In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. Date published : 2018-02-23 http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14419
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. Date published : 2018-02-23 http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. Date published : 2018-02-23 http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14413
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. Date published : 2018-02-23 http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14412
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. Date published : 2018-02-23 http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14411
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. Date published : 2018-02-23 http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14379
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. Date published : 2018-02-23 http://www.securityfocus.com/bid/103160 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14398
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. Date published : 2018-02-23 https://exploit-db.com/exploits/44172
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. Date published : 2018-02-23 https://exploit-db.com/exploits/44171
Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. Date published : 2018-02-23 https://exploit-db.com/exploits/44170
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. Date published : 2018-02-23 https://www.exploit-db.com/exploits/44185/ https://0day4u.wordpress.com/2018/02/22/schools-alert-management-script-2-0-2-authentication-bypass/
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS...
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security...
Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. Date published : 2018-02-23 https://jvn.jp/en/jp/JVN83834277/index.html