Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-12 CVE-2017-7745 Infinite Loop vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
7.5
2017-04-12 CVE-2017-7705 Infinite Loop vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
7.5
2017-04-12 CVE-2017-7704 Infinite Loop vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
7.5
2017-04-12 CVE-2017-7703 Injection vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-74
7.5
7.5
2017-04-12 CVE-2017-7702 Infinite Loop vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
7.5
2017-04-12 CVE-2017-7701 Infinite Loop vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
7.5
2017-04-12 CVE-2017-7284 Improper Authentication vulnerability in Unitrends Enterprise Backup
An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password.
network
low complexity
unitrends CWE-287
8.8
8.8
2017-04-12 CVE-2017-7281 Unrestricted Upload of File with Dangerous Type vulnerability in Unitrends Enterprise Backup
An issue was discovered in Unitrends Enterprise Backup before 9.1.2.
network
low complexity
unitrends CWE-434
8.8
8.8
2017-04-12 CVE-2017-5936 OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
network
low complexity
canonical openstack
7.5
7.5
2017-04-12 CVE-2016-5856 Permissions, Privileges, and Access Controls vulnerability in multiple products
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.
local
high complexity
linux google CWE-264
7.0
7.0