Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-28 CVE-2017-11714 Out-of-bounds Read vulnerability in multiple products
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
local
low complexity
artifex debian CWE-125
7.8
2017-07-27 CVE-2016-8743 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers.
network
low complexity
apache netapp debian redhat
7.5
2017-07-26 CVE-2017-9835 Integer Overflow or Wraparound vulnerability in multiple products
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
local
low complexity
artifex debian CWE-190
7.8
2017-07-26 CVE-2017-9739 Out-of-bounds Read vulnerability in multiple products
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-125
7.8
2017-07-26 CVE-2017-9727 Out-of-bounds Read vulnerability in multiple products
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-125
7.8
2017-07-26 CVE-2017-9726 Out-of-bounds Read vulnerability in multiple products
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-125
7.8
2017-07-26 CVE-2017-9612 Use After Free vulnerability in multiple products
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-416
7.8
2017-07-26 CVE-2017-9611 Out-of-bounds Read vulnerability in multiple products
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-125
7.8
2017-07-25 CVE-2017-9233 Infinite Loop vulnerability in multiple products
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
network
low complexity
libexpat-project python debian CWE-835
7.5
2017-07-25 CVE-2017-7980 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
local
low complexity
qemu canonical debian redhat CWE-119
7.8