Stored cross-site scripting (XSS) in LinkStack up to version 4.8.6 allows authenticated users to inject malicious scripts via the pageDescription parameter in the editPage function, which are then stored and executed in the browsers of users viewing the affected page. The vulnerability requires user interaction (victim must view the page) and authenticated access, limiting its scope to authenticated attackers, but publicly available exploit code exists and the vendor has provided a fix via pull request #974.
FRRouting before version 10.5.3 contains an integer overflow vulnerability in OSPF Traffic Engineering and Segment Routing TLV parser functions that allows attackers with an established OSPF adjacency to send a malicious Type 10 or Type 11 Opaque LSA and trigger out-of-bounds memory reads, crashing all affected routers in the OSPF area. The vulnerability results from a uint16_t accumulator variable truncating uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. This is a denial-of-service attack requiring OSPF neighbor status but no user interaction or additional privileges.
Denial of service in Exim before 4.99.2 on musl libc systems allows remote attackers to crash mail server connection instances by sending malformed DNS PTR records that trigger an octal printing bug in the dn_expand function. The vulnerability requires high network complexity to exploit but results in service unavailability for affected connections. No patch version confirmation available from provided references.
Dancer::Session::Abstract through version 1.3522 generates cryptographically weak session identifiers by combining predictable inputs (file path, process ID, epoch time) with an insufficiently-seeded Perl rand() function, allowing remote attackers to predict valid session IDs and hijack user sessions without authentication. The vulnerability affects Perl-based web applications using Dancer framework's default session handling; active exploitation is not confirmed but the attack requires only guessing a session ID, making it practically exploitable.
Buffer overflow in Absolute Secure Access Windows client prior to version 14.50 allows local attackers to cause denial of service by triggering a system blue screen. The vulnerability requires local access to the affected system and can be exploited without user interaction or authentication. A vendor patch is available.
Apache Airflow's SmtpHook performs STARTTLS upgrades without SSL certificate validation, allowing man-in-the-middle attackers to intercept SMTP credentials. Remote unauthenticated attackers positioned between an Airflow worker and SMTP server can present a self-signed certificate, complete the TLS handshake, and capture login credentials sent after the upgrade. The vulnerability affects apache-airflow-providers-smtp versions 2.0.0 through 2.x and is patched in version 3.0.0 or later. No public exploit code identified at time of analysis, but EPSS score of 0.01% indicates low real-world exploitation probability despite confidentiality impact.
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including init_net. Add a netlink_ns_capable() check for CAP_NET_ADMIN in the peer namespace before allowing device creation to proceed.
Authenticated users with minimal namespace-scoped privileges can obtain administrative credentials for arbitrary OpenShift clusters provisioned through the MCE hub via the assisted-service REST API. The vulnerability exists in AUTH_TYPE=local mode (the only mode available in on-premises deployments), where the local authenticator grants full administrative access to any request bearing a valid JWT with no per-endpoint restrictions. A valid JWT is embedded as plaintext in the InfraEnvStatus.ISODownloadURL, readable by any user with get rights on an InfraEnv object, enabling extraction of kubeadmin passwords and kubeconfigs for all spoke clusters.
Denial of service in Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 via malformed Monero protocol packets causes application crash through unbounded recursion in the protocol dissector. Local attackers with user-level privileges can trigger the crash by opening a crafted pcap file or receiving a malicious network packet during live capture, requiring user interaction to open the malicious file but resulting in complete unavailability of the packet analysis tool.
Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed BT-DHT protocol packets, enabling local denial of service against users who open crafted capture files or sniff untrusted network traffic. The vulnerability requires local access and user interaction (opening a file or viewing live capture), but no authentication is required. EPSS exploitation probability is moderate given the low attack complexity and the prevalence of Wireshark in security operations.
Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed FC-SWILS (Fibre Channel Switch InterLink Service) protocol packets, enabling denial of service via local or remote delivery of a crafted packet file. The vulnerability requires user interaction (opening a malicious capture file), and no active exploitation has been confirmed at time of analysis.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via infinite loop in SMB2 protocol dissector allows local attackers to crash the application when processing malicious or malformed SMB2 network traffic. Exploitation requires user interaction (opening a crafted capture file or live capture), and causes high availability impact with no data confidentiality or integrity compromise. CVSS 5.5 reflects local attack vector but potential for widespread impact given Wireshark's role in network analysis workflows.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via malformed ICMPv6 PvD (Prefix Validation Data) packets crashes the protocol dissector, requiring user interaction to open a crafted capture file. The vulnerability affects local users only (AV:L) and does not enable code execution, information disclosure, or integrity compromise.
Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed AFP Spotlight protocol packets, causing denial of service. An attacker can trigger the crash by delivering a crafted packet to a user running a vulnerable version, disrupting packet analysis and network monitoring. The vulnerability requires local or direct network access and user interaction to open a malicious capture file or receive the packet during live capture, but no authentication is needed.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via stack buffer overflow in the AMR-NB codec decoder allows local attackers with user interaction to crash the application. The vulnerability requires opening a specially crafted network capture file, making it exploitable in scenarios where users are tricked into opening untrusted PCAP files or when Wireshark auto-opens recent captures.
Denial of service in Wireshark 4.6.0 through 4.6.4 via crafted SDP protocol packets allows local attackers with user interaction to crash the application through a use-after-free memory corruption vulnerability in the SDP protocol dissector. EPSS and KEV status not available at analysis time; no public exploit code identified.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via crafted iLBC codec packets allows local attackers with user interaction to crash the application and interrupt service. The vulnerability stems from a use-after-free condition in the iLBC codec parser, triggered when Wireshark processes malformed audio codec data, causing an application crash without code execution.
Heap buffer overflow in the DCP-ETSI protocol dissector in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes denial of service when a user opens a malicious packet capture file. The vulnerability requires user interaction (opening a crafted .pcap or similar file locally) and crashes the application, preventing further packet analysis. No public exploit code or active exploitation has been confirmed at this time.
Stack buffer overflow in Wireshark's BEEP protocol dissector causes denial of service when processing malformed network packets. Versions 4.6.0-4.6.4 and 4.4.0-4.4.14 are vulnerable; a local user with the ability to interact with Wireshark or supply crafted BEEP traffic can trigger a crash via a specially crafted packet that requires user interaction to open or process. No public exploit code or active exploitation has been identified at time of analysis.
Stack buffer overflow in Wireshark's ZigBee protocol dissector (versions 4.6.0-4.6.4 and 4.4.0-4.4.14) causes application crash and denial of service when processing malformed ZigBee packets. An attacker must trick a user into opening a crafted packet capture file or visiting a malicious webpage serving the packet, since the vulnerability requires local file access and user interaction. No active exploitation has been publicly reported.
Wireshark versions 4.6.0 through 4.6.4 contain an infinite loop vulnerability in the DLMS/COSEM protocol dissector that causes denial of service when processing malformed packets. A local attacker with user privileges can trigger the infinite loop by opening a crafted DLMS/COSEM packet capture file, freezing the application and rendering it unresponsive without requiring authentication or special configuration.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via infinite loop in the USB HID protocol dissector allows local attackers to crash the application by opening a maliciously crafted packet capture file. The vulnerability requires user interaction (opening a file) on a local system, making it suitable for targeted attacks against security analysts and network administrators who routinely inspect suspicious network traffic.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers to crash the application by triggering an unhandled exception in the LZ77 decompression engine when processing malformed compressed packet data. The vulnerability requires user interaction (opening a crafted packet capture file or receiving a malicious packet) but causes immediate application termination, impacting network analysis workflows.
Infinite loop in the SANE protocol dissector in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes denial of service when processing malformed SANE packets. A local attacker with user privileges can trigger the infinite loop by crafting a specially formatted SANE network capture or injecting malicious packets, causing Wireshark to hang and become unresponsive, denying analysts access to packet analysis.
Heap buffer overflow in Wireshark's DCP-ETSI protocol dissector causes denial of service when processing malformed network packets in versions 4.6.0-4.6.4 and 4.4.0-4.4.14. A local user can trigger a crash by opening a crafted packet file or live network capture, rendering the packet analysis tool unresponsive. No remote exploitation or data exfiltration is possible; impact is limited to availability.
Heap buffer overflow in the iLBC audio codec dissector in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers with user interaction to trigger a denial of service crash by supplying a malformed iLBC packet. The vulnerability requires user interaction to open a crafted packet capture file and does not enable code execution.
Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed ASN.1 PER protocol packets, enabling local denial of service against users opening crafted capture files. The vulnerability requires user interaction (opening a file or receiving a live packet capture) but allows an attacker to hang or crash the application without authentication. No active exploitation has been confirmed in public sources.
Denial of service in Wireshark 4.6.0 through 4.6.4 via null pointer dereference in the RTSP protocol dissector causes application crash when processing malformed RTSP traffic. Local attackers with network access to a Wireshark instance can trigger the crash by supplying a specially crafted RTSP packet, resulting in availability impact. No public exploit code or active in-the-wild exploitation has been identified; patch availability status requires verification from vendor.
Denial of service via MySQL protocol dissector crash in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local users with no privileges to crash the application through a crafted malicious pcap file or network capture, requiring only user interaction to open the file. The vulnerability stems from improper memory access in the MySQL dissector parser (CWE-824: Access of Uninitialized Pointer), resulting in application termination and loss of packet analysis capability. No public exploit code or active exploitation has been identified at time of analysis.
Infinite loop in the GNW protocol dissector in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes denial of service when processing malformed packets. Local attackers with user interaction can craft malicious GNW traffic or files to exhaust CPU resources and freeze the application, preventing legitimate packet analysis and potentially disrupting network troubleshooting workflows.
Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14 are vulnerable to a denial of service attack via an infinite loop in the OpenFlow v6 protocol dissector, triggered when processing malformed OpenFlow traffic. A local attacker with user interaction can crash the Wireshark application by crafting a malicious packet capture file or live traffic stream, rendering packet analysis unavailable until the process is restarted. No authentication is required, and the CVSS score of 5.5 reflects local attack vector with high availability impact.
Infinite loop in the MBIM protocol dissector of Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes denial of service when processing specially crafted MBIM packets. A local user with normal privileges can trigger the infinite loop via user interaction (opening a malicious packet capture file), causing the application to hang and become unresponsive. No code execution or data access is possible; impact is strictly availability.
Infinite loop in the RPKI-Router protocol dissector in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes denial of service when processing malformed packets. Local attackers with user privileges can trigger the vulnerability through crafted network traffic or pcap files opened in Wireshark, rendering the application unresponsive. No authentication required; user interaction (opening a file or capturing packets) is necessary. No public exploit code or active exploitation in CISA KEV identified at time of analysis.
Denial of service via crash in the GSM RP protocol dissector affects Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14. A local attacker with user privileges can trigger a dissector crash by crafting a malicious GSM RP packet and inducing a user to open it, causing application termination and loss of packet capture session. CVSS 5.5 reflects local attack vector and user interaction requirement; no remote exploitation path identified.
Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed WebSocket protocol packets, enabling local denial of service. An attacker with the ability to trigger packet dissection-either by crafting a malicious PCAP file or intercepting traffic on a local network-can force the application to crash by supplying a WebSocket frame that triggers an unhandled error condition in the protocol dissector. The vulnerability requires user interaction (opening a file or navigating to a network interface) and operates at local scope, resulting in application unavailability rather than code execution.
Wireshark SMB2 protocol dissector crashes when processing malformed packets, causing denial of service in versions 4.6.0-4.6.4 and 4.4.0-4.4.14. A local attacker with low privileges can trigger the crash by crafting a malicious SMB2 packet and inducing the user to open it in Wireshark, resulting in application termination and loss of packet capture capability. No public exploit code or active exploitation in the wild has been identified at the time of analysis.
Stack buffer overflow in Wireshark HTTP protocol dissector (versions 4.6.0-4.6.4 and 4.4.0-4.4.14) causes application crash when processing malformed HTTP packets, resulting in denial of service. Local attackers with ability to trigger packet analysis via user interaction can crash the application and disrupt network traffic inspection workflows.
Denial of service in Wireshark sharkd versions 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers with user interaction to crash the application via a heap buffer overflow. The vulnerability requires local access and user interaction (opening a malicious file or network capture), making it a low-to-moderate priority for networked analyst workstations but not a remote code execution risk.
Memory leak in Wireshark sharkd service versions 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers with user interaction to trigger denial of service through exhaustion of system memory. The vulnerability stems from improper resource cleanup (CWE-401) during packet processing, enabling a local attacker with non-privileged access to crash the sharkd daemon or degrade system performance by repeatedly invoking operations that leak memory. No active exploitation has been confirmed at time of analysis, and exploitation requires local file system access combined with user interaction.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via infinite loop in the UDS protocol dissector allows local attackers to crash the application by opening a specially crafted packet capture file. The vulnerability requires user interaction (opening a malicious file) and is triggered during packet dissection, affecting the availability of the analysis tool but not confidentiality or integrity.
Null pointer dereference in Wireshark sharkd 4.4.0-4.4.14 and 4.6.0-4.6.4 causes denial of service when processing crafted input, crashing the daemon. Local attackers with low privileges can trigger the crash via user interaction, rendering the packet analysis service unavailable. No authentication required, and publicly available exploit code does not appear to exist at time of analysis.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes application crash during zlib decompression in the packet dissection engine when processing malformed compressed traffic. Local attackers with user privileges can trigger the crash by opening a specially crafted pcap file or receiving a malicious packet capture, requiring user interaction but no authentication. No public exploit code or active exploitation has been identified at time of analysis.
Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed Kismet protocol packets due to a buffer overflow in the Kismet dissector, allowing unauthenticated remote denial of service via a crafted network capture file or live traffic. User interaction (opening a malicious capture file or capturing traffic) is required. No public exploit code or active exploitation has been identified at the time of analysis.
Infinite loop in the TLS protocol dissector of Wireshark 4.6.0 through 4.6.4 causes denial of service when processing malformed TLS packets. Local attackers can trigger the infinite loop by crafting packets and opening them with Wireshark, causing the application to hang or consume excessive CPU resources. User interaction is required to open the malicious packet capture, limiting the attack to scenarios where a victim is tricked into opening untrusted network traffic files.
Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 are vulnerable to denial of service via infinite loops in the OpenFlow v5 protocol dissector when processing maliciously crafted packets. An attacker can trigger CPU exhaustion and application hang by delivering a specially crafted OpenFlow v5 packet to a user running an affected version, requiring user interaction (opening a capture file or live packet capture). No public exploit code has been identified, but the vulnerability is straightforward to trigger once the root cause is known.
Keycloak's Account REST API remains partially accessible even when explicitly disabled via the `--features-disabled=account,account-api` flag, allowing authenticated users to read and modify account data through five unprotected endpoints under `/account/v1alpha1/` that lack the required `checkAccountApiEnabled()` access control gate present in four sibling endpoints within the same service class.
Server-Side Request Forgery (SSRF) in Halo v2.22.14's /plugins/-/install-from-uri endpoint enables authenticated attackers to scan internal resources and potentially access sensitive information via crafted GET requests. The vulnerability requires valid authentication credentials but operates with low attack complexity over the network, exposing internal network topology and services to enumeration attacks.
Authenticated cross-site scripting (XSS) vulnerabilities in Shopizer v3.2.5's XssHttpServletRequestWrapper class allow authenticated attackers to execute arbitrary web scripts or HTML by injecting crafted payloads into the getInputStream() or getReader() functions. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting exploitation to logged-in users who can be socially engineered into clicking malicious links or submitting forms. No public exploit code or active exploitation has been confirmed at time of analysis.
Authenticated Server-Side Request Forgery (SSRF) in Weblate before 5.17.1 allows users with project.add permission to import crafted project backup ZIPs containing malicious repository URLs pointing to private addresses or using non-allowlisted schemes (file://, git://) that bypass URL validation. The vulnerability exists because bulk_create() circumvents Django's full_clean() validator; attackers can write arbitrary URLs into .git/config, enabling SSRF attacks against internal systems or protocol exploitation.
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 allows authenticated users to crash the database server via improper neutralization of special elements in query logic when specific configurations are present. Attack requires valid database credentials and high attack complexity, limiting exploitation to insiders or users with legitimate access. Vendor has released patches addressing the underlying query parsing flaw.