Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-18 CVE-2017-11407 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
2017-07-18 CVE-2017-11406 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
2017-07-18 CVE-2017-10708 Path Traversal vulnerability in Apport Project Apport
An issue was discovered in Apport through 2.20.x.
local
low complexity
apport-project CWE-22
7.8
2017-07-18 CVE-2017-11421 Code Injection vulnerability in Gnome-Exe-Thumbnailer Project Gnome-Exe-Thumbnailer 0.9.4
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue.
local
low complexity
gnome-exe-thumbnailer-project CWE-94
7.8
2017-07-18 CVE-2017-7506 Unspecified vulnerability in Spice Project Spice
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
network
low complexity
spice-project
8.8
2017-07-18 CVE-2017-6320 OS Command Injection vulnerability in Barracuda Load Balancer ADC
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges.
network
low complexity
barracuda CWE-78
8.8
2017-07-18 CVE-2017-10961 Cross-Site Request Forgery (CSRF) vulnerability in Vanderbilt Redcap
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
network
low complexity
vanderbilt CWE-352
8.8
2017-07-18 CVE-2017-1318 OS Command Injection vulnerability in IBM MQ Appliance
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution.
network
low complexity
ibm CWE-78
8.8
2017-07-18 CVE-2017-11403 Use After Free vulnerability in Graphicsmagick 1.3.26
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
network
low complexity
graphicsmagick CWE-416
8.8
2017-07-17 CVE-2017-9933 Information Exposure vulnerability in Joomla Joomla!
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
network
low complexity
joomla CWE-200
7.5