Vulnerabilities > Wireshark > Wireshark > 2.4.9

DATE CVE VULNERABILITY TITLE RISK
2018-11-29 CVE-2018-19624 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash.
local
low complexity
wireshark debian CWE-476
5.5
5.5
2018-11-29 CVE-2018-19623 Out-of-bounds Write vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash.
network
low complexity
wireshark debian CWE-787
7.5
7.5
2018-11-29 CVE-2018-19622 Infinite Loop vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2018-10-12 CVE-2018-18227 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash.
network
low complexity
wireshark debian CWE-476
7.5
7.5
2018-07-20 CVE-2018-14438 Improper Input Validation vulnerability in Wireshark
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
network
low complexity
wireshark CWE-20
5.0
5.0