Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-19 CVE-2017-11449 Unspecified vulnerability in Imagemagick
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
network
low complexity
imagemagick
8.8
2017-07-19 CVE-2017-9245 Information Exposure vulnerability in Google News and Weather
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
network
low complexity
google CWE-200
7.5
2017-07-18 CVE-2017-11411 Improper Input Validation vulnerability in Wireshark
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory.
network
low complexity
wireshark CWE-20
7.5
2017-07-18 CVE-2017-11410 Infinite Loop vulnerability in Wireshark
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
2017-07-18 CVE-2017-11409 Excessive Iteration vulnerability in multiple products
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop.
network
low complexity
wireshark debian CWE-834
7.5
2017-07-18 CVE-2017-11408 Improper Input Validation vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash.
network
low complexity
wireshark CWE-20
7.5
2017-07-18 CVE-2017-11407 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
2017-07-18 CVE-2017-11406 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
2017-07-18 CVE-2017-10708 Path Traversal vulnerability in Apport Project Apport
An issue was discovered in Apport through 2.20.x.
local
low complexity
apport-project CWE-22
7.8
2017-07-18 CVE-2017-11421 Code Injection vulnerability in Gnome-Exe-Thumbnailer Project Gnome-Exe-Thumbnailer 0.9.4
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue.
local
low complexity
gnome-exe-thumbnailer-project CWE-94
7.8