Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-27 | CVE-2017-11678 | SQL Injection vulnerability in Hashtopus Project Hashtopus 1.5G SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | 8.8 |
2017-07-27 | CVE-2017-11675 | Code Injection vulnerability in Zen-Cart ZEN Cart 1.5.5E The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | 8.8 |
2017-07-26 | CVE-2017-7659 | NULL Pointer Dereference vulnerability in Apache Http Server 2.4.24/2.4.25 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | 7.5 |
2017-07-26 | CVE-2017-11667 | Insufficient Session Expiration vulnerability in Openproject OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | 8.1 |
2017-07-26 | CVE-2017-9835 | Integer Overflow or Wraparound vulnerability in multiple products The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. | 7.8 |
2017-07-26 | CVE-2017-9740 | Out-of-bounds Read vulnerability in Artifex Ghostscript Ghostxps 9.21 The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9739 | Out-of-bounds Read vulnerability in multiple products The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9727 | Out-of-bounds Read vulnerability in multiple products The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9726 | Out-of-bounds Read vulnerability in multiple products The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9620 | Out-of-bounds Read vulnerability in Artifex Ghostscript Ghostxps 9.21 The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function. | 7.8 |