Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-19 CVE-2015-4681 Credentials Management vulnerability in Polycom Realpresence Resource Manager
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
local
low complexity
polycom CWE-255
7.8
2017-09-19 CVE-2017-12837 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
network
low complexity
perl CWE-119
7.5
2017-09-19 CVE-2017-14033 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
network
low complexity
ruby-lang CWE-119
7.5
2017-09-19 CVE-2017-10784 Improper Authentication vulnerability in Ruby-Lang Ruby
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
network
low complexity
ruby-lang CWE-287
8.8
2017-09-19 CVE-2017-14581 Unspecified vulnerability in SAP Netweaver Application Server Java
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
network
low complexity
sap
7.5
2017-09-19 CVE-2017-14311 Unspecified vulnerability in Netmechanica Netdecision 5.8.2
The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.
local
low complexity
netmechanica
7.8
2017-09-19 CVE-2017-14141 Deserialization of Untrusted Data vulnerability in Kaltura Server
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
network
low complexity
kaltura CWE-502
7.2
2017-09-19 CVE-2015-4089 Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache
Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.
network
low complexity
wpfastestcache CWE-352
8.8
2017-09-19 CVE-2015-1854 Improper Access Control vulnerability in multiple products
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
network
low complexity
fedoraproject debian CWE-284
7.5
2017-09-19 CVE-2015-0689 Data Processing Errors vulnerability in Cisco Cloud web Security
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.
network
low complexity
cisco CWE-19
7.5