http://open-source-security-software.net/cves.atom Recent CVEs 2022-09-30T00:26:57.353828+00:00 python-feedgen CVE-2020-9428 wireshark - CVE-2020-9428 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. 2020-02-27T23:15:00+00:00 CVE-2020-9430 wireshark - CVE-2020-9430 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. 2020-02-27T23:15:00+00:00 CVE-2020-9431 wireshark - CVE-2020-9431 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. 2020-02-27T23:15:00+00:00 CVE-2020-10246 MISP - CVE-2020-10246 2020-03-09T19:15:00+00:00 MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp. 2020-03-09T19:15:00+00:00 CVE-2020-10247 MISP - CVE-2020-10247 2020-03-09T19:15:00+00:00 MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp. 2020-03-09T19:15:00+00:00 CVE-2020-10592 TorBrowser - CVE-2020-10592 2020-03-23T13:15:00+00:00 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. 2020-03-23T13:15:00+00:00 CVE-2020-10593 TorBrowser - CVE-2020-10593 2020-03-23T13:15:00+00:00 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit. 2020-03-23T13:15:00+00:00 CVE-2020-11458 MISP - CVE-2020-11458 2020-04-02T12:15:00+00:00 app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php. 2020-04-02T12:15:00+00:00 CVE-2020-11647 wireshark - CVE-2020-11647 2020-04-10T21:15:00+00:00 In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. 2020-04-10T21:15:00+00:00 CVE-2020-12889 MISP - CVE-2020-12889 2020-05-15T18:15:00+00:00 MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. 2020-05-15T18:15:00+00:00 CVE-2020-13153 MISP - CVE-2020-13153 2020-05-18T22:15:00+00:00 app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. 2020-05-18T22:15:00+00:00 CVE-2020-13164 wireshark - CVE-2020-13164 2020-05-19T22:15:00+00:00 In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. 2020-05-19T22:15:00+00:00 CVE-2018-21246 caddy - CVE-2018-21246 2020-06-15T17:15:00+00:00 Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. 2020-06-15T17:15:00+00:00 CVE-2020-14969 MISP - CVE-2020-14969 2020-06-22T12:15:00+00:00 app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. 2020-06-22T12:15:00+00:00 CVE-2020-15411 MISP - CVE-2020-15411 2020-06-30T14:15:00+00:00 An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. 2020-06-30T14:15:00+00:00 CVE-2020-15412 MISP - CVE-2020-15412 2020-06-30T14:15:00+00:00 An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form. 2020-06-30T14:15:00+00:00 CVE-2020-15466 wireshark - CVE-2020-15466 2020-07-05T11:15:00+00:00 In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. 2020-07-05T11:15:00+00:00 CVE-2020-15711 MISP - CVE-2020-15711 2020-07-14T13:15:00+00:00 In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. 2020-07-14T13:15:00+00:00 CVE-2020-15572 TorBrowser - CVE-2020-15572 2020-07-15T17:15:00+00:00 Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. 2020-07-15T17:15:00+00:00 CVE-2020-17498 wireshark - CVE-2020-17498 2020-08-13T16:15:00+00:00 In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. 2020-08-13T16:15:00+00:00 CVE-2020-25766 MISP - CVE-2020-25766 2020-09-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. 2020-09-18T18:15:00+00:00 CVE-2020-25863 wireshark - CVE-2020-25863 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. 2020-10-06T15:15:00+00:00 CVE-2020-25862 wireshark - CVE-2020-25862 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. 2020-10-06T15:15:00+00:00 CVE-2020-26575 wireshark - CVE-2020-26575 2020-10-06T15:15:00+00:00 In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. 2020-10-06T15:15:00+00:00 CVE-2020-25866 wireshark - CVE-2020-25866 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. 2020-10-06T15:15:00+00:00 CVE-2020-28030 wireshark - CVE-2020-28030 2020-11-02T21:15:00+00:00 In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. 2020-11-02T21:15:00+00:00 CVE-2020-28043 MISP - CVE-2020-28043 2020-11-02T21:15:00+00:00 MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. 2020-11-02T21:15:00+00:00 CVE-2020-28947 MISP - CVE-2020-28947 2020-11-19T18:15:00+00:00 In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. 2020-11-19T18:15:00+00:00 CVE-2020-29006 MISP - CVE-2020-29006 2020-11-24T15:15:00+00:00 MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. 2020-11-24T15:15:00+00:00 CVE-2020-29572 MISP - CVE-2020-29572 2020-12-06T00:15:00+00:00 app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field. 2020-12-06T00:15:00+00:00 CVE-2020-26421 wireshark - CVE-2020-26421 2020-12-11T19:15:00+00:00 Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26419 wireshark - CVE-2020-26419 2020-12-11T19:15:00+00:00 Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26420 wireshark - CVE-2020-26420 2020-12-11T19:15:00+00:00 Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26418 wireshark - CVE-2020-26418 2020-12-11T19:15:00+00:00 Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26422 wireshark - CVE-2020-26422 2020-12-21T18:15:00+00:00 Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file 2020-12-21T18:15:00+00:00 CVE-2021-3184 MISP - CVE-2021-3184 2021-01-19T16:15:00+00:00 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. 2021-01-19T16:15:00+00:00 CVE-2021-25325 MISP - CVE-2021-25325 2021-01-19T16:15:00+00:00 MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs. 2021-01-19T16:15:00+00:00 CVE-2021-25324 MISP - CVE-2021-25324 2021-01-19T16:15:00+00:00 MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. 2021-01-19T16:15:00+00:00 CVE-2021-25323 MISP - CVE-2021-25323 2021-01-19T16:15:00+00:00 The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. 2021-01-19T16:15:00+00:00 CVE-2020-24085 MISP - CVE-2020-24085 2021-01-26T18:15:00+00:00 A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code. 2021-01-26T18:15:00+00:00 CVE-2021-22174 wireshark - CVE-2021-22174 2021-02-17T15:15:00+00:00 Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-22173 wireshark - CVE-2021-22173 2021-02-17T15:15:00+00:00 Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-27904 MISP - CVE-2021-27904 2021-03-02T07:15:00+00:00 An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. 2021-03-02T07:15:00+00:00 CVE-2021-22191 wireshark - CVE-2021-22191 2021-03-15T18:15:00+00:00 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 2021-03-15T18:15:00+00:00 CVE-2021-28090 TorBrowser - CVE-2021-28090 2021-03-19T05:15:00+00:00 Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. 2021-03-19T05:15:00+00:00 CVE-2021-28089 TorBrowser - CVE-2021-28089 2021-03-19T05:15:00+00:00 Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. 2021-03-19T05:15:00+00:00 CVE-2021-22207 wireshark - CVE-2021-22207 2021-04-23T18:15:00+00:00 Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file 2021-04-23T18:15:00+00:00 CVE-2021-31780 MISP - CVE-2021-31780 2021-04-23T20:15:00+00:00 In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused. 2021-04-23T20:15:00+00:00 CVE-2021-22222 wireshark - CVE-2021-22222 2021-06-07T13:15:00+00:00 Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file 2021-06-07T13:15:00+00:00 CVE-2021-35502 MISP - CVE-2021-35502 2021-06-25T21:15:00+00:00 app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. 2021-06-25T21:15:00+00:00 CVE-2021-34548 TorBrowser - CVE-2021-34548 2021-06-29T11:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. 2021-06-29T11:15:00+00:00 CVE-2021-34549 TorBrowser - CVE-2021-34549 2021-06-29T12:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. 2021-06-29T12:15:00+00:00 CVE-2021-34550 TorBrowser - CVE-2021-34550 2021-06-29T12:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor 2021-06-29T12:15:00+00:00 CVE-2021-36212 MISP - CVE-2021-36212 2021-07-07T13:15:00+00:00 app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. 2021-07-07T13:15:00+00:00 CVE-2021-22235 wireshark - CVE-2021-22235 2021-07-20T12:15:00+00:00 Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file 2021-07-20T12:15:00+00:00 CVE-2021-37534 MISP - CVE-2021-37534 2021-07-26T14:15:00+00:00 app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. 2021-07-26T14:15:00+00:00 CVE-2021-37743 MISP - CVE-2021-37743 2021-07-30T15:15:00+00:00 app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. 2021-07-30T15:15:00+00:00 CVE-2021-37742 MISP - CVE-2021-37742 2021-07-30T15:15:00+00:00 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. 2021-07-30T15:15:00+00:00 CVE-2021-39302 MISP - CVE-2021-39302 2021-08-19T17:15:00+00:00 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. 2021-08-19T17:15:00+00:00 CVE-2021-38385 TorBrowser - CVE-2021-38385 2021-08-30T05:15:00+00:00 Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. 2021-08-30T05:15:00+00:00 CVE-2021-41326 MISP - CVE-2021-41326 2021-09-17T18:15:00+00:00 In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. 2021-09-17T18:15:00+00:00 CVE-2021-39246 TorBrowser - CVE-2021-39246 2021-09-24T19:15:00+00:00 Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). 2021-09-24T19:15:00+00:00 CVE-2021-39928 wireshark - CVE-2021-39928 2021-11-18T19:15:00+00:00 NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39920 wireshark - CVE-2021-39920 2021-11-18T19:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39925 wireshark - CVE-2021-39925 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39926 wireshark - CVE-2021-39926 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 wireshark - CVE-2021-39923 2021-11-19T17:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 wireshark - CVE-2021-39923 2021-11-19T17:15:00+00:00 Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39929 wireshark - CVE-2021-39929 2021-11-19T17:15:00+00:00 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39924 wireshark - CVE-2021-39924 2021-11-19T17:15:00+00:00 Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39921 wireshark - CVE-2021-39921 2021-11-19T17:15:00+00:00 NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39922 wireshark - CVE-2021-39922 2021-11-19T17:15:00+00:00 Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-4182 wireshark - CVE-2021-4182 2021-12-30T22:15:00+00:00 Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4185 wireshark - CVE-2021-4185 2021-12-30T22:15:00+00:00 Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4181 wireshark - CVE-2021-4181 2021-12-30T22:15:00+00:00 Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4183 wireshark - CVE-2021-4183 2021-12-30T22:15:00+00:00 Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4184 wireshark - CVE-2021-4184 2021-12-30T22:15:00+00:00 Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4190 wireshark - CVE-2021-4190 2021-12-30T22:15:00+00:00 Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4186 wireshark - CVE-2021-4186 2021-12-30T22:15:00+00:00 Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2022-0581 wireshark - CVE-2022-0581 2022-02-14T22:15:00+00:00 Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0583 wireshark - CVE-2022-0583 2022-02-14T22:15:00+00:00 Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0582 wireshark - CVE-2022-0582 2022-02-14T22:15:00+00:00 Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0586 wireshark - CVE-2022-0586 2022-02-14T22:15:00+00:00 Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0585 wireshark - CVE-2022-0585 2022-02-18T18:15:00+00:00 Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file 2022-02-18T18:15:00+00:00 CVE-2021-46702 TorBrowser - CVE-2021-46702 2022-02-26T03:15:00+00:00 Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory. 2022-02-26T03:15:00+00:00 CVE-2022-27243 MISP - CVE-2022-27243 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. 2022-03-18T18:15:00+00:00 CVE-2022-27245 MISP - CVE-2022-27245 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. 2022-03-18T18:15:00+00:00 CVE-2022-27246 MISP - CVE-2022-27246 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. 2022-03-18T18:15:00+00:00 CVE-2022-27244 MISP - CVE-2022-27244 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. 2022-03-18T18:15:00+00:00 CVE-2022-29534 MISP - CVE-2022-29534 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. 2022-04-20T23:15:00+00:00 CVE-2022-29530 MISP - CVE-2022-29530 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. 2022-04-20T23:15:00+00:00 CVE-2022-29533 MISP - CVE-2022-29533 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." 2022-04-20T23:15:00+00:00 CVE-2022-29529 MISP - CVE-2022-29529 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. 2022-04-20T23:15:00+00:00 CVE-2022-29532 MISP - CVE-2022-29532 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. 2022-04-20T23:15:00+00:00 CVE-2022-29528 MISP - CVE-2022-29528 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. 2022-04-20T23:15:00+00:00 CVE-2022-29531 MISP - CVE-2022-29531 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. 2022-04-20T23:15:00+00:00 CVE-2022-29718 caddy - CVE-2022-29718 2022-06-02T21:15:00+00:00 Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. 2022-06-02T21:15:00+00:00 CVE-2022-33903 TorBrowser - CVE-2022-33903 2022-07-17T23:15:00+00:00 Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. 2022-07-17T23:15:00+00:00 CVE-2022-34037 caddy - CVE-2022-34037 2022-07-22T15:15:00+00:00 An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. 2022-07-22T15:15:00+00:00 CVE-2022-3190 wireshark - CVE-2022-3190 2022-09-13T15:15:00+00:00 Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file 2022-09-13T15:15:00+00:00