Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2018-9258 | Improper Input Validation vulnerability in multiple products In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. | 7.5 |
| 2018-04-04 | CVE-2018-9257 | Infinite Loop vulnerability in Wireshark In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. | 7.5 |
| 2018-04-04 | CVE-2018-9256 | Improper Input Validation vulnerability in multiple products In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. | 7.5 |
| 2018-04-04 | CVE-2016-10718 | Improper Input Validation vulnerability in Brave Browser Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. | 7.5 |
| 2018-04-04 | CVE-2018-9234 | Key Management Errors vulnerability in multiple products GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. | 7.5 |
| 2018-04-03 | CVE-2018-8941 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. | 8.8 |
| 2018-04-03 | CVE-2018-9240 | NULL Pointer Dereference vulnerability in multiple products ncmpc through 0.29 is prone to a NULL pointer dereference flaw. | 7.5 |
| 2018-04-03 | CVE-2018-8779 | Improper Input Validation vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. | 7.5 |
| 2018-04-03 | CVE-2018-8778 | Use of Externally-Controlled Format String vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. | 7.5 |
| 2018-04-03 | CVE-2018-8777 | Resource Exhaustion vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). | 7.5 |