http://open-source-security-software.net/cves.atomRecent CVEs2024-10-05T03:41:45.629156+00:00python-feedgenCVE-2020-25866wireshark - CVE-2020-258662020-10-06T15:15:00+00:00In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.2020-10-06T15:15:00+00:00CVE-2020-28030wireshark - CVE-2020-280302020-11-02T21:15:00+00:00In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.2020-11-02T21:15:00+00:00CVE-2020-28043MISP - CVE-2020-280432020-11-02T21:15:00+00:00MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.2020-11-02T21:15:00+00:00CVE-2020-28947MISP - CVE-2020-289472020-11-19T18:15:00+00:00In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.2020-11-19T18:15:00+00:00CVE-2020-29006MISP - CVE-2020-290062020-11-24T15:15:00+00:00MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.2020-11-24T15:15:00+00:00CVE-2020-29572MISP - CVE-2020-295722020-12-06T00:15:00+00:00app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.2020-12-06T00:15:00+00:00CVE-2020-26421wireshark - CVE-2020-264212020-12-11T19:15:00+00:00Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.2020-12-11T19:15:00+00:00CVE-2020-26419wireshark - CVE-2020-264192020-12-11T19:15:00+00:00Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.2020-12-11T19:15:00+00:00CVE-2020-26420wireshark - CVE-2020-264202020-12-11T19:15:00+00:00Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.2020-12-11T19:15:00+00:00CVE-2020-26418wireshark - CVE-2020-264182020-12-11T19:15:00+00:00Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.2020-12-11T19:15:00+00:00CVE-2020-26422wireshark - CVE-2020-264222020-12-21T18:15:00+00:00Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file2020-12-21T18:15:00+00:00CVE-2021-3184MISP - CVE-2021-31842021-01-19T16:15:00+00:00MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.2021-01-19T16:15:00+00:00CVE-2021-25325MISP - CVE-2021-253252021-01-19T16:15:00+00:00MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.2021-01-19T16:15:00+00:00CVE-2021-25324MISP - CVE-2021-253242021-01-19T16:15:00+00:00MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.2021-01-19T16:15:00+00:00CVE-2021-25323MISP - CVE-2021-253232021-01-19T16:15:00+00:00The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.2021-01-19T16:15:00+00:00CVE-2020-24085MISP - CVE-2020-240852021-01-26T18:15:00+00:00A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.2021-01-26T18:15:00+00:00CVE-2021-22174wireshark - CVE-2021-221742021-02-17T15:15:00+00:00Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file2021-02-17T15:15:00+00:00CVE-2021-22173wireshark - CVE-2021-221732021-02-17T15:15:00+00:00Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file2021-02-17T15:15:00+00:00CVE-2021-27904MISP - CVE-2021-279042021-03-02T07:15:00+00:00An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.2021-03-02T07:15:00+00:00CVE-2021-22191wireshark - CVE-2021-221912021-03-15T18:15:00+00:00Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.2021-03-15T18:15:00+00:00CVE-2021-28090TorBrowser - CVE-2021-280902021-03-19T05:15:00+00:00Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.2021-03-19T05:15:00+00:00CVE-2021-28089TorBrowser - CVE-2021-280892021-03-19T05:15:00+00:00Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.2021-03-19T05:15:00+00:00CVE-2021-22207wireshark - CVE-2021-222072021-04-23T18:15:00+00:00Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file2021-04-23T18:15:00+00:00CVE-2021-31780MISP - CVE-2021-317802021-04-23T20:15:00+00:00In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.2021-04-23T20:15:00+00:00CVE-2021-22222wireshark - CVE-2021-222222021-06-07T13:15:00+00:00Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file2021-06-07T13:15:00+00:00CVE-2021-35502MISP - CVE-2021-355022021-06-25T21:15:00+00:00app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.2021-06-25T21:15:00+00:00CVE-2021-34548TorBrowser - CVE-2021-345482021-06-29T11:15:00+00:00An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.2021-06-29T11:15:00+00:00CVE-2021-34550TorBrowser - CVE-2021-345502021-06-29T12:15:00+00:00An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor2021-06-29T12:15:00+00:00CVE-2021-34549TorBrowser - CVE-2021-345492021-06-29T12:15:00+00:00An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.2021-06-29T12:15:00+00:00CVE-2021-36212MISP - CVE-2021-362122021-07-07T13:15:00+00:00app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.2021-07-07T13:15:00+00:00CVE-2021-22235wireshark - CVE-2021-222352021-07-20T12:15:00+00:00Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file2021-07-20T12:15:00+00:00CVE-2021-37534MISP - CVE-2021-375342021-07-26T14:15:00+00:00app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.2021-07-26T14:15:00+00:00CVE-2021-37743MISP - CVE-2021-377432021-07-30T15:15:00+00:00app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.2021-07-30T15:15:00+00:00CVE-2021-37742MISP - CVE-2021-377422021-07-30T15:15:00+00:00app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.2021-07-30T15:15:00+00:00CVE-2021-39302MISP - CVE-2021-393022021-08-19T17:15:00+00:00MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.2021-08-19T17:15:00+00:00CVE-2021-38385TorBrowser - CVE-2021-383852021-08-30T05:15:00+00:00Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.2021-08-30T05:15:00+00:00CVE-2021-41326MISP - CVE-2021-413262021-09-17T18:15:00+00:00In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.2021-09-17T18:15:00+00:00CVE-2021-39246TorBrowser - CVE-2021-392462021-09-24T19:15:00+00:00Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).2021-09-24T19:15:00+00:00CVE-2021-39928wireshark - CVE-2021-399282021-11-18T19:15:00+00:00NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-18T19:15:00+00:00CVE-2021-39920wireshark - CVE-2021-399202021-11-18T19:15:00+00:00NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file2021-11-18T19:15:00+00:00CVE-2021-39924wireshark - CVE-2021-399242021-11-19T17:15:00+00:00Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-19T17:15:00+00:00CVE-2021-39923wireshark - CVE-2021-399232021-11-19T17:15:00+00:00NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file2021-11-19T17:15:00+00:00CVE-2021-39923wireshark - CVE-2021-399232021-11-19T17:15:00+00:00Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-19T17:15:00+00:00CVE-2021-39921wireshark - CVE-2021-399212021-11-19T17:15:00+00:00NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-19T17:15:00+00:00CVE-2021-39925wireshark - CVE-2021-399252021-11-19T17:15:00+00:00Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-19T17:15:00+00:00CVE-2021-39929wireshark - CVE-2021-399292021-11-19T17:15:00+00:00Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-19T17:15:00+00:00CVE-2021-39926wireshark - CVE-2021-399262021-11-19T17:15:00+00:00Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file2021-11-19T17:15:00+00:00CVE-2021-39922wireshark - CVE-2021-399222021-11-19T17:15:00+00:00Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-19T17:15:00+00:00CVE-2021-4183wireshark - CVE-2021-41832021-12-30T22:15:00+00:00Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file2021-12-30T22:15:00+00:00CVE-2021-4182wireshark - CVE-2021-41822021-12-30T22:15:00+00:00Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file2021-12-30T22:15:00+00:00CVE-2021-4190wireshark - CVE-2021-41902021-12-30T22:15:00+00:00Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file2021-12-30T22:15:00+00:00CVE-2021-4185wireshark - CVE-2021-41852021-12-30T22:15:00+00:00Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file2021-12-30T22:15:00+00:00CVE-2021-4181wireshark - CVE-2021-41812021-12-30T22:15:00+00:00Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file2021-12-30T22:15:00+00:00CVE-2021-4184wireshark - CVE-2021-41842021-12-30T22:15:00+00:00Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file2021-12-30T22:15:00+00:00CVE-2021-4186wireshark - CVE-2021-41862021-12-30T22:15:00+00:00Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file2021-12-30T22:15:00+00:00CVE-2022-0581wireshark - CVE-2022-05812022-02-14T22:15:00+00:00Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file2022-02-14T22:15:00+00:00CVE-2022-0583wireshark - CVE-2022-05832022-02-14T22:15:00+00:00Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file2022-02-14T22:15:00+00:00CVE-2022-0586wireshark - CVE-2022-05862022-02-14T22:15:00+00:00Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file2022-02-14T22:15:00+00:00CVE-2022-0582wireshark - CVE-2022-05822022-02-14T22:15:00+00:00Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file2022-02-14T22:15:00+00:00CVE-2022-0585wireshark - CVE-2022-05852022-02-18T18:15:00+00:00Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file2022-02-18T18:15:00+00:00CVE-2021-46702TorBrowser - CVE-2021-467022022-02-26T03:15:00+00:00Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.2022-02-26T03:15:00+00:00CVE-2022-27245MISP - CVE-2022-272452022-03-18T18:15:00+00:00An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.2022-03-18T18:15:00+00:00CVE-2022-27243MISP - CVE-2022-272432022-03-18T18:15:00+00:00An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.2022-03-18T18:15:00+00:00CVE-2022-27244MISP - CVE-2022-272442022-03-18T18:15:00+00:00An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.2022-03-18T18:15:00+00:00CVE-2022-27246MISP - CVE-2022-272462022-03-18T18:15:00+00:00An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.2022-03-18T18:15:00+00:00CVE-2022-29529MISP - CVE-2022-295292022-04-20T23:15:00+00:00An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.2022-04-20T23:15:00+00:00CVE-2022-29533MISP - CVE-2022-295332022-04-20T23:15:00+00:00An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."2022-04-20T23:15:00+00:00CVE-2022-29531MISP - CVE-2022-295312022-04-20T23:15:00+00:00An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.2022-04-20T23:15:00+00:00CVE-2022-29528MISP - CVE-2022-295282022-04-20T23:15:00+00:00An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.2022-04-20T23:15:00+00:00CVE-2022-29530MISP - CVE-2022-295302022-04-20T23:15:00+00:00An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.2022-04-20T23:15:00+00:00CVE-2022-29532MISP - CVE-2022-295322022-04-20T23:15:00+00:00An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.2022-04-20T23:15:00+00:00CVE-2022-29534MISP - CVE-2022-295342022-04-20T23:15:00+00:00An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.2022-04-20T23:15:00+00:00CVE-2022-29718caddy - CVE-2022-297182022-06-02T21:15:00+00:00Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.2022-06-02T21:15:00+00:00CVE-2022-33903TorBrowser - CVE-2022-339032022-07-17T23:15:00+00:00Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.2022-07-17T23:15:00+00:00CVE-2022-34037caddy - CVE-2022-340372022-07-22T15:15:00+00:00An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.2022-07-22T15:15:00+00:00CVE-2022-3190wireshark - CVE-2022-31902022-09-13T15:15:00+00:00Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file2022-09-13T15:15:00+00:00CVE-2022-3725wireshark - CVE-2022-37252022-10-27T17:15:00+00:00Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file2022-10-27T17:15:00+00:00CVE-2022-3724wireshark - CVE-2022-37242022-12-09T18:15:00+00:00Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows2022-12-09T18:15:00+00:00CVE-2022-4344wireshark - CVE-2022-43442023-01-12T00:15:00+00:00Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file2023-01-12T00:15:00+00:00CVE-2022-4345wireshark - CVE-2022-43452023-01-12T04:15:00+00:00Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file2023-01-12T04:15:00+00:00CVE-2023-23589TorBrowser - CVE-2023-235892023-01-14T01:15:00+00:00The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.2023-01-14T01:15:00+00:00CVE-2023-24028MISP - CVE-2023-240282023-01-20T22:15:00+00:00In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.2023-01-20T22:15:00+00:00CVE-2023-24027MISP - CVE-2023-240272023-01-20T22:15:00+00:00In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.2023-01-20T22:15:00+00:00CVE-2023-24026MISP - CVE-2023-240262023-01-20T22:15:00+00:00In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.2023-01-20T22:15:00+00:00CVE-2023-0412wireshark - CVE-2023-04122023-01-26T21:18:00+00:00TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file2023-01-26T21:18:00+00:00CVE-2022-28923caddy - CVE-2022-289232023-02-06T23:15:00+00:00Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.2023-02-06T23:15:00+00:00CVE-2023-1161wireshark - CVE-2023-11612023-03-06T21:15:00+00:00ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file2023-03-06T21:15:00+00:00CVE-2023-1992wireshark - CVE-2023-19922023-04-12T21:15:00+00:00RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file2023-04-12T21:15:00+00:00CVE-2023-1993wireshark - CVE-2023-19932023-04-12T21:15:00+00:00LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file2023-04-12T21:15:00+00:00CVE-2023-1994wireshark - CVE-2023-19942023-04-12T22:15:00+00:00GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file2023-04-12T22:15:00+00:00CVE-2023-2879wireshark - CVE-2023-28792023-05-26T21:15:00+00:00GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file2023-05-26T21:15:00+00:00CVE-2023-2857wireshark - CVE-2023-28572023-05-26T21:15:00+00:00BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-26T21:15:00+00:00CVE-2023-2858wireshark - CVE-2023-28582023-05-26T21:15:00+00:00NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-26T21:15:00+00:00CVE-2023-2855wireshark - CVE-2023-28552023-05-26T21:15:00+00:00Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-26T21:15:00+00:00CVE-2023-2856wireshark - CVE-2023-28562023-05-26T21:15:00+00:00VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-26T21:15:00+00:00CVE-2023-2854wireshark - CVE-2023-28542023-05-26T21:15:00+00:00BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-26T21:15:00+00:00CVE-2023-2952wireshark - CVE-2023-29522023-05-30T23:15:00+00:00XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file2023-05-30T23:15:00+00:00CVE-2023-0666wireshark - CVE-2023-06662023-06-07T03:15:00+00:00Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.2023-06-07T03:15:00+00:00CVE-2023-0667wireshark - CVE-2023-06672023-06-07T03:15:00+00:00Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark2023-06-07T03:15:00+00:00CVE-2023-0668wireshark - CVE-2023-06682023-06-07T03:15:00+00:00Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.2023-06-07T03:15:00+00:00