Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-25 | CVE-2017-6753 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. | 8.8 |
2017-07-25 | CVE-2017-6751 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. | 7.5 |
2017-07-25 | CVE-2017-6750 | Insecure Default Initialization of Resource vulnerability in Cisco products A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. | 7.5 |
2017-07-25 | CVE-2017-6746 | Improper Input Validation vulnerability in Cisco web Security Appliance A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. | 7.2 |
2017-07-25 | CVE-2017-6672 | Incorrect Authorization vulnerability in Cisco ASR 5000 Series Software A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. | 7.5 |
2017-07-25 | CVE-2017-6612 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Series Software A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. | 8.6 |
2017-07-25 | CVE-2017-9413 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. | 8.8 |
2017-07-25 | CVE-2016-10401 | Credentials Management vulnerability in Zyxel Pk5001Z Firmware ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | 8.8 |
2017-07-25 | CVE-2015-8013 | Cryptographic Issues vulnerability in Openpgpjs s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message. | 7.5 |
2017-07-25 | CVE-2015-6585 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Hangul Word Processor 2014 hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag. | 7.8 |