Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-02 CVE-2017-9359 Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
network
low complexity
digium CWE-125
7.5
7.5
2017-06-02 CVE-2017-9358 Infinite Loop vulnerability in multiple products
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
network
low complexity
sangoma asterisk CWE-835
7.5
7.5
2017-06-02 CVE-2017-9354 Improper Input Validation vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash.
network
low complexity
wireshark CWE-20
7.5
7.5
2017-06-02 CVE-2017-9353 Improper Input Validation vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash.
network
low complexity
wireshark CWE-20
7.5
7.5
2017-06-02 CVE-2017-9352 Infinite Loop vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop.
network
low complexity
wireshark CWE-835
7.5
7.5
2017-06-02 CVE-2017-9351 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer.
network
low complexity
wireshark CWE-119
7.5
7.5
2017-06-02 CVE-2017-9350 Allocation of Resources Without Limits or Throttling vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory.
network
low complexity
wireshark CWE-770
7.5
7.5
2017-06-02 CVE-2017-9349 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-06-02 CVE-2017-9348 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer.
network
low complexity
wireshark CWE-119
7.5
7.5
2017-06-02 CVE-2017-9347 NULL Pointer Dereference vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference.
network
low complexity
wireshark CWE-476
7.5
7.5