rpm package
suse/libmaxminddb&distro=SUSE Linux Enterprise Server for SAP Applications 15
pkg:rpm/suse/libmaxminddb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
Vulnerabilities (59)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-9428 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Feb 27, 2020 | In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. | ||
| CVE-2020-9429 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Feb 27, 2020 | In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. | ||
| CVE-2020-9430 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Feb 27, 2020 | In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. | ||
| CVE-2020-9431 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Feb 27, 2020 | In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. | ||
| CVE-2020-7044 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Jan 16, 2020 | In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. | ||
| CVE-2019-19553 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Dec 5, 2019 | In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. | ||
| CVE-2019-16319 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Sep 15, 2019 | In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. | ||
| CVE-2019-13619 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Jul 17, 2019 | In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. | ||
| CVE-2019-10903 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. | ||
| CVE-2019-10902 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. | ||
| CVE-2019-10901 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. | ||
| CVE-2019-10900 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. | ||
| CVE-2019-10899 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. | ||
| CVE-2019-10898 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. | ||
| CVE-2019-10897 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. | ||
| CVE-2019-10896 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. | ||
| CVE-2019-10895 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. | ||
| CVE-2019-10894 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. | ||
| CVE-2019-9214 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Feb 28, 2019 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. | ||
| CVE-2019-9209 | — | < 1.4.2-1.3.1 | 1.4.2-1.3.1 | Feb 28, 2019 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. |
- CVE-2020-9428Feb 27, 2020affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
- CVE-2020-9429Feb 27, 2020affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
- CVE-2020-9430Feb 27, 2020affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
- CVE-2020-9431Feb 27, 2020affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
- CVE-2020-7044Jan 16, 2020affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
- CVE-2019-19553Dec 5, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
- CVE-2019-16319Sep 15, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
- CVE-2019-13619Jul 17, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
- CVE-2019-10903Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
- CVE-2019-10902Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
- CVE-2019-10901Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
- CVE-2019-10900Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
- CVE-2019-10899Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
- CVE-2019-10898Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
- CVE-2019-10897Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.
- CVE-2019-10896Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
- CVE-2019-10895Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
- CVE-2019-10894Apr 9, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
- CVE-2019-9214Feb 28, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
- CVE-2019-9209Feb 28, 2019affected < 1.4.2-1.3.1fixed 1.4.2-1.3.1
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
Page 1 of 3