Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-06 CVE-2015-5947 Race Condition vulnerability in Salesagility Suitecrm
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
network
high complexity
salesagility CWE-362
8.1
2017-09-06 CVE-2015-5705 Link Following vulnerability in multiple products
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
network
low complexity
devscripts-devel-team fedoraproject CWE-59
7.5
2017-09-06 CVE-2015-3454 Information Exposure vulnerability in Vulcanjs Vulcan
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.
network
low complexity
vulcanjs CWE-200
7.5
2017-09-06 CVE-2015-3450 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aspl Libaxl 0.6.9
Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document.
network
low complexity
aspl CWE-119
8.8
2017-09-06 CVE-2015-2210 Command Injection vulnerability in Epicor CRS Retail Store 3.2.03.01.008
The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.
local
low complexity
epicor CWE-77
7.8
2017-09-06 CVE-2015-0853 Improper Input Validation vulnerability in Pysvn Project Svn-Workbench 1.6.2
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).
network
low complexity
pysvn-project CWE-20
8.8
2017-09-06 CVE-2014-6438 Resource Management Errors vulnerability in Ruby-Lang Ruby
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
network
low complexity
ruby-lang CWE-399
7.5
2017-09-06 CVE-2017-14164 Out-of-bounds Write vulnerability in Uclouvain Openjpeg
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0.
network
low complexity
uclouvain CWE-787
8.8
2017-09-05 CVE-2017-1491 Unspecified vulnerability in IBM Qradar Network Security 5.4
IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.
network
low complexity
ibm
7.5
2017-09-05 CVE-2017-1458 XXE vulnerability in IBM Qradar Network Security 5.4
IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1