09.04.2019 04:29:01
- Zuletzt bearbeitet 21.11.2024 04:20:05
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
CVE-2019-10903
- EPSS 5.59%
- Veröffentlicht 09.04.2019 04:29:01
- Zuletzt bearbeitet 21.11.2024 04:20:05
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
CVE-2019-10894
- EPSS 5.59%
- Veröffentlicht 09.04.2019 04:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:04
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
CVE-2019-9844
- EPSS 1.27%
- Veröffentlicht 09.04.2019 02:29:02
- Zuletzt bearbeitet 21.11.2024 04:52:25
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.
CVE-2019-11026
- EPSS 1.81%
- Veröffentlicht 08.04.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:23
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
CVE-2019-0211
- EPSS 65.01%
- Veröffentlicht 08.04.2019 22:29:00
- Zuletzt bearbeitet 27.10.2025 17:37:51
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...
CVE-2019-0217
- EPSS 17.67%
- Veröffentlicht 08.04.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:30
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio...