Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2017-9413 Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view.
network
low complexity
subsonic CWE-352
8.8
2017-07-25 CVE-2016-10401 Credentials Management vulnerability in Zyxel Pk5001Z Firmware
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
network
low complexity
zyxel CWE-255
8.8
2017-07-25 CVE-2015-8013 Cryptographic Issues vulnerability in Openpgpjs
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
network
low complexity
openpgpjs CWE-310
7.5
2017-07-25 CVE-2015-6585 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Hangul Word Processor 2014
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag.
local
low complexity
hancom CWE-119
7.8
2017-07-25 CVE-2015-4035 Improper Input Validation vulnerability in Tukaani XZ 4.999.7/4.999.8/4.999.9
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
local
low complexity
tukaani CWE-20
7.8
2017-07-25 CVE-2015-1438 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Panda Security products
Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers.
local
low complexity
panda-security CWE-119
7.8
2017-07-25 CVE-2015-1417 Resource Exhaustion vulnerability in Freebsd
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.
network
low complexity
freebsd CWE-400
7.5
2017-07-25 CVE-2015-1332 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.
network
low complexity
canonical oxide-project CWE-119
8.8
2017-07-25 CVE-2017-11566 OS Command Injection vulnerability in Appsec-Labs Appuse 4.0
AppUse 4.0 allows shell command injection via a proxy field.
local
low complexity
appsec-labs CWE-78
7.8
2017-07-25 CVE-2017-7980 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
local
low complexity
qemu canonical debian redhat CWE-119
7.8