http://open-source-security-software.net/cves.atom Recent CVEs 2022-01-20T17:29:55.165227+00:00 python-feedgen CVE-2019-13619 wireshark - CVE-2019-13619 2019-07-17T20:15:00+00:00 In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. 2019-07-17T20:15:00+00:00 CVE-2019-14286 MISP - CVE-2019-14286 2019-07-27T14:15:12.120000+00:00 In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. 2019-07-27T14:15:12.120000+00:00 CVE-2019-14286 MISP - CVE-2019-14286 2019-07-27T18:15:00+00:00 In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. 2019-07-27T18:15:00+00:00 CVE-2019-16202 MISP - CVE-2019-16202 2019-09-10T10:15:10.663000+00:00 MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message. 2019-09-10T10:15:10.663000+00:00 CVE-2019-16202 MISP - CVE-2019-16202 2019-09-10T14:15:00+00:00 MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message. 2019-09-10T14:15:00+00:00 CVE-2019-16319 wireshark - CVE-2019-16319 2019-09-15T12:15:13.393000+00:00 In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. 2019-09-15T12:15:13.393000+00:00 CVE-2019-16319 wireshark - CVE-2019-16319 2019-09-15T16:15:00+00:00 In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. 2019-09-15T16:15:00+00:00 CVE-2019-19379 MISP - CVE-2019-19379 2019-11-28T17:15:00+00:00 In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data. 2019-11-28T17:15:00+00:00 CVE-2019-19553 wireshark - CVE-2019-19553 2019-12-05T01:15:00+00:00 In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. 2019-12-05T01:15:00+00:00 CVE-2020-7045 wireshark - CVE-2020-7045 2020-01-16T04:15:00+00:00 In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. 2020-01-16T04:15:00+00:00 CVE-2020-7044 wireshark - CVE-2020-7044 2020-01-16T04:15:00+00:00 In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. 2020-01-16T04:15:00+00:00 CVE-2015-2688 TorBrowser - CVE-2015-2688 2020-01-24T18:15:00+00:00 buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. 2020-01-24T18:15:00+00:00 CVE-2015-2929 TorBrowser - CVE-2015-2929 2020-01-24T18:15:00+00:00 The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. 2020-01-24T18:15:00+00:00 CVE-2015-2928 TorBrowser - CVE-2015-2928 2020-01-24T18:15:00+00:00 The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. 2020-01-24T18:15:00+00:00 CVE-2015-2689 TorBrowser - CVE-2015-2689 2020-01-24T18:15:00+00:00 Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. 2020-01-24T18:15:00+00:00 CVE-2020-8516 TorBrowser - CVE-2020-8516 2020-02-02T13:15:00+00:00 ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability. 2020-02-02T13:15:00+00:00 CVE-2020-8893 MISP - CVE-2020-8893 2020-02-12T00:15:00+00:00 An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp. 2020-02-12T00:15:00+00:00 CVE-2020-8894 MISP - CVE-2020-8894 2020-02-12T00:15:00+00:00 An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php. 2020-02-12T00:15:00+00:00 CVE-2020-8891 MISP - CVE-2020-8891 2020-02-12T00:15:00+00:00 An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests. 2020-02-12T00:15:00+00:00 CVE-2020-8890 MISP - CVE-2020-8890 2020-02-12T00:15:00+00:00 An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests. 2020-02-12T00:15:00+00:00 CVE-2020-8892 MISP - CVE-2020-8892 2020-02-12T00:15:00+00:00 An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests. 2020-02-12T00:15:00+00:00 CVE-2020-9429 wireshark - CVE-2020-9429 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. 2020-02-27T23:15:00+00:00 CVE-2020-9428 wireshark - CVE-2020-9428 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. 2020-02-27T23:15:00+00:00 CVE-2020-9430 wireshark - CVE-2020-9430 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. 2020-02-27T23:15:00+00:00 CVE-2020-9431 wireshark - CVE-2020-9431 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. 2020-02-27T23:15:00+00:00 CVE-2020-10246 MISP - CVE-2020-10246 2020-03-09T19:15:00+00:00 MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp. 2020-03-09T19:15:00+00:00 CVE-2020-10247 MISP - CVE-2020-10247 2020-03-09T19:15:00+00:00 MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp. 2020-03-09T19:15:00+00:00 CVE-2020-10592 TorBrowser - CVE-2020-10592 2020-03-23T13:15:00+00:00 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. 2020-03-23T13:15:00+00:00 CVE-2020-10593 TorBrowser - CVE-2020-10593 2020-03-23T13:15:00+00:00 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit. 2020-03-23T13:15:00+00:00 CVE-2020-11458 MISP - CVE-2020-11458 2020-04-02T12:15:00+00:00 app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php. 2020-04-02T12:15:00+00:00 CVE-2020-11647 wireshark - CVE-2020-11647 2020-04-10T21:15:00+00:00 In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. 2020-04-10T21:15:00+00:00 CVE-2020-12889 MISP - CVE-2020-12889 2020-05-15T18:15:00+00:00 MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. 2020-05-15T18:15:00+00:00 CVE-2020-13153 MISP - CVE-2020-13153 2020-05-18T22:15:00+00:00 app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. 2020-05-18T22:15:00+00:00 CVE-2020-13164 wireshark - CVE-2020-13164 2020-05-19T22:15:00+00:00 In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. 2020-05-19T22:15:00+00:00 CVE-2020-14969 MISP - CVE-2020-14969 2020-06-22T12:15:00+00:00 app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. 2020-06-22T12:15:00+00:00 CVE-2020-15411 MISP - CVE-2020-15411 2020-06-30T14:15:00+00:00 An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. 2020-06-30T14:15:00+00:00 CVE-2020-15412 MISP - CVE-2020-15412 2020-06-30T14:15:00+00:00 An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form. 2020-06-30T14:15:00+00:00 CVE-2020-15466 wireshark - CVE-2020-15466 2020-07-05T11:15:00+00:00 In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. 2020-07-05T11:15:00+00:00 CVE-2020-15711 MISP - CVE-2020-15711 2020-07-14T13:15:00+00:00 In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. 2020-07-14T13:15:00+00:00 CVE-2020-15572 TorBrowser - CVE-2020-15572 2020-07-15T17:15:00+00:00 Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. 2020-07-15T17:15:00+00:00 CVE-2020-17498 wireshark - CVE-2020-17498 2020-08-13T16:15:00+00:00 In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. 2020-08-13T16:15:00+00:00 CVE-2020-25766 MISP - CVE-2020-25766 2020-09-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. 2020-09-18T18:15:00+00:00 CVE-2020-26575 wireshark - CVE-2020-26575 2020-10-06T15:15:00+00:00 In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. 2020-10-06T15:15:00+00:00 CVE-2020-25863 wireshark - CVE-2020-25863 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. 2020-10-06T15:15:00+00:00 CVE-2020-25862 wireshark - CVE-2020-25862 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. 2020-10-06T15:15:00+00:00 CVE-2020-25866 wireshark - CVE-2020-25866 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. 2020-10-06T15:15:00+00:00 CVE-2020-28030 wireshark - CVE-2020-28030 2020-11-02T21:15:00+00:00 In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. 2020-11-02T21:15:00+00:00 CVE-2020-28043 MISP - CVE-2020-28043 2020-11-02T21:15:00+00:00 MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. 2020-11-02T21:15:00+00:00 CVE-2020-28947 MISP - CVE-2020-28947 2020-11-19T18:15:00+00:00 In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. 2020-11-19T18:15:00+00:00 CVE-2020-29006 MISP - CVE-2020-29006 2020-11-24T15:15:00+00:00 MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. 2020-11-24T15:15:00+00:00 CVE-2020-29572 MISP - CVE-2020-29572 2020-12-06T00:15:00+00:00 app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field. 2020-12-06T00:15:00+00:00 CVE-2020-26421 wireshark - CVE-2020-26421 2020-12-11T19:15:00+00:00 Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26419 wireshark - CVE-2020-26419 2020-12-11T19:15:00+00:00 Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26420 wireshark - CVE-2020-26420 2020-12-11T19:15:00+00:00 Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26418 wireshark - CVE-2020-26418 2020-12-11T19:15:00+00:00 Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26422 wireshark - CVE-2020-26422 2020-12-21T18:15:00+00:00 Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file 2020-12-21T18:15:00+00:00 CVE-2021-3184 MISP - CVE-2021-3184 2021-01-19T16:15:00+00:00 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. 2021-01-19T16:15:00+00:00 CVE-2021-25325 MISP - CVE-2021-25325 2021-01-19T16:15:00+00:00 MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs. 2021-01-19T16:15:00+00:00 CVE-2021-25324 MISP - CVE-2021-25324 2021-01-19T16:15:00+00:00 MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. 2021-01-19T16:15:00+00:00 CVE-2021-25323 MISP - CVE-2021-25323 2021-01-19T16:15:00+00:00 The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. 2021-01-19T16:15:00+00:00 CVE-2020-24085 MISP - CVE-2020-24085 2021-01-26T18:15:00+00:00 A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code. 2021-01-26T18:15:00+00:00 CVE-2021-22173 wireshark - CVE-2021-22173 2021-02-17T15:15:00+00:00 Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-22174 wireshark - CVE-2021-22174 2021-02-17T15:15:00+00:00 Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-27904 MISP - CVE-2021-27904 2021-03-02T07:15:00+00:00 An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. 2021-03-02T07:15:00+00:00 CVE-2021-22191 wireshark - CVE-2021-22191 2021-03-15T18:15:00+00:00 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 2021-03-15T18:15:00+00:00 CVE-2021-28090 TorBrowser - CVE-2021-28090 2021-03-19T05:15:00+00:00 Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. 2021-03-19T05:15:00+00:00 CVE-2021-28089 TorBrowser - CVE-2021-28089 2021-03-19T05:15:00+00:00 Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. 2021-03-19T05:15:00+00:00 CVE-2021-22207 wireshark - CVE-2021-22207 2021-04-23T18:15:00+00:00 Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file 2021-04-23T18:15:00+00:00 CVE-2021-31780 MISP - CVE-2021-31780 2021-04-23T20:15:00+00:00 In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused. 2021-04-23T20:15:00+00:00 CVE-2021-22222 wireshark - CVE-2021-22222 2021-06-07T13:15:00+00:00 Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file 2021-06-07T13:15:00+00:00 CVE-2021-35502 MISP - CVE-2021-35502 2021-06-25T21:15:00+00:00 app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. 2021-06-25T21:15:00+00:00 CVE-2021-34548 TorBrowser - CVE-2021-34548 2021-06-29T11:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. 2021-06-29T11:15:00+00:00 CVE-2021-34550 TorBrowser - CVE-2021-34550 2021-06-29T12:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor 2021-06-29T12:15:00+00:00 CVE-2021-34549 TorBrowser - CVE-2021-34549 2021-06-29T12:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. 2021-06-29T12:15:00+00:00 CVE-2021-36212 MISP - CVE-2021-36212 2021-07-07T13:15:00+00:00 app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. 2021-07-07T13:15:00+00:00 CVE-2021-22235 wireshark - CVE-2021-22235 2021-07-20T12:15:00+00:00 Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file 2021-07-20T12:15:00+00:00 CVE-2021-37534 MISP - CVE-2021-37534 2021-07-26T14:15:00+00:00 app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. 2021-07-26T14:15:00+00:00 CVE-2021-37742 MISP - CVE-2021-37742 2021-07-30T15:15:00+00:00 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. 2021-07-30T15:15:00+00:00 CVE-2021-37743 MISP - CVE-2021-37743 2021-07-30T15:15:00+00:00 app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. 2021-07-30T15:15:00+00:00 CVE-2021-39302 MISP - CVE-2021-39302 2021-08-19T17:15:00+00:00 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. 2021-08-19T17:15:00+00:00 CVE-2021-38385 TorBrowser - CVE-2021-38385 2021-08-30T05:15:00+00:00 Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. 2021-08-30T05:15:00+00:00 CVE-2021-41326 MISP - CVE-2021-41326 2021-09-17T18:15:00+00:00 In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. 2021-09-17T18:15:00+00:00 CVE-2021-39246 TorBrowser - CVE-2021-39246 2021-09-24T19:15:00+00:00 Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). 2021-09-24T19:15:00+00:00 CVE-2021-39920 wireshark - CVE-2021-39920 2021-11-18T19:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39928 wireshark - CVE-2021-39928 2021-11-18T19:15:00+00:00 NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39922 wireshark - CVE-2021-39922 2021-11-19T17:15:00+00:00 Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 wireshark - CVE-2021-39923 2021-11-19T17:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39924 wireshark - CVE-2021-39924 2021-11-19T17:15:00+00:00 Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39921 wireshark - CVE-2021-39921 2021-11-19T17:15:00+00:00 NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39925 wireshark - CVE-2021-39925 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 wireshark - CVE-2021-39923 2021-11-19T17:15:00+00:00 Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39926 wireshark - CVE-2021-39926 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39929 wireshark - CVE-2021-39929 2021-11-19T17:15:00+00:00 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-4186 wireshark - CVE-2021-4186 2021-12-30T22:15:00+00:00 Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4181 wireshark - CVE-2021-4181 2021-12-30T22:15:00+00:00 Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4185 wireshark - CVE-2021-4185 2021-12-30T22:15:00+00:00 Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4190 wireshark - CVE-2021-4190 2021-12-30T22:15:00+00:00 Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4184 wireshark - CVE-2021-4184 2021-12-30T22:15:00+00:00 Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4182 wireshark - CVE-2021-4182 2021-12-30T22:15:00+00:00 Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4183 wireshark - CVE-2021-4183 2021-12-30T22:15:00+00:00 Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file 2021-12-30T22:15:00+00:00