In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. Date published : 2018-05-22 http://www.securityfocus.com/bid/104308 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. Date published...
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. Date published : 2018-05-22 http://www.securityfocus.com/bid/104308...
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. Date published :...
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. Date published : 2018-05-22 http://www.securityfocus.com/bid/104308...
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record....
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. Date published : 2018-05-22 http://www.securityfocus.com/bid/104308 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. Date published : 2018-05-22 http://www.securityfocus.com/bid/104308 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract’s ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and...
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping...
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. Date published : 2018-05-22 http://www.securityfocus.com/bid/104273...
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to...
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext...
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected...