http://open-source-security-software.net/cves.atom Recent CVEs 2024-10-05T03:41:45.629156+00:00 python-feedgen CVE-2020-25866 wireshark - CVE-2020-25866 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. 2020-10-06T15:15:00+00:00 CVE-2020-28030 wireshark - CVE-2020-28030 2020-11-02T21:15:00+00:00 In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. 2020-11-02T21:15:00+00:00 CVE-2020-28043 MISP - CVE-2020-28043 2020-11-02T21:15:00+00:00 MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. 2020-11-02T21:15:00+00:00 CVE-2020-28947 MISP - CVE-2020-28947 2020-11-19T18:15:00+00:00 In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. 2020-11-19T18:15:00+00:00 CVE-2020-29006 MISP - CVE-2020-29006 2020-11-24T15:15:00+00:00 MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. 2020-11-24T15:15:00+00:00 CVE-2020-29572 MISP - CVE-2020-29572 2020-12-06T00:15:00+00:00 app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field. 2020-12-06T00:15:00+00:00 CVE-2020-26421 wireshark - CVE-2020-26421 2020-12-11T19:15:00+00:00 Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26419 wireshark - CVE-2020-26419 2020-12-11T19:15:00+00:00 Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26420 wireshark - CVE-2020-26420 2020-12-11T19:15:00+00:00 Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26418 wireshark - CVE-2020-26418 2020-12-11T19:15:00+00:00 Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26422 wireshark - CVE-2020-26422 2020-12-21T18:15:00+00:00 Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file 2020-12-21T18:15:00+00:00 CVE-2021-3184 MISP - CVE-2021-3184 2021-01-19T16:15:00+00:00 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. 2021-01-19T16:15:00+00:00 CVE-2021-25325 MISP - CVE-2021-25325 2021-01-19T16:15:00+00:00 MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs. 2021-01-19T16:15:00+00:00 CVE-2021-25324 MISP - CVE-2021-25324 2021-01-19T16:15:00+00:00 MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. 2021-01-19T16:15:00+00:00 CVE-2021-25323 MISP - CVE-2021-25323 2021-01-19T16:15:00+00:00 The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. 2021-01-19T16:15:00+00:00 CVE-2020-24085 MISP - CVE-2020-24085 2021-01-26T18:15:00+00:00 A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code. 2021-01-26T18:15:00+00:00 CVE-2021-22174 wireshark - CVE-2021-22174 2021-02-17T15:15:00+00:00 Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-22173 wireshark - CVE-2021-22173 2021-02-17T15:15:00+00:00 Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-27904 MISP - CVE-2021-27904 2021-03-02T07:15:00+00:00 An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. 2021-03-02T07:15:00+00:00 CVE-2021-22191 wireshark - CVE-2021-22191 2021-03-15T18:15:00+00:00 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 2021-03-15T18:15:00+00:00 CVE-2021-28090 TorBrowser - CVE-2021-28090 2021-03-19T05:15:00+00:00 Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. 2021-03-19T05:15:00+00:00 CVE-2021-28089 TorBrowser - CVE-2021-28089 2021-03-19T05:15:00+00:00 Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. 2021-03-19T05:15:00+00:00 CVE-2021-22207 wireshark - CVE-2021-22207 2021-04-23T18:15:00+00:00 Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file 2021-04-23T18:15:00+00:00 CVE-2021-31780 MISP - CVE-2021-31780 2021-04-23T20:15:00+00:00 In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused. 2021-04-23T20:15:00+00:00 CVE-2021-22222 wireshark - CVE-2021-22222 2021-06-07T13:15:00+00:00 Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file 2021-06-07T13:15:00+00:00 CVE-2021-35502 MISP - CVE-2021-35502 2021-06-25T21:15:00+00:00 app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. 2021-06-25T21:15:00+00:00 CVE-2021-34548 TorBrowser - CVE-2021-34548 2021-06-29T11:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. 2021-06-29T11:15:00+00:00 CVE-2021-34550 TorBrowser - CVE-2021-34550 2021-06-29T12:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor 2021-06-29T12:15:00+00:00 CVE-2021-34549 TorBrowser - CVE-2021-34549 2021-06-29T12:15:00+00:00 An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. 2021-06-29T12:15:00+00:00 CVE-2021-36212 MISP - CVE-2021-36212 2021-07-07T13:15:00+00:00 app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. 2021-07-07T13:15:00+00:00 CVE-2021-22235 wireshark - CVE-2021-22235 2021-07-20T12:15:00+00:00 Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file 2021-07-20T12:15:00+00:00 CVE-2021-37534 MISP - CVE-2021-37534 2021-07-26T14:15:00+00:00 app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. 2021-07-26T14:15:00+00:00 CVE-2021-37743 MISP - CVE-2021-37743 2021-07-30T15:15:00+00:00 app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. 2021-07-30T15:15:00+00:00 CVE-2021-37742 MISP - CVE-2021-37742 2021-07-30T15:15:00+00:00 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. 2021-07-30T15:15:00+00:00 CVE-2021-39302 MISP - CVE-2021-39302 2021-08-19T17:15:00+00:00 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. 2021-08-19T17:15:00+00:00 CVE-2021-38385 TorBrowser - CVE-2021-38385 2021-08-30T05:15:00+00:00 Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. 2021-08-30T05:15:00+00:00 CVE-2021-41326 MISP - CVE-2021-41326 2021-09-17T18:15:00+00:00 In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. 2021-09-17T18:15:00+00:00 CVE-2021-39246 TorBrowser - CVE-2021-39246 2021-09-24T19:15:00+00:00 Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). 2021-09-24T19:15:00+00:00 CVE-2021-39928 wireshark - CVE-2021-39928 2021-11-18T19:15:00+00:00 NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39920 wireshark - CVE-2021-39920 2021-11-18T19:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39924 wireshark - CVE-2021-39924 2021-11-19T17:15:00+00:00 Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 wireshark - CVE-2021-39923 2021-11-19T17:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 wireshark - CVE-2021-39923 2021-11-19T17:15:00+00:00 Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39921 wireshark - CVE-2021-39921 2021-11-19T17:15:00+00:00 NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39925 wireshark - CVE-2021-39925 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39929 wireshark - CVE-2021-39929 2021-11-19T17:15:00+00:00 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39926 wireshark - CVE-2021-39926 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39922 wireshark - CVE-2021-39922 2021-11-19T17:15:00+00:00 Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-4183 wireshark - CVE-2021-4183 2021-12-30T22:15:00+00:00 Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4182 wireshark - CVE-2021-4182 2021-12-30T22:15:00+00:00 Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4190 wireshark - CVE-2021-4190 2021-12-30T22:15:00+00:00 Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4185 wireshark - CVE-2021-4185 2021-12-30T22:15:00+00:00 Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4181 wireshark - CVE-2021-4181 2021-12-30T22:15:00+00:00 Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4184 wireshark - CVE-2021-4184 2021-12-30T22:15:00+00:00 Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4186 wireshark - CVE-2021-4186 2021-12-30T22:15:00+00:00 Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2022-0581 wireshark - CVE-2022-0581 2022-02-14T22:15:00+00:00 Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0583 wireshark - CVE-2022-0583 2022-02-14T22:15:00+00:00 Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0586 wireshark - CVE-2022-0586 2022-02-14T22:15:00+00:00 Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0582 wireshark - CVE-2022-0582 2022-02-14T22:15:00+00:00 Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0585 wireshark - CVE-2022-0585 2022-02-18T18:15:00+00:00 Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file 2022-02-18T18:15:00+00:00 CVE-2021-46702 TorBrowser - CVE-2021-46702 2022-02-26T03:15:00+00:00 Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory. 2022-02-26T03:15:00+00:00 CVE-2022-27245 MISP - CVE-2022-27245 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. 2022-03-18T18:15:00+00:00 CVE-2022-27243 MISP - CVE-2022-27243 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. 2022-03-18T18:15:00+00:00 CVE-2022-27244 MISP - CVE-2022-27244 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. 2022-03-18T18:15:00+00:00 CVE-2022-27246 MISP - CVE-2022-27246 2022-03-18T18:15:00+00:00 An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. 2022-03-18T18:15:00+00:00 CVE-2022-29529 MISP - CVE-2022-29529 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. 2022-04-20T23:15:00+00:00 CVE-2022-29533 MISP - CVE-2022-29533 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." 2022-04-20T23:15:00+00:00 CVE-2022-29531 MISP - CVE-2022-29531 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. 2022-04-20T23:15:00+00:00 CVE-2022-29528 MISP - CVE-2022-29528 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. 2022-04-20T23:15:00+00:00 CVE-2022-29530 MISP - CVE-2022-29530 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. 2022-04-20T23:15:00+00:00 CVE-2022-29532 MISP - CVE-2022-29532 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. 2022-04-20T23:15:00+00:00 CVE-2022-29534 MISP - CVE-2022-29534 2022-04-20T23:15:00+00:00 An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. 2022-04-20T23:15:00+00:00 CVE-2022-29718 caddy - CVE-2022-29718 2022-06-02T21:15:00+00:00 Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. 2022-06-02T21:15:00+00:00 CVE-2022-33903 TorBrowser - CVE-2022-33903 2022-07-17T23:15:00+00:00 Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. 2022-07-17T23:15:00+00:00 CVE-2022-34037 caddy - CVE-2022-34037 2022-07-22T15:15:00+00:00 An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. 2022-07-22T15:15:00+00:00 CVE-2022-3190 wireshark - CVE-2022-3190 2022-09-13T15:15:00+00:00 Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file 2022-09-13T15:15:00+00:00 CVE-2022-3725 wireshark - CVE-2022-3725 2022-10-27T17:15:00+00:00 Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file 2022-10-27T17:15:00+00:00 CVE-2022-3724 wireshark - CVE-2022-3724 2022-12-09T18:15:00+00:00 Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows 2022-12-09T18:15:00+00:00 CVE-2022-4344 wireshark - CVE-2022-4344 2023-01-12T00:15:00+00:00 Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file 2023-01-12T00:15:00+00:00 CVE-2022-4345 wireshark - CVE-2022-4345 2023-01-12T04:15:00+00:00 Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file 2023-01-12T04:15:00+00:00 CVE-2023-23589 TorBrowser - CVE-2023-23589 2023-01-14T01:15:00+00:00 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. 2023-01-14T01:15:00+00:00 CVE-2023-24028 MISP - CVE-2023-24028 2023-01-20T22:15:00+00:00 In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. 2023-01-20T22:15:00+00:00 CVE-2023-24027 MISP - CVE-2023-24027 2023-01-20T22:15:00+00:00 In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. 2023-01-20T22:15:00+00:00 CVE-2023-24026 MISP - CVE-2023-24026 2023-01-20T22:15:00+00:00 In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. 2023-01-20T22:15:00+00:00 CVE-2023-0412 wireshark - CVE-2023-0412 2023-01-26T21:18:00+00:00 TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file 2023-01-26T21:18:00+00:00 CVE-2022-28923 caddy - CVE-2022-28923 2023-02-06T23:15:00+00:00 Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. 2023-02-06T23:15:00+00:00 CVE-2023-1161 wireshark - CVE-2023-1161 2023-03-06T21:15:00+00:00 ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file 2023-03-06T21:15:00+00:00 CVE-2023-1992 wireshark - CVE-2023-1992 2023-04-12T21:15:00+00:00 RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T21:15:00+00:00 CVE-2023-1993 wireshark - CVE-2023-1993 2023-04-12T21:15:00+00:00 LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T21:15:00+00:00 CVE-2023-1994 wireshark - CVE-2023-1994 2023-04-12T22:15:00+00:00 GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T22:15:00+00:00 CVE-2023-2879 wireshark - CVE-2023-2879 2023-05-26T21:15:00+00:00 GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2857 wireshark - CVE-2023-2857 2023-05-26T21:15:00+00:00 BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2858 wireshark - CVE-2023-2858 2023-05-26T21:15:00+00:00 NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2855 wireshark - CVE-2023-2855 2023-05-26T21:15:00+00:00 Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2856 wireshark - CVE-2023-2856 2023-05-26T21:15:00+00:00 VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2854 wireshark - CVE-2023-2854 2023-05-26T21:15:00+00:00 BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2952 wireshark - CVE-2023-2952 2023-05-30T23:15:00+00:00 XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file 2023-05-30T23:15:00+00:00 CVE-2023-0666 wireshark - CVE-2023-0666 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. 2023-06-07T03:15:00+00:00 CVE-2023-0667 wireshark - CVE-2023-0667 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark 2023-06-07T03:15:00+00:00 CVE-2023-0668 wireshark - CVE-2023-0668 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. 2023-06-07T03:15:00+00:00