Lewis

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified) **Description** The issue is due to insufficient input validation in Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server. This allows a remote attacker to conduct spoofing attacks. **Recommendations** For Microsoft SharePoint Server, consider restricting access to sensitive areas of the system until a fix is available. For Microsoft SharePoint Foundation, restrict access to vulnerable modules to minimize the risk of exploitation. For Microsoft SharePoint Enterprise Server, avoid using vulnerable parameters in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.10.x through 1.10.9 Wireshark versions 1.12.x through 1.12.0 **Description** The issue exists in the SnifferDecompress function in the DOS Sniffer file parser, which does not prevent data overwrites during copy operations. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted file. **Recommendations** For Wireshark versions 1.10.x through 1.10.9, update to version 1.10.10 or later. For Wireshark versions 1.12.x through 1.12.0, update to version 1.12.1 or later.