Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-28 CVE-2017-11714 Out-of-bounds Read vulnerability in multiple products
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
local
low complexity
artifex debian CWE-125
7.8
2017-07-28 CVE-2017-11706 Information Exposure vulnerability in Boozt 2.3.3
The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL.
network
low complexity
boozt CWE-200
7.5
2017-07-28 CVE-2017-11646 Cross-Site Request Forgery (CSRF) vulnerability in Netcomm 4Gt101W Bootloader and 4Gt101W Software
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall.
network
low complexity
netcomm CWE-352
8.8
2017-07-27 CVE-2016-8743 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers.
network
low complexity
apache netapp debian redhat
7.5
2017-07-27 CVE-2016-2161 Improper Input Validation vulnerability in Apache Http Server
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
network
low complexity
apache CWE-20
7.5
2017-07-27 CVE-2016-0736 Cryptographic Issues vulnerability in Apache Http Server
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption.
network
low complexity
apache CWE-310
7.5
2017-07-27 CVE-2017-8870 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mediacoderhq Audiocoder 0.8.46
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
local
low complexity
mediacoderhq CWE-119
7.8
2017-07-27 CVE-2016-10399 File and Directory Information Exposure vulnerability in Sendio
Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL.
network
low complexity
sendio CWE-538
7.5
2017-07-27 CVE-2016-10402 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avira Antivirus 1.0.2303.633/5.0.2003.1821/8.3.36.59
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.
local
low complexity
avira CWE-119
7.8
2017-07-27 CVE-2017-8869 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mediacoder 0.8.48.5888
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
local
low complexity
mediacoder CWE-119
7.8