In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. Date published : 2019-04-08 http://www.securityfocus.com/bid/107836...
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. Date published : 2019-04-08 http://www.securityfocus.com/bid/107834 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. Date published : 2019-04-08 http://www.securityfocus.com/bid/107834 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. Date published : 2019-04-08 http://www.securityfocus.com/bid/107834 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn’t registered within this product, a pop-up window will appear asking the user if they want to...
An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want...
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704. Date published : 2019-04-08...
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka ‘Azure SSH Keypairs Security Feature Bypass Vulnerability’. Date published...
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka ‘Visual Studio Remote Code Execution Vulnerability’. Date published : 2019-04-08...
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0797. Date published...
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka ‘Azure Linux Agent Information Disclosure Vulnerability’. Date published : 2019-04-08 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804 https://access.redhat.com/errata/RHSA-2019:1527
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka ‘Skype for Business and Lync Spoofing Vulnerability’. Date published : 2019-04-08 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0808. Date published...
A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka ‘Windows ActiveX Remote Code Execution Vulnerability’. Date published : 2019-04-08 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0784