Weekly Digest: a new vulnerability is published on the National Vulnerability Database (26 items)

New vulnerabilities from the NVD: CVE-2019-10212 A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. Published at: October 02, 2019 at 10:15PM View on website October 03, 2019 at 12:25AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16452 The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16451 The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16301 libpcap, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read. Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16300 The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16230 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16229 The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16228 The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16227 The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14882 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14881 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14880 The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14879 The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14470 The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14469 The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14468 The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14467 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14466 The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14465 The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14464 The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14463 The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14462 The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14461 The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10105 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10103 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). Published at: October 03, 2019 at 07:15PM View on website October 03, 2019 at 10:25PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-11768 In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. Published at: October 04, 2019 at 05:15PM View on website October 04, 2019 at 08:25PM via National Vulnerability Database