Security Vulnerabilities - CVEs Published In April 2018
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-04-04
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-04-04
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-04-04
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-04-04
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-04-04
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.
CVSS Score
6.1
EPSS Score
0.013
Published
2018-04-04
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
CVSS Score
5.4
EPSS Score
0.011
Published
2018-04-04
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
CVSS Score
5.4
EPSS Score
0.011
Published
2018-04-04
proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-04
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-04-04