Security update for wireshark

This update for wireshark fixes the following issues CVE-2026-5401: AFP dissector crash bsc1263756. CVE-2026-5403: SBC audio codec crash bsc1263765. CVE-2026-5404: K12 RF5 file parser crash bsc1263766. CVE-2026-5405: RDP dissector crash bsc1263767. CVE-2026-5406: FC-SWILS dissector crash...

CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

GHSA-V8H7-RR48-VMMV Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection

Summary Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same...

CVE-2026-6526

A flaw was found in Wireshark, a network protocol analyzer. By processing a specially crafted Real-Time Streaming Protocol RTSP packet, a remote attacker could cause the Wireshark application to crash, leading to a denial of service. This vulnerability affects the RTSP protocol dissector...

CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

CVE-2026-6526 NULL Pointer Dereference in Wireshark

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

EUVD-2026-26333

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

CVE-2026-35903

CVE-2026-35903 affects Mercury MIPC252W IP camera (1.0.5 Build 230306 Rel.79931n). The RTSP service has improper authentication: after a successful Digest authentication in an initial DESCRIBE, the device does not verify the Digest response in later RTSP requests within the same session. Conseque...

PT-2026-35509

Name of the Vulnerable Software and Affected Versions Mercury MIPC252W version 1.0.5 Build 230306 Rel.79931n Description A handling issue in the RTSP Real Time Streaming Protocol service allows an authenticated attacker to trigger session termination. By repeatedly sending SETUP requests for the...

PT-2025-53361

FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without...

CVE-2024-42531

Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establi...

CVE-2024-51362

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

CVE-2024-51362

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

CVE-2024-51362

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

CVE-2024-51362

The CVE-2024-51362 entry affects LSC Smart Connect Indoor IP Camera V7.6.32. The Red Hat NVD references and other sources confirm an information-disclosure flaw where live footage can be accessed via RTSP on port 8554 without authentication, enabling unauthorized network access to the camera feed...

CVE-2024-51362

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

CVE-2024-46959

runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio stream...

PT-2024-5935 · Ezviz · Ezviz Internet Pt Camera

Name of the Vulnerable Software and Affected Versions: Ezviz Internet PT Camera versions V5.3 build 191225 through V9.1.17.1.4-20180428 Ezviz Internet PT Camera CS-CV246 D15655150 Description: The issue allows an unauthenticated host to access the live video stream of the Ezviz Internet PT Camera...