Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-26 CVE-2017-9619 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Ghostscript Ghostxps 9.21
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file.
local
low complexity
artifex CWE-119
7.8
2017-07-26 CVE-2017-9618 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Ghostscript Ghostxps 9.21
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex CWE-119
7.8
2017-07-26 CVE-2017-9612 Use After Free vulnerability in multiple products
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-416
7.8
2017-07-26 CVE-2017-9611 Out-of-bounds Read vulnerability in multiple products
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex debian CWE-125
7.8
2017-07-26 CVE-2017-9610 Out-of-bounds Read vulnerability in Artifex Ghostscript Ghostxps 9.21
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
local
low complexity
artifex CWE-125
7.8
2017-07-26 CVE-2017-11658 Path Traversal vulnerability in Wp-Rocket
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
network
low complexity
wp-rocket CWE-22
7.5
2017-07-26 CVE-2017-11615 Unspecified vulnerability in Factorio
A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library.
local
low complexity
factorio
8.6
2017-07-26 CVE-2017-11655 Missing Release of Resource after Effective Lifetime vulnerability in Sipcrack Project Sipcrack 0.2
A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged.
network
low complexity
sipcrack-project CWE-772
7.5
2017-07-26 CVE-2017-6005 Unspecified vulnerability in Waves Maxxaudio 1.1.6.0
Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0.
local
high complexity
waves
7.0
2017-07-26 CVE-2017-11642 NULL Pointer Dereference vulnerability in Graphicsmagick 1.3.26
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.
network
low complexity
graphicsmagick CWE-476
8.8