Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2017-6753 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system.
network
low complexity
cisco CWE-119
8.8
2017-07-25 CVE-2017-6751 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability.
network
low complexity
cisco CWE-20
7.5
2017-07-25 CVE-2017-6750 Insecure Default Initialization of Resource vulnerability in Cisco products
A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability.
network
low complexity
cisco CWE-1188
7.5
2017-07-25 CVE-2017-6746 Improper Input Validation vulnerability in Cisco web Security Appliance
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.
network
low complexity
cisco CWE-20
7.2
2017-07-25 CVE-2017-6672 Incorrect Authorization vulnerability in Cisco ASR 5000 Series Software
A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device.
network
low complexity
cisco CWE-863
7.5
2017-07-25 CVE-2017-6612 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Series Software
A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device.
network
low complexity
cisco CWE-119
8.6
2017-07-25 CVE-2017-9413 Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view.
network
low complexity
subsonic CWE-352
8.8
2017-07-25 CVE-2016-10401 Credentials Management vulnerability in Zyxel Pk5001Z Firmware
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
network
low complexity
zyxel CWE-255
8.8
2017-07-25 CVE-2015-8013 Cryptographic Issues vulnerability in Openpgpjs
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
network
low complexity
openpgpjs CWE-310
7.5
2017-07-25 CVE-2015-6585 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Hangul Word Processor 2014
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag.
local
low complexity
hancom CWE-119
7.8