Vulnerabilities > Wireshark > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2019-9209 Off-by-one Error vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash.
local
low complexity
wireshark debian canonical opensuse CWE-193
5.5
2019-01-08 CVE-2019-5721 Use After Free vulnerability in Wireshark
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash.
local
low complexity
wireshark CWE-416
5.5
2019-01-08 CVE-2019-5719 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash.
local
low complexity
wireshark debian CWE-327
5.5
2019-01-08 CVE-2019-5718 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash.
local
low complexity
wireshark debian CWE-125
5.5
2019-01-08 CVE-2019-5717 Improper Input Validation vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash.
local
low complexity
wireshark debian CWE-20
5.5
2019-01-08 CVE-2019-5716 Improper Input Validation vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash.
local
low complexity
wireshark debian CWE-20
5.5
2018-11-29 CVE-2018-19626 Use of Uninitialized Resource vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash.
local
low complexity
wireshark debian CWE-908
5.5
2018-11-29 CVE-2018-19625 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash.
local
low complexity
wireshark debian CWE-125
5.5
2018-11-29 CVE-2018-19624 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash.
local
low complexity
wireshark debian CWE-476
5.5
2018-07-20 CVE-2018-14438 Improper Input Validation vulnerability in Wireshark
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
network
low complexity
wireshark CWE-20
5.0