Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-27 CVE-2017-11678 SQL Injection vulnerability in Hashtopus Project Hashtopus 1.5G
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.
network
low complexity
hashtopus-project CWE-89
8.8
2017-07-27 CVE-2017-11675 Code Injection vulnerability in Zen-Cart ZEN Cart 1.5.5E
The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.
network
low complexity
zen-cart CWE-94
8.8
2017-07-26 CVE-2017-7659 NULL Pointer Dereference vulnerability in Apache Http Server 2.4.24/2.4.25
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.
network
low complexity
apache CWE-476
7.5
2017-07-26 CVE-2017-11667 Insufficient Session Expiration vulnerability in Openproject
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.
network
high complexity
openproject CWE-613
8.1
2017-07-26 CVE-2017-9835 Integer Overflow or Wraparound vulnerability in multiple products
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
local
low complexity
artifex debian CWE-190
7.8
2017-07-26 CVE-2017-9740 Out-of-bounds Read vulnerability in Artifex Ghostscript Ghostxps 9.21
The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex CWE-125
7.8
2017-07-26 CVE-2017-9739 Out-of-bounds Read vulnerability in multiple products
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-125
7.8
2017-07-26 CVE-2017-9727 Out-of-bounds Read vulnerability in multiple products
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-125
7.8
2017-07-26 CVE-2017-9726 Out-of-bounds Read vulnerability in multiple products
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-125
7.8
2017-07-26 CVE-2017-9620 Out-of-bounds Read vulnerability in Artifex Ghostscript Ghostxps 9.21
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.
local
low complexity
artifex CWE-125
7.8