Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-28 | CVE-2017-6253 | Classic Buffer Overflow vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges | 7.8 |
| 2017-07-28 | CVE-2017-6252 | NULL Pointer Dereference vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges. | 7.8 |
| 2017-07-28 | CVE-2017-6251 | Missing Authorization vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. | 7.8 |
| 2017-07-28 | CVE-2017-11719 | Out-of-bounds Read vulnerability in Ffmpeg The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | 7.8 |
| 2017-07-28 | CVE-2017-11717 | Authentication Bypass by Spoofing vulnerability in Metinfo Project Metinfo MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. | 7.5 |
| 2017-07-28 | CVE-2017-11714 | Out-of-bounds Read vulnerability in multiple products psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. | 7.8 |
| 2017-07-28 | CVE-2017-11706 | Information Exposure vulnerability in Boozt 2.3.3 The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. | 7.5 |
| 2017-07-28 | CVE-2017-11646 | Cross-Site Request Forgery (CSRF) vulnerability in Netcomm 4Gt101W Bootloader and 4Gt101W Software NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. | 8.8 |
| 2017-07-27 | CVE-2016-8743 | Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. | 7.5 |
| 2017-07-27 | CVE-2016-2161 | Improper Input Validation vulnerability in Apache Http Server In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | 7.5 |