Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-18 CVE-2017-11411 Improper Input Validation vulnerability in Wireshark
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory.
network
low complexity
wireshark CWE-20
7.5
7.5
2017-07-18 CVE-2017-11410 Infinite Loop vulnerability in Wireshark
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
7.5
2017-07-18 CVE-2017-11409 Excessive Iteration vulnerability in multiple products
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop.
network
low complexity
wireshark debian CWE-834
7.5
7.5
2017-07-18 CVE-2017-11408 Improper Input Validation vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash.
network
low complexity
wireshark CWE-20
7.5
7.5
2017-07-18 CVE-2017-11407 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2017-07-18 CVE-2017-11406 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-07-18 CVE-2017-10708 Path Traversal vulnerability in Apport Project Apport
An issue was discovered in Apport through 2.20.x.
local
low complexity
apport-project CWE-22
7.8
7.8
2017-07-18 CVE-2017-11421 Code Injection vulnerability in Gnome-Exe-Thumbnailer Project Gnome-Exe-Thumbnailer 0.9.4
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue.
local
low complexity
gnome-exe-thumbnailer-project CWE-94
7.8
7.8
2017-07-18 CVE-2017-7506 Unspecified vulnerability in Spice Project Spice
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
network
low complexity
spice-project
8.8
8.8
2017-07-18 CVE-2017-6320 OS Command Injection vulnerability in Barracuda Load Balancer ADC
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges.
network
low complexity
barracuda CWE-78
8.8
8.8