5128 matches found
CVE-2024-4853
CVE-2024-4853 corresponds to a memory handling issue in editcap that could cause a denial of service via crafted capture files in Wireshark. The connected advisories confirm affected components (Wireshark/editcap) and indicate patches/upgrades are available; for example, Debian LTS DLA-3906-1 not...
CVE-2024-4853 Mismatched Memory Management Routines in editcap
Memory handling issue in editcap could cause denial of service via crafted capture file...
CVE-2024-34699 GZ::CTF allows unprivileged user can perform XSS attacks by constructing malicious team names.
GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1...
CVE-2024-20859
Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege...
PT-2024-25684 · Amazon · Sagemaker-Python-Sdk
Name of the Vulnerable Software and Affected Versions: sagemaker-python-sdk versions prior to 2.214.3 Description: The capture dependencies function in the sagemaker.serve.save retrive.version 1 0 0.save.utils module allows for potentially unsafe Operating System OS Command Injection if an...
PT-2024-3514
Name of the Vulnerable Software and Affected Versions Cisco IP Phone 6800 versions affected versions not specified Cisco IP Phone 7800 versions affected versions not specified Cisco IP Phone 8800 versions affected versions not specified Cisco Video Phone 8875 versions affected versions not...
Authentication Bypass By Capture-replay
LinOTP is vulnerable to Authentication Bypass By Capture-replay. The vulnerability is due to the activation of automatic resynchronization, allowing an attacker to successfully log in with OTP values recorded at a previous point in time...
Medium: wireshark
Issue Overview: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file CVE-2024-2955 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...
MGASA-2024-0149 Updated wireshark packages fix security vulnerability
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file. CVE-2024-2955...
Updated wireshark packages fix security vulnerability
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file. CVE-2024-2955...
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated...
Wireshark 4.0.x < 4.0.14 A Vulnerability
The version of Wireshark installed on the remote Windows host is prior to 4.0.14. It is, therefore, affected by a vulnerability as referenced in the wireshark-4.0.14 advisory. - T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or...
VulnCheck KEV: CVE-2024-13985
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...
SUSE CVE-2024-2955
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...
Wireshark NetScreen File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must open a specially crafted packet capture file. The specific flaw exists within the parsing of packet captu...
ROS-20240328-15
A vulnerability in the Web Browser UI of Google Chrome and Microsoft Edge browsers is related to incorrectly implemented security checks for standard elements. implemented security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...
CVE-2024-2955
A flaw was found in the T.38 dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a use-after-free problem, resulting in a denial of service...
AZL-42523 CVE-2024-2955 affecting package wireshark 4.0.8-1
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...
CVE-2024-2955
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...
DEBIAN-CVE-2024-2955
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...