http://open-source-security-software.net/cves.atom 2024-05-05T09:14:53.934547+00:00 python-feedgen CVE-2020-25866 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. 2020-10-06T15:15:00+00:00 CVE-2020-28030 2020-11-02T21:15:00+00:00 In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. 2020-11-02T21:15:00+00:00 CVE-2020-28043 2020-11-02T21:15:00+00:00 MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. 2020-11-02T21:15:00+00:00 CVE-2020-28947 2020-11-19T18:15:00+00:00 In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. 2020-11-19T18:15:00+00:00 CVE-2020-29006 2020-11-24T15:15:00+00:00 MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. 2020-11-24T15:15:00+00:00 CVE-2020-29572 2020-12-06T00:15:00+00:00 app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field. 2020-12-06T00:15:00+00:00 CVE-2020-26421 2020-12-11T19:15:00+00:00 Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26419 2020-12-11T19:15:00+00:00 Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26420 2020-12-11T19:15:00+00:00 Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26418 2020-12-11T19:15:00+00:00 Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26422 2020-12-21T18:15:00+00:00 Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file 2020-12-21T18:15:00+00:00 CVE-2021-3184 2021-01-19T16:15:00+00:00 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. 2021-01-19T16:15:00+00:00 CVE-2021-25325 2021-01-19T16:15:00+00:00 MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs. 2021-01-19T16:15:00+00:00 CVE-2021-25324 2021-01-19T16:15:00+00:00 MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. 2021-01-19T16:15:00+00:00 CVE-2021-25323 2021-01-19T16:15:00+00:00 The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. 2021-01-19T16:15:00+00:00 CVE-2020-24085 2021-01-26T18:15:00+00:00 A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code. 2021-01-26T18:15:00+00:00 CVE-2021-22174 2021-02-17T15:15:00+00:00 Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-22173 2021-02-17T15:15:00+00:00 Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-27904 2021-03-02T07:15:00+00:00 An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. 2021-03-02T07:15:00+00:00 CVE-2021-22191 2021-03-15T18:15:00+00:00 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 2021-03-15T18:15:00+00:00 CVE-2021-28090 2021-03-19T05:15:00+00:00 Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. 2021-03-19T05:15:00+00:00 CVE-2021-28089 2021-03-19T05:15:00+00:00 Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. 2021-03-19T05:15:00+00:00 CVE-2021-22207 2021-04-23T18:15:00+00:00 Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file 2021-04-23T18:15:00+00:00 CVE-2021-31780 2021-04-23T20:15:00+00:00 In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused. 2021-04-23T20:15:00+00:00 CVE-2021-22222 2021-06-07T13:15:00+00:00 Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file 2021-06-07T13:15:00+00:00 CVE-2021-35502 2021-06-25T21:15:00+00:00 app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. 2021-06-25T21:15:00+00:00 CVE-2021-34548 2021-06-29T11:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. 2021-06-29T11:15:00+00:00 CVE-2021-34550 2021-06-29T12:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor 2021-06-29T12:15:00+00:00 CVE-2021-34549 2021-06-29T12:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. 2021-06-29T12:15:00+00:00 CVE-2021-36212 2021-07-07T13:15:00+00:00 app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. 2021-07-07T13:15:00+00:00 CVE-2021-22235 2021-07-20T12:15:00+00:00 Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file 2021-07-20T12:15:00+00:00 CVE-2021-37534 2021-07-26T14:15:00+00:00 app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. 2021-07-26T14:15:00+00:00 CVE-2021-37743 2021-07-30T15:15:00+00:00 app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. 2021-07-30T15:15:00+00:00 CVE-2021-37742 2021-07-30T15:15:00+00:00 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. 2021-07-30T15:15:00+00:00 CVE-2021-39302 2021-08-19T17:15:00+00:00 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. 2021-08-19T17:15:00+00:00 CVE-2021-38385 2021-08-30T05:15:00+00:00 Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. 2021-08-30T05:15:00+00:00 CVE-2021-41326 2021-09-17T18:15:00+00:00 In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. 2021-09-17T18:15:00+00:00 CVE-2021-39246 2021-09-24T19:15:00+00:00 Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). 2021-09-24T19:15:00+00:00 CVE-2021-39928 2021-11-18T19:15:00+00:00 NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39920 2021-11-18T19:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39924 2021-11-19T17:15:00+00:00 Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 2021-11-19T17:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 2021-11-19T17:15:00+00:00 Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39921 2021-11-19T17:15:00+00:00 NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39925 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39929 2021-11-19T17:15:00+00:00 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39926 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39922 2021-11-19T17:15:00+00:00 Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-4183 2021-12-30T22:15:00+00:00 Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4182 2021-12-30T22:15:00+00:00 Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4190 2021-12-30T22:15:00+00:00 Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4185 2021-12-30T22:15:00+00:00 Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4181 2021-12-30T22:15:00+00:00 Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4184 2021-12-30T22:15:00+00:00 Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4186 2021-12-30T22:15:00+00:00 Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2022-0581 2022-02-14T22:15:00+00:00 Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0583 2022-02-14T22:15:00+00:00 Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0586 2022-02-14T22:15:00+00:00 Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0582 2022-02-14T22:15:00+00:00 Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0585 2022-02-18T18:15:00+00:00 Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file 2022-02-18T18:15:00+00:00 CVE-2021-46702 2022-02-26T03:15:00+00:00 Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory. 2022-02-26T03:15:00+00:00 CVE-2022-27245 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. 2022-03-18T18:15:00+00:00 CVE-2022-27243 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. 2022-03-18T18:15:00+00:00 CVE-2022-27244 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. 2022-03-18T18:15:00+00:00 CVE-2022-27246 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. 2022-03-18T18:15:00+00:00 CVE-2022-29529 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. 2022-04-20T23:15:00+00:00 CVE-2022-29533 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." 2022-04-20T23:15:00+00:00 CVE-2022-29531 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. 2022-04-20T23:15:00+00:00 CVE-2022-29528 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. 2022-04-20T23:15:00+00:00 CVE-2022-29530 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. 2022-04-20T23:15:00+00:00 CVE-2022-29532 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. 2022-04-20T23:15:00+00:00 CVE-2022-29534 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. 2022-04-20T23:15:00+00:00 CVE-2022-29718 2022-06-02T21:15:00+00:00 Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. 2022-06-02T21:15:00+00:00 CVE-2022-33903 2022-07-17T23:15:00+00:00 Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. 2022-07-17T23:15:00+00:00 CVE-2022-34037 2022-07-22T15:15:00+00:00 An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. 2022-07-22T15:15:00+00:00 CVE-2022-3190 2022-09-13T15:15:00+00:00 Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file 2022-09-13T15:15:00+00:00 CVE-2022-3725 2022-10-27T17:15:00+00:00 Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file 2022-10-27T17:15:00+00:00 CVE-2022-3724 2022-12-09T18:15:00+00:00 Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows 2022-12-09T18:15:00+00:00 CVE-2022-4344 2023-01-12T00:15:00+00:00 Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file 2023-01-12T00:15:00+00:00 CVE-2022-4345 2023-01-12T04:15:00+00:00 Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file 2023-01-12T04:15:00+00:00 CVE-2023-23589 2023-01-14T01:15:00+00:00 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. 2023-01-14T01:15:00+00:00 CVE-2023-24028 2023-01-20T22:15:00+00:00 In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. 2023-01-20T22:15:00+00:00 CVE-2023-24027 2023-01-20T22:15:00+00:00 In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. 2023-01-20T22:15:00+00:00 CVE-2023-24026 2023-01-20T22:15:00+00:00 In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. 2023-01-20T22:15:00+00:00 CVE-2023-0412 2023-01-26T21:18:00+00:00 TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file 2023-01-26T21:18:00+00:00 CVE-2022-28923 2023-02-06T23:15:00+00:00 Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. 2023-02-06T23:15:00+00:00 CVE-2023-1161 2023-03-06T21:15:00+00:00 ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file 2023-03-06T21:15:00+00:00 CVE-2023-1992 2023-04-12T21:15:00+00:00 RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T21:15:00+00:00 CVE-2023-1993 2023-04-12T21:15:00+00:00 LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T21:15:00+00:00 CVE-2023-1994 2023-04-12T22:15:00+00:00 GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T22:15:00+00:00 CVE-2023-2879 2023-05-26T21:15:00+00:00 GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2857 2023-05-26T21:15:00+00:00 BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2858 2023-05-26T21:15:00+00:00 NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2855 2023-05-26T21:15:00+00:00 Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2856 2023-05-26T21:15:00+00:00 VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2854 2023-05-26T21:15:00+00:00 BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2952 2023-05-30T23:15:00+00:00 XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file 2023-05-30T23:15:00+00:00 CVE-2023-0666 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. 2023-06-07T03:15:00+00:00 CVE-2023-0667 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark 2023-06-07T03:15:00+00:00 CVE-2023-0668 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. 2023-06-07T03:15:00+00:00