Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2015-4681 | Credentials Management vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | 7.8 |
| 2017-09-19 | CVE-2017-12837 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. | 7.5 |
| 2017-09-19 | CVE-2017-14033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. | 7.5 |
| 2017-09-19 | CVE-2017-10784 | Improper Authentication vulnerability in Ruby-Lang Ruby The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | 8.8 |
| 2017-09-19 | CVE-2017-14581 | Unspecified vulnerability in SAP Netweaver Application Server Java The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | 7.5 |
| 2017-09-19 | CVE-2017-14311 | Unspecified vulnerability in Netmechanica Netdecision 5.8.2 The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call. | 7.8 |
| 2017-09-19 | CVE-2017-14141 | Deserialization of Untrusted Data vulnerability in Kaltura Server The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | 7.2 |
| 2017-09-19 | CVE-2015-4089 | Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | 8.8 |
| 2017-09-19 | CVE-2015-1854 | Improper Access Control vulnerability in multiple products 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | 7.5 |
| 2017-09-19 | CVE-2015-0689 | Data Processing Errors vulnerability in Cisco Cloud web Security Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. | 7.5 |