Lucene search
K

5128 matches found

CVE
CVE
added 2024/05/14 12:3 a.m.51 views

CVE-2024-4853

CVE-2024-4853 corresponds to a memory handling issue in editcap that could cause a denial of service via crafted capture files in Wireshark. The connected advisories confirm affected components (Wireshark/editcap) and indicate patches/upgrades are available; for example, Debian LTS DLA-3906-1 not...

5.5CVSS5AI score0.00419EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/14 12:3 a.m.18 views

CVE-2024-4853 Mismatched Memory Management Routines in editcap

Memory handling issue in editcap could cause denial of service via crafted capture file...

3.6CVSS6.7AI score0.00419EPSS
Exploits1References2
OSV
OSV
added 2024/05/13 7:1 p.m.15 views

CVE-2024-34699 GZ::CTF allows unprivileged user can perform XSS attacks by constructing malicious team names.

GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1...

6.5CVSS6.2AI score0.0055EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/07 4:28 a.m.27 views

CVE-2024-20859

Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege...

5.5CVSS5.6AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-25684 · Amazon · Sagemaker-Python-Sdk

Name of the Vulnerable Software and Affected Versions: sagemaker-python-sdk versions prior to 2.214.3 Description: The capture dependencies function in the sagemaker.serve.save retrive.version 1 0 0.save.utils module allows for potentially unsafe Operating System OS Command Injection if an...

7.8CVSS8.3AI score0.01143EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.5 views

PT-2024-3514

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 6800 versions affected versions not specified Cisco IP Phone 7800 versions affected versions not specified Cisco IP Phone 8800 versions affected versions not specified Cisco Video Phone 8875 versions affected versions not...

7.8CVSS6.7AI score0.00803EPSS
Exploits0References10
Veracode
Veracode
added 2024/04/30 8:15 a.m.17 views

Authentication Bypass By Capture-replay

LinOTP is vulnerable to Authentication Bypass By Capture-replay. The vulnerability is due to the activation of automatic resynchronization, allowing an attacker to successfully log in with OTP values recorded at a previous point in time...

8.1CVSS6.7AI score0.01164EPSS
Exploits0References3Affected Software1
Amazon
Amazon
added 2024/04/30 12:0 a.m.39 views

Medium: wireshark

Issue Overview: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file CVE-2024-2955 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

7.8CVSS7.2AI score0.01414EPSS
Exploits1
OSV
OSV
added 2024/04/26 6:47 a.m.8 views

MGASA-2024-0149 Updated wireshark packages fix security vulnerability

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file. CVE-2024-2955...

7.8CVSS6.9AI score0.01414EPSS
Exploits1References3
Mageia
Mageia
added 2024/04/26 6:47 a.m.43 views

Updated wireshark packages fix security vulnerability

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file. CVE-2024-2955...

7.8CVSS7.1AI score0.01414EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/04/25 5:50 a.m.62 views

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated...

8.6CVSS8.2AI score0.63272EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/04/13 12:0 a.m.19 views

Wireshark 4.0.x < 4.0.14 A Vulnerability

The version of Wireshark installed on the remote Windows host is prior to 4.0.14. It is, therefore, affected by a vulnerability as referenced in the wireshark-4.0.14 advisory. - T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or...

7.8CVSS6.9AI score0.01414EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2024/04/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-13985

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...

10CVSS6.1AI score0.07651EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/03/28 4:14 a.m.2 views

SUSE CVE-2024-2955

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...

7.8CVSS7AI score0.01414EPSS
Exploits1References4
Zero Day Initiative
Zero Day Initiative
added 2024/03/28 12:0 a.m.26 views

Wireshark NetScreen File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must open a specially crafted packet capture file. The specific flaw exists within the parsing of packet captu...

7.8CVSS7.3AI score0.03456EPSS
Exploits0References1
Redos
Redos
added 2024/03/28 12:0 a.m.26 views

ROS-20240328-15

A vulnerability in the Web Browser UI of Google Chrome and Microsoft Edge browsers is related to incorrectly implemented security checks for standard elements. implemented security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...

8.8CVSS7.2AI score0.01286EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/03/27 8:32 a.m.61 views

CVE-2024-2955

A flaw was found in the T.38 dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a use-after-free problem, resulting in a denial of service...

6.5CVSS7.4AI score0.01414EPSS
Exploits1References4
OSV
OSV
added 2024/03/26 8:15 p.m.6 views

AZL-42523 CVE-2024-2955 affecting package wireshark 4.0.8-1

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...

7.8CVSS7.1AI score0.01414EPSS
Exploits1References1
NVD
NVD
added 2024/03/26 8:15 p.m.16 views

CVE-2024-2955

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...

7.8CVSS7.6AI score0.01414EPSS
Exploits1References5
OSV
OSV
added 2024/03/26 8:15 p.m.0 views

DEBIAN-CVE-2024-2955

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...

7.5CVSS6.6AI score0.01414EPSS
Exploits1References1
Rows per page
Query Builder