|
198361
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissecto…
|
CWE-20
CWE-835
Improper Input Validation
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11410
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198362
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
|
CWE-834
Excessive Iteration
|
CVE-2017-11409
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198363
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.
|
CWE-20
Improper Input Validation
|
CVE-2017-11408
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198364
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
|
CWE-20
Improper Input Validation
|
CVE-2017-11407
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198365
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11406
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198366
|
5.5 |
MEDIUM
Local
|
libmspack_project
|
libmspack
|
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read a…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11423
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198367
|
7.8 |
HIGH
Local
|
gnome-exe-thumbnailer_project
|
gnome-exe-thumbnailer
|
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files fil…
|
CWE-94
Code Injection
|
CVE-2017-11421
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198368
|
9.8 |
CRITICAL
Network
|
fiyo
|
fiyo_cms
|
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
|
CWE-89
SQL Injection
|
CVE-2017-11419
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198369
|
9.8 |
CRITICAL
Network
|
asuswrt-merlin_project
|
rt-ac5300_firmware
rt_ac1900p_firmware
rt-ac68u_firmware
rt-ac68p_firmware
rt-ac88u_firmware
rt-ac66u_firmware
rt-ac66u_b1_firmware
rt-ac58u_firmware
rt-ac56u_firmware
rt-a…
|
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11420
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198370
|
9.8 |
CRITICAL
Network
|
fiyo
|
fiyo_cms
|
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].
|
CWE-89
SQL Injection
|
CVE-2017-11418
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
