Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-20 CVE-2015-4072 Cross-site Scripting vulnerability in Helpdesk PRO Project Helpdesk PRO
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
network
low complexity
helpdesk-pro-project CWE-79
5.4
2017-09-20 CVE-2017-14604 Improper Input Validation vulnerability in multiple products
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command.
network
low complexity
gnome debian CWE-20
6.5
2017-09-20 CVE-2017-12168 Unspecified vulnerability in Linux Kernel
The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).
local
low complexity
linux
6.0
2017-09-19 CVE-2015-4684 Credentials Management vulnerability in Polycom Realpresence Resource Manager
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a ..
network
low complexity
polycom CWE-255
6.5
2017-09-19 CVE-2015-4682 Information Exposure vulnerability in Polycom Realpresence Resource Manager
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
network
low complexity
polycom CWE-200
6.5
2017-09-19 CVE-2015-1849 Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.
network
high complexity
redhat CWE-200
5.9
2017-09-19 CVE-2015-7837 7PK - Security Features vulnerability in Redhat products
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
local
low complexity
redhat CWE-254
5.5
2017-09-19 CVE-2017-14142 Cross-site Scripting vulnerability in Kaltura Server
Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php.
network
low complexity
kaltura CWE-79
6.1
2017-09-19 CVE-2015-3880 Open Redirect vulnerability in PHPbb
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
phpbb CWE-601
6.1
2017-09-19 CVE-2015-3432 Cross-site Scripting vulnerability in Pydio
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."
network
low complexity
pydio CWE-79
6.1