Vulnerability Index: Year 2014

Buffer Overflow in MySQL and MariaDB Allows Remote Code Execution XML External Entity (XXE) vulnerability in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and potentially cause other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference in the XSLT component. Arbitrary Java Method Execution in Apache Camel XSLT Component Stack-based Buffer Overflow in udisks: Local Denial of Service and Possible Arbitrary Code Execution Remote Code Execution via Crafted Application Deployment in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2 Timing Side-Channel Attack in OpenStack Object Storage (Swift) Allows Secret URL Retrieval Arbitrary Command Execution in Smart-Proxy Cleartext Password Logging Vulnerability in Moodle Unrestricted Login As Vulnerability in Moodle CSRF Vulnerabilities in Moodle User Profile Deletion Heap-based Buffer Overflow Vulnerabilities in TigerVNC's ZRLE_DECODE Function Incomplete Fix for CVE-2014-1402: Privilege Escalation via FileSystemBytecodeCache in Jinja2 2.7.2 Cross-Site Scripting (XSS) vulnerability in Ember.js versions 1.0.x to 1.4.x Cross-Site Scripting (XSS) vulnerability in Ember.js versions 1.0.x to 1.4.x NTLM Connection Reuse Vulnerability Insecure PRNG State Update in stunnel before 5.00 Shared State Vulnerability in libssh's RAND_bytes Function Local Privilege Escalation via Crafted Deployment in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server Stack-based Buffer Overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 via Long Server Name in PROXY-CONNECT Address Denial of Service Vulnerability in Pidgin's IRC Protocol Plugin Traffic Amplification Vulnerability in Chrony before 1.29.1 Bypassing RPM Package Signing Restriction in yum-cron/yum-cron.py Temporary File Creation Vulnerability in OpenShift Install Script Allows Arbitrary Code Execution CSRF Vulnerability in katello-headpin REST API Arbitrary File Modification Vulnerability in Flite 1.4 Bypassing ACL Restrictions in libvirt's Event Registration API Multiple Cross-Site Scripting (XSS) Vulnerabilities in Red Hat Katello-Headpin SAM Web Application XML External Entity (XXE) Vulnerability in Apache Roller Unauthorized Access to Network ACLs in Apache CloudStack Denial of Service Vulnerability in Apache Subversion's mod_dav_svn Module Session Fixation Vulnerability in Apache Tomcat 6.0.33 through 6.0.37 SAML Token Validation Bypass Vulnerability in Apache CXF Cleartext Transmission of UsernameToken in Apache CXF Insecure SSL Verification in rbovirt Gem Allows Man-in-the-Middle Attacks Denial of Service Vulnerability in Zarafa 5.00 Privilege Escalation via Crafted Timeout Pointer in compat_sys_recvmmsg Function Untrusted Search Path Vulnerability in fwsnort before 1.6.4 Man-in-the-Middle Attack Vulnerability in OpenStack Heat Templates SSL Bypass Vulnerability in OpenStack Heat Templates Arbitrary Package Installation Vulnerability in OpenStack Heat Templates Apache Wicket Classpath Information Disclosure Vulnerability Denial of Service Vulnerability in Mumble 1.2.4 and 1.2.3 Pre-release Snapshots Heap-based buffer over-read and over-write vulnerability in Mumble client allows for remote code execution Arbitrary web script injection vulnerability in Ember.js link-to helper Unspecified Impact Vulnerability in Docker before 1.5 Insecure Execution of Downloaded Programs in Docker Buffer Overflow in complete_emulated_mmio Function in Linux Kernel Denial of Service via Crafted Content-Type Header in MultipartStream.java Unrestricted Access to Files in WEB-INF Directory XML External Entity (XXE) Vulnerability in Jaxb2RootElementHttpMessageConverter in Spring MVC Denial of Service Vulnerability in vhost-net Subsystem Arbitrary Tenant Port Plugging Vulnerability in OpenStack Neutron Arbitrary Method Execution Vulnerability in Red Hat CloudForms 3.0 Management Engine 5.2 Plaintext Logging Vulnerability in Red Hat JBoss EAP 6.x World-readable permissions on audit.log in JBoss SX and PicketBox Arbitrary User Addition Vulnerability in PostgreSQL Privilege Escalation via Validator Functions in PostgreSQL Race condition vulnerability in CREATE INDEX and ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 Stack-based buffer overflows in PostgreSQL versions before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 Multiple integer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 leading to buffer overflow Multiple buffer overflow vulnerabilities in PostgreSQL versions before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 NULL Pointer Dereference Vulnerability in PostgreSQL chkpass Extension Privilege Escalation via Improper Authentication Requirements in PostgreSQL Test Suites World-Writable Permissions in Watchman Files in OpenShift Node-Utils Memory Corruption and Privilege Escalation Vulnerability in Linux Kernel's cifs_iovec_write Function Default Security Group Bypass in PackStack Red Hat OpenStack 4.0 SSL Server Spoofing in Apache Cordova File-Transfer Plugin for iOS Arbitrary JavaScript Execution via In-App-Browser Callback Identifier Validation Vulnerability Unauthenticated Bind Bypass Vulnerability in Apache Shiro Denial of Service Vulnerability in Apache Tomcat's ChunkedInputFilter Montgomery Ladder Implementation Vulnerability in OpenSSL Memory Corruption and Privilege Escalation Vulnerability in Linux Kernel Arbitrary Catalog Deletion Vulnerability in Red Hat CloudForms Management Engine (CFME) Denial of Service Vulnerability in Zarafa's ValidateUserLogon Function SQL Injection Vulnerability in Active Record in Ruby on Rails 4.0.x and 4.1.0.beta1 Cross-Site Scripting (XSS) Vulnerabilities in Ruby on Rails Number Helper Denial of Service Vulnerability in Action View in Ruby on Rails 3.x before 3.2.17 Weak Salt Generation in Ruby net-ldap Gem Denial of Service Vulnerability in openshift-origin-node Ruby Gem Unencrypted Passwords in JBoss Fuse Logging Vulnerability Denial of Service Vulnerability in JBoss RichFaces 4.3.4, 4.3.5, and 5.x Improper RBAC Checking in ManageIQ Allows Privilege Bypass Arbitrary Code Execution Vulnerability in nginx SPDY Implementation Arbitrary Web Script Injection in Foreman 1.4.x Session Fixation Vulnerability in Foreman 1.4.2 and earlier versions Improper Input Validation in Foreman: Potential for Partial Denial of Service Unspecified Error Handling Vulnerability in GnuTLS Java Security Manager Bypass in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 Remote Code Execution via ClassLoader Manipulation in Apache Struts Denial of Service Vulnerability in Apache Tomcat 8.x XML External Entity (XXE) vulnerability in Apache Tomcat Authentication Bypass Vulnerability in Spring Security Denial of Service Vulnerability in Apache HTTP Server 2.4.8 and earlier HTTP Request Smuggling Vulnerability in Apache Tomcat Race condition in inet_frag_intern function in Linux kernel through 3.13.6 allows remote attackers to cause denial of service or other impact via fragmented ICMP Echo Request packets. NULL pointer dereference vulnerability in Linux kernel allows for denial of service Denial of Service Vulnerability in Linux Kernel Keyring Detection Cleartext Storage of Credentials in Zarafa WebAccess and WebApp Unverified SSL Certificates in fence-agents before 4.0.17 Insecure Token Retrieval in OpenStack Python Client Library for Keystone Bypassing Command Restrictions via Crafted Environment Variable in Sudo Arbitrary Class Loading and Resource Access Vulnerability in Apache Xalan-Java Denial of Service Vulnerability in Apache CXF Denial of Service Vulnerability in Apache CXF Arbitrary Code Execution in Apache Syncope via Apache Commons JEXL Expressions and Resource Mappings Remote Code Execution via Insecure Access to getClass Method in Apache Struts Remote Code Execution via CookieInterceptor in Apache Struts Remote Code Execution via Class Property in Apache Commons BeanUtils Apache Storm Log Viewer Directory Traversal Vulnerability Incomplete Fix for CookieInterceptor Wildcard CookiesName Remote Manipulation Vulnerability Denial of Service Vulnerability in Apache HTTP Server 2.4.x Denial of Service Vulnerability in Apache HTTP Server's mod_deflate Module XML External Entity (XXE) and File Disclosure Vulnerability in Apache Tomcat CSRF Vulnerability in Hawt.io Admin Terminal Allows Remote Command Execution Unauthenticated Remote Command Execution in Hawt.io Admin Terminal Insecure Capability Check in Moodle Chat Module Insufficient Access Restrictions in Moodle Wiki Subsystem Information Disclosure Vulnerability in Moodle's Forum and Quiz Modules Session key exposure in Moodle allows remote bypass of Alfresco Repository file restrictions CSRF vulnerability in Moodle allows remote hijacking of administrator authentication Time-validation bypass vulnerability in Moodle Feedback Activity Denial of Service Vulnerability in Squid SSL-Bump with Crafted Range Request Arbitrary Badge Visibility Modification in Moodle 2.5.x and 2.6.x Directory Traversal Vulnerability in Ruby on Rails Implicit-Render Implementation Linux Kernel Use-After-Free Vulnerability in skb_segment Function Arbitrary User Privilege Escalation via SASL Authentication in 389 Directory Server Remote Code Execution Vulnerability in nginx SPDY Implementation Instance Disk Overwrite Vulnerability in OpenStack Compute (Nova) World-readable permissions in default_values.yaml file in Kafo before 0.3.17 and 0.4.x before 0.5.2 allow local users to access sensitive information Arbitrary Text Injection Vulnerability in AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x SQL Injection Vulnerability in ReportController in Red Hat CloudForms Management Engine (CFME) Re-use of Connections in cURL and libcurl Vulnerability Wildcard IP Address Spoofing Vulnerability Unauthorized Access to Sensitive Controllers and Actions in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 Red Hat Satellite 6.0.3 XSS Vulnerability Denial of Service Vulnerability in QEMU Multiple Integer Overflows in QEMU Block Drivers Leading to Denial of Service Vulnerability in QEMU Block Drivers: Remote Code Execution Buffer overflow vulnerabilities in QEMU before 1.7.2 and 2.x before 2.0.0 NULL pointer dereference vulnerability in qcow2_open function in QEMU Vulnerability in QEMU's Block Driver for Disk Image Formats and QCOW2 Snapshot Creation Qemu Block Driver for Hyper-V VHDX Images Vulnerability: Infinite Loops and DoS Cross-Site Scripting (XSS) Vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 Heap-based buffer overflow in virtio_net_handle_mac function in QEMU 2.0 and earlier CSRF Vulnerability in oVirt Engine Allows Remote Authentication Hijacking Session Fixation Vulnerability in oVirt Web Admin Interface Session ID Exposure in oVirt REST API Missing HTTPOnly Flag in oVirt Engine Session Cookie Denial of Service Vulnerability in Linux Kernel's ioapic_deliver Function OS Command Injection Vulnerability in Awesome Spawn Arbitrary Script Injection in OpenStack Horizon Orchestration Dashboard Heap-based buffer overflow in OpenJPEG JPEG2000 image tile decoder Buffer Overflow in GetStatistics64 RPC in OpenAFS 1.4.8 to 1.6.7: Denial of Service Vulnerability Heartbleed: OpenSSL TLS/DTLS Heartbeat Extension Vulnerability Unverified Hostname Vulnerability in ovirt-engine-sdk-python Arbitrary Command Execution Vulnerability in OpenStack Glance Shell Command Injection Vulnerability in Openshift World-readable permissions on mcollective client.cfg file in OpenShift Origin Broker Util WordPress Remote Post Publishing Vulnerability Authentication Cookie Forgery Vulnerability in WordPress Inadequate RBAC Enforcement in Nova EC2 API Implementation Jolokia CSRF Vulnerability: Remote Authentication Hijacking Insecure Cross-Application Resource Access in JBoss EAP 6 XML External Entity (XXE) vulnerability in Teiid and Red Hat JBoss Data Virtualization Arbitrary File Read Vulnerability in Odata4j Heap-based buffer overflow in libdw in elfutils 0.153 and possibly through 0.158 via a malformed compressed debug section in an ELF file Unrestricted XML-RPC Access Vulnerability in Jetpack Plugin for WordPress Missing HTTPOnly Flag in Cumin Session Cookie Default Password Vulnerability in mcollective Arbitrary Web Script Injection Vulnerability in CloudForms 3.0 Management Engine (CFME) Local Privilege Escalation via Symlink Attack in Hub's am Function Samba Vulnerability: Information Disclosure via Shadow Copy Configuration XML External Entity (XXE) Denial of Service Vulnerability in libvirt Denial of Service Vulnerability in Red Hat CloudForms 3.0 Management Engine (CFME) Netlink Socket Authorization Bypass Vulnerability Heap-based Buffer Overflow in virtio_load Function in QEMU XSS Vulnerability in Katello Registration System Name Field Sensitive Information Disclosure in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 Insecure UNIX Socket Permissions in PHP FastCGI Process Manager (FPM) Denial of Service Vulnerability in Tomcat7 Package for Apache Tomcat 7 in RHEL 7 Bypassing Security Group Restrictions in OpenStack Neutron Authentication Bypass Vulnerability in OpenShift-Origin-Broker World-readable permissions for /etc/sysconfig/virt-who allow local users to obtain hypervisor passwords NULL Pointer Dereference Vulnerability in Qt's GIF Decoder XML External Entity (XXE) Denial of Service Vulnerability Improper Access Restriction in Foreman Provisioning Template Previews WebSocket Denial of Service Vulnerability in Netty Buffer Overflow Vulnerability in OpenSSL DTLS ClientHello Message Handling Race condition vulnerability in n_tty_write function allows for privilege escalation or denial of service CFME Vulnerability: Inadequate CSRF Protection via Referrer Header Check NULL pointer dereference vulnerability in OpenSSL 1.x through 1.0.1g Cleartext Storage of Database Password in ovirt-engine-reports Setup Script World-readable permissions on js-jboss7-ds.xml file in Red Hat Enterprise Virtualization Manager World-readable permissions on configuration files in ovirt-engine-reports Cleartext Storage of Database Password in ovirt-engine-dwh Setup Script Denial of Service Vulnerability in Linux Kernel's __do_follow_link Function Privilege Escalation via Role Assignment in OpenStack Identity (Keystone) Use-after-free vulnerability in futex_wait function in Linux kernel before 2.6.37 Array Index Error in aio_read_events_ring Function in Linux Kernel Denial of Service Vulnerability in PHP Fileinfo Component Cross-Site Scripting (XSS) Vulnerability in Foreman Search Auto-Completion Functionality Heap-based buffer overflow in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 Remote Code Execution Vulnerability in X.Org libXfont Buffer overflow vulnerability in X.Org libXfont allows remote font servers to execute arbitrary code DoS Vulnerability in qpid-cpp: ACL Policies Not Loaded Without acl-file Option Cross-Site Request Forgery (CSRF) Vulnerabilities in Moodle Assignment Subsystem Insecure Token Lifetime in Moodle Allows Session Hijacking De-anonymization of Student Identities in Moodle Blind-Marking Implementation Improper File Access in Moodle's My Home Implementation Unauthenticated Access to Hidden Course Information in Moodle 2.6.x before 2.6.3 Arbitrary Web Script Injection in Moodle URL Downloader Repository Apache Karaf Denial of Service Vulnerability Information Disclosure Vulnerability in Cloudera Manager API Denial of Service Vulnerability in OpenSSL's dtls1_get_message_fragment Function Integer Overflow in qcow_open Function in QEMU Allows Remote Denial of Service QEMU Integer Overflow Vulnerability in qcow_open Function CCS Injection Vulnerability XML External Entity (XXE) Attack in Spring Framework Apache HTTP Server mod_status Race Condition Vulnerability Improper Handling of Malformed Chunked Transfer Coding in Apache Tomcat Improper File Permission Checks in Apache Hive SQL Authorization Mode Unauthenticated Remote Command Execution in Apache Hadoop Denial of Service Vulnerability in Apache Tomcat Apache HTTP Server mod_cgid Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Apache OFBiz Arbitrary Command Execution Vulnerability in Red Hat OpenShift Default Password Vulnerability in Red Hat OpenShift Enterprise 2.x NULL pointer dereference vulnerability in Fileinfo component in PHP before 5.6.0 Denial of Service Vulnerability in PHP's cdf_unpack_summary_info Function Denial of Service Vulnerability in PHP Fileinfo Component Denial of Service Vulnerability in Samba 4.x DNS Server Privilege Escalation Vulnerability in mod_wsgi for Apache World-readable configuration file in rubygem-hammer_cli_foreman Apache mod_wsgi Content-Type Header Information Disclosure Vulnerability Local File Read Vulnerability in Check_MK Denial of Service Vulnerability in Samba's sys_recvfrom Function Unauthenticated Remote Information Disclosure in gatein-wsrp Vulnerability: Insecure Storage of GRUB Bootloader Password Hash in SOSreport Archive Automatic Execution of Unspecified VBA Macros in LibreOffice 4.2.4 Arbitrary Code Execution Vulnerability in org.jboss.seam.web.AuthenticationFilter Group Membership Bypass Vulnerability in SSSD 1.11.6 Integer overflows in FreeRDP's xf_graphics.c can lead to memory allocation issues SharePoint Page Content Vulnerability POST Request DoS Vulnerability TCP/IP Version 6 (IPv6) Denial of Service Vulnerability in Microsoft Windows 8, Windows Server 2012, and Windows RT iSCSI Target Remote Denial of Service Vulnerability in Microsoft Windows Server 2008, 2012, and R2 iSCSI Target Remote Denial of Service Vulnerability in Microsoft Windows Server 2008, 2008 R2, and 2012 Type Traversal Vulnerability in Microsoft .NET Framework Word Memory Corruption Vulnerability Word Memory Corruption Vulnerability in Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 Word Memory Corruption Vulnerability Query Filter DoS Vulnerability in Microsoft Dynamics AX Win32k Window Handle Vulnerability Microsoft Graphics Component Memory Corruption Vulnerability MSXML Same Origin Policy Bypass Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability VBScript Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Cross-domain Information Disclosure Vulnerability RCE Vulnerability in Microsoft Forefront Protection 2010 for Exchange Server VSAVB7RT ASLR Vulnerability RDP MAC Vulnerability: Unencrypted Sessions in Microsoft Windows Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability DirectShow Double Free Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Use-After-Free Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Windows File Handling Vulnerability LRPC ASLR Bypass Vulnerability SAMR Security Feature Bypass Vulnerability Win32k Elevation of Privilege Vulnerability Silverlight DEP/ASLR Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Remote Code Execution Vulnerability in Microsoft Internet Explorer 9 and 10 Win32k Kernel-Mode Information Disclosure Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Use-After-Free Vulnerability Hardcoded Credentials Vulnerability in Iridium Satellite Terminals Arbitrary Code Execution Vulnerability in Iridium Satellite Terminal's Terminal Upgrade Tool Cobham Devices: Arbitrary Code Execution via thraneLINK Protocol Vulnerability Hardcoded Password Vulnerability in ZTE ZXV10 W300 Router 2.1.0 Arbitrary Web Script Injection Vulnerability in Dell KACE K1000 Management Appliance FortiADC Web Administration Interface XSS Vulnerability Arbitrary Web Script Injection Vulnerability in Dell SonicWALL GMS, SonicWALL Analyzer, and SonicWALL UMA E5000 Denial of Service Vulnerability in libpng's png_push_read_chunk Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in CMS Made Simple Multiple Cross-Site Scripting (XSS) Vulnerabilities in Serena Dimensions CM 12.2 Build 7.199.0 CSRF Vulnerability in Serena Dimensions CM 12.2 Build 7.199.0 Cross-Site Scripting (XSS) Vulnerability in Huawei Echo Life HG8247 Routers Cross-Site Scripting (XSS) Vulnerabilities in WatchGuard Fireware XTM Firewall Policy Management Pages Arbitrary Web Script Injection in Webmin view.cgi Multiple Cross-Site Scripting (XSS) Vulnerabilities in PivotX 2.3.9 Arbitrary PHP Code Execution via Unrestricted File Upload in PivotX 2.3.9 and Earlier Privilege Escalation via Modified JavaScript Variable in Virtual Access GW6110A Routers Privilege Escalation in ZOHO ManageEngine OpStor before build 8500 Cleartext Password Disclosure in Websense Triton Unified Security Center 7.7.3 Arbitrary Domain Account Login Vulnerability in Artiva Agency Single Sign-On Implementation Arbitrary Code Execution Vulnerabilities in J2k-Codec via Crafted JPEG 2000 File Man-in-the-Middle Attack via Crafted DNS PTR Records in POCO C++ Libraries Insecure Use of Anonymous Ciphersuites in FortiManager Protocol Service Authentication Bypass Vulnerability in ZyXEL Wireless N300 NetUSB NBG-419N Router Hardcoded Password Vulnerability in ZyXEL Wireless N300 NetUSB NBG-419N Router Multiple stack-based buffer overflows on ZyXEL Wireless N300 NetUSB NBG-419N Router Firmware 1.00(BFQ.6)C0 Remote Code Execution Vulnerability in ZyXEL Wireless N300 NetUSB NBG-419N Router Remote Message Reading Vulnerability in Amtelco miSecureMessages Multiple Directory Traversal Vulnerabilities in Xangati XSR and XNR Arbitrary Command Execution in Xangati XSR and XNR via gui_input_test.pl Params Parameter Insecure Password Hashing in IBM 4690 OS: Vulnerability in Toshiba Global Commerce Solutions 4690 POS Arbitrary Script Injection Vulnerability in Google Search Appliance (GSA) Devices ServerTrustManager Component in Ignite Realtime Smack XMPP API Allows Man-in-the-Middle Attacks via Crafted Certificate Chain Unverified from Attribute in ParseRoster Component Allows IQ Response Spoofing Unspecified Confidentiality Vulnerability in Oracle Applications Framework Component Unspecified vulnerability in Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality via unknown vectors related to Networking Unspecified Confidentiality Vulnerability in Siebel Core - EAI Component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Remote Availability Vulnerability in Siebel Life Sciences Component Unspecified Integrity Vulnerability in Oracle Demantra Demand Management Component Unspecified vulnerability in Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 Unspecified vulnerability in Oracle Java SE and OpenJDK allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability Unspecified Remote Integrity Vulnerability in Oracle Portal Component in Oracle Fusion Middleware 11.1.1.6 Unspecified Remote Code Execution Vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified vulnerability in Oracle Java SE and OpenJDK allows remote attackers to affect integrity via vectors related to JAXP Unspecified vulnerability in Oracle Database Server allows remote authenticated users to affect confidentiality via SYS tables Unspecified vulnerability in Oracle Database Server Spatial component Unspecified Integrity Vulnerability in Oracle Demantra Demand Management Component Unspecified Integrity Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 Unspecified Confidentiality Vulnerability in Oracle Identity Manager Component XML-related vulnerability in Oracle MySQL Server component allows remote authenticated users to impact availability Unspecified vulnerability in Oracle Java SE 7u45 on OS X allows remote attackers to affect confidentiality, integrity, and availability during installation. Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment Unspecified Confidentiality Vulnerability in Oracle PeopleSoft HRMS Unspecified Remote Integrity Vulnerability in Oracle iLearning 6.0 Unspecified Remote Integrity Vulnerability in Oracle Solaris 10 via Java Web Console Unspecified Confidentiality Vulnerability in Oracle Identity Manager Component Unspecified Confidentiality Vulnerability in Oracle PeopleSoft HRMS Component Unspecified Integrity Vulnerability in MySQL Server Component Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Buffer Errors in libXtsol in Oracle Solaris 10 and 11.1 Unspecified Remote Confidentiality Vulnerability in Oracle E-Business Suite Unspecified Confidentiality Vulnerability in Oracle Transportation Management Unspecified vulnerability in Oracle Internet Directory component affecting confidentiality via OID LDAP server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Locking Vulnerability in Oracle MySQL Server Unspecified Remote Code Execution Vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified vulnerability in Oracle VM VirtualBox component Unspecified vulnerability in Oracle VM VirtualBox component Unspecified vulnerability in Oracle VM VirtualBox component Unspecified vulnerability in Oracle VM VirtualBox component Unspecified vulnerability in Oracle Java SE 7u45 on OS X allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 Timing discrepancy vulnerability in Oracle Java SE and JRockit allows remote attackers to obtain sensitive information about encryption keys during the TLS/SSL handshake Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Remote Integrity Vulnerability in Oracle Containers for J2EE Component Unspecified Confidentiality Vulnerability in Oracle Containers for J2EE in Oracle Fusion Middleware 10.1.3.5 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via vectors related to JAAS Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified vulnerability in Oracle Secure Global Desktop (SGD) component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Replication Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Solaris 10 on SPARC64-X Platform Unspecified vulnerability in Oracle Java SE and OpenJDK allows remote attackers to affect confidentiality, integrity, and availability via JNDI vectors Unspecified vulnerability in Oracle Java SE and JRockit versions allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans Unspecified Remote Code Execution Vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products 9.2 Unspecified Remote Integrity Vulnerability in Oracle Containers for J2EE Component Unspecified FTS-related vulnerability in Oracle MySQL Server 5.6.13 and earlier Unspecified vulnerability in Oracle Java SE and OpenJDK allows remote attackers to affect confidentiality, integrity, and availability via CORBA vectors Unspecified 2D-related vulnerability in Oracle Java SE and JRockit Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51 Unspecified Remote Code Execution Vulnerability in MySQL Server Component Unspecified Remote Integrity Vulnerability in Oracle Agile Product Lifecycle Management for Process Unspecified vulnerability in Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1-6.3.2 Unspecified Remote Integrity Vulnerability in Oracle Hyperion BI+ Component Unspecified vulnerability in MySQL Server component affecting availability via Optimizer Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.52 and 8.53 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 Unspecified Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified vulnerability in Oracle Solaris Print Filter Utility allows local users to compromise system security Unspecified Remote Integrity Vulnerability in Oracle PeopleSoft Products 8.52 Unspecified Confidentiality Vulnerability in Oracle AutoVue Electro-Mechanical Professional Component Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries Unspecified Local Availability Vulnerability in Oracle Solaris 10 and 11.1 Unspecified Remote Vulnerability in Oracle Java SE 7u51 and 8 Affecting Confidentiality, Integrity, and Availability Confidentiality vulnerability in Oracle Java SE Deployment Unspecified Confidentiality Vulnerability in Oracle WebCenter Portal Component Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51 Unspecified Security Vulnerability in Oracle Java SE and JRockit Unspecified Security Vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Unspecified Libraries Vulnerability in Oracle Java SE and JRockit Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51 Unspecified 2D Vulnerability in Oracle Java SE 7u51 and 8 Unspecified JNDI-related vulnerability in Oracle Java SE and JRockit Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS Unspecified Remote Confidentiality Vulnerability in Oracle Java SE 8 Unspecified Remote Confidentiality Vulnerability in Oracle Java SE 8 Unspecified Integrity Vulnerability in Oracle OpenSSO Component Arbitrary File Deletion and Command Execution Vulnerability in a2ps 4.14 Buffer Overflow in Mutt's copy.c Allows Remote Denial of Service Stack-based Buffer Overflow in Debian Patch for xbuffy Allows Remote Code Execution via Email Subject Unchecked Return Value in setuid Function Allows Privilege Escalation in Super 3.30.0 Arbitrary File Write Vulnerability in dpkg's Unpacking Functionality Arbitrary Python Module Execution via django.core.urlresolvers.reverse CSRF Token Reuse Vulnerability in Django Caching Framework Type Conversion Vulnerability in Django Model Field Classes Directory Traversal Vulnerabilities in GNU C Library (glibc) before 2.20 Arbitrary Code Execution via Unquoted File Paths in chkrootkit Denial of Service Vulnerability in Email::Address Module Insecure Source Package Validation in APT before 1.0.4 Arbitrary Command Execution in reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 Improper URL Validation in Django Core URL Resolver Function Sequential File Name Generation Vulnerability in Django Session Hijacking Vulnerability in Django's RemoteUserMiddleware Unauthenticated Information Disclosure in Django Admin Interface Privilege Escalation Vulnerability in Debian acpi-support Package Arbitrary Code Execution Vulnerability in S3QL 1.18.1 and Earlier Denial of Service Vulnerability in Knot DNS 1.5.2 and earlier Unverified File Modification Vulnerability in APT Unauthenticated to Authenticated State Transition Vulnerability in APT Arbitrary Code Execution via Crafted Package in APT before 1.0.9 Insecure Signature Validation in APT's apt-get Download Command Unspecified Protection Bypass Vulnerability in Adobe Flash Player and Adobe AIR ASLR Defeat Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Denial of Service Vulnerability in Adobe Digital Editions 2.0.1 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution via Integer Underflow in Adobe Flash Player Stack-based buffer overflow in Adobe Flash Player Address Information Disclosure Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Remote Code Execution Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628: Remote Code Execution Vulnerability Same Origin Policy Bypass in Adobe Flash Player Clipboard Data Leakage Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote code execution and potential bypass of Internet Explorer sandbox protection Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Vector Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Arbitrary script injection vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Heap-based Buffer Overflow in Adobe Flash Player 12.0.0.77 Heap-based Buffer Overflow in Adobe Reader 11.0.06 Bypassing PDF Sandbox Protection in Adobe Reader 11.0.06 Adobe Illustrator CS6 Stack-based Buffer Overflow Vulnerability Arbitrary Code Execution Vulnerability in Adobe Reader Mobile Application for Android Adobe Flash Player Buffer Overflow Vulnerability Same Origin Policy Bypass in Adobe Flash Player and Adobe AIR SDK Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player and Adobe AIR SDK Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player and Adobe AIR SDK Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player and Adobe AIR SDK Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player and Adobe AIR SDK Information Disclosure Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unmapped Memory Access Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Double Free Vulnerability in Adobe Reader and Acrobat 10.x and 11.x on Windows and OS X Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Unspecified Cross-site Scripting (XSS) Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Cross-site Scripting (XSS) Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Cross-site Scripting (XSS) Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Bypassing Access Restrictions in Adobe Flash Player and Adobe AIR Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Sandbox Bypass Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Same Origin Policy Bypass Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Bypassing Access Restrictions in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player Adobe Reader and Acrobat Use-After-Free Arbitrary Code Execution Vulnerability Heap-based Buffer Overflow in Adobe Reader and Acrobat 10.x and 11.x on Windows and OS X Universal XSS (UXSS) vulnerability in Adobe Reader and Acrobat 10.x and 11.x on OS X Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat 10.x and 11.x on Windows and OS X NTFS Junction Attack Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution via Integer Overflow in Adobe Flash Player CSRF Vulnerability in Adobe ColdFusion Versions 9.0 to 11 Arbitrary Web Script Injection Vulnerability in Adobe ColdFusion Bypassing IP-based Access Restrictions in Adobe ColdFusion Versions 9.0, 9.0.1, 9.0.2, 10, and 11 Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Double Free Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Adobe Flash Player and Adobe AIR Same Origin Policy Bypass Vulnerability Same Origin Policy Bypass in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 vulnerability Heap-based buffer overflow vulnerability in Adobe Flash Player and Adobe AIR allows for transition from Low Integrity to Medium Integrity Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 vulnerability Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Denial of Service Vulnerability in BIND DNS Server Bypassing Security Group Restrictions in SUSE Cloud 3 Code Execution Vulnerability in obs-service-set_version CSRF Protection Bypass in Open Build Service (OBS) Web Interface Improper Array Management in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 Directory Traversal Vulnerability in iPrint on Novell Open Enterprise Server (OES) 11 SP1 Arbitrary Web Script Injection Vulnerability in iPrint on Novell Open Enterprise Server (OES) 11 SP1 Arbitrary File Read/Write Vulnerability in Novell GroupWise 2014 Administration Service Arbitrary Code Execution via Directory Traversal in NetIQ Security Manager ActiveX Control Memory Corruption and Code Execution Vulnerability in rftpcom.dll ActiveX Control Directory Traversal Vulnerability in Attachmate Reflection FTP Client ActiveX Control Arbitrary Code Execution via Directory Traversal in Attachmate Reflection FTP Client Unrestricted File Upload Vulnerability in Attachmate Verastream Process Designer (VPD) Unspecified Vulnerability in Novell Open Enterprise Server (OES) with Unknown Impact and Attack Vectors Arbitrary Code Execution and Denial of Service Vulnerability in Novell GroupWise Cross-Site Scripting (XSS) Vulnerabilities in Novell GroupWise WebAccess Unspecified Denial of Service Vulnerability in Juniper Junos Denial of Service Vulnerability in Juniper Junos XNM Command Processor Denial of Service Vulnerability in Juniper Junos 13.2 and 13.3 Privilege Escalation Vulnerability in Juniper Junos OS Denial of Service Vulnerability in Juniper Junos Denial of Service Vulnerability in Juniper Junos SRX Series Service Gateways Denial of Service Vulnerability in Juniper Junos Untrusted Search Path Vulnerability in Hamster Free ZIP Archiver 2.0.1.7 Allows Arbitrary Code Execution and DLL Hijacking Cross-Site Scripting (XSS) Vulnerabilities in Technicolor TC7200 STD6.01.12 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Technicolor TC7200 STD6.01.12 Content Uploading Vulnerability in EMC Documentum Foundation Services Cross-Site Scripting (XSS) Vulnerability in EMC RSA Authentication Manager 7.1 Session Management Vulnerability in EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 Denial of Service Vulnerability in EMC RSA BSAFE SSL-J API Vulnerability: Bypassing Cryptographic Protection Mechanisms in EMC RSA BSAFE SSL-J Weak Cipher Suite Selection Vulnerability in EMC RSA BSAFE SSL-J Denial of Service Vulnerability in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x Privilege Escalation and Information Disclosure in EMC Documentum TaskSpace Arbitrary File Read Vulnerability in EMC Documentum TaskSpace Arbitrary Code Execution via Directory Traversal in EMC VPLEX GeoSynchrony 4.x and 5.x Unvalidated Session-Timeout Values in EMC VPLEX GeoSynchrony GUI Missing HTTPOnly Flag in EMC VPLEX GeoSynchrony Cookie Session Fixation Vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x RSA BSAFE Micro Edition Suite (MES) 3.2.x and 4.0.x Vulnerability: SSL Server Spoofing via Crafted Certificate Chain Arbitrary Web Script Injection Vulnerability in RSA Adaptive Authentication (On-Premise) Cross-Frame Scripting XSS Vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x Unspecified Cross-Site Scripting (XSS) Vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 Bypassing Resource Access Restrictions in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 CSRF Vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 Allows Remote User Authentication Hijacking Bypassing Access Restrictions and Reading Metadata in EMC Documentum Content Server Authentication Bypass in EMC RSA NetWitness and RSA Security Analytics XML External Entity (XXE) vulnerability in EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote file read Vulnerability: Weak Password Hash Storage in EMC Cloud Tiering Appliance and File Management Appliance Cleartext Password Exposure in EMC RSA Access Manager Starbucks iOS App Vulnerability: Plaintext Storage of Sensitive Information in Crashlytics Log Improper Authentication and Authorization in Cisco Secure ACS 5.x (Bug ID CSCud75187) Improper Authorization Enforcement in Cisco Secure ACS 5.x Allows Remote Users to Obtain Superadmin Access (CSCud75180) Arbitrary Command Execution Vulnerability in Cisco Secure Access Control System (ACS) 5.x Improper Authorization Enforcement in Cisco Context Directory Agent (CDA) Allows Remote Administrative Access Cisco Context Directory Agent (CDA) Cross-Site Scripting (XSS) Vulnerability (Bug ID CSCuj45358) Cisco ASA Software Authentication-State Modification Vulnerability Replay Attack Vulnerability in Cisco Context Directory Agent (CDA) (CSCuj45383) Remote Replay Attack Vulnerability in Cisco ASA Software Cisco Context Directory Agent (CDA) User-Interface Data Omission Vulnerability Role-based Access Control Bypass in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier (Bug ID CSCuj83540) Denial of Service Vulnerability in Cisco 9900 Unified IP Phones (Bug ID CSCul24898) Remote Code Execution and Data Disclosure Vulnerability in Cisco WAP4410N, WRVS4400N, and RVS4000 Routers Denial of Service Vulnerability in Cisco TelePresence ISDN Gateway (Bug ID CSCui50360) Arbitrary Command Execution and Denial of Service Vulnerability in Cisco TelePresence System Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) Cisco Secure Access Control System (ACS) Cross-Site Scripting (XSS) Vulnerability Cisco Unity Connection Server Denial of Service Vulnerability (Bug ID CSCul49976) Privilege Escalation Vulnerability in Cisco Identity Services Engine (ISE) Software (CSCul83904) Arbitrary Code Execution via Directory Traversal in Cisco Jabber (CSCug48056) Arbitrary File Read Vulnerability in Cisco Secure Access Control System (ACS) Cisco Secure Access Control System (ACS) Portal Cross-Site Scripting (XSS) Vulnerability Bypassing Top-Up Payment Restrictions in Cisco ASR 5000 Series Devices via WSP Packets (CSCuh28371) Cisco MediaSense Search and Play Interface Cross-Site Scripting (XSS) Vulnerability Open Redirect Vulnerability in Cisco MediaSense Arbitrary Recording Download Vulnerability in Cisco MediaSense Cross-Site Scripting (XSS) Vulnerabilities in Cisco Video Surveillance 5000 HD IP Dome Cameras Unauthenticated MySQL Database Connection Vulnerability in Cisco Video Surveillance Operations Manager (VSOM) Default X.509 Certificate Reuse Vulnerability in Cisco TelePresence Video Communication Server (VCS) TACACS+ Command Bypass Vulnerability in Cisco NX-OS (Bug ID CSCum47367) Denial of Service Vulnerability in Cisco NX-OS LDP Discovery Traffic Handling (Bug ID CSCul88851) Session Hijacking Vulnerability in Cisco Secure Access Control System (ACS) Arbitrary Command Execution Vulnerability in Cisco Prime Infrastructure Cisco Identity Services Engine (ISE) NAC Web Agent Cross-Site Scripting (XSS) Vulnerability Cisco Identity Services Engine (ISE) 1.2 Patch 2 and Earlier Cross-Site Scripting (XSS) Vulnerability (CSCui15064) Cisco WebEx Meetings Server Authorization Bypass Vulnerability Authentication Replay Vulnerability in Cisco RV110W, RV215W, and CVR100W Routers Denial of Service Vulnerability in Cisco NX-OS 6.2(2) on Nexus 7000 Switches (Bug ID CSCui56136) Bypassing ACL Deny Statements in Cisco Nexus 1000V InterCloud Privilege Escalation Vulnerability in Cisco Unified Communications Manager Insufficient Entropy in Cisco WebEx Meetings Server Allows Unauthorized Meeting Access Cryptographic Key Exposure in Cisco Cloud Portal 9.4.1 and Earlier Memory Deallocation Vulnerability in Cisco Wireless LAN Controller (WLC) Devices Race condition vulnerability in Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 allows remote attackers to bypass access restrictions via Aironet IOS software. Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices with IGMPv3 Snooping Enabled (CSCuh33240) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (CSCue87929) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (CSCuf80681) Improper URL Composition in WebEx Meeting Center Allows Information Disclosure Hardcoded Root Password Vulnerability in Cisco UCS Director Denial of Service Vulnerability in Cisco FWSM Software Denial of Service Vulnerability in Cisco IPS Software Denial of Service Vulnerability in Cisco IPS Software (Bug ID CSCui67394) Denial of Service Vulnerability in Cisco IPS Software Remote Root Access Vulnerability in Cisco Unified SIP Phone 3905 Authentication Bypass Vulnerability in Cisco Unified Communications Manager (UCM) Log4jinit Web Application (CSCum05347) Cisco Unified Communications Manager (UCM) IP Manager Assistant (IPMA) Interface Cross-Site Scripting (XSS) Vulnerability Authentication Bypass and Arbitrary File Read Vulnerability in Cisco Unified Communications Manager (UCM) Unauthenticated Access to WAR Files in Cisco Unified Communications Manager (UCM) SQL Injection Vulnerability in Cisco Unified Communications Manager (UCM) IP Manager Assistant (IPMA) Interface SQL Injection Vulnerability in Cisco Unified Communications Manager (UCM) CMIVR Interface (Bug ID CSCum05318) SQL Injection Vulnerability in Cisco Unified Communications Manager (UCM) 10.0(1) and Earlier (Bug ID CSCum05313) SQL Injection Vulnerability in Cisco Unified Communications Manager (UCM) EMApp Interface (Bug ID CSCum05302) Privilege Escalation via CLI Copy Command in Cisco UCS Central Software Authentication Bypass Vulnerability in Cisco Unified Communications Manager (Unified CM) 10.0(1) and Earlier (Bug ID CSCum46497) Authentication Bypass Vulnerability in Cisco Unified Communications Manager (Unified CM) RTMT Web Application (CSCum46495) Authentication Bypass Vulnerability in Cisco Unified Communications Manager SQL Injection Vulnerability in Cisco Unified Communications Manager (Unified CM) CAPF Implementation (CSCum46483) Cisco Unified Communications Manager (Unified CM) IP Manager Assistant (IPMA) Interface Cross-Site Scripting (XSS) Vulnerability CSRF vulnerability in Cisco Unified Communications Manager (Unified CM) allows remote hijacking of user authentication for CAR modifications Authentication Bypass and Trust Relationship Manipulation in Cisco Unified IP Phone 7960G (Bug ID CSCuj66795) Authentication Bypass and Trust Relationship Manipulation in Cisco ASA Software (Bug ID CSCuj66770) Race condition vulnerability in Cisco ASA Software allows remote attackers to bypass sec_db authentication and provide pass-through services via crafted TFTP request (CSCuj66766) CSRF Vulnerability in Cisco Unified Communications Manager (Unified CM) Allows Remote Authentication Hijacking Arbitrary File Read/Modify Vulnerability in Cisco Unified Communications Manager (Unified CM) Arbitrary File Read/Modify Vulnerability in Cisco Unified Communications Manager (Unified CM) Authentication Bypass and Device Modification Vulnerability in Cisco Unified Communications Manager CSRF Vulnerability in Cisco Unified Contact Center Express (Unified CCX) Allows User Authentication Hijacking Information Disclosure Vulnerability in Cisco Unified Contact Center Express Disaster Recovery System (DRS) Command Injection Vulnerability in Cisco Unified Communications Manager (Unified CM) CAPF CLI Implementation (CSCum95493) Insecure UID Validation in apinit on Cray Devices (ID FN5912) Stack-based Buffer Overflow in TORQUE Resource Manager GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY Directory Traversal Remote Code Execution Vulnerability Directory Traversal Vulnerability in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY (CVE-2020-XXXX) Arbitrary Project Backup File Read Vulnerability in Ecava IntegraXor Stack-based Buffer Overflow in Ecava IntegraXor SCADA Server Allows Remote Denial of Service SchneiderWEB Directory Traversal Vulnerability Inadequate Password Protection in Rockwell Automation RSLogix 5000 Allows Unauthorized Access and Data Modification Denial of Service Vulnerability in Smart Software Solutions (3S) CoDeSys Runtime Toolkit Arbitrary Program Execution via Crafted HTML Document in ICONICS GENESIS32 8.0-8.05 Unquoted Windows Search Path Privilege Escalation Vulnerability in Schneider Electric Floating License Manager Undocumented FTP Access Vulnerability in Festo CECX-X-C1 and CECX-X-M1 Modular Controllers Denial of Service Vulnerability in CG Automation ePAQ-9410 Substation Gateway DNP3 Driver DNP3 Driver Denial of Service Vulnerability in CG Automation ePAQ-9410 Substation Gateway SQL Injection Vulnerabilities in Advantech WebAccess DBVisitor.dll Advantech WebAccess NodeName Parameter Stack-based Buffer Overflow Vulnerability Advantech WebAccess Stack-Based Buffer Overflow Vulnerability Advantech WebAccess Stack-Based Buffer Overflow Vulnerability Advantech WebAccess Stack-Based Buffer Overflow Vulnerability Advantech WebAccess Stack-Based Buffer Overflow Vulnerability Unauthenticated Remote Configuration Modification and Log Deletion in Festo CECX-X-C1 and CECX-X-M1 Controllers Advantech WebAccess 7.2 Stack-Based Buffer Overflow Vulnerability Arbitrary File Read Vulnerability in Advantech WebAccess Arbitrary File Read Vulnerability in Advantech WebAccess Arbitrary Execution of Programs via Crafted Argument in Advantech WebAccess Privilege escalation through stack-based buffer overflow in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 via malformed configuration file. Denial of Service Vulnerability in Modbus Slave/Outstation Driver in IOServer OPC Server Information Disclosure Vulnerability in Progea Movicon 11.4 Denial of Service Vulnerability in Kepware KepServerEX 4 Component NTWebServer Directory Traversal Vulnerability in InduSoft Web Studio 7.1 before SP2 Patch 4 Remote Code Execution Vulnerability in Yokogawa CENTUM CS 3000 R3.09.50 and Earlier Arbitrary Code Execution via Crafted Packet in Yokogawa CENTUM CS and CENTUM VP Remote Code Execution Vulnerability in Yokogawa CENTUM CS 3000 R3.09.50 and Earlier Remote Code Execution Vulnerability in Yokogawa CENTUM CS 3000 R3.09.50 and Earlier Cleartext Credential Exposure in Ecava IntegraXor before 4.1.4393 Remote Code Execution Vulnerability in WellinTech KingSCADA Buffer Overflow Vulnerabilities in Schneider Electric OPC Factory Server (OFS) ActiveX Control Integer Overflow in FreeRDP License Read Scope List Function Arbitrary Code Execution Vulnerability in Sonatype Nexus 1.x and 2.x Multiple Cross-Site Scripting (XSS) Vulnerabilities in StackIdeas Komento Component for Joomla! SQL Injection Vulnerability in JV Comment Component for Joomla! (com_jvcomment) before 3.0.3 Arbitrary File Creation and Overwrite Vulnerability in aokitaka ZIP with Pass and ZIP with Pass Pro for Android Arbitrary File Creation and Overwrite Vulnerability in Tetra Filer Application for Android Arbitrary File Creation and Overwrite Vulnerability in CGENE Security File Manager Pro and Trial Applications Arbitrary File Creation and Overwrite Vulnerability in NeoFiler Application for Android Unverified Geolocation API Access in Sleipnir Mobile Applications Unspecified Remote Data Modification Vulnerability in LOCKON EC-CUBE Sensitive Shipping Information Disclosure in LOCKON EC-CUBE Arbitrary File Creation Vulnerability in Gapless Player SimZip Application Arbitrary Code Execution Vulnerability in JustSystems Sanshiro and Sanshiro Viewer Arbitrary Web Script Injection Vulnerability in Blackboard Vista/CE 8.0 SP6 and Earlier Arbitrary Web Script Injection in KENT-WEB Joyful Note 2.8 and Earlier CSRF Vulnerability in phpMyFAQ Allows Unauthorized Modification of Settings Arbitrary Web Script Injection Vulnerability in phpMyFAQ before 2.8.6 Opera for Android: Local File Reading Vulnerability via Intent: URL Privilege Escalation Vulnerability in Norman Security Suite 10.1 and Earlier Session Impersonation Vulnerability in Cybozu Garoon Untrusted Search Path Vulnerability in Autodesk AutoCAD: Privilege Escalation and Arbitrary Code Execution Untrusted Search Path Vulnerability in Autodesk AutoCAD: Privilege Escalation via Trojan Horse DLL Directory Traversal Vulnerability in Cybozu Garoon Allows Remote File Read SQL Injection Vulnerability in Cybozu Garoon Download Feature Denial of Service Vulnerability in IBM Domino IMAP Server (SPR KLYH9F4S2Z) Arbitrary File Read Vulnerability in IBM WebSphere Application Server (WAS) 8.x Arbitrary web script injection vulnerability in IBM Maximo Asset Management and related products Arbitrary web script injection vulnerability in IBM Maximo Asset Management and related products Arbitrary Script Injection Vulnerability in IBM InfoSphere Optim Workload Replay 1.1 Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Buffer Overflow Vulnerabilities in IBM Rational ClearCase Versions 7.x, 8.0.0.x, and 8.0.1.x Directory Traversal Vulnerability in IBM Financial Transaction Manager (FTM) Allows Unauthorized File Access CSRF Vulnerability in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 Cross-Site Scripting (XSS) Vulnerabilities in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 Operator-Intervention Bypass Vulnerability in IBM Financial Transaction Manager (FTM) 2.0 Denial of Service Vulnerability in IBM General Parallel File System (GPFS) CSRF Vulnerability in IBM Security QRadar SIEM 7.2 MR1 and Earlier IBM Security QRadar SIEM 7.2 MR1 and Earlier Cross-Site Scripting (XSS) Vulnerability Unverified X.509 Certificate Vulnerability in IBM Security QRadar SIEM 7.2 MR1 and Earlier Arbitrary Command Execution in IBM Security QRadar SIEM AutoUpdate Package Direct Object Reference Vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x Cross-Site Scripting (XSS) Vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x Weak Password Hashing Algorithm in IBM Rational Focal Point Sensitive Information Disclosure in IBM Rational Focal Point Account Creation Arbitrary Web Script Injection Vulnerability in IBM Rational Focal Point Arbitrary Data Read Vulnerability in IBM Rational Requirements Composer and Rational DOORS Next Generation Open Redirect Vulnerability in IBM Rational Requirements Composer and Rational DOORS Next Generation Arbitrary Web Script Injection Vulnerability in IBM Rational Requirements Composer and Rational DOORS Next Generation Weak SSLCipherSuite Values in IBM Netezza Performance Portal 2.0 before 2.0.0.4 Privilege Escalation via Multiple Security Group Membership in IBM Maximo Asset Management and SmartCloud Control Desk Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub Timing Attack Vulnerability in IBM WebSphere DataPower SOA Appliances Cross-Site Scripting (XSS) Vulnerabilities in IBM Rational Focal Point XML External Entity (XXE) Vulnerability in IBM Cognos Business Intelligence Unspecified Cross-Site Scripting (XSS) Vulnerabilities in IBM Connections Portlets 4.x Information Disclosure Vulnerability in IBM WebSphere Application Server Administrative Console Bypassing Access Restrictions and DeleteAction Attacks in IBM Content Navigator 2.x Denial of Service Vulnerability in IBM WebSphere Application Server Cleartext IPMI Credentials Vulnerability in IBM BladeCenter and Integrated Management Modules Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Business Intelligence Server Arbitrary Code Execution Vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) Obfuscated Password Storage Vulnerability in IBM Cognos TM1 Cross-Site Request Forgery (CSRF) Vulnerabilities in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 Remote Code Execution in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 Cleartext Credential Exposure in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 Remote Cookie Manipulation Vulnerability in IBM Algo Credit Limits (ACLM) Remote Code Execution Vulnerability in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 Insecure Decrypt Function in IBM Algo Credit Limits Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 Remote Information Disclosure in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 Unencrypted Credential Storage Vulnerability in IBM Security Key Lifecycle Manager 2.5 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in IBM InfoSphere Master Data Management Server Arbitrary Web Script Injection Vulnerability in IBM Content Navigator 2.x ACL Bypass Vulnerability in IBM Storwize V7000 Unified Buffer Overflow Vulnerability in IBM Tivoli Storage Manager (TSM) GUI Configuration Wizard and Preferences Editor Access Restriction Bypass Vulnerability in IBM Cognos TM1 Predictable Random Number Generation Vulnerability in IBM SDK Java Technology Edition Taskmaster Capture ActiveX Control Stack-Based Buffer Overflow Vulnerability Remote CLI Access and Denial of Service Vulnerability in IBM SAN Volume Controller and Storwize Systems Vulnerability in TPM Configuration on IBM Flex System x222 Servers Information Disclosure Vulnerability in IBM IMM2 Cross-Site Scripting (XSS) Vulnerability in IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 Arbitrary Web Script Injection Vulnerability in IBM Lotus Protector for Mail Security CSRF Vulnerability in IBM Lotus Protector for Mail Security 2.8.x Arbitrary Command Execution Vulnerability in IBM Lotus Protector for Mail Security Arbitrary Command Execution Vulnerability in IBM Lotus Protector for Mail Security Bypassing Application-Authenticity in IBM Worklight Foundation Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM Atlas Suite Cleartext Password Logging Vulnerability in IBM Sametime Connect Client Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) Vulnerability in IBM Notes and Domino Allows Remote Code Execution (SPR KLYH9GGS9W) Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management and SmartCloud Control Desk Information Disclosure Vulnerability in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 Buffer Overflow in IBM SPSS SamplePower 3.0.1 ActiveX Control Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x Weak Encryption Algorithm in IBM Flex System Manager (FSM) Chassis Management Module (CMM) Account Creation FTP Bypass Vulnerability in IBM AIX 7.1.1 and 7.1.2 Device Administrator Spoofing Vulnerability IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 Social Rendering XSS Vulnerability Unauthenticated Remote Code Execution in IBM Security AppScan Standard Lack of Secure Flag in LTPA Cookie in IBM InfoSphere BigInsights 2.0 through 2.1.2 Session Cookie Validation Bypass in IBM Sametime Meeting Server Privilege Escalation via Untrusted Search Path Vulnerabilities in IBM DB2 Unauthorized Access to User Attributes in IBM Business Process Manager Insecure Session Cookie Transmission in IBM Rational License Key Server (RLKS) 8.1.4.x Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Denial of Service Vulnerability in IBM WebSphere MQ 7.1.x and 7.5.x Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM iNotes and Domino Cross-Site Scripting (XSS) Vulnerability (SPR BFEY9GXHZE) Arbitrary web script injection vulnerability in IBM Maximo Asset Management Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM Maximo Asset Management and Related Products Arbitrary web script injection vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal IBM Eclipse Help System (IEHS) Directory Traversal Vulnerability Password Exposure in IBM DB2 Monitoring and Audit Facilities Cleartext Password Logging Vulnerability in IBM SPSS Analytic Server Denial of Service and Message Data Loss Vulnerability in IBM MessageSight 1.x Denial of Service Vulnerability in IBM MessageSight 1.x Denial of Service Vulnerability in IBM MessageSight 1.x Password Substring Bypass Vulnerability in IBM MessageSight 1.x Open Redirect Vulnerability in IBM Sterling Control Center 5.4.0 and 5.4.1 Authentication Bypass in IBM Sterling B2B Integrator and Sterling File Gateway CSRF Vulnerability in IBM Connections Profiles Component Allows Authentication Hijacking Denial of Service and Information Disclosure Vulnerability in IBM AIX and VIOS through PT_LDINFO Operation Multiple XML External Entity (XXE) Vulnerabilities in IBM Rational ClearCase Arbitrary Script Injection Vulnerability in IBM Sterling Order Management and Sterling Selling and Fulfillment Foundation CSRF Vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1-9.1 Privilege Escalation Vulnerability in IBM Smart Analytics System 7700 and 7710 Cleartext Assessment Data Transmission Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 Cross-site scripting (XSS) vulnerability in IBM Netcool/OMNIbus 7.4.0 Web GUI Cross-site scripting (XSS) vulnerability in IBM Netcool/OMNIbus 7.4.0 Web GUI Denial of Service Vulnerability in IBM WebSphere Commerce Cross-Site Request Forgery (CSRF) Vulnerability in IBM Operational Decision Manager Arbitrary Web Script Injection in RES Console of IBM Operational Decision Manager Inadequate Cache-Control Headers in RES Console of IBM Operational Decision Manager Arbitrary Code Execution Vulnerability in IBM Rational Software Architect Design Manager 4.0.6 Arbitrary Code Execution Vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager Denial of Service Vulnerability in IBM WebSphere Portal Multiple XML External Entity (XXE) Vulnerabilities in IBM Rational ClearQuest Components Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Unvalidated JSP Includes Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection in IBM WebSphere Portal 8.0 Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM Business Process Manager and WebSphere Lombardi Edition Arbitrary Redirect Vulnerability in IBM WebSphere Portal Denial of Service Vulnerability in IBM WebSphere Portal Bypassing Access Restrictions via SSH Session in IBM PureApplication System CSRF Vulnerability in IBM Tivoli Identity Manager and IBM Security Identity Manager Allows Authentication Hijacking Denial of Service Vulnerability in IBM Security Access Manager (ISAM) for Web Denial of Service Vulnerability in IBM WebSphere Application Server (WAS) 6.1 and 6.0 Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) 7.0.x, 8.0.x, and 8.5.x SQL Injection Vulnerability in IBM InfoSphere Master Data Management Arbitrary Code Injection through Cross-Site Scripting (XSS) in IBM InfoSphere Master Data Management Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition and Server for Product Information Management CSRF Vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition and Server for Product Information Management Remote Link Injection Vulnerability in IBM InfoSphere Master Data Management Vulnerability: Write Access to IOMMU Context Registers in kgsl Graphics Driver Insecure Digest Size Check in Little Kernel (LK) Bootloader Memory Write Vulnerability in Little Kernel (LK) Bootloader Arbitrary Script Injection in Movable Type Rich Text Editor Stack-based Buffer Overflow in yyerror Function in Graphviz 2.34.0 NULL Pointer Dereference Vulnerability in LightDM GTK+ Greeter Remote Code Execution Vulnerability in Poster Software PUBLISH-iT 3.6d via Crafted PUI File Arbitrary Code Execution via Crafted Chromium Network Pointer in Oracle VirtualBox Multiple Array Index Errors in VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 Timing Side-Channel Attack in SAP Router 721 and Earlier Versions Remote Code Execution Vulnerability in Advantech WebAccess 7.2 Remote Code Execution Vulnerability in Advantech WebAccess 7.2 via GotoCmd Parameter Remote Code Execution Vulnerability in Advantech WebAccess 7.2 Remote Code Execution Vulnerability in Advantech WebAccess 7.2 Remote Code Execution Vulnerability in Advantech WebAccess 7.2 Remote Code Execution Vulnerability in Advantech WebAccess 7.2 Remote Code Execution Vulnerability in Advantech WebAccess 7.2 Remote Code Execution Vulnerability in Advantech WebAccess 7.2 Buffer Overflow in VCL Graphics.TPicture.Bitmap Implementation in Embarcadero Delphi XE6 and C++ Builder XE6 Heap-based buffer overflow in ReadDIB function in VCL Graphics TPicture.Bitmap implementation in Embarcadero Delphi XE6 and C++ Builder XE6 allows arbitrary code execution via a manipulated BMP file Denial of Service Vulnerability in SAP Netweaver Enqueue Server Denial of Service vulnerability in Android WiFiMonitor Integer Signedness Error in FreeBSD VT Console Driver Session Hijacking Vulnerability in Sendio before 7.2.4 CSRF Vulnerability in LiveOptim Plugin for WordPress Directory Traversal Vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 SQL Injection Vulnerability in YourMembers Plugin for WordPress Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) Multiple CSRF Vulnerabilities in D-Link DIR-600 Router (rev. Bx) Firmware Cross-Site Scripting (XSS) Vulnerabilities in webtrees 1.5.2 and Earlier HK Exif Tags Plugin for WordPress XSS Vulnerability Arbitrary Code Injection via Path Parameter in Joomlaskin JS Multi Hotel Plugin Information Disclosure Vulnerability in Joomlaskin JS Multi Hotel Plugin for WordPress Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in PHPJabbers Appointment Scheduler 2.0 ClanSphere 2011.4 XSS Vulnerability in where Parameter SQL Injection Vulnerability in Sendy 1.1.9.1: Remote Code Execution via /send-to Endpoint SQL Injection Vulnerability in Sendy 1.1.8.4: Remote Code Execution via 'i' Parameter Cross-Site Scripting (XSS) Vulnerabilities in clientResponse 4.1 Stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write Vulnerability in SolidWorks Workgroup PDM 2014 Arbitrary Script Injection Vulnerability in Photocrati WordPress Theme Arbitrary Script Injection in PhpOnlineChat 3.0 via canned_opr.php Unconfirmed Plugin XSS Vulnerability in WordPress LTree Converter SQL Injection Vulnerability in Pomm Unspecified Remote Information Disclosure Vulnerability in JetBrains TeamCity SQL Injection Vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 via PreviewNum Parameter Arbitrary Web Script Injection Vulnerability in OrangeHRM Arbitrary SQL Command Execution in mTouch Quiz WordPress Plugin Multiple Cross-Site Scripting (XSS) Vulnerabilities in mTouch Quiz WordPress Plugin Arbitrary Web Script Injection in Seo Panel before 3.4.0 CSRF Vulnerability in Savsoft Quiz Allows Unauthorized Creation of Administrator Account Cross-Site Scripting (XSS) Vulnerability in April's Super Functions Pack Plugin for WordPress Arbitrary Script Injection in WP SlimStat Plugin for WordPress Arbitrary Web Script Injection Vulnerability in WEBCrafted Signup Directory Traversal Vulnerabilities in Ganesha Digital Library (GDL) 4.2: Arbitrary File Read Multiple Cross-Site Scripting (XSS) Vulnerabilities in Maian Uploader 4.0 Arbitrary Web Script Injection in Ganesha Digital Library (GDL) 4.2 SQL Injection Vulnerabilities in Ganesha Digital Library (GDL) 4.2: Remote Code Execution Airties Air 6372 Modem XSS Vulnerability in top.html ArcticDesk Directory Traversal Vulnerability ArcticDesk Frontend Interface XSS Vulnerability ArcticDesk Ticket Grid SQL Injection Vulnerability Arbitrary Script Injection in FlatPress 1.0.2 via XSS Vulnerability Arbitrary Web Script Injection in Storytlr 1.3.dev and Earlier Arbitrary Script Injection in Storytlr 1.3.dev and Earlier via Search Parameter Denial of Service Vulnerability in Malwarebytes Anti-Exploit (CVE-2014-1234) SQL Injection Vulnerability in Maian Uploader 4.0: Remote Code Execution via id Parameter Information Disclosure in Maian Uploader 4.0 via load_flv.js.php Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Maian Uploader 4.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Maian Weblog 4.0 and Earlier Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Stark CRM 1.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Stark CRM 1.0 Arbitrary File Read Vulnerability in PHPJabbers Appointment Scheduler 2.0 Stack-based Buffer Overflow in UltraCamLib ActiveX Control for TRENDnet SecurView Camera TV-IP422WN Arbitrary Script Injection Vulnerability in Another WordPress Classifieds Plugin SQL Injection Vulnerability in Another WordPress Classifieds Plugin for WordPress CSRF and XSS Vulnerabilities in PHPJabbers Event Booking Calendar 2.0 Arbitrary SQL Command Execution in PHPJabbers Event Booking Calendar 2.0 Cross-Site Scripting (XSS) Vulnerabilities in Welcart e-Commerce Plugin for WordPress SQL Injection Vulnerabilities in Welcart e-Commerce Plugin 1.3.12 for WordPress Arbitrary Web Script Injection Vulnerability in Teracom T2-B-Gawv1.4U10Y-BI Modem CSRF Vulnerabilities in Teracom T2-B-Gawv1.4U10Y-BI Modem Allow Remote Authentication Hijacking SQL Injection Vulnerability in Simple e-document 1.31 Login.php Arbitrary Code Execution via Unrestricted File Upload in WP Symposium Plugin Denial of Service Vulnerability in Apache Traffic Server SQL Injection Vulnerabilities in TopicsViewer 3.0 Beta 1: Remote Code Execution Heap-based Buffer Overflow in DirectShowDemuxFilter Allows Remote Code Execution Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in D-Link DAP-1360 Firmware 2.5.4 and Earlier Authentication Bypass Vulnerability in D-Link DAP-1360 Firmware 2.5.4 and Earlier CSRF Vulnerabilities in D-Link DAP-1360 Router Firmware 2.5.4 and Earlier Arbitrary Web Script Injection Vulnerability in D-Link DAP-1360 Router SQL Injection Vulnerability in FluxBB Profile.php Allows Remote Code Execution via req_new_email Parameter Open Redirect Vulnerability in FluxBB Forums Login Page Remote Code Execution Vulnerability in Qualcomm Eudora WorldMail 9.0.333.0 IMAPd Service SQL Injection Vulnerability in Taboada MacroNews 1.0: Remote Code Execution via news_popup.php Arbitrary SQL Command Execution in osCommerce Online Merchant 2.3.3.4 and Earlier Multiple SQL Injection Vulnerabilities in couponPHP Admin Area Multiple Cross-Site Scripting (XSS) Vulnerabilities in couponPHP 1.2.0 Admin Area Arbitrary Script Injection in JetBrains TeamCity before 8.1 Directory Traversal Vulnerability in DomPHP 0.83 and Earlier SQL Injection Vulnerability in DomPHP 0.83 and Earlier: Remote Code Execution via ids Parameter Stack Restoration Vulnerability in Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800 Buffer Over Read Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Time Daemon Vulnerability on Qualcomm Snapdragon Mobile Devices Buffer Overflow Vulnerability in Sahara Boot on Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Use After Free Vulnerability in Qualcomm Snapdragon Mobile Devices Information Leak Vulnerability in Android Full Disk Encryption Key Writing on Qualcomm Snapdragon Mobile SD 400 and SD 800 Array Index Out-of-Bound Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Access Control Collision Vulnerability in Qualcomm Snapdragon Mobile Processors Cache Invalidation Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Unsecured Memory Retention in Qualcomm Snapdragon SoCs Widevine Secure Application Data Access Vulnerability BT HCI Command Processing Privilege Escalation Vulnerability Leakage of Protected Contents on Qualcomm Snapdragon Mobile SD 400 and SD 800 Buffer Overflow Vulnerability in OpenCL Applications on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205 Insecure Permissions for Calibration Files on Qualcomm Snapdragon Mobile Devices System Time Modification Vulnerability on Qualcomm Snapdragon Mobile Devices Improper Access Control on ATCMD Service in Qualcomm Snapdragon Mobile Devices LocationService Exposed Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Unblown Fuse Vulnerability on Qualcomm Snapdragon Mobile MDM9625 and SD 800 Devices Denial-of-Service Vulnerability in qs Module Bypassing Bad Protocol Check in remarkable before 1.4.1 Allows for JavaScript Injection Directory Traversal Vulnerability in fancy-server (Versions < 0.1.4) Unauthenticated Sandbox Bypass in PayPal IPN Inert Node Module: Unauthorized Access to Hidden Directories Shared DES Key Vulnerability in Hitron CVE-30360 Devices Vulnerability: Integer Variable Evaluation in zsh Buffer Overflow Vulnerability in zsh's >& fd Syntax Buffer Overflow Vulnerability in zsh's utils.c when Scanning Long Directory Paths for Symbolic Links Directory Traversal Vulnerability in Psensor's create_response Function Remote PHP Code Execution Vulnerability in Umbraco before 7.2.0 Remote Command Injection Vulnerability in Karo Gem 2.3.8 for Ruby Weak Access Control in wp-db-backup Plugin 2.2.4 for WordPress Denial of Service Vulnerability in i18n Gem's Hash#slice Method Cross-Site Scripting (XSS) Vulnerability in Vembu StoreGrid 4.4.x Private IP Address Leakage in Vembu StoreGrid 4.4.x Server Web Interface Permanent Trackability and Privacy Concerns in Fitbit Activity-Tracker Devices Negative Value Handling Vulnerability in eXosip's handle_messages Function Critical SQL Injection Vulnerability in i-recommend-this Plugin for WordPress XSS Vulnerability in cforms2 Plugin for WordPress (lib_ajax.php) XSS Vulnerability in Duplicate-Post Plugin for WordPress SQL Injection Vulnerability in Duplicate-Post Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Profile-Builder Plugin for WordPress CSRF Vulnerability in User-Domain-Whitelist Plugin for WordPress CSRF Vulnerability in Feature-Comments Plugin for WordPress Remote File Inclusion Vulnerability in Memphis-Documents-Library Plugin for WordPress Local File Inclusion Vulnerability in Memphis Documents Library Plugin for WordPress XSS Vulnerability in Memphis Documents Library Plugin for WordPress JavaScript Injection Vulnerability in wp-live-chat-support Plugin SQL Injection Vulnerability in wp-support-plus-responsive-ticket-system Plugin for WordPress Full Path Disclosure Vulnerability in wp-support-plus-responsive-ticket-system Plugin Incorrect Authentication in wp-support-plus-responsive-ticket-system Plugin for WordPress Directory Traversal Vulnerability in wp-support-plus-responsive-ticket-system Plugin JavaScript Injection Vulnerability in wp-support-plus-responsive-ticket-system Plugin XSS Vulnerability in cforms2 Plugin for WordPress XSS Vulnerability in cforms2 Plugin for WordPress JavaScript Injection Vulnerability in Rich-Counter Plugin for WordPress XSS Vulnerability in cp-polls WordPress Plugin: Votes List Arbitrary File Downloads Vulnerability in Epic Theme for WordPress Arbitrary File Downloads Vulnerability in Antioch WordPress Theme Multiple Cross-Site Scripting (XSS) Vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client Session Hijacking Vulnerability in CGILua 5.1.x Predictable Session IDs in CGILua 5.0.x DBI Module File Access Vulnerability Incomplete Fix for CVE-2014-10401 Allows DBD::File Drivers to Open Files from Unauthorized Folders Buffer Overflow Vulnerability in Lorex Edge Series ActiveX Control Arbitrary Code Execution via Crafted WSDL/WADL Import in SoapUI Arbitrary Command Execution in Eyou Mail System 3.6 SQL Injection Vulnerability in Tableau Server 8.0.x and 8.1.x SQL Injection Vulnerability in Open Web Analytics (OWA) Password Reset Page Remote Denial of Service Vulnerability in VMware ESXi and ESX Denial of Service Vulnerability in VMware Products Arbitrary Program Execution Vulnerability in VMware vSphere Client VMware vSphere Client 5.0 and 5.1 SSL Certificate Spoofing Vulnerability CSRF Vulnerability in VMware vCloud Director 5.1.x Allows User Authentication Hijacking Vulnerability in Sophos Anti-Virus Engine Allows Local Users to Bypass Protection and Cause Denial of Service Arbitrary File Upload and Execution in ProJoom Smart Flash Header (NovaSFH) Component for Joomla Privilege Escalation via Buffer Overflows in Core FTP Server Arbitrary Command Execution in FitNesse Wiki 20131110, 20140201, and Earlier Unrestricted Access to Systemsetting.aspx in Livetecs Timelive before 6.2.8 Session Hijacking Vulnerability in CA 2E Web Option r8.1.2 Directory Traversal Vulnerability in KCFinder Component of Vtiger CRM Arbitrary Script Injection in Telligent Evolution Control Panel Incomplete Blacklist Vulnerability in User Registration Feature in rexx Recruitment R6.1 and R7 Allows Remote XSS Attacks Incomplete Fix for Privilege Escalation Vulnerability in s3dvt Arbitrary Web Script Injection in Foliopress WYSIWYG Plugin for WordPress Local Information Disclosure Vulnerability in Paratrooper-Pingdom Gem 1.0.0 for Ruby Information Disclosure Vulnerability in paratrooper-newrelic gem 1.0.1 for Ruby Stack-based Buffer Overflow in yyerror Function in Graphviz 2.34.0 Stack-based Buffer Overflow in chkNum function in Graphviz 2.34.0 Arbitrary Web Script Injection Vulnerability in synetics i-doit pro before 1.2.4 Gael Q-Pulse 0.6 and Earlier: Cross-Site Scripting (XSS) Vulnerability in managedlistdialog.aspx iTunes Tutorials Window Spoofing Vulnerability Uninitialized Pointer Vulnerability in Apple QuickTime Buffer Overflow Vulnerability in Apple QuickTime 7.7.5 and Earlier Versions Integer Signedness Error in Apple QuickTime: Remote Code Execution and Denial of Service Vulnerability Buffer Overflow Vulnerability in Apple QuickTime Memory Corruption and Application Crash Vulnerability in Apple QuickTime Buffer Overflow Vulnerability in Apple QuickTime Buffer Overflow Vulnerability in Apple QuickTime 7.7.5 and Earlier Versions Out-of-Bounds Memory Access Vulnerability in Apple QuickTime Critical Vulnerability: Unauthenticated Remote Code Execution in Cardo Systems Scala Rider Q3 Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0's decode_hextile Function Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0's vorbis_header Function Remote Memory Corruption Vulnerability in FFmpeg 2.0's add_yblock Function Critical Remote Memory Corruption Vulnerability in FFmpeg 2.0 Integer Coercion Vulnerability in FFmpeg 2.0's decode_frame Function Integer Coercion Vulnerability in FFmpeg 2.0's libavcodec/dxtroy.c Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0 HEVC Video Decoder Critical Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0 Critical Memory Corruption Vulnerability in FFmpeg 2.0: Remote Code Execution via rpza_decode_stream Remote Memory Corruption Vulnerability in FFmpeg 2.0's decode_slice_header Function Remote Memory Corruption Vulnerability in FFmpeg 2.0's Slice Segment Handler Critical Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0's Bitstream Buffer Remote Memory Corruption Vulnerability in FFmpeg 2.0's Truemotion1 Handler Critical Remote Memory Corruption Vulnerability in FFmpeg 2.0 Remote Memory Corruption Vulnerability in FFmpeg 2.0's decode_pulses Function Memory Corruption Vulnerability in LZ4 Bindings Cross-Site Scripting (XSS) Vulnerability in Yuna Scatari TBDev up to 2.1.17 Cross-Site Request Forgery Vulnerability in Valtech IDP Test Client Critical SQL Injection Vulnerability in ttskch PaginationServiceProvider up to 0.x (VDB-217150) Critical Vulnerability in taoeffect Empress: Hard-coded Password Exploitation (VDB-217154) Cross-Site Scripting (XSS) Vulnerability in kirill2485 TekNet Critical SQL Injection Vulnerability in porpeeranut go-with-me (VDB-217177) Path Traversal Vulnerability in rails-cv-app Cross Site Scripting (XSS) Vulnerability in stiiv contact_app's render function (VDB-217183) Cross-Site Scripting (XSS) Vulnerability in Jobs-Plugin Insufficient Control of Network Message Volume in drybjed ansible-ntp (VDB-217190) Critical SQL Injection Vulnerability in License to Kill (VDB-217191) Critical SQL Injection Vulnerability in IS_Projecto2 Cross Site Scripting (XSS) Vulnerability in kkokko NeoXplora Trainer Handler Critical SQL Injection Vulnerability in getByName function of stevejagodzinski DevNewsAggregator (CVE-2021-217484) Critical SQL Injection Vulnerability in Miccighel PR-CWT (VDB-217486) Critical File Inclusion Vulnerability in soshtolsus wing-tight (CVE-2021-217515) Critical SQL Injection Vulnerability in GetAnimal Function of meol1 Critical SQL Injection Vulnerability in Seiji42 cub-scout-tracker (VDB-217551) Critical SQL Injection Vulnerability in tbezman school-store (VDB-217557) Critical Vulnerability in kassi xingwall: Session Fixation in app/controllers/oauth.js (VDB-217559) Unsupported SQL Injection Vulnerability in typcn Blogile Critical SQL Injection Vulnerability in ScottTZhang voter-js (VDB-217562) Critical SQL Injection Vulnerability in himiklab yii2-jqgrid-widget (CVE-2021-217564) Critical SQL Injection Vulnerability in JervenBolleman sparql-identifiers (VDB-217571) Critical SQL Injection Vulnerability in Piwigo-Guest-Book up to 1.3.0 (VDB-217582) Critical Vulnerability in koroket RedditOnRails: Improper Access Controls in Vote Handler (VDB-217594) Timing Discrepancy Vulnerability in agnivade easy-scrypt (CVE-2021-217596) Timing Discrepancy Vulnerability in Pylons Horus (VDB-217598) CSRF Token Handler Incorrect Comparison Vulnerability in mrobit robitailletheknot Critical SQL Injection Vulnerability in LearnMeSomeCodes Project3's search_first_name Function (VDB-217607) Remote File Inclusion Vulnerability in sternenseemann sternenblog (CVE-2021-217613) Critical Remote Code Execution Vulnerability in holdennb CollabCal (CVE-2021-217614) Unsupported SQL Injection Vulnerability in peel filebroker Critical SQL Injection Vulnerability in ananich bitstorm's announce.php (VDB-217621) Critical SQL Injection Vulnerability in ada-l0velace Bid (VDB-217625) Critical SQL Injection Vulnerability in john5223 bottle-auth (VDB-217632) Denial of Service Vulnerability in emmflo yuko-bot (VDB-217636) Critical SQL Injection Vulnerability in corincerami curiosity Critical Path Traversal Vulnerability in saxman maps-js-icoads (VDB-217643) Directory Listing Exposure Vulnerability in saxman maps-js-icoads Cross-Site Scripting (XSS) Vulnerability in yanheven console Missing Origin Validation in lukehutch Gribbit's messageReceived Function (VDB-217716) Critical SQL Injection Vulnerability in CherishSin klattr (VDB-217719) Critical SQL Injection Vulnerability in mapoor voteapp (VDB-217790) Critical SQL Injection Vulnerability in Nayshlok Voyager (VDB-218005) Critical SQL Injection Vulnerability in Gmail-Servlet's search function (VDB-218021) Critical SQL Injection Vulnerability in NoxxieNl Criminals (VDB-218022) Critical SQL Injection Vulnerability in pointhi searx_stats (CVE-2021-218351) Cross-Site Scripting (XSS) Vulnerability in yanheven console Critical SQL Injection Vulnerability in agy pontifex.http (VDB-218356) Critical Path Traversal Vulnerability in FrontAccounting Faplanet (VDB-218398) Critical SQL Injection Vulnerability in Risheesh Debutsav (VDB-218459) Critical SQL Injection Vulnerability in nivit redports Critical SQL Injection Vulnerability in Anant Labs Google Enterprise Connector DCTM (up to 3.2.3) Critical SQL Injection Vulnerability in Gimmie Plugin 1.2.2 on vBulletin Critical SQL Injection Vulnerability in Gimmie Plugin 1.2.2 on vBulletin Critical SQL Injection Vulnerability in Gimmie Plugin 1.2.2 on vBulletin XML External Entity (XXE) Vulnerability in java-xmlbuilder up to 1.1 (VDB-221480) Cross Site Scripting (XSS) Vulnerability in qt-users-jp silk 0.0.1 Cross Site Scripting (XSS) Vulnerability in cention-chatserver 3.8.0-rc1 Cross Site Scripting (XSS) Vulnerability in Media Downloader Plugin 0.1.992 on WordPress Critical SQL Injection Vulnerability in CodePeople CP-Polls Plugin 1.0.1 on WordPress Cross-Site Scripting (XSS) Vulnerability in MaxButtons Plugin up to 1.26.0 on WordPress Ad Blocking Detector Plugin up to 1.2.1 on WordPress - Remote Information Disclosure Vulnerability Cross-Site Scripting Vulnerability in phpMiniAdmin up to 1.8.120510 Cross-Site Scripting (XSS) Vulnerability in BestWebSoft Contact Form Plugin 1.3.4 on WordPress Cross-Site Scripting (XSS) Vulnerability in Fancy Gallery Plugin 1.5.12 on WordPress Cross-Site Scripting Vulnerability in BestWebSoft Facebook Like Button Plugin (CVE-2021-225354) Cross-Site Scripting (XSS) Vulnerability in Dart http_server up to 0.9.5 Critical SQL Injection Vulnerability in I Recommend This Plugin up to 3.7.2 on WordPress (VDB-226309) Buffer Overflow Vulnerability in Apple QuickTime Cross-Site Scripting (XSS) Vulnerability in BestWebSoft Job Board Plugin 1.0.0 on WordPress Critical SQL Injection Vulnerability in Portfolio Gallery Plugin up to 1.1.8 on WordPress Information Disclosure Vulnerability in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress Cross-Site Scripting (XSS) Vulnerability in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress Critical Unrestricted Upload Vulnerability in VaultPress Plugin up to 1.6.0 on WordPress Cross-Site Scripting (XSS) Vulnerability in Broken Link Checker Plugin up to 1.10.1 on WordPress Size_t Overflow Vulnerability in Nanopb before 0.3.1 Critical Remote Code Execution Vulnerability in Corveda PHPSandbox 1.3.4 Cross-Site Scripting (XSS) Vulnerability in w3c online-spellchecker-py up to 20140130 Cross-Site Scripting (XSS) Vulnerability in BestWebSoft Portfolio Plugin up to 2.27 Cross-Site Scripting (XSS) Vulnerability in wp-file-upload Plugin up to 2.4.3 Cross Site Scripting (XSS) Vulnerability in namithjawahar Wp-Insert up to 2.0.8 Double Free Vulnerability in Apple Pages: Remote Code Execution and Application Crash via Crafted Microsoft Word File Denial of Service and Kernel Memory Corruption Vulnerability in Apple Boot Camp 5 Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Type Services (ATS) Bypassing App Sandbox Protection in Apple OS X through Apple Type Services (ATS) Vulnerability Buffer Overflow Vulnerability in Apple Type Services (ATS) Allows Bypass of App Sandbox in Apple OS X Session Cookie Persistence Vulnerability in CFNetwork on Apple OS X Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2: Remote Code Execution and Denial of Service Vulnerability Buffer Overflow Vulnerability in Apple OS X File Bookmark Remote Code Execution via Crafted Microsoft Office Document in QuickLook Integer Signedness Error in CoreText Allows Arbitrary Code Execution or Application Crash Memory Corruption Vulnerability in Apple Type Services (ATS) Allows Bypass of App Sandbox Protection Insecure hostname verification in curl and libcurl with SecureTransport/Darwinssl backend ACL Integrity Bypass Vulnerability in Apple OS X Finder Local Privilege Escalation via System Clock Manipulation Insecure Signature Verification in SSL Server Key Exchange Expiration Date Bypass Vulnerability in Apple iOS and Apple TV Configuration Profiles Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit CoreCapture Denial of Service Vulnerability Symlink Exploitation in CrashHouseKeeping Vulnerability Text-relocation vulnerability in Apple iOS and Apple TV allows code-signing bypass FaceTime Contact Information Disclosure Vulnerability Buffer Overflow Vulnerability in ImageIO in Apple iOS and Apple TV User-Action Monitoring Vulnerability in IOKit HID Event Interface in Apple iOS before 7.1 Privilege Escalation and Denial of Service Vulnerability in ARM Kernel on Apple iOS and Apple TV Apple TV Log Data Leakage Vulnerability Denial of Service Vulnerability in Apple iOS and Apple TV Video Driver Asset-Library Cache Leakage Vulnerability in Apple iOS Configuration-Profile Visibility Bypass Vulnerability Springboard Vulnerability: Home Screen Bypass in Apple iOS Denial of Service Vulnerability in SpringBoard Lock Screen in Apple iOS before 7.1 USB Host Vulnerability in Apple iOS and Apple TV: Arbitrary Code Execution and Memory Corruption Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Triple Handshake Vulnerability in Apple Secure Transport Incomplete Set-Cookie Header Parsing Vulnerability Arbitrary File Read Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Root Privilege Execution Vulnerability in Apple Safari 7.0.2 on OS X Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Heap-based Buffer Overflow in Apple Safari 7.0.2: Remote Code Execution and Sandbox Bypass Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Sandbox Bypass Vulnerability in Apple OS X WindowServer Format String Vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 Denial of Service Vulnerability in Heimdal Kerberos 5 Protocol iBooks Commerce in Apple OS X before 10.9.4 Information Disclosure Vulnerability Pointer Validation Vulnerability in Intel Graphics Driver for Apple OS X Buffer Overflow Vulnerability in ImageIO in Apple OS X 10.9.x through 10.9.2 Kernel Pointer Leakage Vulnerability Vulnerability: Bypassing Locked-Screen State in Apple OS X Power Management Kernel Pointer Leakage Vulnerability in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Address bar spoofing vulnerability in WebKit and Safari Unicode Encoding Vulnerability in WebKit World-writable permissions vulnerability in Apple iTunes on OS X Cleartext Attachment Storage Vulnerability in Apple iOS Mail Safari Use-After-Free Vulnerability in Apple iOS before 7.1.2 iCloud Password Bypass and Find My iPhone Disablement Vulnerability in Apple iOS before 7.1.2 Lock-Screen Bypass Vulnerability in Siri on Apple iOS Brute-Force Passcode-Guessing Vulnerability in Apple iOS Lock Screen Airplane Mode Lock Screen Bypass Vulnerability in Apple iOS Memory Allocation Vulnerability in CoreGraphics for iOS Denial of Service Vulnerability in Apple IOKit Implementation Heap-based Buffer Overflow in launchd in Apple iOS, OS X, and Apple TV Heap-based Buffer Overflow in launchd in Apple iOS, OS X, and Apple TV Arbitrary Code Execution via Integer Overflow in Apple Operating Systems Arbitrary Code Execution via Integer Underflow in Apple Devices Activation Lock Bypass Vulnerability in Apple iOS before 7.1.2 Insecure Handling of DTLS Messages in Apple Secure Transport Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit File URL Access Vulnerability in Apple Safari Arbitrary Code Execution and Denial of Service Vulnerability in Apple OS X's Byte-Swapping Implementation Array Index Error in Dock in Apple OS X Graphics Driver in Apple OS X before 10.9.4 Local Information Disclosure Vulnerability Unrestricted OpenGL API Call Vulnerability in Intel Graphics Driver for Apple OS X Bypassing ASLR Protection in Intel Graphics Driver on Apple OS X Unspecified OpenCL API Call Vulnerability in Intel Compute for Apple OS X Arbitrary Code Execution Vulnerability in IOAcceleratorFamily in Apple OS X ASLR Bypass Vulnerability in IOGraphicsFamily on Apple OS X Privilege Escalation and Denial of Service Vulnerability in Apple OS X Graphics Drivers Keychain Keystroke Observer Vulnerability in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in Thunderbolt for Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in WebKit iTunes Store Purchase Bypass Vulnerability in Apple TV Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Remote Code Execution and Denial of Service Vulnerability in QT Media Foundation in Apple OS X Access Restriction Bypass in Entity API Module for Drupal Bypassing Access Restrictions on Referenced Entities in Entity API Module for Drupal Unpublished Comment Access Vulnerability in Entity API Module for Drupal Multiple SQL Injection Vulnerabilities in AuraCMS 2.3 and Earlier Privilege Escalation via Crafted .cache File in Jinja2 Arbitrary Web Script Injection via location.hash in easyXDM Open Redirect Vulnerabilities in Conceptronic C54APM Access Point (Runtime Code 1.26) CRLF Injection Vulnerability in Conceptronic C54APM Access Point Multiple Cross-Site Scripting (XSS) Vulnerabilities in Conceptronic C54APM Access Point Default Password Vulnerability in Conceptronic C54APM Access Point Authentication Bypass Vulnerability in MobileIron VSP and Sentry Versions Prior to 5.9.1 and 5.0 Missing Vary: Cookie and Cache-Control Headers Vulnerability Race condition vulnerability in power policy functions in acpi-support before version 0.142 allows local privilege escalation. Vulnerability: Information Exposure and Symlink Attack in Ubuntu UI Toolkit's StateSaver Improper Umask Handling in mountall 1.54 Allows Local Users to Bypass Access Restrictions Trust-Store Location Access Revocation Bypass Vulnerability Insecure OAuth Token Handling in signond AppArmor Miscompilation Flaw Allows Bypass of Security Policies Cmanager 0.32 Local Privilege Escalation Vulnerability Unauthenticated File Download Vulnerability in Ubuntu MAAS Cross-Site Scripting (XSS) Vulnerability in Ubuntu MAAS REST API Allows Command Execution Brute-Force Filename Vulnerability in Ubuntu MAAS generate_filestorage_key Denial of Service and Privilege Escalation Vulnerability in Linux Kernel on AMD K7 and K8 Platforms XML External Entity (XXE) vulnerability in HHVM Denial of Service Vulnerability in Core FTP Server 1.2 (Build 515) Core FTP Server 1.2 Directory Traversal Vulnerability Sensitive Information Disclosure in Core FTP Server 1.2 Build 515 Kernel Memory Disclosure Vulnerability in Linux Kernel Uninitialized Data Structure Vulnerability in Linux Kernel's wanxl_ioctl Function Uninitialized Structure Member Vulnerability in yam_ioctl Function Race condition in virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause denial of service Address Bar Spoofing Vulnerability in Maxthon Cloud Browser for Android Stack-based Buffer Overflow in bsnmpd Allows Remote Code Execution Improper Locking Order in NFS Server in FreeBSD 8.3 through 10.0 Stored XSS Vulnerability in Pearson eSIS Message Board SQL Injection Vulnerability in Pearson eSIS Enterprise Student Information System Open Web Analytics (OWA) Login Page XSS Vulnerability CSRF Protection Bypass in Open Web Analytics (OWA) FortiGuard FortiWeb 5.0.3 and Earlier Cross-Site Scripting (XSS) Vulnerability in Web Administration Interface SQL Injection Vulnerability in doorGets CMS 5.2 and Earlier: Remote Code Execution via _position_down_id Parameter CSP MySQL User Manager 2.3 SQL Injection Vulnerability Cleartext Credential Logging Vulnerability in BlackBerry Enterprise Services Cleartext Credential Logging Vulnerability in BlackBerry Enterprise Server and Enterprise Service SQL Injection Vulnerability in StateGetStatesByType Function in OTRS Arbitrary Web Script Injection Vulnerabilities in McAfee Vulnerability Manager CSRF Vulnerabilities in McAfee Vulnerability Manager's Enterprise Manager Denial of Service Vulnerability in Email::Address::List before 0.02 OpenID Authentication Bypass Vulnerability in Drupal Unrestricted Access to Unpublished Content in Drupal Taxonomy Module Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and SeaMonkey XUL Content Bypass Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Timing-based Clickjacking Vulnerability in Mozilla Firefox and SeaMonkey Inconsistent Native Getter Methods Vulnerability in Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey Arbitrary Code Execution and Denial of Service Vulnerability in RasterImage.cpp Same Origin Policy Bypass Vulnerability in Mozilla Firefox and SeaMonkey Sensitive Information Disclosure in Mozilla Firefox on Android 4.2 and Earlier Arbitrary XSLT Code Execution Vulnerability in Mozilla Firefox and SeaMonkey Use-after-free vulnerability in imgRequestProxy function in Mozilla Firefox and Thunderbird Same Origin Policy Bypass in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Code Execution via Web Workers in Mozilla Firefox and SeaMonkey Denial of Service Vulnerability in Mozilla Firefox 27.0 Race condition vulnerability in libssl in Mozilla Network Security Services (NSS) before 3.15.4 Improper Restriction of Public Values in Diffie-Hellman Key Exchanges Wildcard Character Spoofing Vulnerability in NSS Certificate-Checking Implementation Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and SeaMonkey Privilege Escalation through Modified Mar Contents in Mozilla Products Heap memory information disclosure vulnerability in mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 Denial of Service Vulnerability in Mozilla Firefox and SeaMonkey Domain Name Spoofing in WebRTC Permission Prompt Denial of Service Vulnerability in Mozilla Firefox and SeaMonkey Arbitrary File Access Vulnerability in Mozilla Firefox for Android Same Origin Policy Bypass in WebGL Functions Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox and SeaMonkey Timing Attack Vulnerability in SVG Filter Implementation Android Crash Reporter Directory Traversal Vulnerability in Mozilla Firefox Directory Traversal Vulnerability in Mozilla FirefoxOS DeviceStorage API MathML Polygon Rendering Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Buffer Overflow in _cairo_truetype_index_to_ucs4 Function in Cairo Arbitrary JavaScript Code Execution with Chrome Privileges via Web IDL Implementation in Mozilla Firefox Bypassing Popup Blocker in Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey TypeObject Class Use-After-Free Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Zero-length transition vulnerability in TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 Out-of-bounds Write Vulnerability in TypedArrayObject Class File Disclosure Vulnerability in Mozilla Firefox for Android Weak Seeding of Math.random in Mozilla Firefox for Android Allows Profile Bypass Login CSRF Vulnerability in Bugzilla Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and SeaMonkey Privilege Escalation via Trojan Horse DLL in Mozilla Firefox Maintenance Service Installer Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox and SeaMonkey Heap-based Buffer Overflow in read_u32 Function in Mozilla Firefox Buffer overflow vulnerability in nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free and Heap Memory Corruption in TextTrack::AddCue Function XrayWrapper Implementation Vulnerability in Mozilla Firefox and SeaMonkey Address Bar Spoofing Vulnerability in Mozilla Firefox for Android Out-of-bounds Write Vulnerability in Pixman's sse2_composite_src_x888_8888 Function Arbitrary JavaScript Execution in Privileged Context via Web Notification API in Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey Use-after-free vulnerability in nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox and Thunderbird before 24.5 allows remote code execution or denial of service Use-after-free vulnerability in nsHostResolver::ConditionallyRefreshRecord in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox Mozilla Firefox Use-After-Free Vulnerability in WorkerPrivateParent Function Use-after-free vulnerability in nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 Clickjacking Vulnerability in Mozilla Firefox and Thunderbird on OS X Mozilla Firefox Use-After-Free Vulnerability in nsEventListenerManager::CompileEventHandlerInternal Function Use-after-free vulnerability in RefreshDriverTimer::TickDriver function in Mozilla Firefox Buffer Overflow in Speex Resampler in Mozilla Firefox Heap-based Buffer Overflows in navigator.getGamepads Function in Mozilla Firefox Remote Code Execution Vulnerability in Mozilla Network Security Services (NSS) 3.x Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Netscape Portable Runtime (NSPR) Cross-Site Request Forgery (CSRF) vulnerability in Bugzilla JSONP Endpoint Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Buffer Overflow Vulnerability in Mozilla Firefox and Thunderbird Use-after-free vulnerability in MediaInputPort class in Mozilla Firefox and Thunderbird before 31.0 FontTableRec Destructor Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird Sandbox Attribute Bypass Vulnerability in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Use-after-free vulnerability in nsDocLoader::OnProgress function in Mozilla Firefox and Thunderbird Arbitrary Code Execution Vulnerability in Mozilla Firefox and Thunderbird with Cesium WebGL Content Arbitrary Code Execution via Prolonged Image Scaling in Skia Denial of Service Vulnerability in Mozilla Firefox and Thunderbird Denial of Service Vulnerability in Mozilla Firefox and Thunderbird X.509 Certificate Parsing Outage Vulnerability in Mozilla Firefox and Thunderbird Drag-and-Drop Vulnerability in Mozilla Firefox Allows UI Icon Placement Spoofing Unspecified Remote Code Execution Vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox SVG Animation Use-After-Free Vulnerability Memory Initialization Vulnerability in Mozilla Firefox and Thunderbird Out-of-bounds read vulnerability in Mozilla Firefox Web Audio API implementation Insecure File Copying Vulnerability in Mozilla Firefox for Android Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox and Thunderbird Signature Malleability Vulnerability in Mozilla Network Security Services (NSS) Improper Handling of Arbitrary-Length Encoding in NSS Definite Length Decoder Sensitive Private-Comment Information Disclosure in Bugzilla Unverified Email Address Creation Vulnerability in Bugzilla Cross-Site Scripting (XSS) Vulnerability in Bugzilla Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Heap-based buffer overflow in nsTransformedTextRun function in Mozilla Firefox Out-of-bounds Read and Memory Corruption Vulnerability in Mozilla Firefox and Thunderbird Out-of-bounds Write and Application Crash Vulnerability in Mozilla Firefox and Thunderbird Memory Initialization Vulnerability in Mozilla Firefox Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 Public Key Pinning (PKP) Bypass Vulnerability in Mozilla Firefox Alarm API JSON Data Access Vulnerability Bypassing Public Key Pinning in Mozilla Firefox WebRTC Video-Sharing Vulnerability in Mozilla Firefox and Thunderbird WebRTC Video Sharing Vulnerability in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and SeaMonkey Incorrect Primary Namespace in Mozilla Firefox and SeaMonkey Allows Access Restriction Bypass via XBL Binding Denial of Service Vulnerability in XMLHttpRequest.prototype.send Method Sensitive Information Disclosure in Mozilla Firefox and SeaMonkey Use-after-free vulnerability in nsHtml5TreeOperation function in Mozilla Firefox and Thunderbird Arbitrary Code Execution via Crafted Media Content in Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey Arbitrary Code Execution Vulnerability in Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey Sensitive Information Disclosure in Mozilla Firefox and Thunderbird on Apple OS X 10.10 SQL Injection Vulnerability in CMDB Web Application in Synetics i-doit Pro and i-doit Open Stack Buffer Overflow in CenturyStar 7.12 ActiveX Control Cross-Site Scripting (XSS) Vulnerabilities in SFR Box Router Firmware NB6-MAIN-R3.3.4 Cross-Site Scripting (XSS) Vulnerabilities in GetSimple CMS 3.3.1 Cache Spoofing Vulnerability in RPLY (python-rply) Allows Local Users to Manipulate Data Cross-site scripting (XSS) vulnerability in EventCalendar module for Drupal 7.14 Arbitrary SQL Command Execution in MantisBT SOAP API Multiple SQL Injection Vulnerabilities in MantisBT before 1.2.16 Arbitrary Command Execution in MediaWiki with DjVu and PDF File Upload Support Arbitrary Web Script Injection in Drupal Anonymous Posting Module Arbitrary Web Script Injection in Media5 Mediatrix 4402 VoIP Gateway Arbitrary PHP Code Execution in Dotclear before 2.6.2 CSRF Vulnerabilities in Carbon Black: Remote Authentication Hijacking ActiveX Control Start Buffer Overflow Vulnerability in Microsys PROMOTIC 8.2.13 Multiple SQL Injection Vulnerabilities in UAEPD Shopping Cart Script Multiple SQL Injection Vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 HIOX Guest Book (HGB) 5.0 - Multiple Cross-Site Scripting (XSS) Vulnerabilities in add.php Race condition vulnerability in python-xdg 0.25 allows local users to overwrite arbitrary files XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl Remote Reinstallation Vulnerability in Eventum before 2.3.5 Arbitrary PHP Code Execution in Eventum 2.3.5 via hostname Parameter SQL Injection in Advanced Newsletter Magento Extension via /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO Remote Code Execution Vulnerability in Belkin N750 Router Multiple SQL Injection Vulnerabilities in Command School Student Management System 1.06.01 Unrestricted Access to Database Backup in Command School Student Management System 1.06.01 Arbitrary File Overwrite Vulnerability in localepurge Local File Overwrite Vulnerability in syncevolution Local File Overwrite Vulnerability in axiom-test.sh Memory Corruption and Hypervisor Crash Vulnerability in Xen 4.2.x and 4.3.x Arbitrary User Email Access Vulnerability in Symantec Encryption Management Server Arbitrary Password Reset Vulnerability in Symantec LiveUpdate Administrator Arbitrary SQL Command Execution Vulnerability in Symantec LiveUpdate Administrator (LUA) Memory Copy Vulnerability in Symantec PGP Desktop and Encryption Desktop Professional Denial of Service Vulnerability in Symantec PGP Desktop and Encryption Desktop Professional Arbitrary Web Script Injection in Symantec Messaging Gateway 10.x Remote Code Execution Vulnerability in Symantec Workspace Streaming (SWS) Arbitrary SQL Command Execution Vulnerability in Symantec Web Gateway (SWG) Management Console Arbitrary SQL Command Execution Vulnerability in Symantec Web Gateway (SWG) Arbitrary Script Injection in Symantec Web Gateway Management Console Unspecified Information Disclosure Vulnerability in Citrix XenMobile Device Manager Server Sensitive Information Exposure in Citrix GoToMeeting Android App Arbitrary Script Injection in ownCloud File Uploads Unrestricted Access Vulnerability in Xen's do_physdev_op Function Arbitrary APK Installation Vulnerability in Microsoft Bing for Android Multiple SQL Injection Vulnerabilities in Dell KACE K1000 5.4.76847 and Earlier Bypassing Access Restrictions in Check Point R75.47 Security Gateway and Management Server Remote Information Disclosure in Check Point Session Authentication Agent Remote Information Disclosure Vulnerability in Technicolor TC7200 Firmware STD6.01.12 Arbitrary Web Script Injection via SVG File Header in Open-Xchange (OX) AppSuite Untrusted Search Path Vulnerability in Bandizip 3.10: Privilege Escalation via Trojan Horse dwmapi.dll Unspecified Vulnerabilities in Google Chrome with Unknown Impact and Attack Vectors User Authentication Spoofing in Zabbix API Arbitrary Command Execution in SkyBlueCanvas CMS via bashMail Function Denial of Service Vulnerability in VLC Media Player's ASF Demuxer Arbitrary Media Modification Vulnerability in Zabbix Frontend Information Disclosure Vulnerability in MediaWiki 1.18.0 Information Disclosure Vulnerability in Linux Kernel's NAT Mangle Feature Arbitrary PHP Code Execution via Object Injection in Horde Util Library Uninitialized Data Structures Vulnerability in OpenSSH CRLF Injection Vulnerabilities in Erlang/OTP FTP Module Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in OTRS 3.x Arbitrary Web Script Injection in OTRS Email Handling Weak Password Hash Algorithm in Siemens SIMATIC WinCC OA Remote Code Execution Vulnerability in Siemens SIMATIC WinCC OA Siemens SIMATIC WinCC OA Directory Traversal Vulnerability Denial of Service Vulnerability in Siemens SIMATIC WinCC OA Use-after-free vulnerability in Blink's SpeechSynthesis module allows for remote code execution Universal XSS (UXSS) vulnerability in Blink's GenerateFunction function in Google Chrome before 33.0.1750.149 Use-after-free vulnerability in DatabaseThread::cleanupDatabaseThread function in Blink Use-after-free vulnerability in WebSocketDispatcherHost::SendOrDrop function in Google Chrome Unspecified Vulnerabilities in Google V8 Leading to Denial of Service and Potential Impact Unspecified Memory Corruption Vulnerability in Google V8 Command Injection Vulnerability in Crosh in Google Chrome OS CrosDisks Directory Traversal Vulnerability File Persistence Vulnerability in Google Chrome OS Unbounded Memory Access Vulnerability in AsyncPixelTransfersCompletedQuery::End Function in Google Chrome Denial of Service Vulnerability in Google Chrome OS GPU Driver Use-after-free vulnerability in AttributeSetter function in Blink bindings Unverified Format Value Vulnerability in Google Chrome Unspecified Directory Traversal Vulnerability in Google Chrome Universal XSS (UXSS) vulnerability in Google Chrome before version 34.0.1847.116 Out-of-bounds Array Access Vulnerability in Google V8 Integer Overflow in SoftwareFrameManager::SwapToNewFrame Function in Google Chrome Use-after-free vulnerability in Web Workers implementation in Google Chrome before 34.0.1847.116 HTMLBodyElement::insertedInto Use-After-Free Vulnerability in Blink Memory Corruption Vulnerability in Google Chrome's V8 Engine Use-after-free vulnerability in RenderBlock::addChildIgnoringAnonymousColumnBlocks function in Blink Improper Handling of Bidirectional IRIs in Google Chrome Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1 Out-of-bounds read vulnerability in base64DecodeInternal function in Blink Same Origin Policy Bypass Vulnerability in Google Chrome Drag Implementation Use-after-free vulnerability in Google Chrome allows remote attackers to cause denial of service or unspecified impact via forms. Unspecified Vulnerabilities in Google Chrome before 34.0.1847.116 Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Type Confusion Vulnerability in Google V8 Type Confusion Vulnerability in HTMLSelectElement in Blink Use-after-free vulnerability in Speech Recognition Bubble window in Google Chrome Vulnerability: PointerCompare Function in Seccomp-BPF Allows Sandbox Bypass Unspecified Vulnerabilities in Google Chrome Unspecified vulnerabilities in Google V8 leading to Denial of Service in Google Chrome Integer Overflow Vulnerability in Google V8 API Privilege Escalation via FDRAWCMD ioctl in Linux Kernel Kernel Heap Memory Disclosure Vulnerability in Linux Kernel through 3.14.3 Uninitialized Data Structure Vulnerability in Linux Kernel's media_device_enum_entities Function Use-after-free vulnerabilities in WebSockets implementation in Google Chrome before 34.0.1847.137 Integer overflows in replace-data functionality in Blink Use-after-free vulnerability in FrameSelection::updateAppearance function in Blink Use-after-free vulnerability in StyleElement::removedFromDocument function in Blink Integer Overflow in AudioInputRendererHost::OnCreateStream Function in Google Chrome Use-after-free vulnerability in SVG implementation in Blink Insufficiently Large Integer Data Type Vulnerability in Google Chrome Universal XSS (UXSS) vulnerability in Google Chrome before version 35.0.1916.114 Remote UI Spoofing Vulnerability in Google Chrome Unspecified Vulnerabilities in Google Chrome before 35.0.1916.114 Open Redirect Vulnerability in Nokia Maps & Places Plugin 1.6.6 for WordPress Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability SharePoint XSS Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Microsoft Office Chinese Grammar Checking Vulnerability Microsoft Office File Format Converter Vulnerability Remote Code Execution Vulnerability in Microsoft Word 2003 SP3 Arbitrary Pointer Dereference Vulnerability in pubconv.dll Internet Explorer 11 Memory Corruption Vulnerability RTF Data Memory Corruption Vulnerability Unspecified Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-11 Remote Code Execution Vulnerability in Microsoft Internet Explorer 9-11 Arbitrary Code Execution and Sandbox Bypass Vulnerability in Microsoft Internet Explorer 7-11 Multiple Use-After-Free Vulnerabilities in Microsoft Internet Explorer 6-11 Arbitrary Code Execution and Memory Corruption Vulnerability in Microsoft Internet Explorer 9-11 Ancillary Function Driver Double Free Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 TLS Server Certificate Renegotiation Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-11 Internet Explorer Local File Disclosure Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability TypeFilterLevel Vulnerability Windows Shell File Association Vulnerability Token Reuse Vulnerability in Microsoft Office 2013 MSCOMCTL ASLR Bypass Vulnerability TCP Options Field Denial of Service Vulnerability Group Policy Preferences Password Elevation of Privilege Vulnerability Remote Code Execution in Microsoft Web Applications 2010 SP1 and SP2 Windows Installer Privilege Escalation Vulnerability Internet Explorer Remote Code Execution Vulnerability MSXML Entity URI Vulnerability Unicode Scripts Processor Vulnerability in Uniscribe (usp10.dll) GDI+ Image Parsing Vulnerability Font Double-Fetch Vulnerability SQL Master Data Services XSS Vulnerability Lync Server Content Sanitization Vulnerability Windows Journal Remote Code Execution Vulnerability iThoughtsHD App 4.19 for iOS on iPad Devices XSS Vulnerability via Crafted Map Name Arbitrary File Upload Vulnerability in iThoughtsHD App 4.19 for iOS on iPad Devices Denial of Service Vulnerability in iThoughtsHD App 4.19 for iOS on iPad Devices Authorization Header Leakage in Requests (aka python-requests) before 2.3.0 Proxy-Authorization Header Information Disclosure Vulnerability Local Privilege Escalation via Symlink Attack in Phusion Passenger Local Privilege Escalation via Symlink Attack in Phusion Passenger 4.0.37 Directory Traversal Vulnerability in uupdate in devscripts 2.14.1 Arbitrary Code Injection Vulnerability in echor 0.1.6 Ruby Gem Local User Credential Theft Vulnerability in echor 0.1.6 Ruby Gem Path Traversal Vulnerability in Image Editor of ImpressCMS Arbitrary Script Injection in StackIdeas Komento Component for Joomla Arbitrary File Overwrite Vulnerability in pdf_ext.py in logilab-commons Local Privilege Escalation Vulnerability in Execute Class in logilab-commons Arbitrary Script Injection via Keywords Parameter in MyBB 1.6.12 and Earlier Arbitrary User Home Folder Copy Vulnerability in Titan FTP Server Directory Traversal Vulnerability in Titan FTP Server Allows User Enumeration Directory Traversal Vulnerability in Titan FTP Server Allows Unauthorized Access to Home Folder Properties Privilege Escalation via Unsanitized Environment in Enlightenment Privilege Escalation Vulnerability in Enlightenment before 0.17.6 via gdb Method Predictable Subdomain Credential Generation in Foscam IP Cameras SQL Injection Vulnerability in AdRotate Pro and AdRotate Free WordPress Plugins Seo Panel 3.5.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary File Write Vulnerability in NumPy's f2py Module Arbitrary File Write Vulnerability in NumPy before 1.8.1 PHP Object Injection Vulnerabilities in Contao CMS through 3.2.4 Arbitrary Program Execution Vulnerability in Jetro COCKPIT Secure Browsing (JCSB) Vulnerability: Arbitrary Code Execution in suPHP's Source-Highlighting Feature XML Entity Expansion (XEE) Attack in Restlet Framework 2.1.x and 2.x.x Cross-Site Scripting (XSS) Vulnerabilities in ZeroClipboard.swf Address Bar Spoofing Vulnerability in Opera on Mac OS X Denial of Service Vulnerability in Linux Kernel's security_context_to_sid_core Function Arbitrary File Write Vulnerability in Capture::Tiny Module Insecure Temporary File Creation Vulnerability in unpack200 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Dokeos 2.1.1 Stack-based Buffer Overflow in Nagios Core and Icinga cmd.cgi Arbitrary Web Script Injection in phpMyAdmin import.php Event-Based Bridge Vulnerability in Apache Cordova and Adobe PhoneGap Remote Code Execution via Event-Based Bridge in Apache Cordova and Adobe PhoneGap Improper Resource Restriction in Adobe PhoneGap for Android Remote Code Execution Vulnerability in Apache Cordova and Adobe PhoneGap on Windows Phone 7 and 8 Arbitrary JavaScript Code Execution and External-Storage Write Access Vulnerability in ForzeArmate Android Application Remote Code Execution and External Storage Access Vulnerability in Edinburgh by Bus Android App Remote Code Execution and Sensitive Geolocation Information Disclosure in DrinkedIn BarFinder Android App Arbitrary Script Injection in BuddyPress Plugin for WordPress Arbitrary Group Control Vulnerability in Buddypress Plugin Multiple integer overflows in FLASK hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier Denial of Service Vulnerability in Xen 3.3 through 4.1 with XSM Enabled Multiple integer overflows in FLASK_GETBOOL and FLASK_SETBOOL suboperations in Xen 4.1.x, 3.3.x, 3.2.x, and earlier Multiple Integer Overflows in Flask Hypercall in Xen 3.2.x and Earlier Buffer over-read vulnerability in Xen's flask_security_avc_cachestats function Denial of Service and Privilege Escalation Vulnerability in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC Series Arbitrary Web Script Injection Vulnerability in Citrix NetScaler Gateway Authentication Bypass Vulnerability in Y-Cam Camera Models Remote Denial of Service Vulnerability in Y-Cam Camera Models Multiple Cross-Site Scripting (XSS) Vulnerabilities in Y-Cam Camera Models Arbitrary PHP Code Execution in FreePBX API Handler Arbitrary Web Script Injection in Spring MVC FormTag.java Unrestricted File Upload Vulnerability in VideoWhisper Live Streaming Integration Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in VideoWhisper Live Streaming Integration Plugin for WordPress Directory Traversal Vulnerabilities in VideoWhisper Live Streaming Integration Plugin for WordPress Sensitive Information Disclosure in VideoWhisper Live Streaming Integration Plugin for WordPress Arbitrary Code Execution via Integer Signedness Error in ADB Client Insecure SSL Certificate Verification in Citrix ShareFile Mobile and ShareFile Mobile for Tablets for Android Blank Username and Password Vulnerability in Foscam FI8910W Camera Firmware Buffer Overflow in Python's socket.recvfrom_into Function Cross-Site Scripting (XSS) Vulnerabilities in Command School Student Management System 1.06.01 Cross-Site Request Forgery Vulnerabilities in Command School Student Management System 1.06.01 Opus Voice Packet Length Prefix Denial of Service Vulnerability Timing Vulnerability in Parcimonie Key Fetches Absolute Path Traversal Vulnerability in Koha's pdfViewer.pl Arbitrary File Write Vulnerabilities in Koha Unauthenticated SQL Injection in Koha's MARC Framework Import/Export Function SQL Injection Vulnerability in MARC Framework Import/Export Function in Koha Incomplete Fix for Shell Metacharacter Injection in python-gnupg 0.3.5 Incomplete Fix for Shell Metacharacter Injection in python-gnupg 0.3.5 Incomplete Fix for Option Injection through Positional Arguments in python-gnupg 0.3.5 and 0.3.6 Unsecured Access to Sensitive Information in Visibility Software Cyber Recruiter Information Disclosure Vulnerability in Visibility Software Cyber Recruiter Symlink Attack Vulnerability in Python Image Library (PIL) and Pillow Symlink Attack Vulnerability in PIL and Pillow Symlink Attack Vulnerability in eyeD3 (python-eyed3) Allows Arbitrary File Modification Predictable Filename Vulnerability in 9base 1:6-6 and 1:6-7 Insecure Temporary File Creation in rc before 1.7.1-5 Insecure Temporary File Creation in Gamera before 3.4.1 Insecure Temporary File Creation in python-rply before 0.7.4 Arbitrary Java Code Execution via addJavascriptInterface API in Android BrowserFrame.java Arbitrary Web Script Injection in Pearson eSIS Enterprise Student Information System Denial of Service Vulnerability in Fine Free File Before 5.17 Arbitrary Web Script Injection in Ilch CMS 2.0 and Earlier SQL Injection Vulnerability in OpenDocMan before 1.2.7.2 via ajax_udf.php Arbitrary Administrative Privilege Assignment in OpenDocMan 1.2.7 and Earlier Stack-based Buffer Overflow in WritePSDImage Function in ImageMagick Sensitive Information Leakage in OpenStack Glance (2013.2 - 2013.2.1, Icehouse) Vulnerability: Lock Screen Bypass via Menu Button Press Use-after-free vulnerability in Xen's xc_cpupool_getinfo function allows for denial of service and possible privilege escalation Arbitrary Code Injection through Cross-Site Scripting (XSS) Vulnerability in FortiGuard FortiWeb CRLF Injection Vulnerability in FortiGuard FortiWeb Privilege Escalation Vulnerability in FortiGuard FortiWeb Buffer Overflow in DecodePSDPixels Function in ImageMagick X.509 Certificate Vulnerability in GnuTLS Unrestricted Access Vulnerability in SAP NetWeaver Solution Manager Unspecified Path Information Disclosure Vulnerability in SAP NetWeaver Portal WebDynPro XML External Entity (XXE) vulnerability in Gwsync in SAP CRM 7.02 EHP 2 Unspecified Denial of Service Vulnerability in SAP NetWeaver 7.20 Message Server Arbitrary Web Script Injection Vulnerability in SAP NetWeaver Integration Repository Arbitrary Web Script Injection Vulnerability in SAP Exchange Infrastructure Denial of Service Vulnerability in Siemens RuggedCom ROS Denny's Android Application 2.0.1 and Earlier: SSL Certificate Verification Bypass Vulnerability XSS Vulnerability in XooNIps Module 3.47 and Earlier for XOOPS SD Card Manager App for Android: Directory Traversal Vulnerability ES File Explorer File Manager Application Directory Traversal Vulnerability Unspecified Cross-Site Scripting (XSS) Vulnerability in Silex before 2.0.0 Apache Tapestry Object Modification Vulnerability Arbitrary File Creation Vulnerability in NextApp File Explorer Application Directory Traversal Vulnerability in LYSESOFT AndExplorer and AndExplorerPro for Android Arbitrary File Creation Vulnerability in R-Company Unzipper Application 1.0.1 and Earlier for Android Unverified X.509 Certificates in Demaecan Application 2.1.0 and Earlier for Android Weak Permissions in NTT DOCOMO sp mode mail App for Android: Sensitive Information Exposure Sensitive Information Exposure via SD Card in NTT DOCOMO sp mode mail application Arbitrary Java Method Execution Vulnerability in NTT DOCOMO sp mode mail application Arbitrary Script Injection via IPTC Exif Metadata in Piwigo Community Plugin Remote Command Execution in Allied Telesis AT-RG634A ADSL Broadband Router and iMG Series Denial of Service Vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 Session Fixation Vulnerability in Cybozu Remote Service Manager Open Redirect Vulnerability in Redmine's redirect_back_or_default Function Bypassing Access Restrictions in KOKUYO CamiApp Content Provider Arbitrary Command Execution Vulnerability in Cybozu Garoon 3.1.0 through 3.7 SP3 Denial of Service Vulnerability in Cybozu Garoon Phone Messages Feature Access Restriction Bypass Vulnerability in Cybozu Garoon 3.0 through 3.7 SP3 CSRF Vulnerability in TopAccess Allows Password Hijacking Open Redirect Vulnerability in NTT DATA INTRAMART intra-mart Cross-site scripting (XSS) vulnerability in Cybozu Garoon Messages functionality Bypassing Access Restrictions in Cybozu Garoon Portlets Subsystem Cross-site scripting (XSS) vulnerability in Cybozu Garoon Notices portlet Arbitrary Code Injection through Map Search in Cybozu Garoon 2.x and 3.x Remote Code Execution and Access Restriction Bypass Vulnerability in Cybozu Garoon 3.7 SP3 and earlier ATEN CN8000 Remote-Access Unit Denial of Service Vulnerability Arbitrary Web Script Injection Vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and Earlier Arbitrary Code Execution Vulnerability in FuelPHP's Request_Curl Auto-Format Feature Sensitive Information Disclosure in NTT 050 Plus Android App (Before 4.2.1) Unverified X.509 Certificates in JR East Japan Android App: A Man-in-the-Middle Vulnerability C-BOARD Moyuku 1.01b6 XSS Vulnerability Signature Spoofing Vulnerability in JustSystems JUST Online Update Denial of Service Vulnerability in SEIL Routers' PPP Access Concentrator Authentication Bypass Vulnerability in Sophos Disk Encryption (SDE) 5.x Arbitrary Code Injection through Cross-Site Scripting (XSS) in Intercom Web Kyukincho 3.x before 3.0.030 Arbitrary SQL Command Execution in mPAY24 Payment Module for PrestaShop Information Disclosure Vulnerability in mPAY24 Payment Module for PrestaShop Stack-based Buffer Overflow in xps_parse_color function in MuPDF 1.3 and earlier Cleartext Login Vulnerability in imapsync Stack-based Buffer Overflow in rlm_pap Module of FreeRADIUS Multiple Cross-Site Scripting (XSS) Vulnerabilities in OXID eShop CRLF Injection Vulnerability in OXID eShop Versions Prior to 4.7.11 and 4.8.x, 5.0.11 and 5.1.x, and 4.7.11 and 4.8.x Arbitrary Web Script Injection Vulnerability in Mozilla Thunderbird and SeaMonkey iCloud Password Bypass Vulnerability Type Confusion Vulnerability in PHP's GD Extension Arbitrary Script Injection via XMLRPC API Request in vBulletin SQL Injection Vulnerability in vBulletin 4.2.2 and Earlier Versions SQL Injection Vulnerabilities in Tapatalk Plugin for vBulletin Arbitrary Web Script Injection in Open Classifieds 2.1.3 Unrestricted File Upload Vulnerability in United Planet Intrexx Professional Cross-site scripting (XSS) vulnerability in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 in search functionality Remote Code Execution and File Deletion Vulnerability in eGroupware Percona Toolkit 2.1: Man-in-the-Middle Attack via Automatic Version Check Functionality Stack-based Buffer Overflow in WritePSDImage Function in ImageMagick Denial of Service Vulnerability in Deadwood, MaraDNS Denial of Service Vulnerability in Deadwood, MaraDNS Caching Vulnerability in Blue Coat ProxySG Allows Bypass of Access Restrictions Arbitrary User Account Creation Vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 Arbitrary Web Script Injection in InterWorx Web Control Panel (xhr.php) Denial of Service Vulnerability in Openswan 2.6.40 NFS Write Delegation Vulnerability Denial of Service Vulnerability in Linux Kernel on s390 Platform Arbitrary Script Injection in Media File Renamer Plugin for WordPress Arbitrary Code Execution via Unrestricted File Upload in Livetecs Timelive SQL Injection Vulnerability in Procentia IntelliPen Incomplete Blacklist Vulnerability in ownCloud's ajax/upload.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in Viprinet Multichannel VPN Router 300 Improper Access Restriction in Broadcom Ltd PIPA C211 rev2 Web Interface Session Fixation Vulnerability in ownCloud before 6.0.2 Insecure OpenID Implementation in ownCloud Server before 5.0.15 Allows Unauthorized Access Default Flash Cross Domain Policies Vulnerability in ownCloud CSRF vulnerability in ownCloud Server allows password reset hijacking LDAP Injection Vulnerability in ownCloud Server XML External Entity (XXE) Vulnerability in Zend Framework XML External Entity (XXE) vulnerability in getID3() before 1.9.8 allows remote attackers to read arbitrary files, cause denial of service, or possibly have other impact Arbitrary File Read and Denial of Service Vulnerability in PHPExcel XML External Entity (XXE) vulnerability in SabreDAV before 1.7.11 allows remote attackers to read arbitrary files, cause denial of service, or possibly have other impact Arbitrary File Read and Denial of Service Vulnerability in PHPDocX Arbitrary Web Script Injection in ownCloud before 6.0.2 Arbitrary Job Execution via BuildTrigger in Jenkins Arbitrary File Overwrite Vulnerability in Jenkins CLI Job Creation Session Hijacking Vulnerability in Winstone Servlet Container in Jenkins Password Disclosure Vulnerability in Jenkins API Token Retention Vulnerability in Jenkins Clickjacking Vulnerability in Jenkins User Existence Disclosure Vulnerability in Jenkins Arbitrary Web Script Injection Vulnerability in Jenkins Session Fixation Vulnerability in Jenkins Arbitrary Web Script Injection in Jenkins Cause.java Information Disclosure Vulnerability in CloudBees Jenkins Eshtery CMS FileManager.aspx Absolute Path Traversal Vulnerability Privilege Escalation through Independent Inner and Outer Identities in Aruba Networks ClearPass Policy Manager Stack Buffer Overflow in Dassault Systemes Catia V5-6R2013: Inadequate Boundary Checks Remote Code Execution Vulnerability in Dassault Systemes CATIA V5-6R2013 Authentication Bypass Vulnerability in TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 Arbitrary Script Injection via Email Subject in Open-Xchange (OX) AppSuite Sensitive Information Disclosure in Open-Xchange (OX) AppSuite 7.4.2 Arbitrary File Access Vulnerability in X File Explorer (xfe) Arbitrary Web Script Injection in ModX Revolution 2.2.11 and Earlier SQL Injection Vulnerabilities in Innovative vtls-Virtua Login Unrestricted Access and Denial of Service Vulnerabilities in Skybox View Appliances Stack-based Buffer Overflow in Free Download Manager's CDownloads_Deleted::UpdateDownload Function Arbitrary PHP Code Execution via Unrestricted File Upload in ILIAS 4.4.1 Arbitrary PHP Code Execution via E-mail Attachment in ILIAS 4.4.1 ILIAS 4.4.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities Cross-site scripting (XSS) vulnerability in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in forum_add.php. Cross-site scripting (XSS) vulnerability in CMS Made Simple 1.11.10 in editorFrame.php Untrusted Search Path Vulnerability in Catfish Allows Privilege Escalation Untrusted Search Path Vulnerability in Catfish through 0.4.0.3 Untrusted Search Path Vulnerability in Catfish 0.6.0 through 1.0.0 Untrusted Search Path Vulnerability in Catfish 0.6.0 through 1.0.0 Out-of-bounds Array Access Vulnerability in FFmpeg's TAK Decoder Memory Corruption Vulnerability in FFmpeg's WMALosslessDec Out-of-bounds array access vulnerability in FFmpeg's msrle_decode_frame function Information Disclosure Vulnerability in Cisco Unified Contact Center Express (Unified CCX) (CSCum95575) Denial of Service Vulnerability in Cisco IPS Software via Malformed SNMP Packets Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Domain Manager 9.0(.1) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCug45898) Denial of Service Vulnerability in Cisco IOS 12.2 and 15.0 through 15.3 with Kailash FPGA Denial of Service Vulnerability in Cisco IOS and IOS XE (CVE-2013-5529) Denial of Service Vulnerability in Cisco IOS TCP Input Module with NAT Denial of Service Vulnerability in Cisco IOS ALG Module (CSCue00996) Denial of Service Vulnerability in Cisco IOS SSL VPN (WebVPN) Feature Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCui59540) Cisco Emergency Responder (ER) UserServlet Cross-Site Scripting (XSS) Vulnerability Cross-Site Request Forgery (CSRF) Vulnerabilities in Cisco Emergency Responder (ER) 8.6 and Earlier (Bug ID CSCun24250) Remote Code Injection Vulnerability in Cisco Emergency Responder (ER) 8.6 and Earlier (Bug ID CSCun37882) Open Redirect Vulnerabilities in Cisco Emergency Responder (ER) 8.6 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and Earlier (Bug ID CSCun50687) Arbitrary Code Execution via Modified SLBL Database File in Cisco AsyncOS and Content Security Management Appliances Cisco ASA WebVPN Login Page Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerabilities in Cisco Hosted Collaboration Solution (HCS) Java-based Software Memory Leak Vulnerability in Cisco HCS Impact Server GUI (Bug ID CSCub58999) Denial of Service Vulnerability in Cisco IOS 15.1(2)SY3 and Earlier with Supervisor Engine 2T on Catalyst 6500 Devices (Bug ID CSCuf60783) Cisco Unity Connection 8.6(2a)SU3 and Earlier Cross-Site Scripting (XSS) Vulnerability (Bug ID CSCui33028) Privilege Escalation via Level-0 ASDM Access in Cisco ASA Software Privilege Escalation in Cisco ASA Software via SSL VPN Portal Connections (CSCul70099) Authentication Bypass Vulnerability in Cisco ASA SSL VPN Implementation Denial of Service Vulnerability in Cisco ASA Software (Bug ID CSCuh44052) Unintentional Administration Web Interface Vulnerability in Cisco Secure Access Control Server (ACS) Cisco IOS Packet Driver Denial of Service Vulnerability Denial of Service Vulnerability in Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players Buffer Overflow in Cisco ARF Player: Remote Code Execution and Denial of Service Vulnerability Cisco WebEx Recording Format (WRF) Player Heap-Based Buffer Overflow Vulnerability Buffer Overflow in Cisco ARF Player: Remote Code Execution and Denial of Service Vulnerability Buffer Overflow Vulnerability in Cisco ARF Player CRLF Injection Vulnerability in Cisco Web Security Appliance (WSA) 7.7 and Earlier CRLF Injection Vulnerability in Cisco Security Manager 4.2 and Earlier Denial of Service Vulnerability in Cisco ONS 15454 Controller Cards (Bug ID CSCug97315) Denial of Service Vulnerability in Cisco ONS 15454 Controller Cards (Bug ID CSCug97348) Uninitialized Pointer Vulnerability in Cisco ONS 15454 Controller Cards Denial of Service Vulnerability in Cisco ONS 15454 Controller Cards (Bug ID CSCun06870) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCun31021) Cisco IOS XR ICMPv6 Redirect Denial of Service Vulnerability Cisco Unity Connection Messaging API Directory Traversal Vulnerability Zone-Based Firewall Bypass Vulnerability in Cisco IOS and IOS XE Cross-Frame Scripting (XFS) Vulnerability in Cisco Prime Infrastructure 2.1 and Earlier Information Disclosure Vulnerability in Cisco ASA WebVPN Portal (Bug ID CSCui04520) Cisco Prime Infrastructure (PI) INSERT Page Cross-Site Request Forgery (CSRF) Vulnerability Cisco Prime Infrastructure Multiple Cross-Site Scripting Vulnerabilities Cisco ASA Software SIP Inspection Engine Memory Leak Vulnerability Denial of Service Vulnerability in Cisco CNS Network Registrar 7.1 (Bug ID CSCuo07437) Denial of Service Vulnerability in Cisco TelePresence System MXP Series Software (CSCty45739) Denial of Service Vulnerability in Cisco TelePresence System MXP Series Software (Bug ID CSCty45733) Denial of Service Vulnerability in Cisco TelePresence System MXP Series Software (Bug ID CSCty45720) Denial of Service Vulnerability in Cisco TelePresence System MXP Series Software Denial of Service Vulnerability in Cisco TelePresence System MXP Series Software (Bug ID CSCty45745) Denial of Service Vulnerability in Cisco TelePresence System MXP Series Software (Bug ID CSCty45731) Denial of Service Vulnerability in Cisco TelePresence TC and TE Software (CSCud29566) Denial of Service Vulnerability in Cisco TelePresence TC and TE Software (Bug ID CSCua64961) Denial of Service Vulnerability in Cisco TelePresence TC and TE Software (CSCuj94651) Denial of Service Vulnerability in Cisco TelePresence TC and TE Software (CSCtq72699) Denial of Service Vulnerability in Cisco TelePresence TC and TE Software (Bug ID CSCto70562) Denial of Service Vulnerability in Cisco TelePresence TC and TE Software (Bug ID CSCua86589) Remote Code Execution Vulnerability in Cisco TelePresence TC and TE Software Arbitrary Command Execution in Cisco TelePresence TC and TE Software (CSCue60211) Arbitrary Command Execution in Cisco TelePresence TC and TE Software (CSCue60202) Cisco TelePresence TC and TE Software Heap-based Buffer Overflow Vulnerability Privilege Escalation via Buffer Overflow in Cisco TelePresence TC and TE Software (Bug ID CSCub67693) Unrestricted Serial Port Access Vulnerability in Cisco TelePresence TC and TE Software Improper Access Control in Cisco TelePresence T, TE, and TC Devices (Bug ID CSCub67651) Denial of Service Vulnerability in Cisco TelePresence TC and TE Software (Bug ID CSCtq78849) Denial of Service Vulnerability in Cisco IOS XR on ASR 9000 Devices (Bug ID CSCun71928) Arbitrary Command Execution Vulnerability in Cisco RV Router Firmware Cisco RV Router Firmware CSRF Vulnerability (CSCuh87145) Arbitrary File Upload Vulnerability in Cisco RV Routers (CSCuh86998) Arbitrary File Upload Vulnerability in Cisco Unified Contact Center Express (Bug ID CSCun74133) Cisco ASA Software Remote File Read Vulnerability Denial of Service Vulnerability in Cisco ASA Software with DHCPv6 Replay Configuration (Bug ID CSCun45520) Denial of Service Vulnerability in Cisco IOS XE L2TP Module (Bug ID CSCun09973) Cisco Unified Communications Manager IP Manager Assistant Information Disclosure Vulnerability Extraneous Field Information Disclosure Vulnerability in Cisco Unified Communications Manager CSRF Vulnerability in Cisco WebEx Meetings Server Allows Remote User Hijacking CSRF Vulnerability in Cisco Broadcast Access Center for Telco and Wireless Unspecified parameter XSS vulnerability in Cisco Broadcast Access Center for Telco and Wireless (BAC-TW) Arbitrary Web Script Injection Vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) (CSCuj43033) Session Identifier Injection Vulnerability in Cisco Unified Web and E-Mail Interaction Manager (Bug ID CSCuj43084) XML External Entity (XXE) Injection Vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) Privilege Escalation via Group Name Similarity in Cisco AsyncOS on Email Security Appliance and Content Security Management Appliance Arbitrary Code Execution Vulnerability in Cisco WAAS 5.1.1 Improper Access Control in Cisco Unified Communications Domain Manager (CDM) Allows Modification of Administrative Credentials Hardcoded SSH Private Key Vulnerability in Cisco Unified Communications Domain Manager Information Disclosure Vulnerability in Cisco WebEx Privilege Escalation in Cisco NX-OS 5.0 on Nexus 7000 Devices with Multiple VDCs Denial of Service Vulnerability in Cisco NX-OS and MDS 9000/Nexus 7000 Devices (CSCtw98915) Arbitrary File Read Vulnerability in McAfee ePolicy Orchestrator (ePO) Import and Export Framework Stack-based Buffer Overflow in GetGo Download Manager Allows Remote Code Execution CRLF Injection Vulnerability in Facebook HHVM LightProcess Protocol Implementation Insecure Group Membership Handling in Facebook HipHop Virtual Machine (HHVM) Multiple Directory Traversal Vulnerabilities in CA ERwin Web Portal 9.5 SQL Injection Vulnerability in POSH Portal 3.0 - 3.3.0: Remote Code Execution via rssurl Parameter Clear-text Storage of Credentials in Cookie Open Redirect Vulnerability in POSH 3.0 through 3.2.1 Password Reset Functionality Multiple Cross-Site Scripting (XSS) Vulnerabilities in POSH 3.0 through 3.2.1 Remote Code Execution and Denial of Service Vulnerability in FortiManager Protocol Service Absolute Path Traversal Vulnerability in Telerik UI for ASP.NET AJAX RadAsyncUpload Control Arbitrary Web Script Injection Vulnerability in CMSimple Classic 3.54 and Earlier Arbitrary Code Execution via Unrestricted File Upload in Plogger 1.0 RC1 and Earlier Bypassing CAPTCHA Protection in Plogger 1.0 RC1 and Earlier with Lucid Theme Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 Password Hash Leakage in Ubiquiti UniFi Controller Cross-Domain Policy Bypass in Ubiquiti Networks UniFi Video Arbitrary Code Execution through Unsafe XML Deserialization in HP Fortify SCA Open Redirect Vulnerability in OpenX adclick.php and ck.php Arbitrary Web Script Injection in synetics i-doit pro API Absolute Path Traversal Vulnerability in Infoware MapAPI MapAPI Server-side Request Forgery (SSRF) Vulnerability in Infoware MapSuite Bypassing Extra Verification in Apple OS X OpenSSL Patch Arbitrary Script Injection in Askbot Question Search Form Cross-Site Scripting (XSS) Vulnerabilities in Askbot before 0.7.49 Impersonation-enabled Trust Token Bypass Vulnerability in OpenStack Identity (Keystone) Arbitrary SQL Command Execution Vulnerability in MantisBT's Manage Configuration Page Stack-based Buffer Overflow in cf2_hintmap_build Function in FreeType Denial of Service Vulnerability in FreeType's cf2_initLocalRegionBuffer and cf2_initGlobalRegionBuffer Functions Cross-Site Scripting (XSS) Vulnerability in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 via SVG Upload Timing-based Brute-Force Attack Vulnerability in MediaWiki Cross-site scripting (XSS) vulnerability in MediaWiki's formatHTML function in ApiFormatBase.php SQL Injection Vulnerability in CMS Made Simple (CMSMS) News Module Siemens SIMATIC S7-1500 CPU PLC XSS Vulnerability Remote Header Injection Vulnerability in Siemens SIMATIC S7-1500 CPU PLC Devices Open Redirect Vulnerability in Siemens SIMATIC S7-1500 CPU PLC Devices CSRF Vulnerability in Siemens SIMATIC S7-1500 and S7-1200 PLC Devices Insufficient Entropy in Siemens SIMATIC S7-1200 CPU PLC Devices Insufficient Entropy in Siemens SIMATIC S7-1500 CPU PLC Devices Denial of Service Vulnerability in Siemens SIMATIC S7-1200 CPU PLC Devices Denial of Service Vulnerability in Siemens SIMATIC S7-1500 CPU PLC Devices Denial of Service Vulnerability in Siemens SIMATIC S7-1200 CPU PLC Devices Denial of Service Vulnerability in Siemens SIMATIC S7-1500 CPU PLC Devices Denial of Service Vulnerability in Siemens SIMATIC S7-1200 CPU PLC Devices Denial of Service Vulnerability in Siemens SIMATIC S7-1500 CPU PLC Devices Denial of Service Vulnerability in Siemens SIMATIC S7-1200 CPU PLC Devices Denial of Service Vulnerability in Siemens SIMATIC S7-1500 CPU PLC Devices Cross-Site Scripting (XSS) Vulnerability in Ajenti 1.2.13 Cron Functionality Buffer Overflow Vulnerability in Base SAS Client Application Out-of-Bounds Write Vulnerability in FFmpeg's MPEG2 Transport Stream Muxer Hardcoded Root Password Vulnerability in Synology DiskStation Manager (DSM) 4.3-3810 Update 1 CAPTCHA Bypass Vulnerability in Rock Lobster Contact Form 7 Unrestricted Access Vulnerability in vTiger 6.0 Install Module Arbitrary User Password Reset Vulnerability in vTiger 6.0 Denial of Service Vulnerability in softmagic.c Downgrade Attack and Arbitrary Code Execution in Kingsoft Office 5.3.1 on Huawei P2 Devices Arbitrary Memory Access Vulnerability in Huawei P2-6011 hx170dec Device Driver CSRF Vulnerability in Subscribe To Comments Reloaded Plugin for WordPress Unrestricted File Upload Vulnerability in EMC Connectrix Manager Converged Network Edition (CMCNE) Symlink Attack Vulnerability in perltidy Unrestricted File Upload Vulnerability in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 Directory Traversal Vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 Arbitrary Script Injection in SeedDMS Search Feature Memory Corruption and Application Crash Vulnerability in Wireshark NFS Dissector Memory Allocation Vulnerability in M3UA Dissector Allows Remote Denial of Service Use-after-free vulnerability in RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 Denial of Service Vulnerability in Linux ICMP-MIB Implementation in Net-SNMP NULL pointer dereference vulnerability in Net-SNMP Perl Trap Receiver Denial of Service and Arbitrary Code Execution via HTTP Request with Large Number of Cookie Headers in Asterisk Open Source and Certified Asterisk Denial of Service vulnerability in Asterisk Open Source and Certified Asterisk Denial of Service Vulnerability in Asterisk Open Source 12.x Denial of Service Vulnerability in Asterisk Open Source 12.x before 12.1.0 Arbitrary Web Script Injection in Juniper Junos Pulse Secure Access Service Privilege Escalation Vulnerability in Juniper Junos Pulse Secure Access Service Arbitrary File Deletion and PHP Code Execution in Zikula Application Framework PHP Object Injection Vulnerability in Open Web Analytics (OWA) 1.5.7 and earlier XML External Entity (XXE) Vulnerability in Jasig CAS Server with Google Accounts Integration Cross-Site Scripting (XSS) Vulnerabilities in VideoWhisper Live Streaming Integration Plugin for WordPress Buffer Overflow in Wireshark MPEG Parser Allows Remote Code Execution or Denial of Service Sensitive Metadata Disclosure in OrbiTeam BSCW before 5.0.8 Remote PHP Object Injection Vulnerability in webEdition CMS Installer Script SQL Injection Vulnerabilities in webEdition CMS File Browser Component Open Floodlight SDN Controller Denial of Service Vulnerability Denial of Service Vulnerability in Linux Kernel's ip6_route_add Function Denial of Service Vulnerability in AgentX Subagent in Net-SNMP Arbitrary SQL Command Execution in MODX Revolution 2.0.0 - 2.2.13 Local Privilege Escalation Vulnerability in thermald via Symlink Attack on /tmp/thermald.pid Arbitrary File Creation Vulnerability in Atlassian JIRA Importers Plugin Arbitrary File Creation Vulnerability in Atlassian JIRA Issue Collector Plugin Cross-Site Scripting (XSS) Vulnerabilities in Thank You Counter Button Plugin 1.8.7 for WordPress SQL Injection Vulnerability in Search Everything Plugin for WordPress (Versions before 7.0.3) SQL Injection Vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 ATCOM Netvolution 3 SQL Injection Vulnerability Legacy ZIP Encryption Vulnerability in ConeXware PowerArchiver Remote Code Execution Vulnerability in ZTE F460 and F660 Cable Modems Arbitrary Command Execution in Arabic Prawn 0.0.1 Gem for Ruby SQL Injection Vulnerability in mod_mysql_vhost.c in Lighttpd Directory Traversal Vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd before 1.4.35 Cross-Site Scripting (XSS) Vulnerabilities in Proxmox Mail Gateway before 3.1-5829 Arbitrary Web Script Injection Vulnerability in Cacti cdef.php CSRF Vulnerability in Cacti 0.8.7g and Earlier Allows Remote Authentication Hijacking Arbitrary Command Execution in Cacti 0.8.7g and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 Cross-Site Request Forgery (CSRF) Vulnerabilities in Check_MK Multisite GUI Arbitrary Code Execution via Crafted rules.mk File in Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 Insecure Direct Object References vulnerability in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files Lazyest Gallery Plugin XSS Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiAnalyzer Web User Interface Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiManager Web User Interface Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiManager and FortiAnalyzer Authentication Bypass Vulnerability in strongSwan IKEv2 SQL Injection Vulnerabilities in GNUboard 5.x and Earlier Versions XCloner Plugin CSRF Vulnerability in WordPress Session Fixation Vulnerability in CubeCart before 5.2.9: Remote Session Hijacking via PHPSESSID Parameter Denial of Service Vulnerability in Triangle MicroWorks SCADA Data Gateway Denial of Service Vulnerability in Triangle MicroWorks SCADA Data Gateway Denial of Service Vulnerability in COPA-DATA zenon DNP3 NG Driver and Process Gateway Denial of Service Vulnerability in COPA-DATA zenon DNP3 NG Driver and Process Gateway Session Management Vulnerability in Amtelco miSecureMessages 6.2 Local Privilege Escalation in Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 Hardcoded Credentials Vulnerability in Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 SQL Injection Vulnerability in CSWorks LiveData Service Directory Traversal Vulnerability in Cogent DataHub before 7.3.5 Unspecified Cross-Site Scripting (XSS) Vulnerability in Cogent DataHub before 7.3.5 Insecure Password Hashing in Cogent DataHub Privilege Escalation via Crafted CIMPLICITY Screen File in GE Proficy HMI/SCADA-CIMPLICITY Unauthenticated Snapshot Download Vulnerability in Innominate mGuard Denial of Service Vulnerability in GPT Library of Telegyr 8979 Master Protocol Application CSRF Vulnerabilities in Fox-IT Fox DataDiode Administrative Web Interface Cleartext Protocol Data Exposure in OleumTech Wireless Sensor Network Devices Arbitrary Code Execution Vulnerability in OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules Unauthenticated Access to Site Security Key in OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules Predictable Time-based Key Generation in OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules Hardcoded Administrative Credentials in Morpho Itemiser 3 8.17 Multiple Stack-Based Buffer Overflows in Advantech WebAccess: Remote Code Execution Vulnerability Arbitrary File Manipulation Vulnerability in Advantech WebAccess Information Disclosure Vulnerability in upAdminPg.asp Arbitrary File Read Vulnerability in Advantech WebAccess ActiveX Control Arbitrary File Read Vulnerability in Advantech WebAccess BrowseFolder Method CSRF Vulnerability in Omron HMI Terminals: Remote Authentication Hijacking Omron HMI Terminal XSS Vulnerability Authentication Bypass and Settings Modification Vulnerability in Accuenergy Acuvim II AXN-NET Ethernet Module Accessory 3.04 Remote Code Execution Vulnerability in AXN-NET Ethernet Module Accessory 3.04 for Accuenergy Acuvim II Arbitrary File Read/Write and Denial of Service Vulnerability in Ecava IntegraXor SCADA Server SQL Injection Vulnerability in Ecava IntegraXor SCADA Server Path Disclosure Vulnerability in Ecava IntegraXor SCADA Server Unverified Update Vulnerability in Sensys Networks VSN240-F and VSN240-T Sensors Unencrypted Wireless Traffic Interference Vulnerability in Sensys Networks VSN240-F and VSN240-T Sensors Weak Encryption in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 Allows Remote Information Disclosure Weak Encryption in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 Allows Unauthorized Access to Sensitive Information Arbitrary Code Execution and Denial of Service Vulnerability in Faronics Deep Freeze Standard and Enterprise Arbitrary File Read Vulnerability in dompdf.php Denial of Service Vulnerability in VMware Workstation and Player on Windows Cross-Site Scripting (XSS) Vulnerabilities in Sophos Anti-Virus for Linux Web UI Stack-based buffer overflow vulnerability in Icinga allows remote attackers to cause a denial of service (crash) Insecure Temporary File Creation Vulnerabilities in Pen 0.18.0 Password Bypass Vulnerability in BlackBerry OS 10.x Storage and Access Service Stack-based Buffer Overflow in qconnDoor on BlackBerry Z10 Devices CSRF Vulnerability in McAfee Network Security Manager Improper Decision in Password Recovery Service in Open-Xchange AppSuite Sensitive Information Disclosure in Open-Xchange AppSuite E-Mail Autoconfiguration Arbitrary Web Script Injection in Open-Xchange AppSuite Composer Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified Javadoc-related vulnerability in Oracle Java SE and JRockit Unspecified Remote Integrity Vulnerability in Oracle Endeca Server Component Unspecified Remote Integrity Vulnerability in Oracle Endeca Server Component Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51 Confidentiality vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51 related to JAXP Unspecified Confidentiality Vulnerability in Oracle Access Manager Component Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS Unspecified vulnerability in Oracle Database Server allowing remote authenticated users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Database Server allowing remote authenticated users to affect confidentiality and integrity Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. Unspecified Remote Code Execution Vulnerability in Oracle Java SE 8 Unspecified vulnerability in Oracle Identity Analytics component in Oracle Fusion Middleware and Sun Role Manager Unspecified vulnerability in Oracle Java SE versions 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51 Unspecified Remote Integrity Vulnerability in Oracle Java SE 7u51 and 8 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Integrity Vulnerability in Oracle Java SE and Java SE Embedded Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51 Unspecified Integrity Vulnerability in Oracle Event Processing Component Unspecified Confidentiality Vulnerability in Oracle OpenSSO Component Unspecified Remote Integrity and Availability Vulnerability in Oracle OpenSSO Unspecified Sound-related Vulnerability in Oracle Java SE and Java SE Embedded Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise CS Campus Self Service Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server component allows remote authenticated users to affect availability via unknown vectors related to Federated. Unspecified Remote Code Execution Vulnerability in PeopleSoft Enterprise PT PeopleTools Component Unspecified DML-related vulnerability in Oracle MySQL Server 5.6.15 and earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.16 and Earlier Unspecified vulnerability in Oracle MySQL Server allowing remote authenticated users to affect confidentiality, integrity, and availability via RBR vectors Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise PT PeopleTools Component Unspecified Replication Vulnerability in Oracle MySQL Server Unspecified Remote Code Execution Vulnerability in Oracle Secure Global Desktop (SGD) Component Unspecified Remote Code Execution Vulnerability in MySQL Client Component Unspecified vulnerability in Oracle VM VirtualBox Graphics driver (WDDM) for Windows guests MyISAM-related Remote Availability Vulnerability in Oracle MySQL Server 5.6.15 and earlier Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier related to InnoDB Unspecified Integrity Vulnerability in Oracle Agile PLM Framework Component Confidentiality vulnerability in Oracle PeopleSoft Products 8.52 and 8.53 Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise PT PeopleTools Component Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HRMS Talent Acquisition Manager Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.15 and Earlier Unspecified Privilege-related Vulnerability in Oracle MySQL Server 5.6.15 and Earlier Unspecified Remote Code Execution Vulnerability in Oracle Access Manager Component Unspecified Remote Integrity Vulnerability in Oracle Hyperion Common Admin Component Unspecified User Interface Vulnerability in Oracle Hyperion Common Admin Component Unspecified Remote Code Execution Vulnerability in Oracle Hyperion Common Admin Component Unspecified vulnerability in PeopleSoft Enterprise ELS Enterprise Learning Management component in Oracle PeopleSoft Products 9.1 and 9.2 Unspecified Remote Integrity Vulnerability in Oracle Agile Product Lifecycle Component Unspecified Remote Code Execution Vulnerability in Oracle Agile Product Lifecycle Component Unspecified Local Security Vulnerability in Oracle Transportation Management Component CSV Management Confidentiality Vulnerability in Oracle Transportation Management Unspecified Confidentiality Vulnerability in Oracle Transportation Management Component Unspecified Remote Integrity Vulnerability in Oracle Secure Global Desktop (SGD) Unspecified Confidentiality Vulnerability in Oracle Agile PLM Framework Unspecified Remote Integrity Vulnerability in Oracle Agile PLM Framework Unspecified Confidentiality Vulnerability in Oracle Agile PLM Framework Unspecified Integrity Vulnerability in Oracle Agile PLM Framework Component Unspecified Remote Integrity Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Denial of Service Vulnerability in lighttpd on Oracle Solaris 11.1 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified Remote Integrity Vulnerability in Oracle iLearning Component Unspecified Remote Availability Vulnerability in Oracle Secure Global Desktop Component Unspecified Remote Code Execution Vulnerability in Oracle Secure Global Desktop Component Unspecified Remote Availability Vulnerability in Oracle Secure Global Desktop Component Unspecified Remote Availability Vulnerability in Oracle Secure Global Desktop Component Unspecified Availability Vulnerability in Oracle Secure Global Desktop Component Unspecified vulnerability in Oracle VM VirtualBox component Unspecified Remote Confidentiality Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified Remote Code Execution Vulnerability in Oracle Concurrent Processing Component Unspecified vulnerability in Java SE component in Oracle Java SE 7u60 and OpenJDK 7 Unspecified vulnerability in MySQL Server component in Oracle MySQL 5.6.17 and earlier related to SRFTS Unspecified Local Confidentiality Vulnerability in Oracle Siebel CRM Unspecified vulnerability in Oracle VM VirtualBox component Unspecified vulnerability in Oracle VM VirtualBox component on Windows Unspecified vulnerability in Oracle VM VirtualBox component affecting confidentiality Unspecified vulnerability in Oracle VM VirtualBox component Unspecified vulnerability in Java SE component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Siebel UI Framework Component in Oracle Siebel CRM Unspecified Remote Integrity Vulnerability in Oracle Agile Product Collaboration Component Unspecified vulnerability in Oracle JDeveloper component affecting confidentiality and availability via ADF Faces vectors Unspecified vulnerability in MySQL Server component in Oracle MySQL 5.5.37 and earlier Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise SCM Purchasing Component Unspecified vulnerability in PeopleSoft Enterprise PT PeopleTools component allows remote authenticated users to compromise confidentiality and integrity via unknown vectors related to Test Framework. NULL Pointer Dereference Vulnerability in libgd's gdImageCreateFromXpm Function Unspecified Cross-Site Scripting (XSS) Vulnerability in EMC RSA Adaptive Authentication (Hosted) 11.0 DQL Injection Vulnerability in EMC Documentum Digital Asset Manager (DAM) Arbitrary DQL Query Execution in EMC Documentum D2 Arbitrary Code Download Vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 Privilege Escalation and Unauthorized Access in EMC Documentum Content Server Arbitrary Command Execution in EMC Documentum Content Server DQL Injection and Database Action Bypass in EMC Documentum Content Server Session Fixation Vulnerability in EMC Network Configuration Manager (NCM) Report Advisor Component Arbitrary File Read Vulnerability in EMC Documentum Foundation Services (DFS) Cross-Site Scripting (XSS) Vulnerabilities in EMC Documentum WebTop Arbitrary Web Script Injection in EMC Documentum eRoom 7.4.3 and 7.4.4 SP1 Arbitrary Code Execution with Super-User Privileges in EMC Documentum Content Server Arbitrary Code Execution via Unauthorized Save RPC Commands in EMC Documentum Content Server Privilege Escalation via Unrestricted Tickets in EMC Documentum D2 Open Redirect Vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 Unspecified Privilege Escalation Vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 Cross-Site Request Forgery (CSRF) Vulnerabilities in EMC Documentum WDK Default Configuration of EMC RecoverPoint Appliance (RPA) 4.1 Allows Remote Information Disclosure and Denial of Service DQL Injection Vulnerability in EMC Documentum Content Server Sensitive Object Metadata Disclosure in EMC Documentum Content Server Hostname Verification Bypass in cURL and libcurl Incorrect Pointer Usage in Linux Kernel Allows for Denial of Service or Arbitrary Code Execution via DCCP Packet Symlink Attack Vulnerability in GNU Readline's _rl_tropen Function LibYAML Heap-based Buffer Overflow in yaml_parser_scan_uri_escapes Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in BarracudaDrive before 6.7 Arbitrary Command Execution in KDirStat 2.7.0 via Unquoted Strings Arbitrary Command Execution in KDirStat 2.7.3 via Unquoted Strings SQL Injection Vulnerability in InterWorx Web Control Panel (InterWorx-CP) Allows Remote Code Execution Wildcard Bypass Vulnerability in OpenSSH Privilege Escalation via Arbitrary Program Name Argument in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x Information Disclosure Vulnerability in /sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x McAfee Web Gateway Directory Traversal Vulnerability Directory Traversal Vulnerability in McAfee Cloud Identity Manager, McAfee Cloud Single Sign On, and Intel Expressway Cloud Access 360-SSO Memory Leak Vulnerability in Sophos UTM TCP Stack Cross-site scripting (XSS) vulnerability in rack-ssl gem before 1.4.0 in lib/rack/ssl.rb SQL Injection Vulnerability in OrbitScripts Orbit Open Ad Server Improper Access Control in TIBCO Rendezvous and Messaging Appliance Arbitrary Web Script Injection Vulnerability in TIBCO Rendezvous and Messaging Appliance Remote Code Execution Vulnerability in TIBCO Rendezvous and Messaging Appliance Unspecified Remote Code Execution Vulnerability in TIBCO Spotfire Server and Applications Sensitive Information Disclosure in TIBCO Managed File Transfer Internet Server, Command Center, Slingshot, and Vault CSRF Vulnerability in Disable Comments Plugin for WordPress Unrestricted Access Vulnerability in Brookins Consulting (BC) Collected Information Export Extension for eZ Publish 1.1.0 Arbitrary Web Script Injection Vulnerability in OTRS 3.x Clickjacking Vulnerability in OTRS 3.1.x, 3.2.x, and 3.3.x Arbitrary PHP Code Execution in File Gallery Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerabilities in Twitget Plugin for WordPress SIP Digest Leak Vulnerability in PhonerLite Phone Arbitrary Command Execution Vulnerability in Blue Coat Content Analysis System (CAS) 1.1 Cleartext Message Saving Vulnerability in Trojita Use-after-free vulnerability in nfqnl_zcopy function in Linux kernel Arbitrary Web Script Injection Vulnerability in PHP Font Lib Moodle Cross-Site Scripting (XSS) Vulnerability in quiz_question_tostring Function Grade Metadata Modification Vulnerability in Moodle 2.6.x before 2.6.2 VMWare Driver in OpenStack Compute (Nova) Allows Quota Bypass and Denial of Service Directory Traversal Vulnerability in DevExpress ASPxFileManager Control Claws Mail Plugin RSSyl Feed.c SSL Verification Bypass Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Bottomline Technologies Transform Content Center Arbitrary Web Script Injection in Splunk Web Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in XCloner Standalone 3.5 and Earlier Denial of Service Vulnerability in Xen Netback Driver Smb4K CUID Option Credential Disclosure Vulnerability Directory Traversal Vulnerabilities in Linux-PAM's pam_timestamp Module Remote Filesystem Mounting Vulnerability in ownCloud McAfee Cloud Single Sign On (SSO) Login Audit Form XSS Vulnerability Arbitrary SQL Command Execution in McAfee Asset Manager 6.6 via ReportsAudit.jsp Arbitrary File Read Vulnerability in McAfee Asset Manager 6.6 Arbitrary Web Script Injection Vulnerability in SonicWall NSA 2400 Dashboard Backend Service Denial of Service Vulnerability in Siemens RuggedCom ROS Web Management Interface Untrusted Search Path Vulnerability in BMC Patrol for AIX 3.9.00 Aruba Web Management Portal Unrestricted File Upload Vulnerability Arbitrary Command Execution Vulnerability in Aruba Networks ClearPass Policy Manager 6.3.0.60730 Authentication Bypass Vulnerability in Barracuda Web Application Firewall (WAF) 7.8.1.013 Denial of Service Vulnerability in PCNetSoftware RAC Server 4.0.4 and 4.0.5 CSRF Vulnerability in Quick Page/Post Redirect Plugin for WordPress Denial of Service Vulnerability in Xen HVMOP_set_mem_access Control Operations Denial of Service Vulnerability in HP IceWall Identity Manager and IceWall SSO Denial of Service Vulnerability in HP Integrated Lights-Out 2 (iLO 2) 2.23 and Earlier Unspecified Privilege Escalation Vulnerability in HP OneView 1.0 and 1.01 Unspecified Information Disclosure Vulnerability on HP Switches and SAN Connection Kit Unspecified Denial of Service Vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 Unspecified Remote Information Disclosure Vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 Unspecified Privilege Escalation Vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 Arbitrary Code Execution Vulnerability in HP Operations Manager i Unspecified Local Privilege Escalation Vulnerability in HP Smart Update Manager Unauthenticated Remote Code Execution in HP Executive Scorecard 9.40 and 9.41 HP Executive Scorecard CAP Web Application Arbitrary Code Execution Vulnerability Directory Traversal Vulnerability in HP Executive Scorecard 9.40 and 9.41 (ZDI-CAN-2120) Unspecified Information Disclosure Vulnerability in HP Release Control Unspecified Privilege Escalation Vulnerability in HP Release Control Unspecified Authentication Bypass Vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 (ZDI-CAN-2140) Unspecified Remote Code Execution Vulnerability in HP Universal CMDB 10.01 and 10.10 (ZDI-CAN-2083) Unspecified Remote Code Execution Vulnerability in HP Universal CMDB 10.01 and 10.10 (ZDI-CAN-2091) Unspecified Remote Code Execution and Information Disclosure Vulnerability in HP Universal CMDB 10.01 and 10.10 (ZDI-CAN-2104) Unspecified Remote Information Disclosure Vulnerability in HP Intelligent Management Center (iMC) and Branch Intelligent Management System (BIMS) Unspecified Remote Information Disclosure Vulnerability in HP Intelligent Management Center (iMC) and Branch Intelligent Management System (BIMS) Unspecified Remote Information Disclosure Vulnerability in HP Intelligent Management Center (iMC) and Branch Intelligent Management System (BIMS) Unspecified Remote Information Disclosure Vulnerability in HP Intelligent Management Center (iMC) and Branch Intelligent Management System (BIMS) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HP Intelligent Management Center (iMC) and Branch Intelligent Management System (BIMS) Remote Code Execution Vulnerability in HP Storage Data Protector 8.x Unspecified Remote Code Execution Vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x (ZDI-CAN-2264) HP Network Virtualization 8.6 Directory Traversal Vulnerability (ZDI-CAN-2023) Directory Traversal Vulnerability in HP Network Virtualization 8.6 (Shunra Network Virtualization) Allows Remote Code Execution (ZDI-CAN-2024) Privilege Escalation Vulnerability in HP NonStop NetBatch Unspecified Information Disclosure Vulnerability in HP Enterprise Maps 1 Bypassing Program Access Restrictions in HP NonStop Safeguard Security Software Privilege Escalation Vulnerability in HP Operations Agent 11.00 with Glance Integration Privilege Escalation Vulnerability in HP Application Lifecycle Management (Quality Center) 11.5x and 12.0x Unspecified Remote Code Execution Vulnerability in HP Service Manager WebTier Component CSRF Vulnerability in HP Service Manager (SM) 7.21 and 9.x Unspecified Remote Access Restriction Bypass Vulnerability in HP Service Manager Unspecified Remote Code Execution Vulnerability in HP Sprinter 12.01 (ZDI-CAN-2343) Unspecified Remote Code Execution Vulnerability in HP Sprinter 12.01 (ZDI-CAN-2336) Unspecified Remote Code Execution Vulnerability in HP Sprinter 12.01 (ZDI-CAN-2342) Unspecified Remote Code Execution Vulnerability in HP Sprinter 12.01 (ZDI-CAN-2344) Unspecified Privilege Escalation Vulnerability in HP MPIO Device Specific Module Manager Arbitrary Code Injection through Cross-Site Scripting (XSS) in HP System Management Homepage (SMH) CSRF Vulnerability in HP System Management Homepage (SMH) Allows Authentication Hijacking Clickjacking Vulnerability in HP System Management Homepage (SMH) before 7.4 Unspecified Privilege Escalation Vulnerability in HP Systems Insight Manager (SIM) Arbitrary Web Script Injection Vulnerability in HP Systems Insight Manager (SIM) Clickjacking Vulnerability in HP Systems Insight Manager (SIM) Unspecified Local Access Bypass Vulnerability in HP Network Automation 9.10 and 9.20 Arbitrary Web Script Injection Vulnerability in HP Operations Agent Unspecified Remote Code Execution Vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX Unspecified Remote Code Execution Vulnerability in HP Operations Manager 9.20 on UNIX OS Command Injection Vulnerability in Unify OpenStage / OpenScape Desk Phone IP (before V3 R3.11.0 SIP) Web Management Interface Authentication Bypass Vulnerability in Unify OpenStage/OpenScape Desk Phone IP SIP Arbitrary SQL Command Execution Vulnerability in OpenScape Deployment Service (DLS) OpenSSH 6.6 and Earlier: Bypassing SSHFP DNS RR Checking via HostCertificate SQL Injection Vulnerabilities in MobFox mAdserve 2.0 and Earlier SQL Injection Vulnerability in Postfix Admin's gen_show_status Function Unspecified Remote Code Execution Vulnerability in PaperCut MF Print Release Functionality Unspecified Denial of Service Vulnerability in Papercut MF and NG before 14.1 (Build 26983) CSRF Vulnerability in Papercut MF and NG Admin UI Allows Remote Authentication Hijacking Arbitrary Code Execution via Unrestricted File Upload in X2Engine X2CRM MediaWiki Login CSRF Vulnerability Race condition vulnerability in _get_masked_mode function in Python 3.2 through 3.5 Denial of Service Vulnerability in Apache CouchDB 1.5.0 and Earlier Multiple integer overflows in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 in contrib/hstore/hstore_io.c allow remote authenticated users to have unspecified impact via vectors related to hstore functions, leading to a buffer overflow. Arbitrary Web Script Injection in ZOHO ManageEngine OpStor (CVE-2014-0344) Denial of Service and Memory Corruption Vulnerability in Microsoft Windows Media Player 11.0.5721.5230 Race condition in ath_tx_aggr_sleep function in Linux kernel before 3.13.7 allows remote attackers to cause denial of service Denial of Service Vulnerability in arch_dup_task_struct Function in Linux Kernel Arbitrary File Read Vulnerability in Ajax Pagination (Twitter Style) Plugin for WordPress CSRF Vulnerability in WP HTML Sitemap Plugin 1.2 for WordPress Denial of Service Vulnerability in Linux Kernel's rds_iw_laddr_check Function Remote Code Execution Vulnerability in Xmind 3.4.1 and Earlier via Man-in-the-Middle Attack XML External Entity (XXE) vulnerability in Zend Framework versions 1.12.4 and earlier, Zend Framework versions 2.1.6 and earlier, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure versions before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, and potentially cause a denial of service. XML External Entity (XXE) vulnerability in Zend Framework versions 1.12.4 and earlier, Zend Framework versions 2.1.6 and earlier, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure versions before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 when used with PHP-FPM XML Entity Expansion (XEE) Denial of Service Vulnerability OpenID Spoofing Vulnerability in Zend Framework OpenID Authentication Bypass Vulnerability in Zend Framework String Evaluation Vulnerability in Ansible (prior to 1.5.4) Offiria 2.1.0 XSS Vulnerability in installer/index.php Local Privilege Escalation Vulnerability in Citrix VDI-in-a-Box 5.3.x and 5.4.x Race condition vulnerability in mac80211 subsystem in Linux kernel before 3.13.7 allows remote attackers to cause denial of service Arbitrary Command Execution in cups-browsed in cups-filters 1.0.41 to 1.0.51 SQL Injection Vulnerabilities in Cacti graph_xport.php Arbitrary Command Execution in Cacti 0.8.7g and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Oliver (formerly Webshare) 1.3.1 and Earlier Arbitrary web script injection vulnerability in J-Web in Juniper Junos Unspecified Cross-Site Scripting (XSS) Vulnerability in J-Web in Juniper Junos Denial of Service Vulnerability in Juniper Junos Routers Denial of Service Vulnerability in Juniper Junos EWF Cross-Site Scripting (XSS) Vulnerabilities in VideoWhisper Webcam Plugins for Drupal 7.x RC4 Cipher Stream Reuse Vulnerability in Ekahau B4 Staff Badge Tag 5.7 Authentication Bypass Vulnerability in Honeywell FALCON XLWeb and XLWebExe Controllers Firmware Integrity Verification Bypass Vulnerability in ASUS RT-Series Routers Source Code Disclosure Vulnerability in ASUS RT Series Routers File-Extension Spoofing Vulnerability in IZArc 4.1.8 FortiBalancer SSH Privileged Access Vulnerability FortiBalancer SSH Privileged Access Vulnerability FortiBalancer SSH Privileged Access Vulnerability Plaintext Command Injection Vulnerability in MailMarshal's STARTTLS Implementation Arbitrary Script Injection in Ektron CMS 8.7 before 8.7.0.055 XML Entity Expansion Denial of Service Vulnerability Unspecified Remote Code Execution Vulnerabilities in Siemens SINEMA Server Siemens SINEMA Server Multiple Directory Traversal Vulnerabilities Denial of Service Vulnerability in Siemens SINEMA Server Insecure State Management in Ruby OpenSSL Extension Insecure SSL Certificate Verification in WinSCP SQL Injection Vulnerabilities in MODX Revolution before 2.2.14 SQL Injection Vulnerability in KnowledgeTree 3.7.0.2 and Earlier: Remote Code Execution via get_active_session Function Denial of Service Vulnerability in Linux Kernel's cma_req_handler Function Denial of Service Vulnerability in Ignite Realtime Openfire XML Lightweight Parser Denial of Service Vulnerability in Isode M-Link before 16.0v7 via Crafted XMPP Stream (xmppbomb) Denial of Service Vulnerability in Lightwitch Metronome through 3.4 via Crafted XMPP Stream (xmppbomb) Unauthenticated Stream Compression Vulnerability in Prosody and Lightwitch Metronome Denial of Service Vulnerability in Prosody XMPP Server (CVE-2015-8784) Denial of Service Vulnerability in Tigase XMPP Server Remote Modification and Deletion of Log Classes in SAP Enhancement Package 6 for SAP ERP 6.0 SAP HANA ICM Process Information Disclosure Vulnerability Hardcoded Credentials in SAP Print and Output Management Hardcoded Credentials Vulnerability in SAP Business Object Processing Framework (BOPF) for ABAP Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability Embedded Font Vulnerability in Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 Denial of Service Vulnerability in Microsoft Malware Protection Engine DirectShow Elevation of Privilege Vulnerability On-Screen Keyboard Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Extended Validation (EV) Certificate Security Feature Bypass Vulnerability in Microsoft Internet Explorer 7-11 Internet Explorer Memory Corruption Vulnerability Internet Explorer 7 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Service Bus Denial of Service Vulnerability OneNote 2007 SP3 Remote Code Execution Vulnerability SharePoint Page Content Privilege Escalation Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Denial of Service Vulnerability in OpenStack Identity (Keystone) API Denial of Service Vulnerability in Erlang Solutions MongooseIM through 1.3.1 rev. 2 Stack-based Buffer Overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4 Cross-Site Request Forgery (CSRF) Vulnerabilities in GD Star Rating Plugin for WordPress GD Star Rating Plugin 19.22 for WordPress SQL Injection Vulnerability Denial of Service Vulnerability in Juniper ScreenOS 6.3 and Earlier Arbitrary Web Script Injection in infoware MapSuite MapAPI 1.0.x and 1.1.x Arbitrary Script Injection in F-Secure Messaging Secure Gateway 7.5.0 X.509 Certificate Chain Validation Vulnerability in Cyberduck on Windows Arkeia WD Virtual Appliance Directory Traversal Vulnerability SQL Injection Vulnerability in CIS Manager CMS Default.asp Privilege Escalation via Race Condition in Nessus 5.2.1 Remote Password Change Vulnerability in Sophos Web Appliance Arbitrary Command Execution Vulnerability in Sophos Web Appliance Integer Overflow in ping_init_sock Function in Linux Kernel OpenAFS Denial of Service Vulnerability Arbitrary Web Script Injection in MediaWiki InfoAction.php Arbitrary Web Script Injection in SemanticTitle Extension for MediaWiki Denial of Service Vulnerability in rsync 3.1.0 and Earlier Arbitrary Web Script Injection Vulnerability in CUPS Scheduler Improper Access Restriction in Resources Plugin for Grails Directory Traversal Vulnerability in Resources Plugin for Pivotal Grails Access Restriction Bypass in PaperThin CommonSpot Cross-Site Scripting (XSS) Vulnerabilities in PaperThin CommonSpot Incomplete Blacklist Vulnerability in PaperThin CommonSpot Unspecified Authorization Vulnerability in PaperThin CommonSpot Multiple Absolute Path Traversal Vulnerabilities in PaperThin CommonSpot Directory Traversal Vulnerabilities in PaperThin CommonSpot Null Character Bypass in PaperThin CommonSpot Client-side access control vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 Arbitrary Code Execution via Unrestricted File Upload in PaperThin CommonSpot Remote Code Execution via HTTP GET Request in PaperThin CommonSpot Information Disclosure Vulnerability in PaperThin CommonSpot Cleartext Storage of Credentials Vulnerability in PaperThin CommonSpot Session Hijacking Vulnerability in PaperThin CommonSpot Directory Listing Vulnerability in PaperThin CommonSpot Unauthenticated Access to Log Files in PaperThin CommonSpot Arbitrary Code Execution Vulnerability in PaperThin CommonSpot Weak Session ID Generation in CGILua 5.2 Alpha 1 and 5.2 Alpha 2 Cross-Site Scripting (XSS) Vulnerabilities in Dell SonicWALL Email Security 7.4.5 and Earlier Open Redirect Vulnerability in Oracle Identity Manager Component Unspecified Vulnerability in Citrix NetScaler ADC and Gateway Unspecified Certificate Validation Vulnerability in Citrix NetScaler ADC and Gateway Arbitrary File Access Vulnerability in TrueCrypt 7.1a Integer overflows in TrueCrypt 7.1a leading to information disclosure and denial of service vulnerabilities Arbitrary Command Execution Vulnerability in GKSu 2.0.2 Arbitrary Command Execution via Shell Metacharacters in sfpagent Gem Off-by-one error in bpf_jit_compile function allows privilege escalation in Linux kernel Arbitrary Script Injection in phpMyID 0.9 via wrap_html Function Denial of Service Vulnerability in strongSwan IKE Daemon Heap-based Buffer Overflow in libmms Allows Remote Code Execution Symlink Attack Vulnerability in Clang's scan-build Utility Buffer underflow and memory corruption vulnerability in QEMU's cmd_smart function in hw/ide/core.c Memory Corruption and Out-of-Bounds Read Vulnerability in wolfSSL CyaSSL Out-of-Bounds Read Vulnerability in wolfSSL CyaSSL 2.5.0 to 2.9.4 Out-of-Bounds Read Vulnerability in wolfSSL CyaSSL (CVE-2020-24613) Denial of Service Vulnerability in wolfSSL CyaSSL before 2.9.4 X.509 Certificate Validation Vulnerability in wolfSSL CyaSSL Improper Certificate Issuance in wolfSSL before 3.2.0 Improper Authorization of CA Certificate in wolfSSL before 3.2.0 CyaSSL Server Certificate Spoofing Vulnerability Improper Authorization of Server Certificate in wolfSSL before 3.2.0 Privilege Escalation via Insecure Credential Checking in fish-shell 1.16.0 to 2.1.1 Arbitrary Command Execution via Predictable Temporary File Name in fish-shell Denial of Service Vulnerability in Wireshark RTP Dissector Siemens SIMATIC S7-1200 CPU Devices XSS Vulnerability CRLF Injection Vulnerability in Siemens SIMATIC S7-1200 CPU Devices Incomplete Blacklist Vulnerability in NRPE Allows Remote Command Execution Unrestricted Access to fish-shell Configuration Service Vulnerability Unrestricted Hardware Access Vulnerability in Xen 4.4.x on ARM Systems CSRF Vulnerability in phpList Subscription Page Editor Arbitrary Code Execution via PHP Object Injection in Pimcore Newsletter Module Arbitrary File Deletion and PHP Object Injection in Pimcore Newsletter Module Arbitrary Web Script Injection in ASUS RT-AC68U and Other RT Series Routers Denial of Service Vulnerability in Kaseya Virtual System Administrator (VSA) Unauthenticated Remote File Access in F5 BIG-IP and Enterprise Manager Arbitrary Command Execution via Shell Metacharacters in F5 BIG-IP iControl API Caldera 9.20 Directory Traversal Vulnerability SQL Injection Vulnerabilities in Caldera 9.20: Remote Code Execution Arbitrary Command Execution in CostView Caldera 9.20 via XMLRPC Remote Code Injection Vulnerability in Caldera 9.20 Directory Manager Unauthenticated Access-Control and Attendance-Tracking Data Modification in Hanvon FaceID Alfresco Enterprise Multiple Cross-Site Scripting (XSS) Vulnerabilities Hardcoded Credentials in Cobham Sailor 900 and 6000 Satellite Terminals Hardcoded Tbus 2 Credentials Vulnerability in Cobham Sailor 6000 Satellite Terminals Improper PIN Code Algorithm in Cobham Aviator 700D and 700E Satellite Terminals CSRF Vulnerability in Huawei E303 Modems: Remote Authentication Hijacking Arbitrary Web Script Injection in Login.aspx in Bizagi BPM Suite Arbitrary SQL Command Execution Vulnerability in Bizagi BPM Suite SQL Injection Vulnerability in F5 ARX Data Manager 3.0.0 - 3.1.0 Unauthenticated FTP Access Vulnerability in Datum Systems SnIP on PSM-500 and PSM-4500 Devices Hardcoded Password Vulnerability in Datum Systems SnIP on PSM-500 and PSM-4500 Devices Authentication Bypass and Arbitrary IPMI Command Execution in Raritan PX Devices Arbitrary Program Execution Vulnerability in AVG Secure Search Toolbar and AVG Safeguard Arbitrary Code Execution via From Header in Exim's dmarc_process Function Arbitrary Command Execution Vulnerability in Dell ML6000 and Quantum Scalar i500 Tape Backup Systems Arbitrary File Read Vulnerability in Vision Critical (pre-2014-05-30) Absolute Path Traversal Vulnerability in Belkin N150 F9K1009 v1 Router Firmware Cross-Site Scripting (XSS) Vulnerabilities in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE Hardcoded Password Vulnerability in Cobham Aviator 700D and 700E Satellite Terminals Arbitrary Web Script Injection Vulnerability in SpamTitan's auth-settings-x.php ISO-8859-1 Encoder Unicode Transformation Vulnerability Arbitrary Code Execution Vulnerability in Autodesk VRED Professional 2014 before SR1 SP8 Arbitrary Web Script Injection Vulnerability in Huawei E355 CH1E355SM Modem Hardcoded Password Vulnerability in NETGEAR GS108PE Prosafe Plus Switches Arbitrary Web Script Injection in MicroPact iComplaints AddStdLetter.jsp Double Expansion Vulnerability in Exim before 4.83 Allows Privilege Escalation and Command Execution CSRF Vulnerability in Silver Peak VX Allows Hijacking of Administrator Authentication Arbitrary Web Script Injection in Silver Peak VX 6.2.4 Sixnet SixView Manager 2.4.1 Directory Traversal Vulnerability Stack-based Buffer Overflow in DirectFB 1.4.13 Dispatch_Write Function Out-of-Bounds Write Vulnerability in DirectFB 1.4.4's Dispatch_Write Function Denial of Service Vulnerability in gdomap in GNUstep Base 1.24.6 and Earlier Information Leakage in Drupal Caching System NULL pointer dereference vulnerability in Xen 4.4.x ARM GIC distributor allows for denial of service Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in EGroupware Arbitrary PHP Code Execution in EGroupware CSRF Vulnerability in Open Assessment Technologies TAO 2.5.6 Allows Unauthorized Creation of Administrative Accounts Unverified X.509 Certificates in Misli.com Android App Enable Man-in-the-Middle Attacks Unverified X.509 Certificates in Birebin.com Android App: Exploiting SSL Server Spoofing Vulnerability Remote Code Execution Vulnerability in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 Cross-Site Scripting (XSS) Vulnerabilities in Twitget Plugin for WordPress Arbitrary Command Execution in XCloner Standalone 3.5 and Earlier TCP Reassembly Function Denial of Service Vulnerability Bypassing Default Rulesets in FreeBSD 10.0 Device File System XML External Entity (XXE) Vulnerability in Castor SAX Parser XML External Entity (XXE) Vulnerability in Zabbix Unrestricted Access and Password Change Vulnerability in Sitepark Information Enterprise Server (IES) 2.9 Arbitrary Command Execution in Python Image Library (PIL) and Pillow (CVE-2014-1932) Arbitrary Command Execution in Unitrends Enterprise Backup 7.3.0 Phishing Vulnerability in IBM InfoSphere Master Data Management Arbitrary Web Script Injection Vulnerability in IBM WebSphere Service Registry and Repository Link Injection Vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 CRLF Injection Vulnerabilities in IBM Curam Social Program Management Cross-Site Scripting (XSS) Vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 IBM Sametime Meeting Server XSS Vulnerability CSRF Vulnerability in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 Denial of Service Vulnerability in IBM BladeCenter SAS Connectivity Module and SAS RAID Module Remote Access Vulnerability in IBM BladeCenter SAS Connectivity Module and SAS RAID Module World-writable permissions in install.sh in eWAS 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 HTTP Header Handling Vulnerability in IBM WebSphere Application Server (WAS) 7.0, 8.0, and 8.5 Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) 7.0.x, 8.0.x, and 8.5.x CSRF Vulnerability in IBM Maximo Asset Management and SmartCloud Control Desk Allows Authentication Hijacking Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM Maximo Asset Management and Related Products CRLF Injection Vulnerability in IBM Maximo Asset Management and SmartCloud Control Desk Arbitrary Web Script Injection in IBM Tivoli Business Service Manager IBM Tivoli Netcool/OMNIbus Web GUI Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection Vulnerability in IBM Emptoris Sourcing Portfolio IBM Emptoris Contract Management 9.5.x - 10.0.2.x XSS Vulnerability Arbitrary Web Script Injection Vulnerability in IBM Emptoris Spend Analysis Bypassing Topology Access Restrictions in IBM API Management 3.0.0.0 CSRF Vulnerability in IBM Configuration Management Application and Design Managers Privilege Escalation Vulnerability in IBM SPSS Modeler 16.0 on UNIX Cross-Site Request Forgery (CSRF) Vulnerability in IBM Emptoris Contract Management, Emptoris Sourcing Portfolio, and Emptoris Spend Analysis SQL Injection Vulnerability in IBM Emptoris Contract Management Denial of Service Vulnerability in IBM CICS Transaction Server Privilege Escalation Vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x Sensitive Information Disclosure in IBM SONAS Administrative Password Privilege Escalation Vulnerability in IBM System Storage Virtualization Engine TS7700 Credential Exposure in IBM Rational Team Concert (RTC) Build Engine Integration Unverified X.509 Certificates in IBM Tivoli Composite Application Manager (ITCAM) for Transactions Reverse-proxy vulnerability in IBM Security Access Manager (ISAM) for Web 8.0 allows for information disclosure through weak SSL encryption settings Authentication Bypass Vulnerability in IBM Security Access Manager (ISAM) Open Redirect Vulnerabilities in IBM WebSphere Portal UTL Portlet SQL Injection Vulnerability in IBM WebSphere Portal UTL Portlet (7.x - 8.0.0.1 CF12) Information Disclosure Vulnerability in Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 Arbitrary Script Injection in IBM WebSphere Portal Unified Task List Portlet CSRF Vulnerability in IBM WebSphere DataPower XC10 Appliance Allows Authentication Hijacking Unspecified vulnerability in IBM WebSphere DataPower XC10 Administrative Console allows remote privilege escalation Remote Privilege Escalation Vulnerability in IBM WebSphere DataPower XC10 Appliance 2.5 CSRF Vulnerability in IBM Emptoris Spend Analysis Unspecified Remote Code Execution Vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 Privilege Escalation Vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition and InfoSphere Master Data Management Server for Product Information Management Arbitrary File Read Vulnerability in IBM InfoSphere Master Data Management Unspecified vulnerability in IBM Java Runtime Environment (JRE) allows local code execution via shared classes cache XML External Entity (XXE) Vulnerability in IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 Brute Force Attack Vulnerability in IBM Java Runtime Environment (JRE) CRLF Injection Vulnerabilities in IBM Curam Social Program Management (SPM) 6.0.5.5 Account Creation Vulnerability in IBM WebSphere Application Server (WAS) 8.0.x and 8.5.x IBM InfoSphere Information Server 11.3 Data Quality Console Cross-Site Scripting (XSS) Vulnerability Privilege Escalation Vulnerability in IBM Security AppScan Source Automation Server Unspecified Remote Code Execution Vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 Privilege Escalation via Runtime Linker Vulnerability Arbitrary Web Script Injection Vulnerability in IBM Business Process Manager and WebSphere Lombardi Edition Information Disclosure Vulnerability in IBM Business Process Manager (BPM) 8.5 through 8.5.5 Sensitive Information Exposure in IBM SONAS and System Storage Storwize V7000 Unified Authorization Bypass Vulnerability in IBM Rational License Key Server (RLKS) 8.1.4.x Cross-Site Scripting (XSS) Vulnerabilities in IBM GCM16 and GCM32 Global Console Manager Switches Arbitrary File Read Vulnerability in IBM GCM16 and GCM32 Global Console Manager Switches Unrestricted Resource Access Vulnerability in IBM WebSphere Application Server Bypass of Write-Access Restrictions on Calendar Entries in IBM Maximo Asset Management and Related Products Arbitrary Command Execution in IBM GCM16 and GCM32 Global Console Manager Switches Privilege Escalation Vulnerability in IBM Java Virtual Machine XML External Entity (XXE) vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition File Upload Bypass Vulnerability in IBM Sametime Meeting Server 8.5.1 Cleartext Root Password Exposure in IBM Rational Directory Server and Rational Directory Administrator Denial of Service Vulnerability in IBM Rational ClearCase 7.1, 8.0.0, and 8.0.1 IBM Security QRadar SIEM 7.1.x and 7.2.x Cross-Site Scripting (XSS) Vulnerability Insecure Session Cookie Transmission in IBM Jazz Team Server Cleartext Password Exposure in IBM PowerVC Stack-based Buffer Overflow in IBM DB2 ALTER MODULE Statement Denial of Service Vulnerability in IBM DB2 SQL Engine Arbitrary Script Injection Vulnerability in IBM Curam Social Program Management Open Redirect Vulnerability in IBM Tivoli Federated Identity Manager (TFIM) versions 6.2.0 to 6.2.2 Unspecified Local Information Disclosure Vulnerability in IBM Systems Director Stack-based Buffer Overflow in Android KeyStore Service Allows Arbitrary Code Execution Brute-force vulnerability in IBM Rational ClearQuest login form Arbitrary Script Injection Vulnerability in IBM WebSphere Portal Insecure Session Cookie Handling in IBM Rational ClearQuest Denial of Service Vulnerability in IBM Rational ClearQuest User Enumeration Vulnerability in IBM Rational ClearQuest Authentication Bypass Vulnerability in IBM Rational ClearQuest Cross-Site Scripting (XSS) Vulnerabilities in Honeywell FALCON XLWeb and XLWebExe Controllers Multiple Cross-Site Scripting (XSS) Vulnerabilities in FOG 0.27-0.32 Buffer Overflow Vulnerabilities in RealPlayer MP4 Parsing Arbitrary Command Execution in EZPZ One Click Backup Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerabilities in Fortinet FortiWeb Web Administration Console Multiple SQL Injection Vulnerabilities in web2Project 3.1 and Earlier Arbitrary Code Execution via Dynamic Scripting in Elasticsearch Arbitrary Command Execution and X Window Property Manipulation in rxvt-unicode Memory Usage Pattern Denial of Service Vulnerability in Linux Kernel Arbitrary Script Injection in NextCellent Gallery Plugin for WordPress HVMOP_set_mem_type Control Vulnerability in Xen 4.1 through 4.4.x Improper Context Switching of CNTKCTL_EL1 Register in Xen 4.4.x on ARM Systems Directory Traversal Vulnerability in dpkg 1.15.9 on Debian Squeeze Sensitive Information Disclosure in SAP Solution Manager 7.1 Privilege Escalation via Crafted Help Messages in SAP Netweaver ABAP Application Server Unrestricted Access to Sensitive Information in SAP Profile Maintenance Unrestricted Access to Sensitive Information in SAP Solution Manager 7.1 Unrestricted Access to SAP Systems Registered on SLD via SAP Netweaver Java Application Server Arbitrary Web Script Injection Vulnerability in SAP BusinessObjects InfoView Application Multiple Cross-Site Scripting (XSS) Vulnerabilities in vBulletin 5.1.1 Alpha 9 CSRF Vulnerability in D-Link DWR-113 (Rev. Ax) Firmware Content-Type Bypass Vulnerability in Bottle 0.10.x - 0.12.x SQL Injection Vulnerability in Xerox DocuShare Authentication Bypass in Unitrends Enterprise Backup 7.3.0 via recoveryconsole/bpl/snmpd.php Integer Underflow Vulnerability in BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST Extensions in Linux Kernel Reverse Order Subtraction Vulnerability in Linux Kernel's BPF_S_ANC_NLATTR_NEST Extension Implementation Incomplete Blacklist Vulnerability in lxml.html.clean Module Allows Cross-Site Scripting (XSS) Attacks Cross-site scripting (XSS) vulnerability in Splunk Enterprise auto-complete feature XSS Vulnerability in OkCupid OKWS Allows Remote Script Injection Unspecified Cross-Site Scripting (XSS) Vulnerability in Invision Power IP.Board and IP.Nexus Arbitrary Configuration File Upload and Sensitive Information Disclosure in Livebox 1.1 Integer Underflow in LCodeGen::PrepareKeyedOperand in Google V8 Privilege Escalation via FUTEX_REQUEUE Command in Linux Kernel Use-after-free vulnerability in ChildThread::Shutdown function in Google Chrome Denial of Service Vulnerability in Google Chrome SPDY Implementation Buffer Overflow in Google Chrome Clipboard Implementation Heap-based buffer overflow in FFmpegVideoDecoder::GetVideoBuffer in Google Chrome Integer Overflow in getword Function in PPPD Allows Privileged Options Access and Heap-Based Buffer Overflow URL Spoofing Vulnerability in Google Chrome for Android Bypassing Same Origin Policy via Crafted SVG File in Blink Same Origin Policy Bypass in Google Chrome for Android via WebMediaPlayerAndroid::load Function Unspecified Vulnerabilities in Google Chrome Before 36.0.1985.125 Denial of Service Vulnerability in Android Service Manager Use-after-free vulnerability in Web Sockets implementation in Blink Vulnerability: Public Key Pinning (PKP) Bypass via SPDY Connections Unspecified Vulnerabilities in Google Chrome Before 36.0.1985.143 SVG Use-After-Free Vulnerability in Blink Use-after-free vulnerability in Blink DOM implementation allows remote attackers to cause denial of service or other impact Spoofing Extension Permission Dialog in Google Chrome Use-after-free vulnerability in V8 bindings in Blink leading to denial of service or potential impact Unvalidated URL in Debugger Extension API Allows Access Bypass Uninitialized Memory Read Vulnerability in WebGL Implementation of Google Chrome Denial of Service Vulnerability in Web Audio API Implementation in Google Chrome Unspecified vulnerabilities in Google Chrome before 37.0.2062.94 Arbitrary Code Execution Vulnerability in Google Chrome Arbitrary Code Execution Vulnerability in Google Chrome Use-after-free vulnerability in Blink's Node.cpp allows for remote code execution Unspecified Vulnerabilities in Google Chrome before 37.0.2062.120 Possible Out-of-Bounds Read in Linux Kernel's compat_sys_nanosleep Stack-based buffer overflows in Magic Mouse HID driver in Linux kernel Array Index Error in logi_dj_raw_event Function in Linux Kernel Logitech DJ Wireless Receiver Heap-Based Buffer Overflow Vulnerability Out-of-bounds write vulnerability in Linux kernel HID subsystem Buffer overflow vulnerability in Whiteheat USB Serial Driver in Linux kernel before 3.16.2 Buffer Overflow in PicoLCD HID Device Driver Allows for Denial of Service or Arbitrary Code Execution Vulnerability: Remote Video and Audio Data Extraction in Google Chrome on iOS Arbitrary Code Execution via JSON Parsing Vulnerability in Google Chrome Out-of-bounds read vulnerability in Chrome PDF Image Copy Function Use-after-free vulnerability in Event::currentTarget function in Blink Use-after-free vulnerability in Blink allows remote attackers to cause denial of service or unspecified impact via crafted JavaScript code Use-after-free vulnerability in ProcessingInstruction::setXSLStyleSheet function in Blink Use-after-free vulnerability in Google Chrome SessionService::GetLastSession function Web Workers Use-After-Free Vulnerability in Google Chrome Memory Allocation and Concatenation Vulnerability in Google V8 Shared Memory Read-Only Restriction Bypass Vulnerability in Google Chrome on Windows XSS Auditor Bypass Vulnerability in NavigationScheduler Out-of-bounds read vulnerability in PDFium component in Google Chrome before 38.0.2125.101 Denial of Service Vulnerability in V8 Bindings in Google Chrome Unspecified Vulnerabilities in Google Chrome before 38.0.2125.101 Spoofing Vulnerability in Google Chrome on Android Lock Screen Bypass Vulnerability in Unity before 7.2.1 Dash Bypass Vulnerability in Unity Keyboard Shortcut Bypass Vulnerability in Unity Hard-coded Backdoor Password in Seagate BlackArmor NAS Remote Code Execution Vulnerability in Seagate BlackArmor NAS Cross-Site Scripting (XSS) Vulnerability in SKS Keyserver before 1.1.5 Denial of Service Vulnerability in askpop3d 0.7.7 via free (pszQuery) Privilege Escalation Vulnerability in ldns-keygen Tool Arbitrary SQL Command Execution in Booking System Plugin for WordPress Critical Denial of Service Vulnerability in Publify before 8.0.1 Denial of Service Vulnerability in ISC BIND 9.10.0 Privilege Escalation Vulnerability in seunshare in policycoreutils 2.2.5 Denial of Service Vulnerability in GOM Media Player 2.2.57.5189 and Earlier Arbitrary File Write Vulnerability in fish before 2.1.1 Arbitrary User Password Change Vulnerability in F5 BIG-IQ Cloud and Security Denial of Service Vulnerability in Huawei Eudemon8000E Firewall Privilege Escalation Vulnerability in Huawei eSpace Meeting Software Y.1731 Vulnerability in Huawei S9300 and S2300-S6300 Switches Denial of Service (DoS) Vulnerability in Huawei Quidway Switches Cobbler Absolute Path Traversal Vulnerability Directory Traversal and File Modification Vulnerability in dpkg Server Certificate Validation Bypass in libwww-perl LWP::Protocol::https Arbitrary File Read Vulnerability in SOAPpy 0.12.5 Denial of Service Vulnerability in SOAPpy 0.12.5 XML External Entity (XXE) Vulnerability in RSSDashlet Dashlet in SugarCRM SQL Injection Vulnerability in Collabtive 1.2: Remote Code Execution via folder Parameter Arbitrary Web Script Injection Vulnerability in Collabtive 1.2 Untrusted search path vulnerability in Puppet Enterprise and related components Information Disclosure Vulnerability in Puppet Enterprise 2.8.x before 2.8.7 Missing SSLCARevocationCheck Directive in Puppet Default Vhost Configuration File Race condition vulnerability in MCollective AES Security Plugin allows unauthorized connections Improper Cryptography Implementation in Pacom 1000 CCU and RTU GMS Devices Allows Remote Data Stream Spoofing Buffer Overflow Vulnerability in Cisco Smart Call Home Implementation Cisco IOS and IOS XE LISP Implementation Denial of Service Vulnerability Denial of Service Vulnerability in Cisco IOS 15.3(3)M (Bug ID CSCum97038) Denial of Service Vulnerability in Cisco ASA Software (CSCun69561) Arbitrary Web Script Injection Vulnerability in Cisco Security Manager Auto Update Server Arbitrary Web Script Injection Vulnerability in Cisco Security Manager CSRF Vulnerability in Cisco Security Manager 4.6 and Earlier Denial of Service Vulnerability in Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) Devices (CSCuj72215) Denial of Service Vulnerability in Cisco IOS XE 3.5E SNMP Module (Bug ID CSCug65204) Denial of Service Vulnerability in Cisco IOS XR DHCPv6 Implementation (Bug ID CSCul80924) Denial of Service Vulnerability in Cisco IOS XR DHCPv6 Implementation Privilege Escalation Vulnerability in Cisco Tidal Enterprise Scheduler (TES) 6.1 and Earlier (CSCuo33074) Cisco IOS LLDP Implementation Denial of Service Vulnerability Vulnerability: Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier HTTP Fallback Vulnerability SQL Injection Vulnerability in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and Earlier Denial of Service Vulnerability in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and Earlier Improper Access Control in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows unauthorized access to sensitive information Improper Access Control in Cisco Unified Communications Domain Manager (CDM) Web Framework Account Enumeration Vulnerability in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier Improper Access Control in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and Earlier Improper Access Control in Cisco Unified Communications Domain Manager (CDM) Web Framework Improper Access Control in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote authenticated users to access sensitive information Open Redirect Vulnerability in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and Earlier Denial of Service Vulnerability in Cisco IOS XE on ASR1000 Devices with PPPoE Termination Enabled (Bug ID CSCuo55180) Denial of Service Vulnerability in Cisco WAAS with SharePoint Acceleration (CSCue47674) Improper Content Restriction in Cisco WebEx Meeting Server Allows Information Disclosure SQL Injection Vulnerability in BulkViewFileContentsAction.java in Cisco Unified Communications Manager Arbitrary Script Injection in Cisco AsyncOS Web Management Interface Vulnerability in Cisco IOS XE 3.12S mDNS Implementation Allows Information Disclosure and Data Overwrite (CSCun64867) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (Bug ID CSCuo12321) Arbitrary File Read and Delete Vulnerability in Cisco Unified Communications Manager Denial of Service Vulnerability in Cisco IOS 15.4(3)S0b on ASR901 Devices (Bug ID CSCuo29736) Improper URL Content Restriction in Cisco WebEx Meeting Server (Bug ID CSCuj81691) HSRP Authentication Bypass and Denial of Service Vulnerability in Cisco NX-OS Information Disclosure Vulnerability in Cisco WebEx Meeting Server Information Disclosure in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal Sensitive Information Exposure in Cisco Intelligent Automation for Cloud Cisco IOS IPsec Packet Denial of Service Vulnerability Improper Access Control in Cisco Unified Communications Domain Manager (CDM) Allows User Information Modification (CSCum77041) Information Disclosure Vulnerability in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier (Bug ID CSCuj81700) Improper Token Timer Implementation in Cisco WebEx Meetings Server 1.5 and Earlier Improper Query String Handling in Cisco WebEx Meetings Server User Account Enumeration Vulnerability in Cisco WebEx Meetings Server CSRF Vulnerability in Cisco WebEx Meetings Server 1.5 and Earlier Arbitrary Code Execution Vulnerability in Cisco Wireless Residential Gateway Products (Bug ID CSCup40808) Arbitrary Command Execution Vulnerability in Cisco Small Cell DHCP Client Denial of Service Vulnerability in Cisco IOS XR on Trident Line Cards in ASR 9000 Devices (Bug ID CSCun83985) NTP Implementation in Cisco IOS and IOS XE Allows Bypass of Access Group Restrictions (Bug ID CSCuj66318) Arbitrary File Read Vulnerability in Cisco WebEx Meetings Client Remote Code Execution Vulnerability in WebEx Meetings Client Authentication Bypass Vulnerability in Cisco Small Business SPA300 and SPA500 Phones (Bug ID CSCun77435) Cisco Small Business SPA300 and SPA500 Phones XSS Vulnerability Improper Host Type Verification in Cisco AnyConnect on Android and OS X Cisco Unified Communications Manager DNA Component XSS Vulnerability (Bug ID CSCup76308) Bypassing Upload Restrictions in Cisco Unified Communications Manager (Bug ID CSCup76297) Cisco Unified Communications Manager Multiple Analyzer Directory Traversal Vulnerability Cisco Unified Communications Manager Directory Traversal Vulnerability (Bug ID CSCup76318) Cisco Unified Communications Manager (CM) 10.0(1) Directory Traversal Vulnerability (CSCup57676) Open Redirect Vulnerabilities in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and Earlier Denial of Service Vulnerability in Cisco IOS XR 4.3.4 and Earlier on ASR 9000 Devices NetFlow Sampling Denial of Service Vulnerability in Cisco IOS XR 4.3(.2) and Earlier on ASR 9000 Devices Cisco Unified Contact Center Enterprise Directory Traversal Vulnerability (Bug ID CSCun25262) Cross-Site Scripting (XSS) Vulnerabilities in Cisco TelePresence Server Software 4.0(2.8) Login Page (Bug ID CSCup90060) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Customer Voice Portal (CVP) SQL Injection Vulnerability in Cisco Security Manager 4.5 and 4.6 (Bug ID CSCup26957) Denial of Service Vulnerability in Cisco EnergyWise Module (CVE-2015-0646) Denial of Service Vulnerability in Cisco Unified Presence Server (Bug ID CSCun34125) Cisco Prime Data Center Network Manager (DCNM) 6.3(2) Cross-Site Scripting (XSS) Vulnerability Packet-drop policy bypass vulnerability in Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches Denial of Service Vulnerability in Cisco ASR 5000 Series Software Incorrect CLI Restrictions Setting in Cisco Unified Communications Manager (CM) 8.6(.2) and Earlier Allows Undetected Concurrent Logins Privilege Escalation via HTTP Intercept in Cisco Unity Connection 9.1(1) and 9.1(2) (Bug ID CSCup41014) Denial of Service Vulnerability in Cisco IOS XR 4.3(.2) and Earlier on ASR 9000 Devices (Bug ID CSCup77750) SQL Injection Vulnerability in Cisco Unity Connection 9.1(2) and Earlier (Bug ID CSCuq31016) Denial of Service Vulnerability in Cisco Unified Communications Manager (CM) 8.6(.2) and Earlier (Bug ID CSCtq76428) Kerberos SSO Token Validation Vulnerability in Cisco Unified Communications Manager SQL Injection Vulnerabilities in Cisco Unified Communications Manager and Cisco Unified Presence Server Directory Traversal Vulnerability in Cisco WebEx MeetMeNow (Bug ID CSCuo16166) VLAN Enumeration Vulnerability in Cisco NX-OS 7.0(3)N1(1) and Earlier Cisco IOS XR CLI Information Disclosure Vulnerability Denial of Service Vulnerability in Cisco IOS XR 5.1 (Bug ID CSCuo59052) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco Transport Gateway for Smart Call Home Improper Authorization Check in Cisco Transport Gateway for Smart Call Home Denial of Service Vulnerability in Cisco Transport Gateway for Smart Call Home Denial of Service Vulnerability in Cisco IOS 15.1(4)M2 on Cisco 1800 ISR Devices Denial of Service Vulnerability in Cisco Unified Computing System SSH Module (Bug ID CSCuo69206) Arbitrary File Upload Vulnerability in Cisco Intelligent Automation for Cloud Improper URL Redirection in Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) Allows Information Disclosure (CSCuh84870) Improper Session Handling in Cisco Intelligent Automation for Cloud Cisco Intelligent Automation for Cloud: Remote Information Disclosure Vulnerability Denial of Service Vulnerability in Cisco IOS XR 4.3(.2) and Earlier Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCui11547) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCug75942) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCue22753) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCul90866) Cisco IOS and IOS XE Memory Leak Vulnerability (Bug ID CSCuj58950) Memory Leak Vulnerability in Cisco IOS and IOS XE Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCul46586) Denial of Service Vulnerability in Cisco IOS ALG Module for SIP over NAT (Bug ID CSCun54071) Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier: Memory Leak Denial of Service Vulnerability Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2.1-2 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and Earlier (Bug ID CSCuo94808) SQL Injection Vulnerability in Cisco Unified Communications Manager Administrative Web Interface (Bug ID CSCup88089) Cross-Site Scripting (XSS) Vulnerability in Cisco Nexus 1000V InterCloud for VMware (Bug ID CSCuq90524) Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 (CSCui06507) Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) and Expressway Software (Bug ID CSCuo42252) Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) and Expressway Software Cisco Unified Communications Manager CCM Reports Interface Cross-Site Scripting Vulnerabilities Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager's CCM Dialed Number Analyzer Interface (Bug ID CSCup92550) Cisco Unified Communications Manager CCM Admin Interface XSS Vulnerabilities (Bug ID CSCuq90582) Cisco Unified Communications Manager Multiple Cross-Site Scripting Vulnerabilities (Bug ID CSCuq90597) Denial of Service Vulnerability in Cisco IOS XR 5.1 and Earlier (Bug ID CSCuq12031) Denial of Service Vulnerability in SNMPd in Cisco IOS XR 5.1 and Earlier (Bug ID CSCun67791) Denial of Service Vulnerability in Cisco IOS XR 5.1 and Earlier (Bug ID CSCum00468) Denial of Service Vulnerability in Cisco IOS XR 5.1 and Earlier on Network Convergence System 6000 Devices (Bug ID CSCuq10466) Denial of Service Vulnerability in Cisco Unified Communications Domain Manager Platform Software ZIP Inspection Engine Bypass Vulnerability in Cisco AsyncOS Denial of Service Vulnerability in Cisco ASA Software SQL*Net Inspection Engine Denial of Service Vulnerability in Cisco ASA Software 9.1 Denial of Service Vulnerability in Cisco ASA Software IKEv2 Implementation (CSCum96401) Race condition vulnerability in Cisco ASA Software versions 8.3 to 9.1 allows denial of service via TCP traffic (Bug ID CSCum00556) Denial of Service Vulnerability in Cisco ASA Software GTP Inspection Engine (CSCum56399) Denial of Service Vulnerability in Cisco ASA Software SunRPC Inspection Engine Denial of Service Vulnerability in Cisco ASA Software DNS Inspection Engine (CSCuo68327) Tunnel Filter Bypass Vulnerability in Cisco ASA Software Privilege Escalation Vulnerability in Cisco ASA Software Untrusted Search Path Vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) Clientless SSL VPN Portal Memory Disclosure and Modification Vulnerability Clientless SSL VPN Portal Customization Framework Authentication Bypass Vulnerability Certificate Validation Bypass in Cisco ASA Software Arbitrary File Download Vulnerability in Cisco WebEx Meetings Server (WMS) 2.5 Improper Compression in Cisco IOS XR on ASR 9000 Devices Allows ACL Bypass (Bug ID CSCup30133) Denial of Service Vulnerability in Cisco TelePresence MCU Software (Bug ID CSCtz35468) Information Disclosure Vulnerability in Cisco ASA Software Improper Session Management in Cisco ASA Software 9.2(.2.4) and Earlier Information Disclosure Vulnerability in Cisco WebEx Meetings Server Denial of Service Vulnerability in Cisco IPS/IDS (CSCuq39550) Certificate Validation Vulnerability in Cisco IOS XE ANI Component Certificate Validation Vulnerability in Cisco IOS XE ANI Component (CSCuq22677) Route-Injection Vulnerability in Cisco IOS XE Race condition in IP logging feature in Cisco IPS Software 7.1(7)E4 and earlier allows remote attackers to cause denial of service Memory Consumption Vulnerability in Cisco ASA Software Cisco Prime Optical 10 Cross-Site Scripting (XSS) Vulnerability (Bug ID CSCuq80763) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCuq93406) Vulnerability: Password Exposure via Syslog Management in Cisco ASA Software Unspecified Remote Code Execution Vulnerability in Juniper NSM XDB Service Arbitrary Command Execution Vulnerability in Juniper Junos Space Unspecified Account with Hardcoded Password in Juniper Networks Junos Space MySQL Server CSRF Vulnerability in Sharetronix Allows Unauthorized Administrative Privilege Escalation SQL Injection Vulnerability in Sharetronix 3.4: Remote Code Execution via invite_users[] Parameter Improper Permission Check in uPortal Allows Remote Users to Manage Arbitrary Portlets Improper Permission Check in uPortal Allows Remote Configuration of Portlets Arbitrary Command Execution in Infoblox NetMRI via skipjackUsername Parameter Default Password Vulnerability in Infoblox NetMRI Local File Overwrite Vulnerability in GNU Emacs 24.3 and Earlier Symlink Attack Vulnerability in GNU Emacs 24.3 and Earlier Local File Overwrite Vulnerability in GNU Emacs 24.3 and Earlier Local File Overwrite Vulnerability in GNU Emacs 24.3 and Earlier Denial of Service Vulnerability in NCSA Mosaic 2.0 and Earlier Denial of Service Vulnerability in NCSA Mosaic 2.1 through 2.7b5 CRLF Injection Vulnerability in Yealink VoIP Phones Firmware 28.72.0.2 Yealink VoIP Phones Firmware 28.72.0.2 XSS Vulnerability Unvalidated Origin in IPython Notebook Allows Remote Code Execution Incomplete SSL/TLS Handshake Denial of Service Vulnerability in Dovecot World-writable permissions for temporary files in Symantec PGP Desktop 10.x on OS X Arbitrary Web Script Injection Vulnerability in Symantec Data Insight Management Console HTML script injection vulnerability in Symantec Data Insight management console Buffer Overflow Vulnerability in Symantec Endpoint Protection (SEP) Client 11.x and 12.x Denial of Service Vulnerability in Symantec Encryption Desktop and PGP Desktop XML External Entity (XXE) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference. Cross-Site Scripting (XSS) Vulnerabilities in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 Arbitrary File Write Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 Arbitrary Command Execution via Log File Upload in Symantec Critical System Protection and Symantec Data Center Security Denial of Service Vulnerability in VideoLAN VLC Media Player 2.1.3 via Crafted .png File Denial of Service Vulnerability in Winamp 5.666 and Earlier Denial of Service Vulnerability in JetAudio 8.1.1 and Earlier Arbitrary Code Execution and Denial of Service Vulnerability in RealPlayer 16.0.3.51 and Earlier Authentication Bypass in HandsomeWeb SOS Webpages before 1.1.12 Arbitrary SQL Command Execution in BSS Continuity CMS 4.2.22640.0 Remote Denial of Service Vulnerability in BSS Continuity CMS 4.2.22640.0 Unauthenticated File Upload Remote Code Execution Vulnerability in BSS Continuity CMS 4.2.22640.0 Authentication Bypass vulnerability in BSS Continuity CMS 4.2.22640.0 Privilege Escalation Vulnerability in Panda Security Products OpenFire XMPP Server before 3.10 Vulnerability: Self-Signed Certificate Spoofing Denial of Service Vulnerability in K-lite Codec 10.4.5 and Earlier Eval Injection Vulnerability in Flag Module for Drupal CSRF Vulnerability in SemanticForms Extension for MediaWiki Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in SemanticForms Extension for MediaWiki Arbitrary Script Injection Vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 SolarWinds Network Configuration Manager (NCM) Heap-Based Buffer Overflow Vulnerability Arbitrary Code Execution via Directory Traversal in NetIQ Sentinel's NQMcsVarSet ActiveX Control Heap-based Buffer Overflow in QEMU 1.6.2 via Crafted Savevm Data in USB Bus Vulnerability: Insecure Configuration File in encfs 1.7.5 and earlier Incomplete Fix for EJB Invocation Handler Method Level Restriction Bypass Vulnerability in Red Hat JBossWS NULL pointer dereference vulnerability in gnutls_x509_dn_oid_name function in GnuTLS Buffer Overflow Vulnerability in GnuTLS read_server_hello Function Unspecified Denial of Service Vulnerabilities in GNU Libtasn1 DER Decoder Out-of-Bounds Access Vulnerability in GNU Libtasn1 NULL Pointer Dereference Vulnerability in GNU Libtasn1 NULL pointer dereference vulnerability in OpenSSL QEMU Use-After-Free Vulnerability in Virtio Block Device Hotplug Operations Bypassing Access Restrictions in JBoss Application Server 7 Arbitrary Code Injection through Orchestration/Stack Section in OpenStack Dashboard Arbitrary web script injection vulnerability in OpenStack Dashboard (Horizon) Arbitrary Web Script Injection in OpenStack Dashboard (Horizon) Users Panel Privilege Escalation via Chained Delegation in OpenStack Identity (Keystone) AccessDenied Error Vulnerability in D-Bus-daemon Buffer Overflow Vulnerability in Fileinfo Component of PHP Denial of Service Vulnerability in PHP Fileinfo Component Denial of Service Vulnerability in PHP Fileinfo Component XML External Entity (XXE) vulnerability in JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 SQL Injection Vulnerability in PostgreSQL Adapter for Active Record in Ruby on Rails SQL Injection Vulnerability in PostgreSQL Adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 Multiple stack-based buffer overflows in __dn_expand function in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 XML External Entity (XXE) Vulnerability in oVirt REST API Arbitrary Command Execution via Symlink Attack in Red Hat CloudForms 3.0 Management Engine Denial of Service Vulnerability in PHP Fileinfo Component Denial of Service Vulnerability in Netty's SslHandler Hard-coded Salt Vulnerability in Red Hat CloudForms 3.0 Management Engine XML External Entity (XXE) vulnerability in RESTEasy 2.3.1 to 2.3.8.SP2 and 3.x to 3.0.9 Arbitrary Web Script Injection in Foreman's New Host Groups Page Cross-Site Scripting (XSS) Vulnerabilities in Foreman YAML View Memory Corruption and Denial of Service Vulnerability in Samba Improper Warning Notification Generation in POP3 Kioslave in kdelibs 4.10.95 Improper SSL Certificate Verification in Duplicity 0.6.24 Arbitrary Command Execution via Shell Metacharacters in OpenShift Cartridge Repository Arbitrary Web Script Injection Vulnerability in OpenStack Swift Arbitrary Command Execution Vulnerability in Ansible User Module World-Readable and World-Writable Permissions on Docker 1.0.0 Management Socket Vulnerability Remote Start Page Manipulation in Apache Cordova Android Apache Cordova Android WebView HTTP Whitelist Bypass Vulnerability Arbitrary Application Access via Crafted URI Scheme in Apache Cordova Android Weak Random Password Generation in Apache Syncope 1.1.x before 1.1.8 Vulnerability: SSL Certificate Spoofing via NUL Byte in Common Name Field Double Free Vulnerability in OpenSSL DTLS Implementation Memory Consumption Denial of Service Vulnerability in OpenSSL DTLS Implementation Memory Leak Vulnerability in OpenSSL DTLS Implementation Vulnerability: Information Disclosure in OpenSSL's OBJ_obj2txt Function Race condition vulnerability in OpenSSL allows remote servers to cause denial of service or other impact Denial of Service Vulnerability in OpenSSL's ssl3_send_client_key_exchange Function Protocol Downgrade Vulnerability in OpenSSL 1.0.1 Buffer Overflow Vulnerabilities in OpenSSL SRP Implementation Memory Leak in OpenSSL DTLS SRTP Extension Allows Remote Denial of Service Bypassing Strong Parameters Protection in Active Record Type Confusion Vulnerability in PHP SPL Component Timing-based Brute Force Attack on Instance ID Signatures in OpenStack Compute (Nova) Arbitrary Code Execution Vulnerability in JBoss Remoting Arbitrary File Access Vulnerability in OpenVZ Modification for Linux Kernel 2.6.32 Unauthorized Project Access via Trust Token Request in OpenStack Identity (Keystone) Bypassing Access Restrictions in Red Hat Conga 0.12.2 X.509 Certificate Wildcard Spoofing Vulnerability in Apache Subversion Memory Leak in WinNT MPM Allows Remote DoS via Crafted Requests Arbitrary Command Execution Vulnerability in Apache OpenOffice Calc Spreadsheet Unspecified vulnerability in Apache Traffic Server: Unknown Impact and Attack Vectors Sensitive Information Disclosure in Apache Wicket CAS Proxy Ticket Authentication Bypass Vulnerability Apache Subversion Credential Caching Vulnerability XML External Entity (XXE) Vulnerability in Apache POI XML External Entity (XXE) vulnerability in org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink Cross-Site Scripting (XSS) Vulnerabilities in Foreman 1.5.2 Denial of Service Vulnerability in D-Bus 1.3.0 to 1.6.22 and 1.8.x to 1.8.6 Denial of Service Vulnerability in D-Bus 1.3.0 to 1.6.22 and 1.8.x to 1.8.6 Privilege Escalation via PTRACE_POKEUSR_AREA Vulnerability Denial of Service Vulnerability in Linux Kernel's netdevice.h RHN Account Information Leakage Vulnerability in CFME 5 Local Privilege Escalation Vulnerability in CUPS Web Interface Denial of Service Vulnerability in File Before 5.19 Arbitrary Code Execution via Unsafe pickle.load in Rope Library PHP Object Injection Vulnerability in Moodle Repositories Component XML External Entity (XXE) vulnerability in mod/lti/service.php in Moodle before 2.7.1 XML External Entity (XXE) vulnerability in mod/imscp/locallib.php in Moodle Skype ID Profile Field XSS Vulnerability in Moodle Arbitrary Code Execution Vulnerability in Moodle Quiz Calculated Questions Information Disclosure Vulnerability in Moodle Cross-Site Scripting (XSS) Vulnerabilities in Moodle's badges/renderer.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in Moodle Cross-site scripting (XSS) vulnerability in user_login_failed.php in Moodle 2.7.x before 2.7.1 Cross-Site Scripting (XSS) Vulnerabilities in Moodle 2.7.x before 2.7.1 Cross-Site Scripting (XSS) Vulnerabilities in Moodle's Advanced-Grading Implementation Session Hijacking Vulnerability in Shibboleth Authentication Plugin in Moodle Inadequate Access Restriction in Moodle's mod/forum/classes/post_form.php Buffer Overflow in libndp's ndp_msg_opt_dnssl_domain Function Allows Remote Code Execution Denial of Service Vulnerability in OpenStack Neutron STARTTLS Implementation Vulnerability in nginx SMTP Proxy Bypassing Java Security Manager in Hibernate Validator Memory Snapshot Leakage in oVirt Storage Backend Arbitrary Code Execution Vulnerability in Samba 4.0.x and 4.1.x Sensitive Information Disclosure in rhevm-log-collector Package Sensitive Replicated Metadata Disclosure in Red Hat Directory Server 8 and 389 Directory Server Unspecified Local File Creation Vulnerabilities in Salt (aka SaltStack) Heap-based Buffer Overflow in GPGME's status_handler Function Denial of Service Vulnerability in net-snmp 5.7.0 and Earlier POODLE: SSL Protocol 3.0 Vulnerability Memory Leak Vulnerability in OpenSSL's tls_decrypt_ticket Function SSL 3.0 Handshake Bypass Vulnerability NULL pointer dereference and daemon crash vulnerability in OpenSSL Insecure BIGNUM Squaring in OpenSSL Denial of Service Vulnerability in OpenSSL DTLS Handshake Processing ECDHE-to-ECDH Downgrade Vulnerability in OpenSSL XML External Entity (XXE) vulnerability in oVirt Engine backend module XML Entity Expansion (XEE) Attack in Apache POI Arbitrary Data Embedding Vulnerability in Apache OpenOffice and OpenOffice.org Denial of Service Vulnerability in Apache ActiveMQ Improper Server Hostname Verification in Apache HttpComponents HttpClient and HttpAsyncClient Arbitrary File Read Vulnerability in Pivotal Spring Framework XML External Entity (XXE) Vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 Apache Subversion mod_dav_svn Denial of Service Vulnerability Apache HTTP Server mod_cache Denial of Service Vulnerability Arbitrary System Command Execution Vulnerability in Ambari SSL Certificate Generation Denial of Service Vulnerability in Apache HTTP Server 2.4.10 Denial of Service Vulnerability in Apache CXF SAML Header InHandler GPG Signature Bypass Vulnerability in redhat-upgrade-tool Weak Permissions for .jboss-cli-history File in Red Hat Enterprise Application Platform and WildFly Integer Overflow in CDF File Parsing in PHP Denial of Service Vulnerability in PIL/IcnsImagePlugin.py CSRF Token Bypass Vulnerability in Foreman Electromagnetic Field Side-Channel Attack on Libgcrypt and GnuPG Stored XSS Vulnerability in OpenShift Origin Due to Improper Team Name Validation Eval Injection Vulnerability in Luci 0.26.0: Remote Code Execution via Crafted Cluster Configuration Arbitrary Web Script Injection in OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in spacewalk-java versions 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 Incomplete verification of server hostname in Apache Axis 1.4 and earlier allows SSL server spoofing via X.509 certificate with incorrect Common Name (CN) field. Buffer overflow vulnerability in php_parserr function in PHP before 5.4.32 and 5.5.x before 5.5.16 Denial of Service Vulnerability in Pillow's Jpeg2KImagePlugin Plugin HornetQ REST: Insecure RestEasy Configuration Allows XML External Entity Vulnerability Apache ActiveMQ 5.x XXE Vulnerability in XPath-based Selector Memory Corruption and Denial of Service Vulnerability in Linux Kernel's kvm_iommu_map_pages Function Information Disclosure Vulnerability in Red Hat OpenShift Enterprise SSL Server Spoofing Vulnerability Improper Server Hostname Verification in Not Yet Commons SSL Insecure SSL Server Verification in Ldaptive (formerly vt-ldap) VMWare Driver in OpenStack Compute (Nova) Quota Bypass and Denial of Service Vulnerability Denial of Service Vulnerability in Squid HTTPHdrRange.cc Vulnerability: Denial of Service in Linux Kernel through WRMSR Processing Race condition in __kvm_migrate_pit_timer function allows denial of service Unauthenticated Bind Vulnerability in Apache ActiveMQ 5.x Cookie Domain Name Vulnerability in cURL and libcurl Denial of Service Vulnerability in PowerDNS Recursor 3.6.x VGA Emulator in QEMU Allows Local Guest Users to Read Host Memory via High Resolution Display Setting Virtual Host Confusion Vulnerability in Nginx Bypassing Individual Answer-Posting Requirement and Discovering Author's Username in Moodle Q&A Forum Heap-based Buffer Overflow in formail in procmail 3.22 via Crafted Email Header Denial of Service Vulnerability in GlusterFS 3.5 via 00000000 Fragment Header Same Origin Policy Bypass in cURL and libcurl versions prior to 7.38.0 Sensitive Configuration Options Disclosure in OpenStack Identity (Keystone) Use-after-free vulnerability in PHP 5.6.x before 5.6.1 allows remote code execution SAML SubjectConfirmation Method Spoofing Vulnerability in Apache WSS4J Apache Traffic Server Remote Access Bypass Vulnerability Arbitrary File Read Vulnerability in Pivotal Spring Framework Double Decoding Vulnerability in Grails Resource Plugin YARN NodeManager Symlink Attack Vulnerability Arbitrary Web Script Injection in Apache Solr Admin UI Plugin Apache Qpid 0.30 XML External Entity (XXE) Vulnerability XML External Entity (XXE) Vulnerability in Java XML Processing in Play Framework Denial of Service Vulnerability in Linux Kernel's assoc_array_gc Function Privilege Escalation via Crafted Configuration File in Red Hat OpenStack-Neutron Package Out-of-Bounds Read Vulnerability in libvirt's qemuDomainGetBlockIoTune Function Out-of-Bounds Array Access Vulnerability in rsyslog and sysklogd Heap-based buffer overflow vulnerability in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 D-Bus Denial of Service Vulnerability D-Bus Denial of Service Vulnerability Denial of Service Vulnerability in D-Bus bus_connections_check_reply Function Denial of Service Vulnerability in D-Bus NULL Pointer Dereference in sosendto Function in QEMU Remote File Data Disclosure in OpenStack Cinder Privilege Escalation via Insecure Send Method in Red Hat CloudForms 3.1 Management Engine (CFME) Vulnerability: XXE Exploitation via Parameter Entities in Jersey SAX Parser Missing Exit Handler for INVEPT Instruction in KVM Subsystem Allows Denial of Service Missing Exit Handler for INVVPID Instruction in KVM Subsystem Allows Denial of Service Denial of Service Vulnerability in KVM Subsystem of Linux Kernel User-controlled deviceTokens can be exploited to turn the server into a DDOS vector or an anonymizer for malware: User-Controlled DeviceTokens Exploit: Turning Servers into DDOS Vectors and Malware Anonymizers Reflected XSS Vulnerability in JBoss AeroGear Password Field Multiple Persistent Cross-Site Scripting (XSS) Vulnerabilities in Aerogear Denial of Service Vulnerability in JBoss KeyCloak 1.0.3.Final Open Redirect Vulnerability in JBoss KeyCloak: Failure to Validate Redirect URL Template Preview Cross-Site Scripting (XSS) Vulnerability in Foreman Multiple Cross-Site Scripting (XSS) Vulnerabilities in Spacewalk-Java 2.0.2 Vulnerability: CSRF Exploit Allows Soft Token Deletion in JBoss KeyCloak Cross-Site Scripting (XSS) Vulnerability in JBoss KeyCloak's login-status-iframe.html Denial of Service Vulnerability in libvirt's virDomainListPopulate Function Denial of Service via Billion Laughs Attack in libxml2 Denial of Service Vulnerability in Jenkins CLI Handshake User Enumeration Vulnerability in Jenkins Arbitrary Job Creation and Destruction Vulnerability in Jenkins Arbitrary File Read Vulnerability in Jenkins Trust Separation Vulnerability in Jenkins Allows Remote Code Execution on Master Remote Code Execution Vulnerability in Jenkins Jenkins Plugin Code Disclosure Vulnerability Buffer Overflow Vulnerability in XMLRPC Extension in PHP Integer Overflow in unserialize function in PHP versions before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 Heap Memory Corruption and Application Crash Vulnerability in PHP EXIF Extension Denial of Service Vulnerability in QEMU and Xen via Host Disk Consumption Denial of Service Vulnerability in Linux Kernel SCTP Implementation Unrestricted Access to Gears in Red Hat OpenShift Enterprise before 2.2 Shim Vulnerability: Denial of Service via Crafted DHCPv6 Packet Shim Vulnerability: Remote Code Execution via Crafted IPv6 Address Arbitrary Code Execution Vulnerability in Shim via Crafted MOK List Arbitrary Web Script Injection in Jenkins Monitoring Plugin Information Disclosure Vulnerability in Monitoring Plugin for Jenkins Jenkins Vulnerability: Password Field Disclosure in Parameterized Jobs Arbitrary Web Script Injection Vulnerability in Jenkins XML External Entity (XXE) Vulnerability in JBPMBpmn2ResourceImpl in jbpm-designer Integer Overflow Vulnerability in rsyslog and sysklogd Insecure Process Adoption in TORQUE Resource Manager Arbitrary Command Execution Vulnerability in wpa_supplicant and hostapd Denial of Service Vulnerability in Linux Kernel SCTP Implementation Denial of Service Vulnerability in Linux Kernel SCTP Implementation Privilege Escalation Vulnerability in QEMU's vmware-vga Driver Uncontrolled CR4 Value Modification Vulnerability in Linux Kernel's KVM Subsystem SSL Certificate Validation Bypass in Smart Proxy Default Root Password Vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 Impress Remote Socket Manager Use-After-Free Vulnerability Certificate Spoofing Vulnerability in Pidgin's libpurple SSL/TLS Plugins Denial of Service Vulnerability in Pidgin's MXit Protocol Plugin Denial of Service Vulnerability in Pidgin's Novell GroupWise Protocol Plugin Absolute Path Traversal Vulnerability in Pidgin's untar_block Function Information Disclosure Vulnerability in Pidgin's Jabber Protocol Plugin eDeploy Vulnerability: Remote Code Execution via Untrusted Data Deserialization eDeploy Remote Code Execution Vulnerability Race Condition Vulnerability in eDeploy's Temporary File Handling eNovance eDeploy Directory Traversal Vulnerability OpenStack PackStack 2012.2.1 Firewall Bypass Vulnerability SQL Injection Vulnerability in Drupal Core 7.x before 7.32 ovirt-engine Vulnerability: Man-in-the-Middle Attack via vdsm X.509 Certificate Spoofing Out-of-Bounds Read Vulnerability in libcurl's curl_easy_duphandle Function Denial of Service Vulnerability in OpenStack Compute (Nova) API Lack of CSRF Protection in org.keycloak.services.resources.SocialResource.callback Method in JBoss KeyCloak Denial of Service Vulnerability in Fileinfo Component of PHP 5.4.34 Denial of Service Vulnerability in FreeBSD 9.1 through 10.1-RC2 via Memory Exhaustion Denial of Service Vulnerability in Katello via Mode and Action Parameters Buffer Overflow Vulnerability in ARM Image Loading Functionality in Xen 4.4.x Buffer Overflow Vulnerability in Xen 4.4.x Allows Local Users to Read System Memory or Cause Denial of Service Denial of Service Vulnerability in Xen 4.4.x via Improper Alignment Check Buffer Overflow Vulnerability in Xen 4.4.x for 64-bit ARM Guest Kernels Multiple Cross-Site Scripting (XSS) Vulnerabilities in Ex Libris ALEPH 500 Integrated Library Management System SQL Injection Vulnerabilities in Ex Libris ALEPH 500 (Integrated Library Management System) 18.1 and 20 Open Redirect Vulnerability in Django's is_safe_url Function Denial of Service Vulnerability in Intel Indeo Video 4.5 Codec Cross-site scripting (XSS) vulnerability in Lamp Design Storesprite before 7 - 19-06-14 Arbitrary Web Script Injection via Device Title in Zenoss 4.2.5 Open Redirect Vulnerability in Zenoss 4.2.5: Phishing Attack via came_from Parameter Arbitrary Script Injection in SpiceWorks Ticket Portal Arbitrary Command Execution in node-printer Module Denial of Service Vulnerability in hapi Server Framework 2.0.x and 2.1.x Cross-Site Scripting (XSS) Vulnerabilities in Marked Module for Node.js Directory Traversal Vulnerability in Node.js st Module (Versions before 0.2.5) SQL Injection Vulnerability in Construtiva CIS Manager Unverified X.509 Certificate Vulnerability in Bilyoner Application Arbitrary Code Execution Vulnerability in G Data TotalProtection 2014 Security Feature Bypass in AgileBits 1Password through 1.0.9.340 Denial of Service Vulnerability in Qt's QSvg Module Denial of Service Vulnerability in Mumble 1.2.x SQL Injection Vulnerability in sorter.php in phpManufaktur kitForm Extension Arbitrary Code Injection through BibTex Publications Extension in TYPO3 SQL Injection Vulnerabilities in BibTex Publications Extension for TYPO3 CSRF Vulnerabilities in D-Link DAP 1150 Firmware 1.2.94 Allow Remote Authentication Hijacking Arbitrary Script Injection Vulnerability in D-Link DAP 1150 Firmware 1.2.94 Palo Alto Networks PAN-OS Cross-Site Scripting (XSS) Vulnerability Access Restriction Bypass in TeamPass before 2.1.20 via Language File Path Access Restriction Bypass in TeamPass before 2.1.20 Multiple SQL Injection Vulnerabilities in TeamPass Cross-Site Scripting (XSS) Vulnerabilities in TeamPass before 2.1.20 Remote Code Execution Vulnerability in libgadu Buffer Overflow in read-u8vector! Procedure in CHICKEN Stable 4.8.0.7 and Development Snapshots Directory Traversal Vulnerability in Reportico PHP Report Designer Allows Arbitrary File Read Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in ARRIS SBG901 SURFboard Wireless Cable Modem Arbitrary Script Injection in ZOHO ManageEngine ADSelfService Plus Unspecified Authentication Bypass Vulnerability in Citrix VDI-In-A-Box Authentication Bypass Vulnerability in Dotclear before 2.6.3 Arbitrary PHP Code Execution Vulnerabilities in Dotclear Media Manager Arbitrary SQL Command Execution in Dotclear 2.6.3 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Pixie CMS 1.04 Contact Module Arbitrary Table Read Vulnerability in SAP NetWeaver 7.20 and Earlier Arbitrary Code Execution via Negative Content-Length Field in Cogent DataHub Web Server Arbitrary Command Execution in Cogent DataHub GetPermissions.asp Remote Code Execution in Ruby vSphere Console (RVC) via Chroot Jail Escape Arbitrary Code Execution via Stack-based Buffer Overflow in Easy File Sharing (EFS) Web Server 6.8 CSRF Vulnerability in Beetel 450TC2 Router Allows Remote Password Hijacking Privilege escalation and denial of service vulnerability in VMware Tools for Windows 8.1 guest OS Input Validation Vulnerability in VMware NSX and vCloud Networking and Security (vCNS) Arbitrary Web Script Injection Vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 Denial of Service Vulnerability in Citrix XenServer 6.2 SP1 and Earlier World-readable permissions in XBMC 13.0 expose sensitive information in .xbmc/userdata/sources.xml Information Disclosure Vulnerability in OpenStack Orchestration API (Heat) Arbitrary Code Execution and Memory Corruption Vulnerability in msdia.dll Unauthenticated Microphone Access and Speech Recognition Text Leakage in Google Chrome Remote Code Execution in AlienVault OSSIM SOAP Service Remote Code Execution in AlienVault OSSIM SOAP Service Directory Traversal Vulnerability in VMTurbo Operations Manager before 4.6 Multiple Cross-Site Scripting (XSS) Vulnerabilities in BarracudaDrive 6.7.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in BarracudaDrive before 6.7.2 Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 XSS Vulnerability in Management Interface SQL Injection Vulnerability in BoonEx Dolphin 7.1.4 and Earlier: Remote Code Execution via administration/profiles.php Privilege Escalation Vulnerability in Juniper Installer Service (JIS) Client 7.x and Junos Pulse Client before 4.0R6 Weak Encryption Algorithms in Juniper Junos Pulse Secure Access Service and Junos Pulse Access Control Service Denial of Service Vulnerability in Juniper Networks NetScreen Firewall Products with ScreenOS Denial of Service Vulnerability in Juniper Networks NetScreen Firewall Devices Denial of Service Vulnerability in Juniper Junos 12.1X46 and 12.1X47 on SRX Series Devices via Crafted SIP Packet Privilege Escalation Vulnerability in Juniper Junos Denial of Service Vulnerability in Juniper Junos SRX Series Devices with NAT Protocol Translation from IPv4 to IPv6 Denial of Service Vulnerability in Juniper Junos OS Juniper Junos Auto-RP Denial of Service Vulnerability Arbitrary web script injection vulnerability in Juniper Junos Pulse Secure Access Service and Junos Pulse Access Control Service Cross-site scripting (XSS) vulnerability in Juniper Junos Web Authentication (webauth) Denial of Service Vulnerability in Juniper Junos SRX Series Devices Clickjacking Vulnerability in Juniper Junos Pulse Secure Access Service (SSL VPN) Devices Arbitrary Web Script Injection Vulnerability in Juniper Junos Pulse Secure Access Service (SSL VPN) Devices Denial of Service Vulnerability in Juniper SRX Series Devices with ALG Enabled Arbitrary Script Injection in MyBB Config-Profile_Fields Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in MyBB (MyBulletinBoard) 1.8.4 and Earlier Multiple SQL Injection Vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 Arbitrary Command Execution in Centreon 2.5.1 and Centreon Enterprise Server 2.2 Arbitrary Web Script Injection Vulnerability in TomatoCart 1.1.8.6.1 Arbitrary Script Injection in ownCloud Server 6.0.x Documents Component Cross-Site Scripting (XSS) Vulnerabilities in ownCloud Server before 5.016 and 6.0.x before 6.0.3 Improper Permission Checks in ownCloud Server 6.0.3 Unrestricted File External Storage Addition Vulnerability in ownCloud Server Cross-Site Request Forgery (CSRF) Vulnerabilities in ownCloud Server before 6.0.3 File Enumeration Vulnerability in ownCloud Server before 6.0.3 Improper Permission Check Allows Unauthorized File Name Access in ownCloud Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mayan EDMS 0.13 Cross-site scripting (XSS) vulnerability in Contact Bank plugin before 2.0.20 for WordPress Cross-Site Scripting (XSS) Vulnerabilities in iMember360 WordPress Plugin (Versions 3.8.012 - 3.9.001) CSRF Vulnerability in Search Everything Plugin for WordPress Unauthenticated Remote Modification of TinyMCE Color Picker Plugin Settings CSRF Vulnerability in TinyMCE Color Picker Plugin for WordPress Flying Cart Cross-Site Scripting (XSS) Vulnerability in index.php Unrestricted Access Vulnerability in iMember360 Plugin for WordPress Arbitrary User Deletion Vulnerability in iMember360 Plugin for WordPress CSRF Vulnerability in WordPress Member Approval Plugin Allows Unauthorized Settings Changes World-readable permissions for passwd.db in create_passwd_file.py in Pyplate 0.08 allow local users to obtain administrator password Missing HTTPOnly Flag in Pyplate 0.08 Set-Cookie Header for id Cookie Vulnerability Insecure Cookie Transmission in Pyplate 0.08 CSRF Vulnerability in Pyplate 0.08 Allows XSS Attacks via title Parameter Pyplate 0.08 Directory Traversal Vulnerability Privilege Escalation via Predictable Temporary File Names in fish-shell 1.23.0 to 2.1.1 SQL Injection Vulnerabilities in Kerio Control Statistics ISC BIND 9.10.0 Denial of Service Vulnerability DLL Hijacking Vulnerability in Xilisoft Video Converter Ultimate 7.8.1 build-20140505 Arbitrary Web Script Injection in HL7 C-CDA 1.1 and Earlier Arbitrary URL Disclosure in CDA.xsl of HL7 C-CDA 1.1 and Earlier Arbitrary Script Injection in JChatSocial Component for Joomla! Directory Traversal Vulnerability in dpkg-source in dpkg-dev 1.3.0 Directory Traversal Vulnerabilities in dpkg-source in dpkg-dev 1.3.0 Cross-Site Request Forgery (CSRF) Vulnerabilities in Usercake 2.0.2 and Earlier Allow Authentication Hijacking Missing HTTPOnly Flag in IBM Sametime Meeting Server Cookie Critical SQL Injection Vulnerabilities Found in ZeusCart 4.x Arbitrary Script Injection in bib2html WordPress Plugin SQL Injection Vulnerabilities in GeoCore MAX 7.3.3 SQL Injection Vulnerabilities in D-Link DAP-1350 (Rev. A1) Firmware 1.14 and Earlier Kernel Memory Disclosure Vulnerability in FreeBSD's ktrace Utility Cross-Site Scripting (XSS) Vulnerability in Frams' Fast File EXchange (F*EX) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Frams' Fast File EXchange (F*EX) Cross-Site Scripting (XSS) Vulnerability in Frams' Fast File EXchange (F*EX) Cross-Site Scripting (XSS) Vulnerabilities in Ipswitch IMail Server 12.3 and 12.4 Authentication Bypass Vulnerability in OpenPAM Nummularia 9.2 through 10.0 Denial of Service Vulnerability in FreeBSD Kernel's execve and fexecve System Calls CSRF Vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 Allows Remote User Hijacking CSRF Vulnerability in Login Rebuilder Plugin for WordPress Allows User Authentication Hijacking Arbitrary Command Execution Vulnerability in Usermin Unspecified Cross-Site Scripting (XSS) Vulnerability in Usermin before 1.600 Webmin XSS Vulnerability Unspecified Cross-Site Scripting (XSS) Vulnerability in Webmin before 1.690 Incomplete fix for Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk firmware before 1.05e1-2.0.5 Arbitrary Code Execution via Crafted Packet in Yokogawa CENTUM CS and Exaopc Denial of Service Vulnerability in Silex SX-2000WG Devices with Firmware Before 1.5.4 Denial of Service Vulnerability in silex SX-2000WG Devices with Firmware Before 1.5.4 Remote Code Execution Vulnerability in RimArts Becky! Internet Mail Unspecified Cross-Site Scripting (XSS) Vulnerability in Nexa Meridian (pre-2014) Arbitrary Web Script Injection via HTTP Referer Header in PHP Kobo Multifunctional MailForm Free Authentication Bypass Vulnerability in I-O DATA Cameras CSRF Vulnerabilities in Seeds acmailer: Remote User Authentication Hijacking Arbitrary Web Script Injection in Homepage Decorator PerlMailer 3.10 and Earlier Fujitsu ServerView Operations Manager XSS Vulnerability Denial of Service Vulnerability in Gretech GOM Player 2.2.51.5149 and Earlier Arbitrary Script Injection in Piwigo 2.6.3 and Earlier Denial of Service Vulnerability in Raritan Japan Dominion KX2-101 Switches Unverified X.509 Certificates in CyberAgent Ameba Android App Allows Man-in-the-Middle Attacks Cakifo Theme 1.x XSS Vulnerability in Exif Data Injection Arbitrary SQL Command Execution in tenfourzero Shutter 0.1.4 Arbitrary Web Script Injection Vulnerability in tenfourzero Shutter 0.1.4 OSK Advance-Flow and Advance-Flow Forms SQL Injection Vulnerability CSRF Vulnerability in MailPoet Newsletters Plugin for WordPress Allows User Authentication Hijacking Unverified SSL Certificates Vulnerability in Amazon Kindle for Android Session Fixation Vulnerability in Falcon WisePoint 4.1.19.7 and Earlier: Remote Session Hijacking Privilege Escalation in Emurasoft EmFTP via Trojan Horse Executable Arbitrary Code Execution Vulnerability in Samsung iPOLiS Device Manager Stack-based Buffer Overflow in Samsung iPOLiS Device Manager ActiveX Control Remote Code Execution Vulnerability in Ericom AccessNow Server Directory Traversal Vulnerability in Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 Remote Code Execution Vulnerability in UserRequest Servlet Denial of Service Vulnerability in Ruby 1.9.3, 2.0.0, and 2.1 Kernel Memory Disclosure and Denial of Service Vulnerability Netgear CG3100 Devices Vulnerable to Information Disclosure via Embedded Malicious Script CSRF Vulnerability in Kanboard Allows Remote Authentication Hijacking Arbitrary Code Injection via Simple Popup Images Plugin in WordPress Arbitrary Script Injection Vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross-Site Scripting (XSS) Vulnerabilities in DZS Video Gallery Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Webmin and Usermin Cleartext Password Exposure in sosreport Archive Arbitrary Web Script Injection Vulnerability in Cougar LG 1.9 Arbitrary Shell Code Execution in mrlg4php before 1.0.8 Insecure Storage of Sensitive Information in Cougar-LG Web Application Sensitive Information Exposure in Cougar-LG: Remote Access to Private SSH Keys Insufficient Access Controls in Cistron-LG 1.01 Allow Remote Retrieval of Sensitive Information Arbitrary Memory Write and Corruption Vulnerability in MRLG (Multi-Router Looking Glass) Arbitrary SQL Command Execution Vulnerability in CoSoSys Endpoint Protector 4 Arbitrary Script Injection in AddressField Tokens Module for Drupal SQL Injection Vulnerability in PHP-Nuke 8.3 Submit_News Module SQL Injection Vulnerability in Glossaire Module 1.0 for XOOPS Stack-based Buffer Overflow in D-Link DSP-W215, DIR-505, and DIR-505L Allows Remote Code Execution Arbitrary SQL Command Execution in Contextual Related Posts Plugin for WordPress Heap-based Buffer Overflow in Autodesk SketchBook Pro before 6.2.6 via Crafted Layer Mask Data in PSD File Autodesk SketchBook Pro Heap-Based Buffer Overflow Vulnerability Race condition vulnerability in Linux kernel through 3.14.5 allows denial of service via numa_maps read operations during hugepage migration TYPO3 Multiple Versions Host Spoofing Vulnerability Arbitrary PHP Code Execution in TYPO3 Color Picker Wizard Component Unspecified Cross-Site Scripting (XSS) Vulnerabilities in TYPO3 Versions 4.5.0 - 4.5.34, 4.7.0 - 4.7.19, 6.0.0 - 6.0.14, 6.1.0 - 6.1.9, and 6.2.0 - 6.2.3 Session Timeout Bypass Vulnerability in TYPO3 6.2.0 - 6.2.3 Authentication Bypass Vulnerability in TYPO3 Insecure Query Caching in TYPO3 Extbase Framework Arbitrary Code Execution via Unrestricted File Upload in TYPO3 Powermail Extension Arbitrary Code Injection through XSS in Powermail Extension for TYPO3 Arbitrary Code Injection in TYPO3 Grid Elements Extension NULL pointer dereference vulnerability in HZ module in iconv implementation in FreeBSD 10.0 and NetBSD Uninitialized Buffer Vulnerability in FreeBSD Kernel Kernel Memory Information Disclosure Vulnerability in FreeBSD Stack-based Buffer Overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 Denial of Service Vulnerability in FreeBSD 8.4 through 10.1-RC2 via Remote RIP Request Improper Argument Order in sm_close_on_exec Function Allows Unauthorized Access to File Descriptors Arbitrary web script injection vulnerability in F5 BIG-IP LTM and other products OpenNMS Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary SQL Command Execution in Participants Database Plugin for WordPress Multiple SQL Injection Vulnerabilities in Videos Tube 1.0 Arbitrary Preview Picture Access in ownCloud Server before 6.0.1 Arbitrary Web Script Injection in MediaWiki Special:PasswordReset NULL pointer dereference vulnerability in Xen HVMOP_inject_msi function Denial of Service Vulnerability in Xen HVMOP_inject_msi Function Unrestricted Write Permissions Vulnerability in Xen 4.4.x on ARM Systems Denial of Service Vulnerability in PulseAudio's pa_rtp_recv Function Denial of Service Vulnerability in MongoDB 2.6.x Apexis APM-J601-WS Cameras Firmware Directory Traversal Vulnerability Multiple SQL Injection Vulnerabilities in FrontAccounting (FA) Before 2.3.21 Cross-Site Scripting (XSS) Vulnerability in AuraCMS 3.0 and Earlier via viewdir Parameter in filemanager.php Absolute Path Traversal Vulnerability in AuraCMS 3.0 Filemanager.php Buffer Overflow Vulnerability in A10 Networks ACOS Incomplete Fix for Symlink Attack in libodm.a on IBM AIX 6.1 and 7.1, and VIOS 2.2.x SQL Injection Vulnerability in TomatoCart 1.1.8.6.1: Remote Code Execution via Address Book Contact Fields Denial of Service Vulnerability in Bytemark Symbiosis via Crafted Username Privilege Escalation via Improper Use of UNIX Domain Sockets in libfep 0.0.5 before 0.1.0 Local File Overwrite Vulnerability in PHP 5.5.13 and Earlier Arbitrary File Overwrite Vulnerability in Lynis on AIX Unspecified Remote Vulnerabilities in Libav before 0.8.12 Out-of-Bounds Read Vulnerability in MiniUPnP 1.9's getHTTPResponse Function Local File Overwrite Vulnerability in Lynis before 1.5.5 via Symlink Attack on /tmp/lynis.*.unsorted File Arbitrary Script Injection in SunHater KCFinder 3.11 and Earlier Arbitrary Code Execution via Serialized PHP Object in OpenCart 1.5.6.4 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Dolibarr ERP/CRM 3.5.3 SQL Injection Vulnerabilities in Dolibarr ERP/CRM 3.5.3: Remote Code Execution Arbitrary web script injection vulnerability in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django Arbitrary web script injection vulnerability in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django Arbitrary SQL Command Execution in ManageEngine Products SQL Injection Vulnerability in MetadataServlet of ManageEngine Products Authentication Bypass Vulnerability in Horde_Ldap Library Cacti PHP Object Injection Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cacti 0.8.8b Remote Code Execution Vulnerability in SAP NetWeaver System Landscape Directory (SLD) Hardcoded Credentials Vulnerability in SAP Project System Hardcoded Credentials in SAP Brazil Add-On: A Gateway for Remote Attackers Hardcoded Credentials Vulnerability in SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas Hardcoded Credentials in SAP Upgrade Tools for ABAP Hardcoded Credentials Vulnerability in SAP Web Services Tool Hardcoded Credentials Vulnerability in SAP CCMS Monitoring Hardcoded Credentials in SAP Transaction Data Pool Vulnerability Hardcoded Credentials in SAP Capacity Leveling Vulnerability Hardcoded Credentials in SAP Open Hub Service Aruba Networks ClearPass Policy Manager SQL Injection Vulnerability Vulnerability: Bypassing chmod Restrictions via User Namespace in Linux Kernel Arbitrary Script Injection Vulnerability in Conversion Ninja WordPress Plugin Default Password Vulnerability in ZTE ZXV10 W300 Router Insufficient Access Control in ZTE ZXV10 W300 Router Allows Unauthorized Access to Sensitive Information Denial of Service Vulnerability in Wireshark 1.10.x Memory Leakage Vulnerability in Xen Hypervisor Improper Initialization of Grant Table Pages in Xen 4.4.x on ARM Platform Arbitrary web script injection vulnerability in F5 BIG-IP Configuration Utility Timing side-channel vulnerability in SSL virtual servers in F5 BIG-IP systems Improper Initialization in rd_build_device_space Function Allows Information Disclosure CSRF Vulnerability in JW Player Plugin for WordPress Allows Unauthorized Player Deletion Aruba Networks ClearPass Policy Manager Database Credential Disclosure Vulnerability Arbitrary Web Script Injection Vulnerability in Fiyo CMS 1.5.7 Arbitrary Web Script Injection Vulnerability in Epignosis eFront 3.6.14.4 Arbitrary SQL Command Execution in ZeroCMS 1.0 via zero_view_article.php Arbitrary Web Script Injection in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 via title parameter ImpressCMS 1.3.6.1 - Cross-Site Scripting (XSS) Vulnerability in modules/system/admin.php Arbitrary Web Script Injection in FCKeditor's spellchecker.php Arbitrary File Overwrite Vulnerability in ppc64-diag 2.6.1 Insecure Permissions in ppc64-diag 2.6.1 Allows Unauthorized Access to Sensitive Information Cleartext Password Exposure in PowerPC-Utils Archive Use-after-free vulnerability in posix_spawn_file_actions_addopen function in glibc before 2.20 Uninitialized Memory Access Vulnerability in OpenAFS 1.6.8 Denial of Service Vulnerability in PJSIP Channel Driver in Asterisk Open Source 12.x Arbitrary Shell Command Execution via MixMonitor Action in Asterisk Open Source and Certified Asterisk Denial of Service Vulnerability in Asterisk Open Source and Certified Asterisk Denial of Service Vulnerability in PJSIP Channel Driver in Asterisk Open Source PHP 5.6.0beta4 and Earlier Heap-Based Buffer Overflow in php_parserr Function Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability CSyncBasePlayer Use After Free Vulnerability in MCPlayer.dll Microsoft SQL Server Stack Overrun Vulnerability .NET ASLR Vulnerability Internet Explorer Memory Corruption Vulnerability Windows Kernel Pool Allocation Vulnerability Internet Explorer Remote Code Execution Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Remote Code Execution Vulnerability Lync Denial of Service Vulnerability Lync XSS Information Disclosure Vulnerability Lync Denial of Service Vulnerability .NET Framework Denial of Service Vulnerability .NET ClickOnce Elevation of Privilege Vulnerability Privilege Escalation via Task Scheduler in Microsoft Windows MVC XSS Vulnerability in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 TCP/IP Elevation of Privilege Vulnerability in Microsoft Windows Server 2003 SP2 Microsoft IME (Japanese) Elevation of Privilege Vulnerability IIS Security Feature Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Win32k.sys Elevation of Privilege Vulnerability Sandworm Attack: Windows OLE Remote Code Execution Vulnerability Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability Microsoft SharePoint Foundation 2010 SP2 Cross-Site Scripting (XSS) Vulnerability Microsoft Word File Format Vulnerability MSXML Remote Code Execution Vulnerability .NET Framework Remote Code Execution Vulnerability .NET ASLR Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Privilege Escalation Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer ASLR Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability TrueType Font Parsing Remote Code Execution Vulnerability TypeFilterLevel Vulnerability Arbitrary File Write Vulnerability in Scheme 48's scheme48-send-definition Function Arbitrary File Creation and Code Execution Vulnerability in AlienVault OSSIM SOAP Service Arbitrary Code Execution Vulnerability in AlienVault OSSIM's av-centerd SOAP Service Arbitrary File Read Vulnerability in AlienVault OSSIM SOAP Service Insufficient Access Control in ZTE ZXV10 W300 Router Firmware Allows Remote Password Retrieval CSRF Vulnerability in ZTE ZXV10 W300 Router Allows Remote Password Hijacking Proxmox VE User Enumeration Vulnerability Bypassing PR_SET_SECCOMP Restrictions in Linux Kernel on MIPS Platform Remote Code Execution Vulnerability in Kolibri 2.0 via Long URI in GET Request Open Redirect Vulnerability in SAP SRM's la/umTestSSO.jsp Cross-Site Scripting (XSS) Vulnerabilities in SAP NetWeaver Business Client (NWBC) Testcanvas Node Arbitrary Web Script Injection Vulnerability in SAP SRM's la/umTestSSO.jsp Zyxel P-660HW-T1 (v3) Wireless Router CSRF Vulnerabilities: Admin Authentication Hijacking for WiFi Password and SSID Changes Cross-Site Request Forgery (CSRF) Vulnerabilities in Featured Comments Plugin for WordPress AlgoSec FireFlow 6.3-b230 XSS Vulnerability in SelfService/Prefs.html Arbitrary Web Script Injection in ntop's RRD Plugin via Title Parameter SHOUTcast DNAS 2.2.1 Song History Cross-Site Scripting (XSS) Vulnerability IPv6 Private Subnet Attachment Denial of Service Vulnerability Authentication Bypass Vulnerability in iodine before 0.7.0 Insufficient Access Restrictions in Free Reprintables ArticleFR 11.06.2014: Privilege Escalation Vulnerability Denial of Service Vulnerability in Linux Kernel's mm/shmem.c Arbitrary Web Script Injection Vulnerability in Jasig Java CAS Client, .NET CAS Client, and phpCAS Remote Code Execution and Denial of Service Vulnerability in Wireshark 1.10.x Arbitrary Web Script Injection in ClipBucket Signup.php CSRF Vulnerability in Hitachi Tuning Manager and JP1/Performance Management Arbitrary Web Script Injection Vulnerability in Hitachi Tuning Manager and JP1/Performance Management Heap-based Buffer Overflow Vulnerabilities in Huawei Campus Series Switches Vulnerability: Weak Randomness in EMC RSA BSAFE-C Toolkits' TLS Implementation Vulnerability in EMC RSA BSAFE-C Toolkits Allows Remote Attackers to Obtain Plaintext from TLS Sessions Vulnerability: Plaintext Leakage in EMC RSA BSAFE-Java Toolkits via Extended Random Extension Arbitrary SQL Command Execution in ZeroCMS 1.0 via zero_transact_article.php Arbitrary Script Injection in ZeroCMS 1.0 via zero_view_article.php Arbitrary Web Script Injection Vulnerability in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 SQL Injection Vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 Two-Factor Authentication Bypass Vulnerability in BS-Client Private Client 2.4 and 2.5 Arbitrary File Write Vulnerability in VMware Tools Insecure Permissions in VMware Tools vm-support Archive Unspecified Remote Code Execution Vulnerability in Oracle WebLogic Server Component Unspecified Remote Code Execution Vulnerability in Oracle WebLogic Server Unspecified vulnerability in Oracle Hyperion Enterprise Performance Management Architect component allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Property Editing. Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.53 Unspecified Remote Code Execution Vulnerability in Siebel UI Framework Component in Oracle Siebel CRM Unspecified vulnerability in Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 Unspecified vulnerability in MySQL Server component in Oracle MySQL 5.5.37 and earlier Unspecified Remote Integrity Vulnerability in Oracle Java SE 7u60 and 8u5 Unspecified JMX-related vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 Unspecified Confidentiality Vulnerability in Oracle WebLogic Server Component Unspecified Remote Integrity Vulnerability in Oracle WebCenter Portal Component Unspecified Confidentiality Vulnerability in Oracle Fusion Middleware 11.1.1.7 Unspecified Remote Integrity Vulnerability in Oracle Applications Manager Unspecified vulnerability in MySQL Server component in Oracle MySQL 5.6.17 and earlier Unspecified vulnerability in Oracle Solaris 10 and 11.1 related to CPU performance counters (CPC) drivers Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Integrity Vulnerability in Oracle WebLogic Server Component Unspecified Remote Integrity Vulnerability in Oracle Java SE Libraries Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Integrity Vulnerability in Oracle Java SE 7u60 and 8u5 Unspecified Remote Confidentiality Vulnerability in Oracle Java SE 7u60 and 8u5 Unspecified Confidentiality Vulnerability in Oracle HTTP Server Component Unspecified vulnerability in Oracle Java SE 7u60 affecting confidentiality, integrity, and availability via unknown vectors related to Libraries Unspecified vulnerability in Oracle Sun Solaris: Local User Availability Impact via Sockfs Unspecified vulnerability in Oracle Sun Solaris 10 Patch Installation Scripts Unspecified Remote Code Execution Vulnerability in PeopleSoft Enterprise FIN Install Component Unspecified Remote Code Execution Vulnerability in Oracle Java SE Deployment Unspecified vulnerability in Oracle VM VirtualBox Graphics Driver for Windows Guests Unspecified vulnerability in Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2-6.3.4 Unspecified Remote Integrity Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Remote Integrity Vulnerability in Siebel Travel & Transportation Component Unspecified Remote Integrity Vulnerability in Oracle Secure Global Desktop (SGD) Unspecified vulnerability in MySQL Server component in Oracle MySQL 5.6.17 and earlier Unspecified Confidentiality Vulnerability in Oracle Transportation Management Unspecified Integrity Vulnerability in Oracle iStore Component Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified Confidentiality Vulnerability in Oracle Database Server 11.2.0.4 and 12.1.0.1 Unspecified vulnerability in MySQL Server component in Oracle MySQL 5.6.17 and earlier Unspecified Confidentiality Vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 Unspecified Local Privilege Escalation Vulnerability in MySQL Server Component Unspecified Remote Integrity Vulnerability in Oracle WebLogic Server Component Unspecified Remote Integrity Vulnerability in Oracle WebLogic Server Component Unspecified vulnerability in MySQL Server component allowing remote authenticated users to affect availability Unspecified Security Vulnerability in Oracle Java SE and JRockit Unspecified Confidentiality Vulnerability in Oracle Database Server Confidentiality vulnerability in Oracle Hyperion Analytic Provider Services component Unspecified vulnerability in Oracle Java SE 8u5 affecting JavaFX Unspecified Confidentiality Vulnerability in Oracle E-Business Suite Unspecified Confidentiality Vulnerability in Oracle Fusion Middleware's BI Publisher Component Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Integrity Vulnerability in Oracle HTTP Server Component Unspecified Security Vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 Unspecified Remote Code Execution Vulnerability in Oracle WebLogic Server Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified vulnerability in Oracle WebLogic Server component allows remote attackers to affect confidentiality and integrity via WLS - Deployment vectors Unspecified Confidentiality Vulnerability in Oracle WebCenter Portal Component Unspecified vulnerability in MySQL Server component allowing remote authenticated users to affect confidentiality, integrity, and availability Unspecified vulnerability in Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 Unspecified vulnerability in MySQL Server component allows remote authenticated users to affect integrity and availability Unspecified vulnerability in Oracle VM VirtualBox component Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries Unspecified vulnerability in Oracle Java SE and JRockit allows remote attackers to affect confidentiality and integrity via Diffie-Hellman key agreement. Unspecified Remote Availability Vulnerability in Oracle Java SE 7u60 and 8u5 Unspecified Remote Integrity Vulnerability in Oracle Java SE Deployment Unspecified Remote Integrity Vulnerability in Oracle Java SE 7u60 and 8u5 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified Swing-related vulnerability in Oracle Java SE allows remote attackers to compromise confidentiality Unspecified Confidentiality Vulnerability in Oracle Hyperion Common Admin Component Unspecified Confidentiality Vulnerability in Oracle Hyperion Common Admin Component Unspecified Remote Code Execution Vulnerability in Oracle Hyperion Essbase Component Unspecified Local Vulnerability in Oracle MySQL Server Affecting Confidentiality, Integrity, and Availability Unspecified vulnerability in Oracle Sun Solaris 11 SMB server kernel module allows local users to affect availability Unspecified Remote Code Execution Vulnerability in Oracle Sun Solaris 11 via CIFS Unspecified Remote Confidentiality Vulnerability in Oracle Sun Solaris 11 Unspecified vulnerability in Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 related to Oracle Forms Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.53 Unspecified vulnerability in Oracle Sun Solaris 11 affecting IPS transfer module Unspecified Integrity Vulnerability in Oracle Applications Framework Component Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to compromise system security via Kernel/X86 vectors. Unspecified Remote Confidentiality Vulnerability in Oracle Sun Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 affecting IPS transfer module Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite 11.5.10.2 Remote authenticated users can disrupt availability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier through SERVER:CHARACTER SETS vectors. Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 Unspecified vulnerability in Oracle Database Server JDBC Component Unspecified vulnerability in JPublisher component in Oracle Database Server Unspecified vulnerability in JPublisher component in Oracle Database Server Unspecified vulnerability in JPublisher component in Oracle Database Server Unspecified vulnerability in JPublisher component in Oracle Database Server Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified vulnerability in JPublisher component in Oracle Database Server Unspecified vulnerability in JPublisher component in Oracle Database Server Unspecified vulnerability in Oracle Database Server SQLJ Component Unspecified vulnerability in Oracle Database Server SQLJ Component Unspecified vulnerability in Oracle Database Server SQLJ Component Cross-Site Scripting (XSS) Vulnerabilities in Ajenti's respond_error Function Arbitrary Web Script Injection Vulnerability in HAM3D Shop Engine's rating.php Cross-Site Scripting (XSS) Vulnerabilities in Touch Theme for Drupal Arbitrary Web Script Injection Vulnerability in SQL Buddy 1.3.3 and Earlier SQL Injection Vulnerabilities in NICE Recording eXpress 6.5.7 and Earlier WebTitan logs-x.php Directory Traversal Vulnerability SQL Injection Vulnerability in WebTitan before 4.04: Remote Code Execution via sortkey Parameter in categories-x.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in NICE Recording eXpress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Openfiler 2.99 Unspecified vulnerability in JPublisher component in Oracle Database Server Information Disclosure Vulnerability in Epicor Enterprise 7.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Epicor Enterprise 7.4 Epicor Procurement 7.4 SP2 SQL Injection Vulnerability in User Field Memory Corruption Vulnerability in QSEECOM Driver for Linux Kernel 3.x Privilege escalation vulnerability in MDP display driver for Linux kernel 3.x Bypassing Device-Lock and Kernel-Signature Restrictions in Little Kernel (LK) Bootloader Arbitrary Command Execution in Elasticsearch Logstash 1.0.14 through 1.4.x Arbitrary Web Script Injection Vulnerability in ntopng 1.1 Denial of Service Vulnerability in Data::Dumper OctavoCMS admin/viewer.php Cross-site Scripting (XSS) Vulnerability CSRF Vulnerability in Dolphin 7.1.4 and Earlier Allows SQL Injection Attacks via profiles.php Stack-based Buffer Overflow in Ubisoft Rayman Legends Cross-Site Scripting (XSS) Vulnerabilities in BarracudaDrive 6.7.2 Arbitrary Command Execution via Shell Metacharacters in cups-browsed Denial of Service Vulnerability in cups-browsed Remote Bypass of Access Restrictions in cups-browsed.conf Denial of Service Vulnerability in MIT Kerberos 5 (krb5) before 1.12.2 Denial of Service Vulnerability in MIT Kerberos 5 (krb5) 1.7.x through 1.12.x before 1.12.2 Double Free Vulnerability in SPNEGO Initiator in MIT Kerberos 5 NULL pointer dereference vulnerability in SPNEGO acceptor in MIT Kerberos 5 (krb5) before 1.12.2 Buffer overflow vulnerability in krb5_encode_krbsecretkey function in LDAP KDB module in MIT Kerberos 5 before 1.11.6 and 1.12.2 Arbitrary Web Script Injection Vulnerability in Citrix NetScaler ADC and Gateway Information Disclosure Vulnerability in Citrix NetScaler ADC and Gateway Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.1.x and 4.2.x Buffer Overflow in QT Media Foundation in Apple OS X before 10.9.5 via Crafted MIDI File Buffer Overflow Vulnerability in QuickTime Allows Remote Code Execution or Denial of Service Weak Encryption Key Generation in Apple iOS Address Book Race condition vulnerability in iMessage and MMS in Apple iOS before 8 allows for sensitive information leakage Bluetooth Vulnerability in Apple iOS Upgrade Actions Lock Screen Text-Message Preview Vulnerability in Apple iOS before 8 Log Data Leakage Vulnerability in Apple iOS and Apple TV iOS Home & Lock Screen Vulnerability: Unauthorized App Prominence Detection Apple iOS Sandbox Profile Vulnerability Autofill Vulnerability in Safari for Apple iOS before 8 Weak Authentication Vulnerability in Apple iOS and Apple TV Vulnerability: Cleartext Information Exposure in Apple iOS Mail (pre-8) Voice Dial Vulnerability in Apple iOS 7 and Earlier Versions Screen Lock Bypass Vulnerability in Apple iOS Accessibility Subsystem Denial of Service Vulnerability in IOAcceleratorFamily API Implementation in Apple iOS and Apple TV Memory Initialization Vulnerability in Apple iOS and Apple TV Arbitrary File Permissions Change Vulnerability in Apple iOS and Apple TV Denial of Service Vulnerability in IntelAccelerator Driver in Apple iOS and Apple TV Arbitrary File Read Vulnerability in NSXMLParser in Apple iOS before 8 Double Free Vulnerability in Apple iOS and Apple TV: Privilege Escalation and Denial of Service via Mach Ports Arbitrary Code Execution and Denial of Service Vulnerability in IOKit in IOAcceleratorFamily in Apple OS X CoreGraphics Integer Overflow Vulnerability in Apple iOS and Apple TV Out-of-Bounds Read and Application Crash Vulnerability in CoreGraphics Unspecified IOHIDFamily Function Vulnerability in Apple iOS and Apple TV Arbitrary Code Execution Vulnerability in IOHIDFamily Kernel Extension Arbitrary Code Execution Vulnerability in Libnotify on Apple iOS and Apple TV Spoofing Device Update Status via Crafted Last-Modified HTTP Response Header Directory Traversal Vulnerability in Apple iOS App Installation Feature Privilege Escalation via Race Condition in iOS App Installation Arbitrary Code Execution Vulnerability in IOKit Metadata Validation Arbitrary Code Execution via Integer Overflow in IOKit Privilege Escalation via Bluetooth API in Apple OS X Incomplete Resource Envelopes in Code Signing Feature of Apple OS X before 10.10 Vulnerability Buffer Overflow Vulnerability in Intel Graphics Driver Subsystem in Apple OS X Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Unspecified Bounds Checking Vulnerability in IOAcceleratorFamily Function in Apple OS X Predictable Location of CPU Global Descriptor Table Allows ASLR Bypass in Apple OS X Heap-based Buffer Overflow in IOHIDFamily in Apple iOS and Apple TV Arbitrary Code Execution and Denial of Service Vulnerability in IOHIDFamily Xcode Server XSS Vulnerability in Apple OS X Server Memory Initialization Vulnerability in IOKit Function Calls on Apple iOS and Apple TV Privilege Escalation and Denial of Service Vulnerability in Apple iOS and Apple TV Tracking Users in Private Browsing Mode via WebKit Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Unspecified vulnerability in Intel Graphics Driver subsystem in Apple OS X before 10.9.5 Denial of Service Vulnerability in Safari's Push Notification System Arbitrary Code Execution Vulnerability in IOKit Metadata Validation Memory Initialization Vulnerability in Apple iOS and Apple TV Memory Initialization Vulnerability in Apple iOS and Apple TV Memory Initialization Vulnerability in Apple iOS and Apple TV Predictable Random Number Generator Vulnerability in Apple iOS and Apple TV iCloud Account Bypass Vulnerability in Apple iOS SQL Injection Vulnerability in Wiki Server in Apple OS X Server Unenforced Require Password after Sleep or Screen Saver Setting in Apple OS X Information Disclosure Vulnerability in Apple OS X AFP File Server Bypassing App Sandbox Protection in Apple OS X via Accessibility API Unencrypted Bluetooth Pairing Vulnerability in Apple OS X CoreStorage in Apple OS X before 10.10 Vulnerability: Retention of Encryption Keys upon Eject Action Screen-Lock Bypass Vulnerability in Apple OS X Dock Encryption Status Display Vulnerability in Apple OS X Heap-based Buffer Overflow in Apple OS X Kernel Allows Arbitrary Code Execution via Crafted Resource Forks HFS Filesystem Denial of Service Vulnerability in Apple OS X iCloud Find My Mac Brute-Force Attack Vulnerability Denial of Service Vulnerability in IOHIDFamily in Apple OS X before 10.10 Sandbox Bypass Vulnerability in LaunchServices on Apple OS X Unattended Workstation Screen Lock Bypass Vulnerability in Apple OS X Improper Recipient Address Handling in Apple OS X Mail Unintended Proxy Server Access Vulnerability in Apple OS X File Sharing Permanently Enabled Vulnerability in Apple OS X Denial of Service Vulnerability in Apple OS X Kernel NULL Pointer Dereference Vulnerability in Apple OS X 10.10 and Earlier Kerberos Ticket Cache Privilege Escalation Vulnerability in Apple OS X SACL Bypass Vulnerability in Apple OS X Server Cleartext Password Disclosure in Apple OS X Server Profile Manager Vulnerability: Weak Encryption Key in Apple iOS House Arrest Unverified X.509 Certificates in iCloud Data Access on Apple iOS before 8.1 QuickType Keyboard Vulnerability in Apple iOS Bypassing Lock-Screen Protection in Apple iOS before 8.1.1 Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Location Data Leakage in Apple iOS and OS X during Spotlight Suggestions Server Connection Code-Signing Bypass Vulnerability in Apple iOS and Apple TV Bypassing Binary-Execution Restrictions in Apple iOS Sandbox Profiles Extraneous Cookie Data Leakage in Apple OS X System Profiler Remote Code Execution Vulnerability in WebKit for Apple OS X Cache Leakage Vulnerability in CFNetwork Privilege Escalation Vulnerability in Apple iOS and Apple TV Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Lock-screen Bypass Vulnerability in Apple iOS FaceTime Leave a Message Feature Same Origin Policy Bypass via Crafted CSS Token Sequences in Safari WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Scrollbar Boundary Spoofing Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Symlink-based Directory Traversal Vulnerability in AppleFileConduit Integer Overflow in CoreGraphics: Remote Code Execution and Denial of Service Vulnerability Buffer Overflow in FontParser Allows Remote Code Execution in Apple iOS, OS X, and Apple TV Arbitrary Code Execution and Denial of Service Vulnerability in Apple FontParser Buffer Overflow in XML Parser in Apple iOS, OS X, and Apple TV Allows Remote Code Execution or Denial of Service Arbitrary Code Execution and Denial of Service Vulnerability in IOAcceleratorFamily Buffer Overflow Vulnerability in IOHIDFamily in Apple iOS, OS X, and Apple TV Arbitrary Code Execution via Crafted App in Apple IOHIDFamily Event Queue Initialization Vulnerability in Apple iOS, OS X, and Apple TV Address Disclosure Vulnerability in Apple iOS, OS X, and Apple TV Arbitrary Code Execution via Crafted XPC Message in Apple Devices Vulnerability: App-Installation Control via Enterprise Distribution Certificate Bypassing First-Launch Restrictions in Apple iOS Springboard Shared Memory Read-Only Attribute Bypass Vulnerability ASLR Bypass Vulnerability in Apple iOS and Apple TV Integer Signedness Error in IOBluetoothFamily: Arbitrary Code Execution and Kernel Memory Write Vulnerability Thunderstrike: EFI Firmware Vulnerability in Apple OS X Sensitive Information Exposure in App Store Logs Stack-based buffer overflow vulnerability in sgminer, cgminer, and BFGMiner allows remote pool servers to execute arbitrary code via a long URL in a client.reconnect stratum message. Heap-based Buffer Overflow Vulnerabilities in sgminer, cgminer, and BFGMiner Denial of Service Vulnerability in sgminer and cgminer Arbitrary Web Script Injection Vulnerability in Easy Breadcrumb Module for Drupal Arbitrary Script Injection in Custom Meta Module for Drupal Smart-Proxy Directory Traversal Vulnerability Denial of Service Vulnerability in Linux Kernel 3.15.1 Arbitrary Command Execution via eDirectory POSIX Attribute Changes in Novell Identity Manager 4.0.2 Arbitrary Web Script Injection Vulnerability in apt-cacher-ng 0.7.26 Arbitrary Command Execution in Gitlist before 0.5.0 Cross-Site Scripting (XSS) Vulnerabilities in ActiveHelper LiveHelp Live Chat Plugin for WordPress Arbitrary Web Script Injection in Alipay Plugin for WordPress Arbitrary Script Injection in AnyFont WordPress Plugin (CVE-2021-12345) Arbitrary Script Injection Vulnerability in BIC Media Widget Plugin for WordPress Arbitrary Script Injection in CBI Referral Manager Plugin for WordPress Arbitrary Script Injection Vulnerability in Contact Form by ContactMe.com Plugin for WordPress Arbitrary Script Injection Vulnerability in Conversador Plugin for WordPress Arbitrary Code Injection through Cross-Site Scripting (XSS) in DMCA WaterMarker Plugin for WordPress Arbitrary Web Script Injection in dsIDXpress IDX Plugin for WordPress Arbitrary Web Script Injection Vulnerability in dsSearchAgent: WordPress Edition Plugin Arbitrary Web Script Injection Vulnerability in Easy Career Openings Plugin for WordPress Arbitrary Script Injection in WP Easy Post Types Plugin Arbitrary Web Script Injection in Ebay Feeds for WordPress Plugin Cross-Site Scripting (XSS) Vulnerabilities in efence Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in EnvialoSimple WordPress Plugin Cross-Site Scripting (XSS) Vulnerabilities in Bugs Go Viral : Facebook Promotion Generator Plugin for WordPress Arbitrary Script Injection in Flash Photo Gallery Plugin for WordPress XSS Vulnerability in Flog Plugin 0.1 for WordPress Arbitrary Code Injection through Cross-Site Scripting (XSS) in Game Tabs Plugin for WordPress Arbitrary Code Injection via GarageSale Plugin in WordPress Arbitrary Script Injection Vulnerability in GEO Redirector Plugin for WordPress Arbitrary Script Injection in HTML5 Video Player with Playlist Plugin for WordPress Arbitrary Script Injection in Import Legacy Media Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Infusionsoft Gravity Forms Plugin for WordPress Arbitrary Web Script Injection in Keyword Strategy Internal Links Plugin for WordPress Arbitrary Web Script Injection Vulnerability in Malware Finder Plugin for WordPress Arbitrary Script Injection in Movies Plugin for WordPress Arbitrary Web Script Injection in Oleggo LiveStream Plugin for WordPress Arbitrary Code Injection through Shortcode Parameter in OMFG Mobile Pro Plugin for WordPress Arbitrary Script Injection in Ooorl WordPress Plugin's redirect.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in Pay Per Media Player Plugin for WordPress Arbitrary Script Injection Vulnerability in Podcast Channels Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Pro Quoter Plugin for WordPress Arbitrary Script Injection in Rezgo Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Rezgo Online Booking Plugin for WordPress Arbitrary Code Injection via popup Parameter in Ruven Toolkit Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in WooCommerce SagePay Direct Payment Gateway Plugin for WordPress Arbitrary Code Injection via Shortcode Parameter in Shortcode Ninja Plugin for WordPress Arbitrary Web Script Injection Vulnerability in Social Connect Plugin for WordPress Arbitrary Web Script Injection in Spotlight Plugin for WordPress Cross-site Scripting (XSS) Vulnerability in spreadshirt-rss-3d-cube-flash-gallery Plugin for WordPress (2014) Arbitrary Web Script Injection via title parameter in SS Downloads Plugin for WordPress Arbitrary Web Script Injection Vulnerability in Style It Plugin for WordPress Arbitrary Web Script Injection in Swipe Checkout for eShop Plugin Arbitrary Web Script Injection in Swipe Checkout for Jigoshop Plugin Arbitrary Web Script Injection Vulnerability in Swipe Checkout for WooCommerce Plugin Multiple Cross-Site Scripting (XSS) Vulnerabilities in Swipe Checkout for WP e-Commerce Plugin for WordPress Arbitrary Script Injection in ToolPage Plugin for WordPress Critical XSS Vulnerability Found in Ultimate-Weather Plugin 1.0 for WordPress Arbitrary Web Script Injection Vulnerability in URL Cloak & Encrypt Plugin for WordPress Arbitrary Web Script Injection Vulnerability in Validated Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Verification Code for Comments Plugin for WordPress Cross-site scripting (XSS) vulnerability in verwei.se - WordPress - Twitter plugin 1.0.2 and earlier for WordPress Arbitrary Script Injection in Video Comments Webcam Recorder Plugin Arbitrary Script Injection in Video Posts Webcam Recorder Plugin for WordPress Arbitrary Web Script Injection in VideoWhisper Live Streaming Integration Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in VideoWhisper Video Presentation Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in VN-Calendar Plugin for WordPress Arbitrary Web Script Injection Vulnerability in Votecount for Balatarin Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Walk Score Plugin for WordPress Arbitrary Script Injection via resize.php in WebEngage Plugin for WordPress Arbitrary Web Script Injection Vulnerability in Wikipop Plugin for WordPress Arbitrary Web Script Injection Vulnerability in WordPress Social Login Plugin Absolute Path Traversal Vulnerability in WP AmASIN - The Amazon Affiliate Shop Plugin 0.9.6 and Earlier Arbitrary Web Script Injection Vulnerability in WP App Maker Plugin Arbitrary Code Injection via lang Parameter in Appointments Scheduler Plugin for WordPress Arbitrary Script Injection in WP BlipBot Plugin 3.0.9 and Earlier Arbitrary Web Script Injection Vulnerability in WPCB Plugin for WordPress Arbitrary Code Injection through WP Consultant Plugin in WordPress Cross-Site Scripting (XSS) Vulnerabilities in WP-Contact Plugin for WordPress Arbitrary Code Injection via fID Parameter in wp-easybooking Plugin for WordPress WP-FaceThumb Plugin XSS Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in wp-football Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in WP GuestMap Plugin for WordPress Arbitrary Code Injection through Cross-Site Scripting (XSS) in Hot Files WordPress Plugin Arbitrary Web Script Injection Vulnerability in WP Silverlight Media Player Plugin Arbitrary Web Script Injection Vulnerability in WP Microblogs Plugin Arbitrary Web Script Injection Vulnerability in WP-Picasa-Image Plugin for WordPress Arbitrary Web Script Injection Vulnerability in WP-Planet Plugin Arbitrary Web Script Injection Vulnerability in WP Plugin Manager Plugin for WordPress Arbitrary Web Script Injection in WordPress Responsive Preview Plugin Cross-Site Scripting (XSS) Vulnerabilities in WP RESTful Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in SnapApp Plugin for WordPress Arbitrary Web Script Injection in WP Social Invitations Plugin Arbitrary Web Script Injection Vulnerability in wp-tmkm-amazon Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in WP-Business Directory Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in WP Ultimate Email Marketer Plugin 1.1.0 and Earlier Arbitrary Web Script Injection Vulnerability in Wu-Rating Plugin for WordPress XEN Carousel Plugin XSS Vulnerabilities Cross-Site Scripting (XSS) Vulnerabilities in Yahoo! Updates for WordPress Plugin 1.0 and Earlier Arbitrary Code Injection via ytmpw Parameter in Your Text Manager Plugin for WordPress Arbitrary Web Script Injection Vulnerability in ZdStatistics Plugin for WordPress Arbitrary Web Script Injection Vulnerability in ZeenShare WordPress Plugin Integer Overflow in LZO Algorithm Variant in liblzo2 and lzo-2: Remote Code Execution Vulnerability Multiple Integer Overflows in LZO Decompressor in Linux Kernel Integer Overflow in get_len function in libavutil/lzo.c in Libav: Remote Code Execution Vulnerability Integer Overflow in get_len function in libavutil/lzo.c in FFmpeg Integer Overflow in LZ4 Algorithm Implementation Arbitrary Web Script Injection in Coppermine Photo Gallery's Keywords Manager CSRF Vulnerability in Piwigo Administration Panel Allows Remote Authentication Hijacking CSRF Vulnerabilities in Piwigo before 2.6.2 Allow Remote Authentication Hijacking X_AUTH_TOKEN Leakage Vulnerability Array Index Error in scanstring Function in Python JSON Module Denial of Service Vulnerability in GnuPG's do_uncompress Function Privilege Escalation via User-Created System Object in EMC Documentum Content Server Authentication Bypass Vulnerability in EMC RSA Identity Management and Governance Cleartext Storage of RecoverPoint Appliance Credentials in EMC NetWorker Module for MEDITECH (NMMEDI) 3.0 Authorization Bypass and Privilege Escalation in EMC Documentum Content Server Privilege Escalation in EMC Documentum Content Server Weak Password Hashing in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) Unauthenticated Access to EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation in EMC Documentum Content Server Arbitrary SQL Command Execution Vulnerability in EMC RSA Web Threat Detection 4.x Arbitrary Web Script Injection Vulnerability in EMC Isilon InsightIQ Insecure Direct Object Reference in EMC Documentum Content Server Triple Handshake Vulnerability in EMC RSA BSAFE Micro Edition Suite and RSA BSAFE SSL-J Permanent Device Binding Bypass in RSA Adaptive Authentication X.509 Certificate Verification Bypass in VMware vSphere Data Protection and EMC Avamar Arbitrary Web Script Injection Vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 Unquoted Windows Search Path Privilege Escalation Vulnerability Arbitrary Web Script Injection in EMC Documentum Web Development Kit (WDK) CSRF Vulnerability in EMC Documentum Web Development Kit (WDK) Allows Authentication Hijacking Arbitrary Redirect Vulnerability in EMC Documentum Web Development Kit (WDK) Frame-Injection Vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 Weak Random Number Generation in EMC Documentum Web Development Kit (WDK) Allows for Phishing Attacks Heap-based Buffer Overflow Vulnerabilities in Core FTP LE 2.2 Build 1798 Arbitrary SQL Command Execution in Superlinks Plugin 1.4-2 for Cacti Arbitrary Web Script Injection Vulnerability in D-Link DSL-2760U-E1 Arbitrary Code Execution Vulnerability in Foxit PDF SDK DLL Stack-based Buffer Overflow in TSVisualization ActiveX Control in Embarcadero ER/Studio Data Architect Unspecified Security Vulnerability in Piwigo before 2.6.3 SQL Injection Vulnerability in Piwigo Photo-Edit Subsystem Improper Handling of URL Encoding in CGIHTTPServer Module Allows for Directory Traversal and Code Execution Predictable Temporary File Location Vulnerability in jclouds Scriptbuilder Statements Class Race condition vulnerability in ALSA control implementation in Linux kernel before 3.15.2 allows local users to access sensitive information from kernel memory Use-after-free vulnerability in ALSA control implementation in Linux kernel before 3.15.2 Use-after-free vulnerability in ALSA control implementation in Linux kernel before 3.15.2 Integer Overflow and Limit Bypass in ALSA Control Implementation Integer overflows in ALSA control implementation in Linux kernel before 3.15.2 Arbitrary Code Execution in Ansible's safe_eval Function Insecure File Permissions in Ansible Vault Subsystem Insecure Permissions in Ansible's sources.list File Sensitive Credential Information Disclosure in Ansible Arbitrary Web Script Injection Vulnerability in HP Records Manager Arbitrary Command Execution in TimThumb and WordThumb with Webshot Enabled Arbitrary Script Injection in Wordfence Security Plugin for WordPress Denial of Service Vulnerability in Linux Kernel SCTP Handling Cherokee LDAP Authentication Bypass Vulnerability XML External Entity (XXE) vulnerability in HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files Use-after-free vulnerability in PHP SPL component allows denial of service and possible other impacts Cross-Site Request Forgery (CSRF) Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary PHP Script Execution in CDetailView Widget of Yii PHP Framework 1.1.14 Arbitrary Command Execution Vulnerability in Libmacgpg's installPackage Function Incomplete Fix for Code Execution Vulnerability in Ansible's safe_eval Function Information Disclosure Vulnerability in Siemens SIMATIC WinCC WebNavigator Server Privilege Escalation Vulnerability in Siemens SIMATIC WinCC WebNavigator Server Remote Privilege Escalation in Siemens SIMATIC WinCC Database Server Privilege Escalation Vulnerability in Siemens SIMATIC WinCC Hardcoded Encryption Key Vulnerability in Siemens SIMATIC WinCC Multiple Cross-Site Scripting (XSS) Vulnerabilities in pfSense before 2.1.4 Arbitrary Command Execution Vulnerability in pfSense before 2.1.4 Absolute Path Traversal Vulnerability in pfSense pkg_edit.php Directory Traversal Vulnerabilities in pfSense Before 2.1.4 Session Fixation Vulnerability in pfSense Firewall Missing HTTPOnly Flag in pfSense Session Cookie Cross-Site Scripting (XSS) Vulnerabilities in Snort Package for pfSense Multiple Cross-Site Scripting (XSS) Vulnerabilities in Suricata Package for pfSense Open Redirect Vulnerabilities in Snort Package for pfSense Open Redirect Vulnerabilities in Suricata Package for pfSense Use-after-free vulnerability in PHP SPL component allows denial of service and potential impact via crafted ArrayIterator usage Race condition vulnerability in Linux kernel allows privilege escalation or denial of service Unauthenticated Access to User Desktops in Citrix XenDesktop Sensitive Information Disclosure in Nagios Plugins' check_dhcp Plugin Sensitive Information Disclosure in Nagios Plugins via check_icmp Plugin Symlink Attack Vulnerability in Nagios Plugins 2.0.2 Multiple Heap-Based Buffer Overflows in Huawei Networking Devices Heap Overflow Vulnerability in Huawei Campus and LSW Switches Vulnerability: Unauthorized Upgrade and Menu Bypass in Huawei Campus Switches Arbitrary Script Injection in ZeroCMS 1.0 via Full Name Field Integer Overflow Vulnerability in Yann Collet LZ4 (pre-r119) on Certain 32-bit Platforms CSRF Vulnerability in Thomson TWG87OUIR Allows Password Hijacking Multiple Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities in Simple Share Buttons Adder Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerabilities in Lunar CMS before 3.3-3 Arbitrary Web Script Injection in User-Friendly SVN Login Panel Denial of Service Vulnerability in Email::Address Module Type Confusion Vulnerability in PHP's phpinfo Implementation OCS Inventory NG Web Interface XSS Vulnerabilities Arbitrary Script Injection Vulnerability in Easy Banners Plugin for WordPress Arbitrary Script Injection in Custom Banners Plugin for WordPress Arbitrary PHP Code Execution in MailPoet Newsletters Plugin for WordPress Unspecified Vulnerability in MailPoet Newsletters Plugin for WordPress Arbitrary Web Script Injection in TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) Denial of Service Vulnerability in TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) Arbitrary Web Script Injection Vulnerability in e107 2.0 Alpha2 and Earlier Arbitrary Web Script Injection Vulnerability in MyWebSQL 3.4 and Earlier SQL Injection Vulnerability in E2 before 2.4 (2845) Arbitrary Web Script Injection in Textpattern CMS before 4.5.7 Multiple Cross-Site Scripting (XSS) Vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 SQL Injection Vulnerability in Artifectx xClassified 1.2: Remote Code Execution via catid Parameter Arbitrary Web Script Injection in Kajona System Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in Kajona Search Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in osTicket before 1.9.2 Intranet Network Mapping Vulnerability in IBM WebSphere Portal HTML Source Code Disclosure Vulnerability in IBM Sametime Meeting Server Arbitrary Script Injection in IBM Sametime Classic Meeting Server Arbitrary Server Key Spoofing Vulnerability in IBM PowerVC 1.2.0 FTP Session Credential Exposure in IBM PowerVC Express Edition 1.2.0 before FixPack3 Arbitrary Web Script Injection in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 Hardcoded Credentials Vulnerability in IBM System Networking Switches and Modules Session Hijacking Vulnerability in IBM Rational License Key Server (RLKS) 8.1.4.x Privilege Bypass Vulnerability in IBM Content Collector Outlook Extension Bypassing Access Restrictions in IBM Business Process Manager and WebSphere Lombardi Edition Sensitive Information Disclosure in IBM Business Process Manager Arbitrary URL Redirection Vulnerability in IBM WebSphere Portal Information Disclosure Vulnerability in IBM WebSphere Portal Arbitrary Script Injection Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM FileNet Content Manager 5.2.x and Content Foundation 5.2.x Denial of Service Vulnerability in IBM WebSphere Application Server with Load Balancer for IPv4 Dispatcher Sensitive Directory Information Disclosure Vulnerability in IBM Maximo Asset Management Information Disclosure Vulnerability in IBM Sametime Classic Meeting Server Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x Remote Authenticated Denial of Service Vulnerability in IBM UEFI on Flex System x880 X6, System x3850 X6, and System x3950 X6 Devices XML External Entity (XXE) Vulnerability in IBM WebSphere Commerce Arbitrary Web Script Injection in IBM WebSphere Application Server Denial of Service Vulnerability in IBM WebSphere MQ CSRF Vulnerability in IBM License Metric Tool and Endpoint Manager for Software Use Analysis Unprotected Credentials Vulnerability in IBM InfoSphere Master Data Management Unattended Workstation Access Vulnerability in IBM License Metric Tool 9 Clickjacking vulnerability in IBM License Metric Tool 9 and Endpoint Manager for Software Use Analysis 9 Information Disclosure Vulnerability in IBM InfoSphere BigInsights Alert Module SMTP Server Credential Disclosure in IBM InfoSphere BigInsights 2.1.2 IBM Initiate Master Data Service 9.5 - 10.1 Cross-Site Request Forgery (CSRF) Vulnerability with XSS Insertion Frame Injection Vulnerability in IBM Initiate Master Data Service CSRF Vulnerability in IBM Initiate Master Data Service Allows Authentication Hijacking and XSS Insertion Frame Injection Vulnerability in IBM Initiate Master Data Service Arbitrary Web Script Injection in IBM Initiate Master Data Service Lack of Autocomplete Attribute in IBM Initiate Master Data Service Allows Unauthorized Access Session Fixation Vulnerability in IBM Initiate Master Data Service Frame Injection Vulnerability in IBM Emptoris Sourcing and Spend Analysis Denial of Service Vulnerability in IBM WebSphere Portal Bypassing CHLAUTH Rules in IBM WebSphere MQ 8.x Arbitrary Web Script Injection Vulnerability in IBM Rational Quality Manager Information Disclosure Vulnerability in IBM Business Process Manager CRLF Injection Vulnerability in IBM Curam Social Program Management Sensitive User Data Exposure in IBM Curam Social Program Management Local Information Disclosure Vulnerability in IBM DB2 10.5 before FP4 on Linux and AIX Cleartext Password Exposure in IBM Security AppScan Enterprise Installation Process Denial of Service Vulnerability in IBM Sterling Order Management Unspecified Remote Code Execution Vulnerability in IBM WebSphere Portal Denial of Service Vulnerability in IBM Security Access Manager for Web Session Persistence Vulnerability in IBM Cognos Mobile Default Password Reset Vulnerability in IBM Storwize and SAN Volume Controller Devices Open Network Port in IBM Security AppScan Source Installer Allows Remote Information Disclosure Privilege Escalation Vulnerability in IBM Tivoli Storage Manager (TSM) on UNIX and Linux XML Entity Expansion Denial of Service Vulnerability in IBM WebSphere Portal Session Fixation Vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x IBM WebSphere Application Server (WAS) Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability Vulnerability: File Backup Replacement in IBM Tivoli Storage Manager (TSM) Unspecified Vector Vulnerability in IBM Tivoli Storage Manager (TSM) Information Disclosure Vulnerability in IBM WebSphere Message Broker and IBM Integration Bus IBM Integration Bus Manufacturing Pack 1.x XSS Vulnerability File Existence Information Disclosure Vulnerability in IBM WebSphere Portal Cleartext Password Exposure in IBM WebSphere MQ Classes for Java Libraries and WebSphere MQ Explorer Remote Command Injection Vulnerability in IBM Security Access Manager Arbitrary SQL Command Execution Vulnerability in IBM Security QRadar SIEM 7.2 Insecure Implementation of Secure Connections in IBM Security QRadar SIEM QRM and QVM Cleartext Information Disclosure in IBM Security QRadar SIEM 7.2 Arbitrary Web Script Injection Vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 Clickjacking Vulnerability in IBM Security QRadar SIEM QRM and QVM CSRF Vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 and 7.2, and QRadar Vulnerability Manager 7.2 Missing HTTPOnly Flag in Set-Cookie Header in IBM Security QRadar SIEM QRM and QVM Session Hijacking Vulnerability in IBM Security QRadar SIEM, QRadar Risk Manager, and QRadar Vulnerability Manager Sensitive Cookie Information Disclosure in IBM Security QRadar SIEM and QRadar Risk Manager Privilege Escalation Vulnerability in IBM Security QRadar SIEM QRM and QVM XML Entity Expansion Denial of Service Vulnerability in IBM WebSphere Commerce Sensitive Information Exposure in IBM ServerGuide, UpdateXpress System Packs Installer (UXSPI), and ToolsCenter Suite IBM TRIRIGA Application Platform 3.2-3.4: Cross-Site Scripting (XSS) Vulnerability in breakOutWithName.jsp IBM TRIRIGA Application Platform 3.2-3.4 Cross-Site Scripting (XSS) Vulnerability in NewDocument.jsp IBM TRIRIGA Application Platform 3.2-3.4 Cross-Site Scripting (XSS) Vulnerability in GanttProjectSchedulerPopup.jsp Cross-Site Request Forgery (CSRF) Vulnerability in IBM TRIRIGA Application Platform Arbitrary Code Execution Vulnerability in IBM TRIRIGA Application Platform Information Disclosure Vulnerability in IBM Curam Social Program Management (SPM) Bypassing Access Restrictions in IBM Business Process Manager Import/Export Functionality Arbitrary Script Injection Vulnerability in BannerMan Plugin for WordPress Arbitrary Script Injection Vulnerability in Meta Slider Plugin for WordPress Arbitrary Script Injection Vulnerability in Random Banner Plugin for WordPress Arbitrary Script Injection in Blogstand Banner Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in FoeCMS msg.php SQL Injection Vulnerability in FoeCMS index.php Allows Remote Code Execution via i Parameter Open Redirect Vulnerability in FoeCMS msg.php Allows for Phishing Attacks via r Parameter SQL Injection Vulnerability in The Digital Craft AtomCMS (Possibly 2.0) - Remote Code Execution via admin/uploads.php Arbitrary Script Injection in OpenDocMan File Upload Arbitrary Code Injection via wuc_logo Parameter in WP Construction Mode Plugin for WordPress Polylang Plugin XSS Vulnerability Polldaddy Polls & Ratings Plugin XSS Vulnerability Arbitrary Script Injection in Gurock TestRail Created By Field SQL Injection Vulnerabilities in Sabre AirCentre Crew Products Integer Overflow in UEFI Capsule Update Feature Allows Access Restriction Bypass Integer Overflow Vulnerabilities in UEFI Capsule Update Feature Insecure Temporary File Handling in Thycotic Secret Server Remote Desktop Launcher Vulnerability: Netmaster CBW700N Cable Modem SNMP Information Disclosure Vulnerability: Unauthorized Access to Sensitive Information via SNMP in Arris Touchstone DG950A Cable Modem Cleartext Password Exposure in NETGEAR ProSafe Plus Configuration Utility CacheGuard OS 5.7.7 Cross-Site Request Forgery (CSRF) Authentication Hijacking Vulnerability Weak Permissions in Cryoserver Security Appliance 7.3.x Allow Local Privilege Escalation Arbitrary Command Execution Vulnerability in Brocade Vyatta 5400 vRouter Management Console Vulnerability: Unauthorized Access to Encrypted Passwords in Brocade Vyatta 5400 vRouter Privilege Escalation via Insecure Parameter Validation in Brocade Vyatta 5400 vRouter Arbitrary Web Script Injection Vulnerability in NetCommWireless NB604N Routers Unauthenticated Remote Code Execution and Information Disclosure in BMC Track-It! 11.3.0.355 Arbitrary SQL Command Execution Vulnerability in BMC Track-It! 11.3.0.355 Arbitrary File Read Vulnerability in BMC Track-It! 11.3.0.355 Hardcoded AES Key Vulnerability in Toshiba CHEC Allows Unauthorized Access to BOSS DB2 Database Credentials Toshiba 4690 Operating System 6 Release 3 ADXSITCF Logical Name Unrestricted Access Vulnerability Absolute Path Traversal Vulnerability in GNU Wget Allows Remote Code Execution Remote Code Execution Vulnerability in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009 and other models Unverified X.509 Certificates in PartyTrack Library for Android Allow Man-in-the-Middle Attacks Unauthenticated Access Vulnerability in Aptexx Resident Anywhere Cache-Poisoning Vulnerability in uIP and lwIP DNS Resolver Conrad Hotel Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates in CPWORLD Close Protection World Android App (Version 3.4.4) Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Joint Radio Blues Android App (CVE-2021-12345) Insecure SSL Certificate Verification in BattleFriends at Sea GOLD Application for Android SSL Certificate Verification Vulnerability in Diabetic Diet Guide App Unverified SSL Certificates in Nano Digest Android App 3.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in CT iHub Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in uControl Smart Home Automation App for Android Unverified SSL Certificates in MyMetro Android App 2.4.7 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Herpin Time Radio 2.0 for Android Unverified X.509 Certificates in Parque Imperial Android App 1.02 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Touriosity Travelmag Android App 3.1 Unverified X.509 Certificates in Harivijay Android App 4.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Indian Cement Review Android App 3.01 Unverified X.509 Certificates in migme Android App 4.03.002 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Bond Trading Android App (com.appmakr.app613309) Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Kakao Bingo Garden Application Unverified SSL Certificates in Crossmo Calendar App 1.7.1 for Android Unverified SSL Certificates in Clean Internet Browser for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Brisbane & Queensland Alert App 2.0 for Android Arbitrary Script Injection in PNP4Nagios Kohana Error Page Cross-Site Scripting (XSS) Vulnerabilities in PNP4Nagios through 0.6.22 Integer Overflow in Transmission Bitfield Handling Arbitrary File Creation/Overwrite Vulnerability in X.Org xf86-video-intel 2.99.911 Denial of Service Vulnerability in PolarSSL's ssl_decrypt_buf Function Arbitrary File Upload Vulnerability in Frog CMS 0.9.5 Potential Cross Site Scripting Vulnerability in Multiple View Helpers (ZF2014-03) SQL Injection Vulnerability in Zend_Db_Select::order Function Arbitrary User Group Assignment Vulnerability in OXID eShop Cross-Site Scripting (XSS) Vulnerability in Good for Enterprise for Android Buffer Overflow Vulnerability in ACME micro_httpd Arbitrary SQL Command Execution in Invision Power Board (IPB) before 3.4.6 Directory Traversal Vulnerability in ownCloud Server Allows Remote File Inclusion Multiple Cross-Site Scripting (XSS) Vulnerabilities in ManageEngine EventLog Analyzer before 9.0 Build 9002 Arbitrary Script Injection in Wordfence Security Plugin for WordPress Arbitrary Code Execution Vulnerability in Malwarebytes Anti-Malware and Anti-Exploit Arbitrary File Read Vulnerability in BookX Plugin 1.7 for WordPress Arbitrary SQL Command Execution Vulnerability in WP Rss Poster Plugin 1.0.0 SQL Injection Vulnerability in ENL Newsletter Plugin 1.0.1 for WordPress Directory Traversal Vulnerabilities in Tera Charts WordPress Plugin 0.1 Cross-RSS Plugin 1.7 for WordPress Absolute Path Traversal Vulnerability Information Disclosure Vulnerability in EasyCart Plugin for WordPress Privilege Escalation Vulnerability in Linux Kernel's PPPoL2TP Feature SQL Injection Vulnerabilities in BSK PDF Manager Plugin 1.3.2 for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Horde Internet Mail Program (IMP) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Horde Internet Mail Program (IMP) Buffer Overflow in Citrix XenServer HVM Graphics Console Support Vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier: Denial of Service and Sensitive Information Disclosure via Modified VHD Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.2.x before 4.2.6 Cross-site scripting (XSS) vulnerability in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name on the database triggers page. Telerik UI for ASP.NET AJAX RadEditor Control XSS Vulnerability SQL Injection Vulnerability in SQLiteDatabase.java in Android SQL Injection Vulnerabilities in Youtube Gallery Component for Joomla! Negative Quantity Vulnerability in Shopizer 1.1.5 and Earlier Arbitrary User Account Modification Vulnerability in Shopizer 1.1.5 and Earlier Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Shopizer 1.1.5 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Shopizer 1.1.5 and Earlier Arbitrary Code Execution in Ansible Inventory and Jinja2 Data Ansible Multiple Argument Injection Vulnerabilities Arbitrary Code Execution Vulnerability in Boat Browser Application 8.0 and 8.0.1 Arbitrary Memory Write Vulnerability in Windows XP SP3 IOCTL Handlers Arbitrary Code Execution via Unrestricted File Upload in Gravity Upload Ajax Plugin for WordPress Privilege Escalation Vulnerability in ESET Personal Firewall NDIS Filter Driver ESET Personal Firewall NDIS Filter Kernel Mode Driver Information Disclosure Vulnerability Buffer overflow vulnerability in Ruby's pack.c allows for denial of service attack Remote Password Change Vulnerability in Dell SonicWall Scrutinizer 11.0.1 Multiple SQL Injection Vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 Local File Truncation Vulnerability in rawstudio's rs_filter_graph Function Remote Code Execution and Denial of Service Vulnerability in Apple QuickTime Sensitive Information Disclosure via token parameter in Tenable Web UI Remote Code Execution in LPAR2RRD 3.5 and Earlier Arbitrary Command Injection Vulnerability in LPAR2RRD ≤ 4.53 and ≤ 3.5 Remote SQL Injection Vulnerability in Déjà Vu Crescendo Sales CRM Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.x before 4.2.6 Authentication Bypass Vulnerability in phpMyAdmin 4.1.x and 4.2.x Sensitive Information Exposure in codders-dataset gem 1.3.2.1 for Ruby Sensitive Information Exposure in cap-strap gem 0.1.5 Sensitive Information Exposure through Command Line Arguments Arbitrary File Write Vulnerability in gyazo gem 1.0.0 for Ruby Race condition vulnerability in VladTheEnterprising gem 0.2 allows local users to obtain sensitive information Arbitrary File Write Vulnerability in VladTheEnterprising Gem 0.2 Sensitive Information Exposure in point-cli gem 0.0.1 for Ruby Insecure Password Handling in lean-ruport Gem's tc_database.rb Sensitive Information Disclosure in kajam Gem's MySQL Database Handling Sensitive Information Exposure in lawn-login gem's Login Function Sensitive Information Disclosure in kcapifony gem 2.1.6 for Ruby Insecure Password Handling in Lynx Gem for Ruby Privilege Escalation via Symlink Attack in ciborg gem 3.0.0 Sensitive Information Exposure in brbackup Gem Arbitrary Code Execution via Directory Traversal in ZOHO ManageEngine Desktop Central (DC) Arbitrary Code Execution via Directory Traversal in ZOHO ManageEngine Desktop Central (DC) Arbitrary File Write and Execution Vulnerability in ZOHO ManageEngine Desktop Central Remote Code Execution Vulnerability in Snoopy Remote Code Execution Vulnerability in Snoopy DOMPDF Information Disclosure Vulnerability DOMPDF Denial of Service Vulnerability DOMPDF Remote Code Execution Vulnerability Arbitrary Command Execution Vulnerability in WordPress Flash Uploader Plugin Path Truncation Vulnerability in bozohttpd Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in LimeSurvey 2.05+ Build 140618 SQL Injection Vulnerability in LimeSurvey 2.05+ Build 140618 Cross-Site Scripting (XSS) vulnerability in LimeSurvey 2.05+ Build 140618 Denial of Service Vulnerability in Drupal Multisite Feature File Access Bypass Vulnerability in Drupal 7.x before 7.29 Arbitrary Script Injection via Option Group Label in Drupal Form API Drupal 7.x Ajax System Cross-Site Scripting (XSS) Vulnerability Arbitrary Command Execution Vulnerability in Gitter's Repository.php Arbitrary Web Script Injection Vulnerability in Dell SonicWALL GMS, Analyzer, and UMA Cacti 0.8.8b Cross-Site Scripting (XSS) Vulnerability in data_sources.php Cross-Site Scripting (XSS) Vulnerabilities in Cacti 0.8.8b Cross-site scripting (XSS) vulnerability in Review Board 1.7.x and 2.0.x before 2.0.4 Access Restriction Bypass Vulnerability in Review Board Incomplete Fix for Symlink Attack in CUPS 1.7.4 Allows Local Users to Read Arbitrary Files Local File Disclosure Vulnerability in CUPS before 2.0 CUPS Web Interface Information Disclosure Vulnerability Information Disclosure Vulnerability in GLPI Race condition vulnerability in KDE kdelibs and kauth allows local users to bypass access restrictions via D-Bus communication with a polkit authority CSRF Vulnerability in Brute Force Login Protection Module for WordPress OpenDaylight 1.0 Netconf Service XML External Entity (XXE) Vulnerability Information Leakage: CHAP User Credentials Logged in Eucalyptus Storage Controller Sensitive Information Leakage in Eucalyptus 4.0.0 - 4.0.1 Sensitive Information Leakage in Eucalyptus Cloud Log Files Arbitrary Web Script Injection in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 Arbitrary Access Key and Signing Certificate Modification Vulnerability in HP Helion Eucalyptus Integer Overflow Vulnerabilities in libgfortran: Remote Code Execution and Denial of Service Memory Consumption and Use-After-Free Vulnerability in Linux Kernel's mountpoint_last Function Symmetricom s350i 2.70.15 Web Application Directory Traversal Vulnerability Arbitrary Web Script Injection Vulnerability in Symmetricom s350i 2.70.15 Privilege Escalation Vulnerability in Symmetricom s350i 2.70.15 Arbitrary SQL Command Execution in Symmetricom s350i 2.70.15 CSRF Vulnerability in WP Security Audit Log Plugin before 1.2.5 for WordPress Arbitrary Command Execution in vmtadmin.cgi in VMTurbo Operations Manager Denial of Service Vulnerability in Siemens SIMATIC S7-1500 CPU Devices Ignite Realtime Smack XMPP API Vulnerability: SSL Server Spoofing Unprotected Activity Launching in La Banque Postale Android App Allows for Sensitive Data Theft Denial of Service Vulnerability in Linux Kernel's sctp_assoc_update Function Authentication Bypass Vulnerability in Sphider Versions Prior to 1.3.6, Sphider-Pro Versions Prior to 3.2, and Sphider-Plus Versions Prior to 3.2 SQL Injection Vulnerabilities in Sphider: Remote Code Execution Command Execution Vulnerability in Sphider before 1.3.6: Insufficient Sanitization of fwrite in conf.php (CVE-2014-5083) Command Execution Vulnerability in Sphider Pro 3.2 (CVE-2014-5084) Command Execution Vulnerability in Sphider Plus 3.2 via Insufficient Sanitization of fwrite to conf.php (CVE-2014-5085) Command Execution Vulnerability in Sphider Pro and Sphider Plus 3.2 Arbitrary Code Execution Vulnerability in Sphider Search Engine 1.3.6 and earlier Cross-Site Scripting (XSS) Vulnerability in Status2k Login Page SQL Injection Vulnerability in Status2k Admin Panel Arbitrary Command Execution Vulnerability in Status2k Admin Panel Arbitrary PHP Code Execution Vulnerability in Status2K 2.5 Server Monitoring Software Remote Command Execution in admin/options/editpl.php Status2k Vulnerability: Unsecured Install Directory Allows Credential Reset Remote Information Disclosure Vulnerability in Status2k SQL Injection Vulnerabilities in Free Reprintables ArticleFR 3.0.4 and Earlier Jamroom Search Module XSS Vulnerability Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Omeka before 2.2.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in WeBid 1.1.1 SQL Injection Vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 Multiple SQL Injection Vulnerabilities in ol-commerce 2.1.1 Cross-Site Scripting (XSS) Vulnerabilities in ol-commerce 2.1.1 Arbitrary Web Script Injection Vulnerability in Invision Power IP.Board 3.4.x through 3.4.6 Information Disclosure Vulnerability in concrete5 before 5.6.3 Arbitrary Web Script Injection in concrete5 Download File Vulnerability SQL Injection Vulnerability in Fonality trixbox Endpoint Configuration Module Arbitrary Web Script Injection Vulnerability in Fonality trixbox Directory Traversal Vulnerabilities in Fonality trixbox Arbitrary Command Execution Vulnerability in Fonality trixbox Multiple Cross-Site Scripting (XSS) Vulnerabilities in Visualware MyConnection Server 9.7i LDAP Injection Vulnerability in WeBid 1.1.1 DirPHP 1.0 Absolute Path Traversal Vulnerability NULL Pointer Dereference Vulnerability in cairo_image_surface_get_data Function Circuit Persistence Vulnerability in Tor Versions 0.2.4.23 and 0.2.5.6-alpha Trusted Boot (tboot) 'loader.c' Security Bypass Vulnerability Off-by-one Error in gconv_trans.c in GNU C Library Allows Arbitrary Code Execution Arbitrary File Overwrite Vulnerability in PHP GD Component Unspecified Cross-Site Scripting (XSS) Vulnerabilities in ESRI ArcGIS for Server 10.1.1 Open Redirect Vulnerability in ESRI ArcGIS for Server 10.1.1: Phishing Attack via Login Parameter Open Redirect Vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 Session Token Exposure in Innovative Interfaces Encore Discovery Solution 4.3 Arbitrary Web Script Injection Vulnerability in Avolve Software ProjectDox 8.1 Information Disclosure Vulnerability in Avolve Software ProjectDox 8.1 Ciphertext Reuse Vulnerability in Avolve Software ProjectDox 8.1 User Enumeration Vulnerability in Avolve Software ProjectDox 8.1 Innovative Interfaces Sierra Library Services Platform 1.2_3 Cross-Site Scripting (XSS) Vulnerability Account Enumeration Vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 Multiple Parameter Instances Bypass Vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 Denial of Service Vulnerability in OpenSSL 1.0.1: SSL ServerHello SRP Ciphersuite Crash SQL Injection Vulnerability in Loaded Commerce 7's bindReplace Function Telescope 0.9.3 XSS Vulnerability in Markdown Input Denial of Service Vulnerability in Xen MMU Virtualization Operations Denial of Service Vulnerability in Xen 4.4.x on ARM Systems Denial of Service and Privilege Escalation Vulnerability in Xen 4.4.x on ARM Systems Denial of Service Vulnerability in Xen MMU Virtualization Operations Arbitrary Command Execution Vulnerability in AlienVault OSSIM SQL Injection Vulnerability in AlienVault OSSIM Allows Remote Code Execution Arbitrary File Creation and Deletion Vulnerabilities in HP Data Protector's Cell Request Service Buffer Underflow and Application Crash in Wireshark IrDA Dissector Buffer underflow vulnerability in read_new_line function in Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 allows remote attackers to cause denial of service. Incomplete Initialization of Buffer in GTP and GSM Management Dissectors in Wireshark 1.10.x before 1.10.9 Uninitialized Structure Member Vulnerability in Wireshark RLC Dissector Buffer Underflow Vulnerability in Wireshark ASN.1 BER Dissector Arbitrary Script Injection in Drupal Date Module Failure to Update .htaccess File Contents in Storage API Module for Drupal Unencrypted Transmission of Credentials in SAP HANA XS Applications Arbitrary Web Script Injection Vulnerabilities in SAP HANA XS Administration Tools SAP HANA XS Access Restriction Bypass Vulnerability Unrestricted Access to Functions in SAP Netweaver Business Warehouse Component Authentication Bypass Vulnerability in SAP Solution Manager 7.1 License Measurement Servlet Hard-coded User Name Vulnerability in SAP FI Manager Self-Service XML External Entity (XXE) vulnerability in libvirt 1.0.0 through 1.2.x before 1.2.5 Cross-Site Scripting (XSS) Vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 Access Control Bypass in Freelinking Module for Drupal SQL Injection Vulnerability in HDW Player Plugin for WordPress Arbitrary File Read Vulnerability in Last.fm Rotation Plugin for WordPress SQL Injection Vulnerabilities in Yawpp Plugin 1.2 for WordPress Arbitrary SQL Command Execution in Simple Retail Menus Plugin for WordPress SQL Injection Vulnerability in stripShow Plugin 2.5.2 for WordPress SQL Injection Vulnerability in Quartz Plugin 1.01.1 for WordPress SQL Injection Vulnerability in All Video Gallery Plugin 1.2 for WordPress Arbitrary File Read Vulnerability in Tom M8te Plugin for WordPress Arbitrary Web Script Injection in Lyris ListManager (LM) 8.95a via EmailAddr Parameter SQL Injection Vulnerability in Lead Octopus WordPress Plugin Arbitrary Web Script Injection in SI CAPTCHA Anti-Spam Plugin for WordPress CKEditor Preview Plugin XSS Vulnerability Arbitrary SQL Command Execution in Sphider 1.3.6 via admin/admin.php Cross-site scripting (XSS) vulnerability in Sphider 1.3.6 via category parameter in admin/admin.php Arbitrary PHP Code Injection in Sphider 1.3.6 admin/admin.php Keyboard Focus Bypass Vulnerability in Unity Cross-Site Request Forgery (CSRF) Vulnerability in Improved User Search in Backend Plugin for WordPress Directory Traversal Vulnerability in Splunk Enterprise 6.1.x Arbitrary Script Injection via Referer Header in Splunk Enterprise 6.1.x CSRF Vulnerability in WordPress File Upload Plugin (wp-file-upload) Allows Unauthorized Settings Modification SQL Injection Vulnerability in FB Gorilla Plugin for WordPress SQL Injection Vulnerability in Gallery Objects Plugin 0.4 for WordPress Arbitrary Script Injection in Compfight WordPress Plugin Arbitrary Code Execution Vulnerability in WordPress 3.9.x Timing-based Brute-force Attack Vulnerability in WordPress CSRF Protection CSRF Token Concatenation Vulnerability in WordPress before 3.9.2 Vulnerability: Bypassing Read-Only Restriction in Linux Kernel Bind Mounts Privilege Escalation and Denial of Service Vulnerability in Linux Kernel Unauthenticated File Access and Database Information Disclosure in Yokogawa CENTUM CS 3000 and CENTUM VP NTP 4.2.7p25 Information Disclosure Vulnerability via GET_RESTRICT Control Message Arbitrary Command Execution in AlienVault OSSIM SOAP Service Stack-based Buffer Overflow in Attachmate Reflection FTP Client Arbitrary Web Script Injection Vulnerability in Novell eDirectory iMonitor Information Disclosure Vulnerability in Novell eDirectory iMonitor XML External Entity (XXE) Vulnerability in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 Information Disclosure: Service-Account Password Exposure in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 CSRF Vulnerability in NetIQ Access Manager (NAM) 4.x Administration Console Local Privilege Escalation in mdcheck script of mdadm package for openSUSE 13.2 Password Extraction Vulnerability in Siemens SIMATIC WinCC Sm@rtClient App for iOS Bypassing Application-Password Requirement in Siemens SIMATIC WinCC Sm@rtClient App for iOS Credential Exposure in Siemens SIMATIC WinCC Sm@rtClient App for iOS Arbitrary Web Script Injection in Open-Xchange (OX) AppSuite Arbitrary Script Injection in Open-Xchange (OX) AppSuite RSS Feeds Multiple Absolute Path Traversal Vulnerabilities in Open-Xchange (OX) AppSuite Arbitrary Server Request Injection via Open-Xchange Documentconverter Component XML External Entity (XXE) Vulnerability in Open-Xchange (OX) AppSuite Unverified X.509 Certificate Vulnerability in Microsoft Outlook.com for Android Arbitrary Script Injection and Privilege Escalation via Avatar URL in WordPress Multisite Cross-Site Request Forgery (CSRF) vulnerability in MediaWiki JSONP endpoint Arbitrary Script Injection Vulnerability in MediaWiki Multipage Image Navigation Clickjacking vulnerability in MediaWiki versions before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 Authentication Bypass Vulnerability in Shenzhen Tenda Technology Tenda A5s Router World-readable permissions for configuration backup file in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 MyBB 1.6.15 Video MyCode Cross-Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in Biblio Autocomplete Module for Drupal Unspecified Remote Data Access Vulnerability in Biblio Autocomplete Module for Drupal Incorrect Timestamp Precision in MySQL Token Driver Allows Remote Users to Retain Access via Expired Token OpenStack Keystone V3 API Token Expiration Bypass Vulnerability Token Revocation Vulnerability in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 Insecure Temporary File Creation in xcfa before 5.0.1 Allows Symlink Attack Insecure Temporary File Creation Vulnerability in xcfa before 5.0.1 Memory Corruption and Application Crash via Recursive Processing in Node.js Multiple Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms before 1.2.1 p01 Directory Traversal Vulnerability in showTempFile.php in webEdition CMS Arbitrary Web Script Injection Vulnerability in CatTranslate JQuery Plugin in BlackCat CMS Arbitrary File Overwrite Vulnerability in XML-DT Arbitrary Command Execution via Graph Settings Script in Cacti 0.8.8b and Earlier SQL Injection Vulnerability in Cacti's graph_settings.php Unbounded List Vulnerability in QEMU 1.6.0 XML Entity Expansion Denial of Service Vulnerability XML-RPC Denial of Service Vulnerability Unspecified Impact Vulnerability in Drupal XRDS Document Parsing Account Blocking Vulnerability in Fasttoggle Module for Drupal Path Traversal Vulnerability in Plack::App::File Ciphertext Vulnerability in Libgcrypt: Key-Extraction Attacks via Voltage Data Collection Heap-based Buffer Overflow in FFMpeg and Libav's encode_slice Function Out-of-bounds array access vulnerability in libavcodec/iff.c in FFMpeg Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin Arbitrary Web Script Injection in phpMyAdmin View Operations Page SQL Injection Vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 Cross-Site Scripting (XSS) Vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 Downgrade Attack Vulnerability in Docker and docker-py Container Name Collision Vulnerability Unauthenticated TCP Connections Vulnerability in Docker Daemon Managed by boot2docker 1.2 and Earlier CSRF Vulnerability in boot2docker 1.2 and Earlier with Docker Daemons Image ID Validation Bypass in Docker Load Insecure Temporary File Creation in OSSEC Allows Privilege Escalation Unspecified Privilege Escalation Vulnerability in TIBCO Spotfire Server Privilege Escalation and Information Disclosure Vulnerability in TIBCO ActiveMatrix Policy Manager Authentication Module Bash Script Injection Vulnerability in Kemp Load Master 7.1-16 and Earlier CSRF Vulnerability in Kemp Load Master Administrative Pages Remote Code Execution Vulnerability in Senkas Kolibri 2.0 via Long URI in POST Request PHP Object Injection and SSRF Vulnerability in X2Engine's actionSendErrorReport Method Case-insensitive file system bypass vulnerability in X2Engine allows unrestricted file upload attacks Remote Code Execution Vulnerability in Adaptive Computing Moab Directory Traversal Vulnerability in ManageEngine Suite Arbitrary Code Execution via Directory Traversal in ManageEngine Products Panda Security 2014 Products Heap-Based Buffer Overflow Vulnerability SQL Injection Vulnerabilities in TestLink 1.9.11: Remote Code Execution Arbitrary Code Injection through Cross-Site Scripting (XSS) in Six Apart Movable Type Remote Code Execution Vulnerability in Cybozu Office, Mailwise, and Dezie Arbitrary Code Injection through Cross-Site Scripting (XSS) Vulnerability in Adobe Acrobat and ColdFusion Dotclear before 2.6.4 Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection Vulnerability in php365.com 365 Links and 365 Links+ Same Origin Policy Bypass in jigbrowser+ Application 1.8.1 and Earlier for iOS Directory Traversal Vulnerability in S-Link SLFileManager Application 1.2.5 and Earlier for Android Bump Android Application Implicit Intent Information Disclosure Vulnerability Unverified X.509 Certificate Vulnerability in FileMaker Pro and Pro Advanced (CVE-2013-2320) Cross-site scripting (XSS) vulnerability in FileMaker Pro before 13 and Pro Advanced before 13 Unverified X.509 Certificates in Yuko Yuko Android App Allows Man-in-the-Middle Attacks Unrestricted File Upload Vulnerability in N-Media File Uploader Plugin for WordPress XML External Entity (XXE) vulnerability in DWR DOMConverter, JDOMConverter, DOM4JConverter, and XOMConverter functions Unspecified Cross-Site Scripting (XSS) Vulnerability in Direct Web Remoting (DWR) Buffer Overflow Vulnerability in Huawei E5332 Router Webserver Component Buffer Overflow Vulnerability in Huawei E5332 Router Webserver Component Denial-of-Service Vulnerability in Apache HTTP Server on GIGAPOD File Servers Unspecified Cross-Site Scripting (XSS) Vulnerability in BirdBlog Aflax Cross-Site Scripting (XSS) Vulnerability Race condition vulnerability in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local privilege escalation via crafted NVMAP_IOC_CREATE IOCTL call Cross-Site Request Forgery (CSRF) Vulnerability in Adobe Flash Player and Adobe AIR Blank Admin Password Vulnerability in FreeNAS Cross-Site Request Forgery (CSRF) Vulnerabilities in innovaphone PBX 10.00 sr11 and Earlier Denial of Service via File Descriptor Consumption in Monkey HTTP Server Improper Access Restriction in WordPress Mobile Pack Plugin Allows Information Disclosure Cross-Site Scripting (XSS) Vulnerabilities in Check_MK Multisite Component Arbitrary File Write Vulnerability in Check_MK Arbitrary Code Execution via Unsafe Usage of Pickle in Check_MK Insecure RSA Host Key Validation in ownCloud Server Aruba Networks ClearPass Remote Command Execution Vulnerability Feng Office Cross-Site Scripting (XSS) Vulnerability in Client Name Field Arbitrary Web Script Injection in Mobiloud WordPress Plugin Disqus Comment System Plugin for WordPress Upgrade.php Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerabilities in Disqus Comment System Plugin for WordPress CSRF Vulnerabilities in Disqus Comment System Plugin for WordPress Arbitrary Web Script Injection in Riverbed Stingray Traffic Manager Virtual Appliance 9.6 Denial of Service Vulnerability in Baidu Spark Browser 26.5.9999.3511 via Nested Calls to window.print JavaScript Function Directory Traversal Vulnerabilities in Bitdefender GravityZone MIT Kerberos 5 kadmind Remote Ticket Forgery Vulnerability Use-after-free and Double Free Vulnerability in MIT Kerberos 5 Denial of Service Vulnerability in krb5_ldap_get_password_policy_from_dn Function NULL pointer dereference and daemon crash vulnerability in MIT Kerberos 5 LDAP integration Kerberos 5 Vulnerability: Denial of Service via Invalid Message Format Denial of Service Vulnerability in OpenStack Glance Image Registry and Delivery Service Arbitrary File Read Vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent LANDESK Management Suite before 9.6 SP1 Cross-Site Scripting (XSS) Vulnerability in Admin Interface CSRF Vulnerabilities in Landesk Management Suite 9.6 and Earlier Remote File Inclusion Vulnerability in Landesk Management Suite 9.6 and Earlier Arbitrary File Read Vulnerability in WP Content Source Control Plugin Enigmail 1.7.x Vulnerability: Plaintext Email Transmission with Encryption Enabled and BCC Recipients Directory Traversal Vulnerability in New Atlanta BlueDragon CFChart Servlet User Impersonation Vulnerability in Adaptive Computing Moab User Impersonation Vulnerability in Adaptive Computing Moab User Account Credential Disclosure in ManageEngine DeviceExpert before 5.9 build 5981 Access PIN Retrieval Vulnerability in Grand MA 300 Vulnerability: Brute-Force Attack on PIN in Grand MA 300 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Schrack Technik microControl Firmware 1.7.0 (937) SQL Injection Vulnerability in AlienVault OSSIM before 4.7.0 Allows Remote Code Execution Out-of-bounds array access vulnerability in VIQR module in FreeBSD and NetBSD Unrestricted Authentication Attempts in Shopizer 1.1.5 and Earlier Insecure Initialization Vector Generation in Facebook HipHop Virtual Machine (HHVM) Multiple SQL Injection Vulnerabilities in EllisLab ExpressionEngine Off-by-one error in ACPI PCI hotplug interface allows memory corruption and information disclosure SQL Injection Vulnerability in Content Audit Plugin for WordPress Arbitrary Web Script Injection in JobScheduler Operations Center (JOC) XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 Arbitrary File Read Vulnerability in JobScheduler Operations Center (JOC) Username Enumeration Vulnerability in Huawei Campus Switches via SSH Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Huawei HiLink Devices Hardcoded Password Vulnerability in Schrack Technik microControl Arbitrary Web Script Injection in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 XML External Entity (XXE) Vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 Arbitrary SQL Command Execution Vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 Cleartext Credential Exposure in Hospira MedNet Installation Component Unauthenticated Code Execution Vulnerability in Hospira MedNet Software Hardcoded Cryptographic Keys in Hospira MedNet Infusion Pumps: A Network Sniffing Vulnerability Hardcoded Cleartext Password Vulnerability in Hospira MedNet Hospira LifeCare PCA Infusion System before 7.0 Multiple Network Traffic Validation Vulnerabilities Stack-based Buffer Overflow Vulnerabilities in Schneider Electric VAMPSET 2.2.136 and Earlier Arbitrary Web Script Injection Vulnerability in Nordex Control 2 (NC2) SCADA Devices Predictable TCP Initial Sequence Numbers (ISNs) in GE Digital Energy Hydran M2 Ethernet Card Denial of Service Vulnerability in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers Cross-Site Scripting (XSS) Vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA Guest Account Privilege Escalation Vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA Weak X.509 Certificate Algorithm in Schneider Electric StruxureWare SCADA Expert ClearSCADA Unrestricted Authentication Attempts in Beckhoff Embedded PC Images and TwinCAT Components Vulnerability in Beckhoff Embedded PC Images and TwinCAT Components Allows Remote Access Arbitrary Web Script Injection Vulnerability in Meinberg NTP Server Firmware on LANTIME M-Series Devices Denial of Service Vulnerability in GE Multilink Switches RSA Private Key Reuse in GE Multilink Switches Hardcoded Application Password Vulnerability in CareFusion Pyxis SupplyStation 8.1 Hardcoded Database Password Vulnerability in CareFusion Pyxis SupplyStation 8.1 Hardcoded Service Password Vulnerability in CareFusion Pyxis SupplyStation 8.1 Information Disclosure Vulnerability in CareFusion Pyxis SupplyStation 8.1 Denial of Service and Remote Code Execution in Rockwell Automation Connected Components Workbench (CCW) Denial of Service Vulnerability in IOServer before Beta2112.exe Denial of Service Vulnerability in MatrikonOPC OPC Server for DNP3 Remote Password Hash Disclosure in Johnson Controls Metasys Arbitrary Code Execution via Unrestricted File Upload in Johnson Controls Metasys Denial of Service Vulnerability in DNP Master Driver in Elipse SCADA, E3, and Elipse Power Untrusted Search Path Vulnerability in ABB RobotStudio and Test Signal Viewer Hard-coded Password Vulnerability in Baxter SIGMA Spectrum Infusion System Remote Access Vulnerability in Baxter SIGMA Spectrum Infusion System Version 6.05 Cleartext Storage of Wireless Account Credentials in Baxter SIGMA Spectrum Infusion System Default Account with Hard-Coded Credentials in Baxter SIGMA Spectrum Infusion System Arbitrary Memory Write Vulnerability in Honeywell Experion PKS R40x, R41x, and R43x Directory Traversal Vulnerability in Honeywell Experion PKS R40x, R41x, and R43x Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway Multiple Stack-based Buffer Overflow Vulnerabilities in Sniffit Prior to 0.3.7 SQL Injection Vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fat Free CRM before 0.13.3 Privilege Escalation Vulnerability in Seafile Server and Server Professional Edition Lack of TLS Certificate Warning in Geary before 0.6.3 Allows for Man-in-the-Middle Attacks Path Traversal Vulnerabilities in ZOHO ManageEngine Netflow Analyzer and IT360 Arbitrary File Read Vulnerability in ZOHO ManageEngine Netflow Analyzer and IT360 Weak Permissions on Zarafa WebAccess and WebApp Config.php File World-readable permissions in Zarafa 5.00 log directory expose sensitive information vulnerability World-readable permissions in Zarafa WebAccess 4.1 and WebApp tmp directory allow local users to access sensitive session data. World-readable permissions for /etc/zarafa/license in Zarafa Collaboration Platform 4.1 allow unauthorized access to sensitive information Arbitrary Code Injection via a Parameter in MODX Revolution 2.3.1-pl and Earlier XSS Vulnerability in CDA.xsl in HL7 C-CDA 1.1 and Earlier Privilege Escalation Vulnerability in Ubisoft Uplay PC Arbitrary Code Execution via Unrestricted File Upload in SAS Visual Analytics 6.4M1 Privilege Escalation via Unquoted Windows Search Path Vulnerability in ptservice Arbitrary Code Injection through Social Stats Module in Drupal World-readable permissions for /etc/config/shadow in QNAP TS-469U firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 Arbitrary SQL Command Execution in sqrl_verify.php in php-sqrl Arbitrary File Write Vulnerability in PEAR_REST Class Arbitrary Code Execution via Unrestricted File Upload in Tribulant Slideshow Gallery Plugin Buffer Overflow in vararg functions in Lua 5.1 through 5.2.x before 5.2.3 Multiple SQL Injection Vulnerabilities in OpenEMR 4.1.2 (Patch 7) and Earlier nDPI Traffic Classification Library XSS Vulnerability in ntopng Arbitrary File Read Vulnerability in Download Shortcode Plugin for WordPress Unspecified Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise Dashboard File Inclusion Vulnerability in Railo 4.2.1 and Earlier: Remote Code Execution and Information Disclosure CVE-2014-5470 Stack Consumption Vulnerability in Linux Kernel's parse_rock_ridge_inode_internal Function Denial of Service Vulnerability in Linux Kernel's parse_rock_ridge_inode_internal Function Cross-Site Scripting (XSS) Vulnerability in Synacor Zimbra Collaboration before 8.0.8 Sophos Cyberoam Appliances Stack-based Buffer Overflow Vulnerability Arbitrary Command Injection Vulnerability in Sophos Cyberoam Appliances SQL Injection Vulnerability in Sophos Cyberoam Guest Login Portal Static Credentials Vulnerability in SolarWinds Log and Event Manager SAP Crystal Reports RPT File Stack-based Buffer Overflow Vulnerability Double Free Vulnerability in SAP Crystal Reports: Remote Code Execution via Crafted Connection String Record Privilege Escalation Vulnerability in iBackup 10.0.0.32 and Earlier Integer Overflow Vulnerabilities in HelpServ Module of srvx 1.3.1 Arbitrary File Deletion Vulnerability in Perl Clipboard Module CSRF Vulnerability in DS Data Systems KonaKart Storefront Application Arbitrary Code Execution Vulnerability in Ploticus Module of PhpWiki 1.5.0 SQL Injection Vulnerability in XRMS CRM: Remote Code Execution via user_id Parameter Arbitrary Code Execution Vulnerability in XRMS CRM UserAdmin Plugin Adcolony Android Library SSL Certificate Verification Vulnerability MoMinis Android Library SSL Certificate Verification Vulnerability Insecure Certificate Verification in Inmobi Android Library Tapjoy Android Library SSL Certificate Verification Vulnerability Unverified X.509 Certificate Vulnerability in Appsflyer Library for Android Unverified X.509 Certificates in Gameloft Android Library: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in Abode (aka abode.webview) Application 1.7 for Android Certificate Verification Vulnerability in Honolulu Android Application Insecure SSL Certificate Verification in Princess Shopping Android App SSL Certificate Verification Bypass in Baby Get Up - Kids Care App (aka air.brown.jordansa.getup) 1.0.3 for Android Certificate Verification Vulnerability in Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) Application 1.31.1 for Android Insecure SSL Certificate Verification in Abduction Stacker Free (Android App) Unverified X.509 Certificates in Westmoreland Water FCU Android App 1.2.0 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Michael Baker FCU Android App (Version 1.2.0) Insecure SSL Certificate Verification in Flick a Trade (aka air.com.cygnecode.fat) Android App 3.3 Certificate Verification Vulnerability in Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) Application 1.0.31 for Android Unverified SSL Certificates in The Hidden Object Mystery Application for Android Unverified SSL Certificates in The Hidden Object - Alice Free Application for Android Lack of SSL Certificate Verification in SongPop Android App 1.21.2 Insecure SSL Certificate Verification in Sprint Jump Android App Insecure SSL Certificate Verification in Africa Memory Android App (Version 1.0.1) Unverified SSL Certificates in Mahjong Galaxy Space Lite Android App: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in Christmas Words App for Android Insecure SSL Certificate Verification in Puppy Slots Android App Vulnerability: SSL Certificate Verification Bypass in The Animals! Kids Preschool Games App Insecure SSL Certificate Verification in Alphabet & Spelling Kids Games App for Android Insecure SSL Certificate Verification in Math Games App 1.4.3 for Android Vulnerability: Insecure SSL Certificate Verification in Kids Preschool Learning Games App Insecure SSL Certificate Verification in Fun Preschool Creativity Game for Android Insecure SSL Certificate Verification in Counting & Addition Kids Games App for Android Unverified X.509 Certificates in Fly Fishing & Fly Tying App for Android Insecure SSL Certificate Verification in America's Economy for Phone Application Unverified SSL Certificates in Hard Time (Prison Sim) App for Android Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Kids GoldFish Care App for Android: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in Popscene (Music Industry Sim) Android App Unverified SSL Certificates in Word Search Free Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Coles Credit Card App for Android Insecure SSL Certificate Verification in The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) Application 1.4.6 for Android Unverified SSL Certificates in Angry Gran Toss Android App (Version 1.1.1) Allow for Man-in-the-Middle Attacks GadgetTrak Mobile Security Application 1.6 for Android SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in Selfshot - Front Flash Camera Application for Android Unverified X.509 Certificate Vulnerability in hasb_e_haal Application 1.0.9 for Android Unverified SSL Certificates in Las Vegas Lottery Scratch Off Android App 1.2 Certificate Verification Vulnerability in Star Girl Android App (com.animoca.google.starGirl) SSL Certificate Verification Vulnerability in DailyFinance - Stocks & News App for Android Unverified SSL Certificates in Appeak Poker Android App 2.4.5 SSL Certificate Verification Vulnerability in Jazzpodium De Tor Android App SSL Certificate Verification Vulnerability in Appstros - FREE Gift Cards! Application Unverified SSL Certificates in Ask.fm Android App 1.2.4 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Avira Secure Backup for Android Unverified SSL Certificates in AVON Buy & Sell Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Trading 212 FOREX Android App SSL Certificate Verification Bypass in Anywhere Pad-Meet, Collaborate (com.azeus.anywherepad) Application for Android Unverified X.509 Certificates Vulnerability in BackgroundCheckProTool Application 3.5 for Android Unverified SSL Certificates in Mirror Photo Shape App for Android Insecure SSL Certificate Verification in Ingress Intel Helper Application 1.2 for Android Insecure SSL Certificate Verification in The Most Popular Ringtones Application Unverified SSL Certificates in BeenVerified Android App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Like4Like Android App: Exploiting Man-in-the-Middle Attacks Unverified X.509 Certificates in BIATNET Android App 1.1 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in brokenscreencrank (aka com.biggame.brokenscreencrank) Android App 1.1 Unverified SSL Certificates in Free eBooks Android App 14 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in Now Browser (Material) 2.8.1 Unverified SSL Certificates in Snake Evolution Android App 1.3.1 Allow Man-in-the-Middle Attacks Lack of SSL Certificate Verification in Frankly Chat Android App 3.0.1 Unverified SSL Certificates in Free Dating Heart COL Android App 2.6.1 Unverified SSL Certificates in Christian Dating Cafe Android App Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in CIBC Mobile Banking Application for Android SSL Certificate Verification Vulnerability in ActionPuzzleFamily for Kakao Application SSL Certificate Verification Bypass in Homerun Battle 2 Android App SSL Certificate Verification Vulnerability in 9 Innings: 2014 Pro Baseball Android App Certificate Verification Vulnerability in Puzzle Family Android App Certificate Verification Vulnerability in The Tiny Farm Application Unverified SSL Certificates in FamilyConnect Android App 1.5.0 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in 1800CONTACTS App for Android Unverified SSL Certificates in Magzter Android App Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in DeskRoll Remote Desktop Application for Android Insecure SSL Certificate Verification in Akinator the Genie FREE Android App (2.46) Unverified X.509 Certificates in QQ Copy Android App Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Where's My Perry? Free (com.disney.WMPLite) Android App 1.5.1 Unverified SSL Certificates in Where's My Water? Free Android App Allow for Man-in-the-Middle Attacks Certificate Verification Vulnerability in Line Runner (Free) Android App Lack of SSL Certificate Verification in Stickman Ski Racer Android App Insecure SSL Certificate Verification in ce4arab Market Android App Unverified SSL Certificates in eBay Kleinanzeigen Android App 5.0.2 Unverified SSL Certificates in Gmarket Android App 5.1.3 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Able Remote (com.entertailion.android.remote) Application 2.3.6 for Android Unverified SSL Certificates in Love Collage - Photo Editor App for Android Snap Secure Android Application SSL Certificate Verification Vulnerability SSL Certificate Verification Vulnerability in Web Browser & Explorer (com.explore.web.browser) 2.0.7 for Android Unverified X.509 Certificates Vulnerability in Exsoul Web Browser for Android Insecure SSL Certificate Verification in Cartoon Camera Application for Android SSL Certificate Verification Vulnerability in Office Jerk Free Android App SSL Certificate Verification Vulnerability in Office Zombie Android App Unverified SSL Certificates in Follow Mania for Instagram (com.followmania) App 1.2.1 for Android Insecure SSL Certificate Verification in Penguinchefshop Application 1.0.1 for Android Insecure SSL Certificate Verification in The Sniper Shooter Free - Fun Game (aka com.fungamesforfree.snipershooter.free) Application 2.8 for Android Man-in-the-Middle Attack Vulnerability in Perfect Kick Android App Certificate Verification Vulnerability in Brothers In Arms 2 Free+ Android App Unverified SSL Certificates in Ice Age Village Android App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in The Wonder Zoo - Animal Rescue! Application for Android Insecure SSL Certificate Verification in Stupid Zombies Android App (Version 1.12) SSL Certificate Verification Vulnerability in Home Repair Application Unverified SSL Certificates in Video Poker Casino App for Android Insecure SSL Certificate Verification in Mega Jump Android App Unverified SSL Certificates in Kiss Kiss Office Android App Allow for Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Madipass Martinique Android App 1.8 Insecure SSL Certificate Verification in Buy Yorkshire Conference App for Android Unverified SSL Certificates in Cloud Browser App for Android Unverified X.509 Certificate Vulnerability in Eu Sei (com.guilardi.eusei) Android App Unverified SSL Certificates in Huntington Mobile App for Android Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in ADT Taxis Android App Insecure Certificate Verification in CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) Application for Android Unverified X.509 Certificates in Cloud Manager Application for Android Allows Man-in-the-Middle Attacks Unverified SSL Certificates in IMPI Mobile Security Application 2.1.0 for Android Unverified SSL Certificates in Instachat Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in Brightest LED Flashlight App for Android CamScanner Android App SSL Certificate Verification Vulnerability AMC Security- Antivirus, Clean (com.iobit.mobilecare) Android App 4.4.1 SSL Certificate Verification Vulnerability Unverified X.509 Certificates in ISL Light Remote Desktop Android App Allows Man-in-the-Middle Attacks Unverified SSL Certificates in JAUMO Dating App for Android Unverified SSL Certificates in iLove - Free Dating & Chat App (aka com.jestadigital.android.ilove) Application 1.3.3 for Android SSL Certificate Verification Bypass in Traffic Jam Free (aka com.jiuzhangtech.rushhour) Application 1.7.7 for Android Insecure SSL Certificate Verification in Kicksend Android App Unverified SSL Certificates in Kicksend Photo Prints Android App (Version 1.0.7) Allow Man-in-the-Middle Attacks Unblock Me FREE Android App SSL Certificate Verification Vulnerability Unverified X.509 Certificates Vulnerability in Kaspersky Internet Security for Android Unverified SSL Certificates in CM Browser for Android: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in TRA Auctions for Buyers Application 2.6 for Android Unverified SSL Certificates in CA Lottery Results App for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in MercadoLibre Android App 3.8.7 Insecure SSL Certificate Verification in ASTRO File Manager with Cloud Application Unverified X.509 Certificate Vulnerability in TN Members 1st FCU-RDC Android App SSL Certificate Verification Vulnerability in Anger of Stick 3 (com.miniclip.angerofstick3) Application 1.0.3 for Android Unverified SSL Certificates in Rail Rush Android App 1.9.0 SSL Certificate Verification Bypass in FreeCell Solitaire Android App Unverified SSL Certificates in Spider Solitaire Android App 3.0.0 Unverified X.509 Certificates in Mzone Login Application for Android Unverified SSL Certificates in AVD Download Video Application for Android Insecure SSL Certificate Verification in Vault-Hide SMS, Pics & Videos (com.netqin.ps) App for Android Unverified X.509 Certificate Vulnerability in BAND -Group Sharing & Planning Application SSL Certificate Verification Bypass in 9GAG Android App Unverified SSL Certificates in SAS: Zombie Assault 3 Android App Allow for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Super Stickman Golf Application for Android Insecure Certificate Verification in NQ Mobile Security & Antivirus Application for Android Lack of SSL Certificate Verification in Easy Finder & Anti-Theft App for Android PicsArt - Photo Studio Android App SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in Phonegram - Instagram Download Application for Android Unverified SSL Certificates in Township Android App 1.5.1 Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Point Inside Shopping & Travel App for Android Unverified SSL Certificates in IQ Test Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in PopU 2: Get Likes on Instagram (aka com.popuapp.popu) Application 1.7.5 for Android Unverified SSL Certificates in Tapatalk Android App 4.8.0 Allow Man-in-the-Middle Attacks XDA-Developers Android App 3.9.8 SSL Certificate Verification Vulnerability SSL Certificate Verification Bypass in Retale - Weekly Ads & Deals App SSL Certificate Verification Vulnerability in The Piano Teacher (aka com.rubycell.pianisthd) Application Unverified SSL Certificates in Runtastic Running & Fitness App for Android Insecure SSL Certificate Verification in Runtastic Heart Rate Application Insecure SSL Certificate Verification in Runtastic Me Android App Insecure SSL Certificate Verification in Runtastic Mountain Bike Application for Android Insecure SSL Certificate Verification in Runtastic Pedometer Application for Android Insecure SSL Certificate Verification in Runtastic Road Bike Application for Android Insecure SSL Certificate Verification in Runtastic Timer Application Insecure Certificate Verification in Best Phone Security App for Android Unverified SSL Certificates in Safeway Android App 4.1.0 Allow for Man-in-the-Middle Attacks X.509 Certificate Verification Vulnerability in Slots Vacation - FREE Slots Application Unverified SSL Certificates Vulnerability in Scoutmob Local Deals & Events App Unverified SSL Certificates in Hello Kitty Cafe Android App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates Vulnerability in Sonic 4 Episode II LITE Android App Insecure SSL Certificate Verification in Dress Up! Girl Party App for Android Insecure SSL Certificate Verification in Furdiburb Android App (com.sheado.lite.pet) 1.1.2 Unverified X.509 Certificates Vulnerability in Parallel Kingdom MMO Android App Unverified SSL Certificates in The Brain Lab Android App Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Skout Android App Certificate Verification Vulnerability in Penguin Run Android App Unverified SSL Certificates in Slingo Lottery Challenge Android App (Version 1.0.34) DISH Anywhere Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates in Sonic CD Lite Android App Allow Man-in-the-Middle Attacks Lack of SSL Certificate Verification in SomNote - Journal/Memo App for Android Unverified SSL Certificates in Bunny Run Android App Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in The Best Racing/moto Games Ranking Application 2.2.7 for Android SSL Certificate Verification Bypass in Donut Maker Application Unverified X.509 Certificate Vulnerability in Cisco Class Locator Fast Lane Android App Certificate Verification Vulnerability in Microsoft Tech Companion App for Android Lack of SSL Certificate Verification in Turbo River Racing Free Android App (Version 1.07) SSL Certificate Verification Bypass in The Telly - Watch the good stuff (aka com.telly) Application 2.5.1 for Android Lack of SSL Certificate Verification in Text Me! Free Texting & Call App for Android Insecure SSL Certificate Verification in Street Racing (com.tgb.streetracing.lite5pp) Android App 4.0.4 SSL Certificate Verification Vulnerability in GUNSHIP BATTLE : Helicopter 3D (com.theonegames.gunshipbattle) Application 1.1.7 for Android Unverified SSL Certificates in Fashion Style App for Android Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in BIKE RACING 2014 (Android App) SSL Certificate Verification Vulnerability in Bike Race Free - Top Free Game Insecure SSL Certificate Verification in Touchnote Postcards Android App Vulnerability: SSL Certificate Verification Bypass in SwiftKey Keyboard + Emoji Application Insecure SSL Certificate Verification in Trapster Android App (Version 4.3.2) Vulnerability: SSL Certificate Verification Bypass in Gambling Insider Magazine Android App Vulnerability: SSL Certificate Verification Bypass in Truecaller - Caller ID & Block (com.truecaller) Application SSL Certificate Verification Bypass in myBranch App for Android Unverified SSL Certificates in uTorrent Remote Android App Allow Man-in-the-Middle Attacks Vevo Android App SSL Certificate Verification Vulnerability Viddy Android App 1.3.9 SSL Certificate Verification Vulnerability Unverified SSL Certificates in russkoe TB HD Android App 3.6 Insecure SSL Certificate Verification in Word Search Android App (Version 2.3.0) Unverified SSL Certificates in Wamba - meet women and men Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Shop Love Android App 1.05 Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Buy Books Android App 0.1 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in Buy A Gift Android App SSL Certificate Verification Vulnerability in Buy Coins Android App Unverified X.509 Certificate Vulnerability in CDsoft Android Application SSL Certificate Verification Vulnerability in Garfield's Defense Android App Insecure SSL Certificate Verification in Garfield's Diner Android App Unverified X.509 Certificates Vulnerability in Security - Free (aka com.webroot.security) App for Android Unverified SSL Certificates in Security - Complete Android App (com.webroot.security.complete) 3.6.0.6610 Insecure SSL Certificate Verification in Eversnap Private Photo Album Application Insecure SSL Certificate Verification in RE-VOLT 2: Best RC 3D Racing App for Android Unverified SSL Certificates in RE-VOLT 2 : MULTIPLAYER App for Android SSL Certificate Verification Vulnerability in FREE Pageplus Activation Application for Android SSL Certificate Verification Vulnerability in Government Best Jobs Application for Android XFINITY Constant Guard Mobile Application SSL Certificate Verification Vulnerability Unverified X.509 Certificates Vulnerability in wK12olslogin Android App Unverified SSL Certificates in Jelly Splash Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Pro Bet Tips Android App: A Man-in-the-Middle Vulnerability Tor Browser Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates Vulnerability in wTradersActivity Application Twitter No Background Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates in Verizon Instant Refills 24/7 Android App Verizon Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates in Buy 99 Cents Only Products App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in Buy Tickets Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Yellow Pages Local Search Android App 11.0.0 Unverified X.509 Certificates in Awesome Antivirus 2014 Android App: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in Pizza Hut Android App (Version 2.0.5) Zipcar Android App 3.4.2 SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in Cut the Rope: Time Travel Android App Insecure SSL Certificate Verification in Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) App for Android Unverified X.509 Certificates in Antivirus Free Android App (com.zrgiu.antivirus) 7.2.16.02 Allows Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Paint for Friends (aka de.lotumlabs.buddypainting) App 1.5.1 for Android Unverified SSL Certificates in Uber B2B Android App 1.9 SSL Certificate Verification Vulnerability in IM+ (aka de.shapeservices.impluslite) Application 6.6.2 for Android Certificate Verification Vulnerability in Food Planner Application for Android Unverified SSL Certificates in Mobiscope Local Android App 1.05 Unverified X.509 Certificates Vulnerability in Web Browser for Android SSL Certificate Verification Vulnerability in Credit Union of Texas Mobile Application Unverified X.509 Certificates in Government Bookstore Android App: Man-in-the-Middle Attack Vulnerability Unverified SSL Certificates in RegisteredAssistant Android App 0.2.3 Unverified X.509 Certificates Vulnerability in Web Browser & Explorer for Android Unverified SSL Certificates Vulnerability in Super Fast Browser 2.0.5.6 for Android PlayMemories Online Android App 4.2.0.05070 Vulnerability: SSL Certificate Verification Bypass Unverified SSL Certificates Vulnerability in CocoPPa App Unverified X.509 Certificates in Pou (aka me.pou.app) Android App 1.4.53 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Jack'd - Gay Chat & Dating App for Android Insecure SSL Certificate Verification in Bouncy Bill Android App (Version 1.9.1) SSL Certificate Verification Vulnerability in Bouncy Bill Easter Tales Application Insecure SSL Certificate Verification in Bouncy Bill Halloween Android App Insecure SSL Certificate Verification in Bouncy Bill Monster Smasher Ed (Android App) Insecure SSL Certificate Verification in Bouncy Bill Seasons Android App Insecure SSL Certificate Verification in Bouncy Bill World-Cup Application for Android Insecure SSL Certificate Verification in Jewels & Diamonds Android App Insecure SSL Certificate Verification in Ninja Chicken Application 1.7.6 for Android Insecure SSL Certificate Verification in Ninja Chicken Adventure Island Android App Insecure SSL Certificate Verification in Ninja Chicken Ooga Booga Android App (1.4.2) Insecure SSL Certificate Verification in Pets Fun House Android App Unverified SSL Certificates in Daum Cloud Android App 1.6.18 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Reign of Dragons: Build-Battle App for Android Unverified X.509 Certificates in Bilgi Yarisi Android App 1.8 Allows Man-in-the-Middle Attacks Unverified SSL Certificates in 8 Minutes Abs Workout App 2.0.9 for Android Insecure SSL Certificate Verification in The Chest Workout (aka net.p4p.chest) App 2.0.8 for Android Unverified X.509 Certificates in nh.smart Android App 3.0.5 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in smart.calculator Android App Unverified X.509 Certificates in nh.smart.card Android App: Exploiting Server Spoofing Vulnerability Unverified X.509 Certificates in smart.nhibzbanking Application 2.1 for Android Certificate Verification Bypass Vulnerability in DataGard VPN + AV Application for Android Insecure SSL Certificate Verification in PlayScape Application 9.3.3 for Android Man-in-the-Middle Attack Vulnerability in Towers N' Trolls (aka project.android.ftdjni) Application 1.6.4 for Android Unverified SSL Certificates in Mail.Ru Dating Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Mamba Dating App for Android Insecure SSL Certificate Verification in World of Tanks Assistant Android App (Version 1.7.5) Safari Browser for Android SSL Certificate Verification Vulnerability Unverified SSL Certificates in Whisper 4.0.6 for Android Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Smart Browser 2.0 for Android Unverified X.509 Certificates in SGK Hizmet Dokumu 4a Android App Allows Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in ZOOM Cloud Meetings Android App VDM Officiel Android App 5 SSL Certificate Verification Vulnerability Unverified SSL Certificates Vulnerability in Lostword Application 5.9 for Android Unverified SSL Certificates in Solitaire Arena Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in MeiPai Android App 1.2.0 Allow for Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Mini Pets Android App (Version 2.0.3) Lack of SSL Certificate Verification in Tiny Tower Android App Unverified SSL Certificates in PHONE for Google Voice & GTalk Application 1.0 for Android Unverified SSL Certificates in OkCupid Dating App for Android SSL Certificate Verification Vulnerability in GuitarTuna Android App VK Kate Mobile Android App 9.6.1 SSL Certificate Verification Vulnerability The Cleaner - Speed up & Clean Android App 1.4.2 SSL Certificate Verification Vulnerability Unverified X.509 Certificates Vulnerability in Longjiang (com.longjiang.kr) Application 2.0.6 for Android Insecure SSL Certificate Verification in Guess The Movie Android App Unverified SSL Certificate Vulnerability in Rix GO Locker Theme Application Insecure SSL Certificate Verification in Ibotta Android App (Version 2.5.1) Unverified X.509 Certificates in 3Kundenzone Android App Allows Man-in-the-Middle Attacks Hobby Lobby Stores Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates in Farm Frenzy Gold Android App Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Hotel Story: Resort Simulation App for Android Unverified X.509 Certificates Vulnerability in hananbank Android Application (Version 4.06) FriendCaster Chat Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates in Solitaire Deluxe (com.gosub60.solfree2) App 2.8.5 for Android Insecure SSL Certificate Verification in Club Personal Android App 2.6 Unverified SSL Certificates in GittiGidiyor Android App 1.4.1 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in My Railway Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Girls Games - Shoes Maker (com.g6677.android.shoemaker) App for Android Unverified SSL Certificates in Acces Compte Android App 3.2.6 SSL Certificate Verification Vulnerability in forfone: Free Calls & Messages Certificate Verification Vulnerability in Girls Calendar Period&Weight App Unverified SSL Certificates in 2G Live Tv Android App: A Man-in-the-Middle Vulnerability SSL Certificate Verification Vulnerability in ADP AGENCY Immobiliare Android App Unverified X.509 Certificates in Alsunna Android App 0.1 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Strike Fighters Israel Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Fairy Princess Makeover Salon App for Android Insecure SSL Certificate Verification in Big Win Slots - Slot Machines App for Android Unverified SSL Certificates in Dubstep Hero Android App 1.9 Allow for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Maleficent Free Fall Android App Insecure SSL Certificate Verification in Kaave Fali Android App (Version 1.5.1) SSL Certificate Verification Vulnerability in Dark Summoner Application 1.03.39 for Android Insecure SSL Certificate Verification in Kakao Android App (Version 2.11.1.0) Unverified SSL Certificates in Knights N Squires Android App: A Man-in-the-Middle Vulnerability Man-in-the-Middle Attack Vulnerability in Windows Live Hotmail PUSH Mail Application for Android Unverified X.509 Certificates Vulnerability in CJmall Android App (Version 4.1.8) Insecure SSL Certificate Verification in Selfie Camera -Facial Beauty- App for Android SSL Certificate Verification Vulnerability in White & Yellow Pages Application for Android SSL Certificate Verification Vulnerability in Candy Blast (com.appgame7.candyblast) Android App Certificate Verification Vulnerability in Star Girl: Colors of Spring (com.animoca.google.starGirlSpring) Application 3.4.1 for Android SSL Certificate Verification Vulnerability in Slide Show Creator (com.amem) Android App 4.4.3 Unverified SSL Certificates in BoyAhoy - Gay Chat App for Android Unverified X.509 Certificate Vulnerability in ecalendar2 Android App (CVE-2021-XXXX) Insecure Certificate Verification in mpang.gp Android App (Version 4.0.0) Unverified X.509 Certificates in Swish Payments Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in Ask.com Android App 2.2.5 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in CA DMV Android App Enable Man-in-the-Middle Attacks Unverified SSL Certificates in Capital One Spark Pay Android App Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Cisco Technical Support Application for Android Unverified SSL Certificates in CNNMoney Portfolio Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Kmart Android App (Version 6.2.8) SSL Certificate Verification Bypass in Piwik Mobile 2 (org.piwik.mobile2) Android App 2.0.1 Unverified SSL Certificates in SafeNetMobile Pass Application for Android Unverified SSL Certificates in Sears Android App 6.2.8 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in SplashID Android App 7.2.2 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Sylphone Application 5.3.8 for Android Unverified SSL Certificates in WD My Cloud Android App 4.0.0 Unverified SSL Certificates in TV Guide Android App 5.4.3 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in ium (aka net.ium.mobile.android) Application 3.3.4 for Android Unverified SSL Certificates in tvguide Android App 1.9.14 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Yahoo! Japan Box Android App (Version 1.5.1) Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Homoo Ijiri (aka jp.co.applica) Application 3.7 for Android Unverified SSL Certificates in 7-ELEVEN Android App 2.08.000 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in 1&1 Online Storage Application for Android Unverified SSL Certificates in Disaster Alert App for Android Allow Man-in-the-Middle Attacks X.509 Certificate Verification Vulnerability in iVysilani Ceske Televize Application 1.6 for Android Unverified SSL Certificates in Yell Local Search Android App: A Man-in-the-Middle Vulnerability SSL Certificate Verification Vulnerability in SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) Application 1.122 for Android Insecure SSL Certificate Verification in Android Forums Application (com.tapatalk.androidforumscom) 2.4.4.9 for Android Unverified SSL Certificates in KBO sports2i 2014 Android App (com.sports2i) 5.1.00 Unverified SSL Certificates in SnipSnap Coupon App for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Greenbill Android App 2.0.3 Allow Man-in-the-Middle Attacks Unverified SSL Certificates Vulnerability in Froyo Application 5.1.3 for Android AireTalk Android App: SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in ShopYourWay Android App (Version 1.9) Unverified SSL Certificates in GlobalTalk- free phone calls App 2.1.4 for Android Unverified X.509 Certificates Vulnerability in Parallel Mafia MMORPG Android App Lack of SSL Certificate Verification in Heavy Duty Truck Driver Simulator 3D App for Android Nespresso Android App 2.4.1 SSL Certificate Verification Vulnerability Lack of X.509 Certificate Verification in myHomework Student Planner Android App 3.0.2 Unverified SSL Certificates in Beauty Bible App for Android: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in UA Cinemas Mobile Ticketing App Mobile@Work Android Application SSL Certificate Verification Vulnerability Lack of SSL Certificate Verification in MiniInTheBox Online Shopping App for Android SSL Certificate Verification Vulnerability in Grocery List App Man-in-the-Middle Attack Vulnerability in Lil Wayne Slots: FREE SLOTS Application Insecure SSL Certificate Verification in The Pet Salon Application 1.0.1 for Android Kmart Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates in Watcha Android App 2.0.2 Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Dog Whistle Android App Allow for Man-in-the-Middle Attacks Lack of SSL Certificate Verification in Free App Icons & Icon Packs Application for Android Insecure SSL Certificate Verification in InNote Android App (Version 1.0.3.20131119) Unverified SSL Certificates in Allies in War (com.gamelion.aiw) Android App 1.3.2 SSL Certificate Verification Vulnerability in Finansbank Cep Subesi Application for Android Unverified SSL Certificates in Tigo Copa Mundial FIFA 2014 Android App Unverified X.509 Certificates in Minha Oi Android App 1.15.0 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Slideshow 365 (com.Slideshow) Android App 3.6 Unverified SSL Certificates in The Secret Circle Application for Android Unverified SSL Certificates in SurDoc Android App Allow Man-in-the-Middle Attacks VK Amberfog Android App 3.5.6 Vulnerability: SSL Certificate Verification Bypass Unverified SSL Certificates in Need for Speed Network Android App Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in ga6748 Android Application Insecure SSL Certificate Verification in Facebook Status Via Android App SSL Certificate Verification Bypass in Monster Makeup Android App Unverified SSL Certificates in 10000 Kindle Books Downloads Application: A Man-in-the-Middle Vulnerability DCU Mobile Banking Android App SSL Certificate Verification Vulnerability SSL Certificate Verification Vulnerability in FastCustomer Android App Unverified X.509 Certificate Vulnerability in Steganos Online Shield VPN for Android Unverified SSL Certificates in emartmall Android App 1.3.3 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Store and Share Application 2.0.18 for Android SSL Certificate Verification Bypass in Stop & Shop SCAN IT! Mobile Application Vodafone Mobile@Work Android App SSL Certificate Verification Vulnerability Coke Studio 7 Android App SSL Certificate Verification Vulnerability Unverified X.509 Certificate Vulnerability in Flurv Chat Application 4.3.3 for Android Unverified SSL Certificates in The Daily Free App @ Amazon (com.kattanweb.android.dfaa) Application 1.5.2 for Android SSL Certificate Verification Bypass in INCOgnito Private Browser for Android SSL Certificate Verification Vulnerability in Social Networking App for Android Insecure SSL Certificate Verification in AllDealsAsia All Deals ADA App SSL Certificate Verification Vulnerability in Travelzadcomvb Application for Android Unverified SSL Certificates in PocketPC.ch Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Armpit Spa & Girl Games App for Android Insecure SSL Certificate Verification in Baby Stomach Surgery App for Android Unverified X.509 Certificates Vulnerability in LabMSF Antivirus Beta 1.0.2 for Android Insecure SSL Certificate Verification in Soccer Blitz (aka soccer.blitz) Android App 1.06 Unverified X.509 Certificates Vulnerability in Edline Mobile Application for Android Insecure SSL Certificate Verification in forumhawaaworldcom Android App (3.4.12) Unverified SSL Certificates in psicofxp Android App 2.4.12.15 Vulnerability: SSL Certificate Verification Bypass in Obama for America Android App SSL Certificate Verification Vulnerability in TICKET APP - Concerts & Sports (com.xcr.android.ticketapp) 3.0.1 for Android Unverified X.509 Certificate Vulnerability in NOW Application for Android SinoPac Android App 2.4.2 Vulnerability: SSL Certificate Verification Bypass SSL Certificate Verification Vulnerability in E-Dziennik (com.librus.dziennik) Application 0.5.2 for Android Unverified SSL Certificates in KASKUS Android App 2.13.0 SSL Certificate Verification Vulnerability in State Bank Anywhere (com.sbi.SBIFreedomPlus) Android App 2.0.1 SSL Certificate Verification Bypass in Atomic Fusion Application 1.7 for Android VPlayer Video Player Android App SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in Alien War Survivors (com.ly.a13.gp) App 1.3.1 for Android SSL Certificate Verification Vulnerability in ChatBox - Chat Rooms Application Unverified X.509 Certificates Vulnerability in tx Smart Android App (Version 7.05) Unverified X.509 Certificates in BundesArztsuche Android App 1.0.1 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in RussianAnime Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Guess The Actor (aka com.gamelikeinc.actors) Application 1.1 for Android Unverified X.509 Certificate Vulnerability in Halieutics Android App Insecure SSL Certificate Verification in MegaBank Mobile Banking App for Android Unverified SSL Certificates in GrooveMusic Android App 2.0.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Dreamland Super Theme GO Gold Application Insecure SSL Certificate Verification in Designs Nail Arts Android App (Version 3.6.1) SSL Certificate Verification Vulnerability in iGolf - Golf GPS (aka com.igolf) Application 20 for Android Unverified SSL Certificates in Healthylifestyle App 1.2.2 for Android Lack of SSL Certificate Verification in BabyBus Android App (Version 3.91) Unverified X.509 Certificates in Fiksu Library for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Loving - Couple Essential (aka com.xiaoenai.app) 4.0.1 for Android Unverified SSL Certificates in Aquarium Advice Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in PSECU Mobile+ Android App Unverified X.509 Certificate Vulnerability in Eponyms Android App (Version 3.2) Unverified X.509 Certificate Vulnerability in Alibaba Android App (Version 4.1.0.0) Unverified SSL Certificates in Mobile Face Application: A Man-in-the-Middle Vulnerability Unverified X.509 Certificates in memetan.android.com.activity 1.1.0 for Android Unverified SSL Certificates in TV Bengali Open Directory App for Android Unverified SSL Certificates in Genertel Android App 2.6.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in MoWeather Android App 1.40.05 SSL Certificate Verification Vulnerability in RunKeeper - GPS Track Run Walk Application for Android Unverified SSL Certificates in Threadflip Android App: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in The Little Dragons (aka com.playcomo.dragongame) Application 1.0.256 for Android SSL Certificate Verification Vulnerability in Animal Kaiser Zangetsu Android App Unverified SSL Certificates in Educational Puzzles - Letters App for Android Unverified X.509 Certificates Vulnerability in My3 - by 3HK Android App Unverified SSL Certificates in Azkend Gold Android App 1.2.6 Allow Man-in-the-Middle Attacks Certificate Verification Vulnerability in Baby Days Application 1.5.8 for Android Insecure SSL Certificate Verification in Cookbible Android App 1.0.0 Unverified SSL Certificates in Skin Conditions and Diseases App for Android Unverified SSL Certificates Vulnerability in SuccessSecrets Application Unverified SSL Certificates in MLB Preplay Android App Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in ding* ezetop. Top-up Any Phone Application Unverified SSL Certificates in eWUS Mobile Application 1.4.5 for Android Lack of X.509 Certificate Verification in DEKRA Used Car Report Android App 3.0.0 SSL Certificate Verification Vulnerability in Auto Trader Android App Unverified SSL Certificates in SkyDrive Assistant Android App Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Autonavi Android App (4.6.1) Unverified SSL Certificates in FreshDirect Android App 2.7.1 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in Gewara Android App 5.2.3 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in DTE Energy Android App (com.dteenergy.mydte) 3.0.3 Unverified SSL Certificates in Belas Frases de Amor Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Pocket Cam Photo Editor Application for Android Unverified SSL Certificates in Survey.com Mobile Application 3.2.16 for Android Insecure SSL Certificate Verification in Gratta & Vinci Android App Unverified SSL Certificates in LikeHero Get Instagram Likes App for Android Unverified SSL Certificates in Blitz Bingo Android App Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Zombie Detector Application 1.2 for Android Unverified SSL Certificates in Rasta Weed Widgets HD Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in cutprice Application 1.0.4 for Android Gravity Bounce Android App 1.1 SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in nuSquare Android App (Version 1.0.78) SSL Certificate Verification Vulnerability in The Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) Application 1.0.1 for Android Unverified SSL Certificates in TuCarro Android App 2.0.5 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in Celluloid Application 1.3 for Android Insecure Certificate Verification in Doodle Drop Android App Unverified X.509 Certificates in Global Beauty Research Android App 1.6 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Psychology App for Android Insecure SSL Certificate Verification in Fuel Rewards Network Android App Harley-Davidson Visa Android App 1.18 Vulnerability: SSL Certificate Verification Bypass Unverified X.509 Certificates in Versent Books Android App 1.1.99 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in s-peek Credit Rating Report Application Flurry Library for Android SSL Certificate Verification Vulnerability Unverified X.509 Certificate Vulnerability in Chartboost Library for Android Cross-Site Scripting (XSS) Vulnerabilities in TorrentFlux 2.4 Information Disclosure Vulnerability in TorrentFlux 2.4 Remote Authenticated User Cookie Manipulation in TorrentFlux 2.4 SQL Injection Vulnerabilities in ClassApps SelectSurvey.NET Buffer Overflow Vulnerability in F5 BIG-IP Systems and Enterprise Manager Multiple XML External Entity (XXE) vulnerabilities in F5 BIG-IP and related products allow remote file read and denial of service Arbitrary File Write and Execution Vulnerability in ZOHO ManageEngine OpManager Arbitrary File Write and Execution Vulnerability in ZOHO ManageEngine OpManager Arbitrary File Deletion Vulnerability in ZOHO ManageEngine OpManager and IT360 Directory Traversal Vulnerability in ZOHO ManageEngine EventLog Analyzer 9.0 and 8.2 Zoho ManageEngine EventLog Analyzer Database Information Disclosure Vulnerability Credentials Disclosure Vulnerability in ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 Out-of-bounds Read Vulnerability in GNU C Library (glibc) 2.20 Bypassing Same Origin Policy in Android WebView via Crafted Attribute Improper Access Restriction in ZOHO ManageEngine EventLog Analyzer 9.0 and 8.2 Arbitrary SQL Command Execution in phpMyFAQ before 2.8.13 via Restore Function CSRF Vulnerabilities in phpMyFAQ before 2.8.13 Allow Remote Authentication Hijacking Arbitrary Attachment Read Vulnerability in phpMyFAQ before 2.8.13 Arbitrary Attachment Read Vulnerability in phpMyFAQ before 2.8.13 Bypassing Authorization in phpMyFAQ before 2.8.13 via Crafted Instance ID Parameter Bypassing CAPTCHA Protection in phpMyFAQ before 2.8.13 Heap-based buffer overflow in LibVNCServer allows remote code execution Denial of Service and Arbitrary Code Execution Vulnerability in LibVNCServer Denial of Service Vulnerability in LibVNCServer 0.9.9 and Earlier Denial of Service Vulnerability in LibVNCServer 0.9.9 and Earlier Stack-based buffer overflows in LibVNCServer's File Transfer feature Arbitrary File Overwrite Vulnerability in WordPress Advanced Access Manager Plugin Denial of Service Vulnerability in dhcpcd's get_option Function Information Disclosure: Obtaining Hashed User Passwords in McAfee Web Gateway Cross-Site Scripting (XSS) Vulnerabilities in Adiscon LogAnalyzer 3.6.6 and Earlier Cross-Site Scripting (XSS) Vulnerability in jQuery 1.4.2 via text method in after Information Disclosure: Remote Authenticated User Access to Keystore Secret Keys in IBM UrbanCode Deploy 6.1.0.2 before IF1 Credentials Exposure in IBM Security QRadar SIEM and QRadar Risk Manager Clickjacking Vulnerability in IBM Security Access Manager for Mobile and Web CSRF Vulnerability in IBM Security Access Manager for Mobile and Web Lack of Lockout Period for Invalid Login Attempts in IBM Security Access Manager Arbitrary Web Script Injection in IBM Security Access Manager for Web and Mobile Arbitrary SQL Command Execution Vulnerability in IBM Security Access Manager for Mobile and Web Denial of Service Vulnerability in IBM Security Access Manager for Mobile and Web Sensitive Cookie Information Disclosure Vulnerability Weak SSL Cipher Vulnerability Insecure Communication Protocol in IBM Security Access Manager for Mobile and Web Weak SSL Cipher Suite Vulnerability Information Disclosure via Null SSL Cipher Denial of Service Vulnerability in IBM Security Access Manager for Mobile and Web Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in IBM Curam Social Program Management (SPM) Arbitrary Web Script Injection Vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 Inadequate Lockout Policy for Web-Service Accounts in IBM Curam Social Program Management (SPM) Arbitrary Script Injection in IBM WebSphere Portal Arbitrary File Read Vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 Arbitrary Web Script Injection Vulnerability in IBM Security Identity Manager 6.x Denial of Service Vulnerability in IBM DB2 9.7 and 9.8 Cleartext Password Disclosure in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 Lack of Lockout Protection in IBM Sterling B2B Integrator Allows Brute-Force Attacks on Change Password Feature Arbitrary web script injection vulnerability in IBM Tivoli Directory Server and IBM Security Directory Server IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 Redirect-Login Cross-Site Scripting (XSS) Vulnerability Unattended Workstation Bypass in IBM Maximo Asset Management and Related Products Clickjacking Vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 CSRF Vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 Sensitive Cookie Information Disclosure in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 Unencrypted Connection Vulnerability in IBM Tivoli Identity Manager and Security Identity Manager Bypassing Access Restrictions and Information Disclosure in IBM Tivoli Identity Manager and Security Identity Manager Improper Logout Handling in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 Cleartext Storage of Encrypted User Credentials in IBM Tivoli Identity Manager and Security Identity Manager Weak SSL Ciphers Vulnerability in IBM Tivoli Identity Manager and Security Identity Manager Arbitrary Web Script Injection Vulnerability in IBM Tivoli Endpoint Manager Web Reports Component XML External Entity (XXE) Vulnerability in IBM WebSphere ILOG JRules, WebSphere Operational Decision Management, and Operational Decision Manager Authentication Bypass Vulnerability in IBM Rational Insight 1.1.1.5 Authentication Bypass Vulnerability in WebSphere MQ 8.0.0.1 Arbitrary Code Execution Vulnerability in IBM Security AppScan Enterprise Arbitrary Command Execution Vulnerability in IBM Rational AppScan Source and Security AppScan Source Arbitrary web script injection vulnerability in IBM Security AppScan Enterprise Arbitrary Folder Write and Command Execution Vulnerability in IBM Security AppScan Enterprise Sensitive Credential Information Disclosure via Installation Logs CSRF Vulnerability in IBM WebSphere Portal 8.5.0 before CF03 Allows Authentication Hijacking and XSS Injection Arbitrary Script Injection Vulnerability in IBM WebSphere Portal 8.5.0 before CF03 Arbitrary User Dashboard Deletion Vulnerability in IBM Rational Jazz Team Server Lack of Warning Message in IBM Notes Traveler Android App Allows Information Leakage Arbitrary User Dashboard Reading Vulnerability in IBM Rational Jazz Team Server Arbitrary Script Injection Vulnerability in IBM WebSphere Service Registry and Repository Information Disclosure Vulnerability in IBM API Management 3.x before 3.0.1.0 Cleartext Server Password Retention Vulnerability in IBM Rational ClearCase Clickjacking Vulnerability in IBM Security AppScan Enterprise Unencrypted Session Vulnerability in IBM Security AppScan Standard 8.x and 9.x Arbitrary Script Injection Vulnerability in IBM Tivoli Endpoint Manager 9.1 Bypassing Grid-Data Access Restrictions in IBM WebSphere DataPower XC10 Appliance Bypassing Access Restrictions in IBM Business Process Manager Search REST API Arbitrary Code Execution via Shared HMAC Token in IBM Tivoli Endpoint Manager Mobile Device Management (MDM) Arbitrary Command Execution Vulnerability in IBM Tivoli Monitoring (ITM) Sensitive Information Disclosure in IBM WebSphere DataPower XC10 Appliance Arbitrary Web Script Injection Vulnerability in IBM Rational Quality Manager (RQM) Arbitrary Web Script Injection Vulnerability in IBM Cognos Business Intelligence Server Information Disclosure Vulnerability in IBM Sterling B2B Integrator 5.2.x through 5.2.4 Unspecified Local Privilege Escalation Vulnerability in IBM Flex System Manager (FSM) Unauthenticated Access to Sensitive Database Information in IBM Tivoli Application Dependency Discovery Manager (TADDM) BIRT-viewer Directory Traversal Vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) Arbitrary Web Script Injection Vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) CRLF Injection Vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x Arbitrary Web Script Injection in IBM Tivoli Integrated Portal (TIP) 2.2.x Insecure Cookie Handling in IBM WebSphere Service Registry and Repository Arbitrary File Access Vulnerability in IBM Optim Performance Manager for DB2 and IBM InfoSphere Optim Performance Manager for DB2 Directory Traversal Vulnerabilities in IBM WebSphere Service Registry and Repository Arbitrary Code Execution via Directory Traversal in IBM PureApplication System and Workload Deployer Denial of Service Vulnerability in IBM DB2 Bypassing Access Restrictions in IBM WebSphere Service Registry and Repository Arbitrary Web Script Injection in IBM Tivoli Netcool/Impact 6.1.1 Arbitrary Script Injection Vulnerability in IBM WebSphere DataPower XC10 Appliance OpenID and OpenID Connect Cookie Spoofing Vulnerability in IBM WebSphere Application Server XML External Entity (XXE) Vulnerability in IBM WebSphere Application Server Arbitrary Script Injection Vulnerability in IBM WebSphere Application Server CSRF Vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 Allows Remote Authentication Hijacking Arbitrary Script Injection Vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 Sensitive Information Disclosure via SOAP Fault in IBM WebSphere Message Broker and IBM Integration Bus Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Sensitive Analytics Information Disclosure in IBM API Management 3.0 before 3.0.4.0 IF1 IBM Business Process Manager (BPM) Process Inspector Cross-Site Scripting (XSS) Vulnerability Clickjacking Vulnerability in IBM WebSphere Application Server Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Marketing Operations Weak Cipher Selection Vulnerability in IBM WebSphere Process Server, WebSphere Enterprise Service Bus, and Business Process Manager Advanced Unauthenticated Access Control Vulnerability in IBM WebSphere Service Registry and Repository (WSRR) Arbitrary Code Injection through Cross-Site Scripting (XSS) in IBM WebSphere Service Registry and Repository (WSRR) Arbitrary Web Script Injection Vulnerability in IBM WebSphere Service Registry and Repository Arbitrary Script Injection in IBM WebSphere Service Registry and Repository Unauthenticated Access Control Vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x Arbitrary File Read Vulnerability in IBM Business Process Manager Arbitrary Command Execution Vulnerability in IBM Security Network Protection Stack-based Buffer Overflow in IBM Tivoli Storage Manager (TSM) Client Privilege Escalation via Crafted DSO File in IBM Tivoli Storage Manager (TSM) Bypassing Object-Access Restrictions in IBM WebSphere Service Registry and Repository Cross-Site Request Forgery (CSRF) Vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) Cross-Site Scripting (XSS) Vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) IBM Security Network Protection Devices XSS Vulnerability Information Disclosure Vulnerability in IBM Workload Deployer 3.1 Arbitrary Web Script Injection Vulnerability in IBM Curam Social Program Management Arbitrary Web Script Injection in IBM Curam Social Program Management XML Injection Vulnerability in IBM WebSphere Portal Directory Traversal Vulnerability in IBM Maximo Asset Management Authentication Bypass Vulnerability in IBM Tivoli Storage Manager (TSM) Backup-Archive Client Arbitrary Script Injection Vulnerability in IBM Web Experience Factory Clickjacking Vulnerability in IBM Security Network Protection CSRF Vulnerability in IBM Security Network Protection 5.3 before 5.3.1 Allows User Authentication Hijacking Denial of Service Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Denial of Service Vulnerability in IBM DB2 Multiple ALTER TABLE Statements Denial of Service Vulnerability in IBM DB2 Improper Logging of Personal Data in IBM WebSphere Commerce XML External Entity (XXE) Vulnerability in IBM Emptoris Contract Management, Sourcing, Program Management, and Strategic Supply Management Cross-Site Request Forgery (CSRF) Vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Insecure Random Number Generation in IBM Rational ClearCase IBM Marketing Operations Directory Traversal Vulnerability Integer Overflow in string_chunk_split Function in Facebook HHVM Vulnerability: Improper String Termination in HashContext Class Bypassing IP Blacklist in WP-Ban Plugin for WordPress Arbitrary Code Execution Vulnerability in CWT Frontend Edit Extension Unspecified Information Disclosure Vulnerability in TYPO3 LDAP Extension Arbitrary SQL Command Execution in TYPO3 Flat Manager Extension Open Graph Protocol Extension XSS Vulnerability Unspecified Remote Code Execution Vulnerability in ke DomPDF Extension for TYPO3 Arbitrary Script Execution Vulnerability in LumoNet PHP Include Extension for TYPO3 Arbitrary Code Injection through Cross-Site Scripting (XSS) in TYPO3 News Pack Extension Arbitrary Web Script Injection in Akronymmanager Extension for TYPO3 Arbitrary SQL Command Execution in Address Visualization with Google Maps Extension Arbitrary Web Script Injection in Google Sitemap Extension for TYPO3 Arbitrary SQL Command Execution in TYPO3 wt_directory Extension (before 1.4.1) SQL Injection Vulnerabilities in All In One WP Security & Firewall Plugin for WordPress Arbitrary Script Injection in EWWW Image Optimizer Plugin for WordPress Stack-based Buffer Overflow in CPUMiner: Remote Code Execution Vulnerability Buffer Overflow Vulnerability in SAP NetWeaver Dispatcher (disp+work.exe) ZEN-12653: Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Zenoss Core through 5 Beta 3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zenoss Core through 5 Beta 3 Open Redirect Vulnerability in Zenoss Core Login Form (ZEN-11998) Zenoss Core through 5 Beta 3 Directory Traversal Vulnerability Remote Code Execution Vulnerability in Zenoss Core 5 Beta 3 (ZEN-15407) ZEN-15411: Denial of Service Vulnerability in Zenoss Core through 5 Beta 3 XML Entity Expansion Denial of Service Vulnerability in Zenoss Core 5 Beta 3 Unauthenticated Remote Command Execution in Zenoss Core (ZEN-15412) Remote Code Execution in Zenoss Core through 5 Beta 3 via Check For Updates Feature (ZEN-12657) Multiple Format String Vulnerabilities in RRDtool Python Module in Zenoss Core and Other Products (ZEN-15415) Uninitialized FIFO-based Event Channel Control Block Vulnerability Integer Overflow Vulnerabilities in HAProxy 1.5-dev23 Heap-based Buffer Overflow in Squid SNMP Handling ShellShock: Remote Code Execution Vulnerability in GNU Bash Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta Buffer Overflow in apt-get HTTP Transport Code Allows for Denial of Service and Possible Code Execution Insecure Data Access in FusionForge Insufficient Attribute Limitation in Roundup Schema Allows Unauthorized User Information Access Remote Code Execution Vulnerability in GNU Bash through 4.3 bash43-026 Arbitrary Command Execution via Environment Variable Parsing in GNU Bash Multiple Cross-Site Scripting (XSS) Vulnerabilities in OSClass before 3.4.2 Remote Code Execution Vulnerability in SAP Adaptive Server Enterprise (ASE) Bypassing Challenge and Response Mechanism in SAP Adaptive Server Enterprise (ASE) Arbitrary Program Execution Vulnerability in Rejetto HTTP File Server Bypassing CAPTCHA Protection in Powermail Extension for TYPO3 Arbitrary Controller Action Execution in Yet Another Gallery (yag) and Tools for Extbase Development (pt_extbase) Extensions Unspecified Impact Remote Code Execution Vulnerability in TYPO3 tt_news Extension Arbitrary Web Script Injection in Alphabetic Sitemap Extension for TYPO3 Remote User Record Manipulation in TYPO3 femanager Extension SQL Injection Vulnerability in TYPO3 Statistics Extension (ke_stats) 1.1.2 and earlier Arbitrary Web Script Injection in TYPO3 External Links Click Statistics Extension Arbitrary SQL Command Execution in WEC Map Extension for TYPO3 Arbitrary Code Injection through Cross-Site Scripting (XSS) in WEC Map Extension for TYPO3 Arbitrary Web Script Injection in TYPO3 mm_forum Extension (CVE-XXXX-XXXX) Arbitrary Code Execution via Unrestricted File Upload in TYPO3 mm_forum Extension CSRF Vulnerability in mm_forum Extension for TYPO3 Cross-site scripting (XSS) vulnerability in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML and conduct CSRF attack Cross-Site Scripting (XSS) Vulnerabilities in PNMsoft Sequence Kinetics Tables-Management Module XML External Entity (XXE) vulnerability in Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to read arbitrary files. Denial of Service Vulnerability in PNMsoft Sequence Kinetics Monitoring Administration Pages Information Disclosure Vulnerability in Form Controls CSS File in PNMsoft Sequence Kinetics before 7.7 OSClass Directory Traversal Vulnerability in oc-admin/index.php Information Disclosure Vulnerability in Kaazing Gateway and Gateway - JMS Edition Remote Code Execution Vulnerability in CHICKEN 4.9.0 and 4.9.0.1 via 'select' Function Predictable File Names Vulnerability in generate_doygen.pl in ACE before 6.2.7+dfsg-2 CSRF Vulnerability in Login Widget With Shortcode Plugin Allows XSS Attacks Arbitrary Script Injection Vulnerability in WooCommerce Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Web-Dorado Photo Gallery Plugin for WordPress Open Redirect and Phishing Vulnerability in MantisBT before 1.2.18 Array Index Error in win32k.sys: Denial of Service in Windows Kernel Mode Driver Vulnerability RDP Audit Logon Failure Vulnerability Outlook Web App Token Spoofing Vulnerability Microsoft Schannel Remote Code Execution Vulnerability Windows Audio Service Privilege Escalation Vulnerability Internet Explorer Clipboard Information Disclosure Vulnerability Kerberos Checksum Vulnerability OWA XSS Vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 OWA XSS Vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer XSS Filter Bypass Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Active Directory Federation Services Information Disclosure Vulnerability Windows OLE Automation Array Remote Code Execution Vulnerability Microsoft Office Double Delete Remote Code Execution Vulnerability Microsoft Office Bad Index Remote Code Execution Vulnerability Microsoft Office Invalid Pointer Remote Code Execution Vulnerability Exchange URL Redirection Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer ASLR Bypass Vulnerability Internet Explorer Cross-domain Information Disclosure Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Cross-domain Information Disclosure Vulnerability Internet Explorer Cross-domain Information Disclosure Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability OLE Object Remote Code Execution Vulnerability Internet Explorer Memory Corruption Vulnerability Arbitrary Code Execution Vulnerability in Internet Explorer 6-11 Graphics Component JPEG Processing Vulnerability Invalid Index Remote Code Execution Vulnerability Use After Free Word Remote Code Execution Vulnerability Global Free Remote Code Execution in Excel Vulnerability Excel Invalid Pointer Remote Code Execution Vulnerability Microsoft Office Component Use After Free Vulnerability VBScript Memory Corruption Vulnerability Microsoft Office Component Use After Free Vulnerability Internet Explorer XSS Filter Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer ASLR Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Denial of Service Vulnerability in Juniper JunosE Denial of Service Vulnerability in Juniper Junos Juniper Junos RADIUS Accounting Server Authentication Bypass Vulnerability Denial of Service Vulnerability in Juniper Junos Denial of Service Vulnerability in Juniper WLC Devices with WLAN Software Releases 8.0.x, 9.0.x, and 9.1.x Denial of Service Vulnerability in Juniper MX Series Routers Stateless Firewall Port Matching Bypass Vulnerability in Juniper Junos Double Quote Bypass Vulnerability in Juniper Junos Denial of Service Vulnerability in Juniper Junos Denial of Service Vulnerability in Juniper Junos BGP FlowSpec Prefix Handling Null Byte Bypass Vulnerability in MantisBT 1.2.17 and Earlier Arbitrary Command Execution in backup.php in PHPCompta/NOALYSS before 6.7.2 Cross-site scripting (XSS) vulnerability in Facebook and Messenger iOS apps through MIME sniffing Cross-Site Scripting (XSS) Vulnerability in Express Web Framework Directory Traversal Vulnerability in visionmedia send before 0.8.4 for Node.js Heap-based Buffer Overflow in Ettercap Dissector for PostgreSQL Arbitrary Code Execution and Denial of Service Vulnerability in Ettercap's PostgreSQL Dissector Arbitrary File Write and Code Execution Vulnerability in Docker Docker 1.3.0 through 1.3.1 Remote Container Modification Vulnerability CSRF Vulnerability in M/Monit 3.3.2 and Earlier Allows Password Hijacking Unrestricted ICB Indirection in Linux Kernel Allows Denial of Service Predictable Password-Recovery Tokens in WordPress 4.4 and Earlier Cross-site Scripting (XSS) Vulnerability in WatchGuard XTM 11.8.3 via poll_name Parameter OpenStack Neutron Remote Admin Network Attribute Vulnerability Buffer Overflow Vulnerability in Ceph Allows Remote Code Execution Denial of Service and Potential Impact via Long Unencrypted Auth Ticket in Ceph Ceph Auth Reply Validation Vulnerability Arbitrary Script Injection via Picture Name in Livefyre LiveComments 3.0 SDP Dissector Use-After-Free Vulnerability in Wireshark 1.10.x Duplicate Hashtable Vulnerability in Wireshark 1.10.x Denial of Service Vulnerability in Wireshark MEGACO Dissector Uninitialized Memory Read Vulnerability in Netflow Dissector in Wireshark Buffer Over-read and Application Crash in CUPS Dissector in Wireshark 1.12.x before 1.12.1 Denial of Service Vulnerability in Wireshark HIP Dissector Off-by-one error in RTSP dissector in Wireshark allows denial of service Uninitialized ID Vulnerability in Wireshark SES Dissector Denial of Service Vulnerability in Wireshark Sniffer File Parser Denial of Service Vulnerability in Wireshark Sniffer File Parser Buffer Overflow in Wireshark SnifferDecompress Function Denial of Service Vulnerability in Wireshark Sniffer File Parser Arbitrary File Execution Vulnerability in GoPro HERO 3+ gpExec Remote Command Execution in GoPro HERO 3+ via gpExec Unauthenticated Remote Denial of Service in Aztech ADSL DSL5018EN, DSL705E, and DSL705EU Devices Authentication Bypass and Arbitrary Command Execution in Aztech ADSL DSL5018EN, DSL705E, and DSL705EU Devices Sensitive Device Configuration Information Disclosure in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU Devices Denial of Service Vulnerability in Ruby's URI.decode_www_form_component Method Arbitrary Script Injection via Cross-Site Scripting (XSS) in Elasticsearch CORS Functionality Arbitrary Code Execution and Denial of Service Vulnerability in VideoLAN VLC Media Player Cross-Site Scripting (XSS) Vulnerabilities in Titan Framework Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Contact Form 7 Integrations Plugin for WordPress Arbitrary File Upload and Remote Code Execution in Infusionsoft Gravity Forms Plugin Juniper Junos J-Web Multiple Vulnerabilities: XSS and DoS Local Privilege Escalation Vulnerability in Juniper Junos OS 13.2 and 13.3 Denial of Service Vulnerability in Juniper Junos OS Denial of Service Vulnerability in Juniper Junos OS Denial of Service Vulnerability in Juniper vSRX Virtual Firewalls Unspecified vulnerability in Oracle Database Server SQLJ component Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified vulnerability in Oracle Database Server SQLJ Component Unspecified vulnerability in Oracle Database Server SQLJ component Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u67 and 8u20 Unspecified vulnerability in Oracle Java SE and JRockit allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Unspecified vulnerability in Oracle Java SE allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Unspecified Remote Availability Vulnerability in Oracle Secure Global Desktop Component Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to affect confidentiality and integrity via QUERY vectors Unspecified Roles & Privileges Vulnerability in Oracle Agile PLM Component Unspecified Remote Integrity Vulnerability in Oracle Access Manager Remote authenticated users can disrupt availability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier through SERVER:REPLICATION ROW FORMAT BINARY LOG DML vectors. Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Lawful Intercept Vulnerability in Oracle Communications Session Border Controller Unspecified vulnerability in Oracle Java SE allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified vulnerability in Oracle Java SE 8u20 related to Hotspot Remote authenticated users can disrupt availability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier through SERVER:OPTIMIZER vectors. Unspecified vulnerability in Oracle Sun Solaris 11 affecting Archive Utility Unspecified Integrity Vulnerability in Oracle Applications Manager Component Unspecified Remote Integrity Vulnerability in Oracle Applications Framework Zone Framework Vulnerability in Oracle Sun Solaris 10 and 11 Remote authenticated users can disrupt availability in Oracle MySQL Server 5.6.19 and earlier through an unspecified vulnerability related to SERVER:MEMCACHED. Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in Oracle Java SE 7u67 and 8u20 Unspecified vulnerability in JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 Remote Integrity Vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier Unspecified Confidentiality Vulnerability in Oracle E-Business Suite Unspecified Local Privilege Escalation Vulnerability in Solaris Cluster Component Remote Confidentiality Vulnerability in Oracle Solaris 10 and 11 via KSSL Unspecified Integrity Vulnerability in PeopleSoft Enterprise PT PeopleTools Component Unspecified vulnerability in Oracle Database Server Application Express component before 4.2.6 Remote authenticated users can affect availability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, through SERVER:DML vectors. Unspecified Remote Code Execution Vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 9.2 HRMS Component Unspecified Integrity Vulnerability in Oracle Identity Manager Component Unspecified Content Management Vulnerability in Oracle Enterprise Manager Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server 5.6.19 and Earlier Remote Denial of Service Vulnerability in Oracle Sun Solaris 11 SMB Server User Component Unspecified Remote Vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier Unspecified vulnerability in Oracle Java SE affecting confidentiality, integrity, and availability via Deployment in Firefox Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Kernel Vulnerability in Oracle Sun Solaris 11 Unspecified Confidentiality Vulnerability in Oracle Transportation Management Component Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified Remote Vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier Unspecified SSH-related vulnerability in Oracle Sun Solaris 11 Unspecified Integrity Vulnerability in Oracle Java SE and Java SE Embedded Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 Unspecified Confidentiality Vulnerability in Oracle Java SE and Java SE Embedded Remote authenticated users can affect availability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, through SERVER:MEMORY STORAGE ENGINE vulnerability. Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries Unspecified vulnerability in Oracle MySQL Server affecting confidentiality, integrity, and availability via SERVER:DML vectors Remote Denial of Service Vulnerability in Oracle Sun Solaris 10 and 11 via iSCSI Data Mover (IDM) Unspecified Kernel Vulnerability in Oracle Solaris 10 Unspecified Power Management Utility Vulnerability in Oracle Solaris 11 Unspecified 2D-related vulnerability in Oracle Java SE allows for remote confidentiality impact Unspecified Integrity Vulnerability in Oracle Java SE and JRockit Unspecified AWT-related vulnerability in Oracle Java SE versions 6u81, 7u67, and 8u20, and Java SE Embedded version 7u60 Unspecified vulnerability in PL/SQL component in Oracle Database Server Unspecified Remote Integrity Vulnerability in Oracle Java SE Deployment Unspecified Local Vulnerability in JD Edwards EnterpriseOne Tools Component Confidentiality vulnerability in Oracle Java SE and JRockit versions allows remote attackers to compromise data confidentiality via JAXP vectors. Unspecified Local Vulnerability in Oracle Solaris 10 and 11 Affecting Integrity and Availability via UFS Vectors Unspecified Remote Integrity Vulnerability in Oracle Java SE 7u67 and 8u20 Remote authenticated users can disrupt availability in Oracle MySQL Server 5.5.38 and earlier through SERVER:DDL vectors Unspecified vulnerability in Oracle Solaris 10 CDE Power Management Utility Unspecified Integrity Vulnerability in Oracle JDeveloper Component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Applications Framework component in Oracle E-Business Suite: Confidentiality Impact via REST Interface Unspecified Local Vulnerability in Oracle Solaris 10 Kernel Unspecified Integrity Vulnerability in Oracle Web Applications Desktop Integrator Component Unspecified Remote Integrity Vulnerability in Oracle Directory Server Enterprise Edition Unspecified Remote Integrity Vulnerability in Oracle Java SE 7u67 and 8u20 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Remote Vulnerability in Oracle Sun Solaris 11 Related to Hermon HCA PCIe Driver Unspecified vulnerability in Oracle MySQL Server affecting CLIENT:MYSQLDUMP Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality via unknown vectors related to Libraries Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 Unspecified Security Vulnerability in Oracle Transportation Management Component Unspecified Integrity Vulnerability in Oracle WebLogic Server Component Unspecified vulnerability in Oracle PeopleSoft Products allows remote attackers to affect confidentiality and integrity Unspecified Integrity Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified Remote Integrity Vulnerability in Oracle Applications Framework Unspecified vulnerability in Oracle VM VirtualBox Graphics Driver (WDDM) for Windows Guests Confidentiality vulnerability in Oracle Database Server Recovery Component Unspecified vulnerability in Oracle Database Server SQLJ component Unspecified vulnerability in Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 affecting confidentiality and integrity via ITEM vectors Unspecified vulnerability in Oracle Database Server JDBC Component Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified vulnerability in JPublisher component in Oracle Database Server Unspecified vulnerability in JPublisher component in Oracle Database Server Unspecified Local Privilege Escalation Vulnerability in Oracle SOA Suite Component Unspecified vulnerability in Oracle Java SE 8u25 affecting Libraries Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite 11.5.10.2 Confidentiality vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier related to CLIENT:MYSQLADMIN Unspecified Integrity Vulnerability in Oracle Access Manager Unspecified vulnerability in Oracle Access Manager component in Oracle Fusion Middleware: Confidentiality and Integrity Impact via Admin Console Unspecified vulnerability in Oracle Access Manager component in Oracle Fusion Middleware: Remote authenticated user confidentiality and integrity impact via Admin Console. Unspecified vulnerability in Oracle MySQL Server allows remote authenticated users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Applications DBA component in Oracle E-Business Suite Unspecified vulnerability in Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity Unspecified Integrity Vulnerability in Oracle Java SE and JRockit Confidentiality vulnerability in Oracle MySQL Server related to C API SSL Certificate Handling Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified Confidentiality Vulnerability in Oracle Payments Component Unspecified Remote Code Execution Vulnerability in Oracle Java SE 8u20 Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.19 and Earlier Unspecified vulnerability in JD Edwards EnterpriseOne Tools component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.53 Unspecified vulnerability in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 Remote authenticated users can affect availability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, through an unspecified vulnerability related to Server: InnoDB: DML. Unspecified vulnerability in Oracle WebLogic Server component affecting confidentiality via CIE Related Components Unspecified Local File System Vulnerability in Oracle Sun Solaris 11 Unspecified vulnerability in Oracle HTTP Server component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified Remote Integrity Vulnerability in Oracle Agile PLM for Process Unspecified Remote Availability Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified vulnerability in Oracle Adaptive Access Manager component in Oracle Fusion Middleware Unspecified XXE Vulnerability in Oracle Database Server XML Developer's Kit for C Component Unspecified vulnerability in Oracle Database Server Workspace Manager component Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Remote Code Execution Vulnerability in Oracle Reports Developer Component Unspecified vulnerability in Oracle Customer Intelligence component in Oracle E-Business Suite Unspecified Confidentiality Vulnerability in Oracle HCM Configuration Workbench Unspecified vulnerability in Oracle Marketing component in Oracle E-Business Suite: Confidentiality and Integrity Impact via Audience Confidentiality vulnerability in Oracle Sun Systems Products Suite ILOM before 3.2.4 Unspecified Confidentiality Vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 Unspecified vulnerability in PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 affecting Time and Labor module Unspecified vulnerability in Oracle Java SE allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 Unspecified Confidentiality Vulnerability in Oracle Java SE Component Unspecified SAML Integrity Vulnerability in Oracle OpenSSO Component Unspecified vulnerability in Oracle Java SE and JRockit allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Unspecified Confidentiality Vulnerability in Oracle iLearning Component Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 Unspecified Remote Integrity Vulnerability in Oracle Siebel CRM Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Communications Diameter Signaling Router component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Email-related Confidentiality Vulnerability in Oracle Siebel CRM Unspecified Local File System Vulnerability in Oracle Sun Solaris 11 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Lock-Screen Bypass Vulnerability on Microsoft Asha OS Vulnerability in Suricata SSH Parser Allows Remote Attackers to Bypass Rules and Cause Denial of Service Arbitrary Web Script Injection Vulnerability in Subscribe2 Plugin for WordPress Unauthenticated Password Change Vulnerability in M/Monit 3.3.2 and Earlier Denial of Service Vulnerability in Asterisk Open Source 12.x Denial of Service Vulnerability in Asterisk Open Source and Certified Asterisk BlackBerry World App User-Assisted Man-in-the-Middle Vulnerability Arbitrary Web Script Injection Vulnerability in Softing FG-100 PROFIBUS Single Channel Hardcoded Root Password Vulnerability in Softing FG-100 PB PROFIBUS Firmware Arbitrary Code Injection Vulnerability in Your Online Shop's products_id Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in Restaurant Script (PizzaInn_Project) 1.0.0 Aruba Networks ClearPass XSS Vulnerability Aruba Networks ClearPass Information Disclosure Vulnerability Aruba Networks ClearPass Filename Validity Disclosure Vulnerability Aruba Networks ClearPass CSRF Authentication Hijacking Vulnerability Arbitrary File Read Vulnerability in Aruba Networks ClearPass Insight Module Aruba Networks ClearPass Policy Manager Privilege Escalation Vulnerability Aruba Networks ClearPass Authentication Bypass Vulnerability Aruba Networks ClearPass Remote Command Execution Vulnerability Aruba Networks ClearPass Policy Manager Remote Code Execution Vulnerability Arbitrary Web Script Injection Vulnerability in Joomla! 3.2.x and 3.3.x LDAP Authentication Bypass Vulnerability in Joomla! 2.5.x, 3.x, and 3.3.x Arbitrary Command Execution in Trytond's safe_eval Function Arbitrary Script Injection via src Parameter in Exponent CMS 2.3.0 Search Action Unverified SSL Certificate Vulnerability in LG Telepresence Application for Android SSL Certificate Verification Vulnerability in Facebook Facts Android App Unverified X.509 Certificates Vulnerability in wTMDesktop Application for Android SSL Certificate Verification Bypass in TIO MobilePay - Bill Payments Application DNB Trade Android App Vulnerability: SSL Certificate Verification Bypass Unverified SSL Certificates in Homesteading Today Android App Allow for Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Mark's Daily Apple Forum Android App Unverified SSL Certificates in FIAT Forum Android App Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Batch Library for Android Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in bellyhoodcom Android App (Version 3.4.23) SSL Certificate Verification Bypass in ElForro.com Android App (2.4.3.10) Unverified SSL Certificates in iPhone4.TW Android App: Man-in-the-Middle Attack Vulnerability Unverified SSL Certificates in MyBroadband Tapatalk Android App 3.9.22 Unverified SSL Certificates Vulnerability in NextGenUpdate Android App Insecure SSL Certificate Verification in Planet of the Vapes Forum Android App Insecure SSL Certificate Verification in Wizaz Forum Android App (Version 3.6.4) Lack of SSL Certificate Verification in Afghan Radio Android App (Version 2.5) Unverified SSL Certificates Vulnerability in wTrootrooTvIzle Application 0.1 for Android Insecure SSL Certificate Verification in Tortoise Forum Android App Unverified X.509 Certificate Vulnerability in drareym (aka com.drareym) Application 0.1 for Android Unverified SSL Certificates in Leadership Newspapers Android App 1.2 X.509 Certificate Verification Vulnerability in Apploi Job Search App Insecure SSL Certificate Verification in Defence.pk Android App (Version 2.4.13.1) SSL Certificate Verification Vulnerability in Koleksi Hadis Nabi SAW Application Unverified SSL Certificates Vulnerability in Netease Movie App (4.7.2) for Android Insecure SSL Certificate Verification in Forum Krstarice Android App (Version 3.5.14) SSL Certificate Verification Vulnerability in Addis Gag Funny Amharic Pic App Unverified X.509 Certificates in Latin Angels Music HD Android App 2.0 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Ahmed Bukhatir Nasheeds TV Application Unverified X.509 Certificates in Baglamukhi Android App 0.1 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in racemotocross Android App (Version 1.2) Insecure SSL Certificate Verification in African Radios Live Android App (Version 1.0.6) Unverified X.509 Certificates in Inside Crochet Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in SingaporeMotherhood Forum Android App 3.6.6 Man-in-the-Middle Attack Vulnerability in World Cup 2014 Brazil - Xem TV Application SSL Certificate Verification Vulnerability in Friendcaster Application for Android ChallengerTX Android App SSL Certificate Verification Vulnerability Unverified SSL Certificates in Amazighmusic Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Ruta Exacta Android App 1.0 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Exercitii pentru abdomen (aka com.rareartifact.exercitiipentruabdomen41E29322) Application 1.0 for Android Unverified SSL Certificates in Ticket Round Up Android App 3.0.1 Insecure SSL Certificate Verification in Algeria Radio Android App (Version 2.5) Unverified SSL Certificates in wEPISDParentPortal Android App: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in SuperheroQuiz Application 1.0 for Android Unverified SSL Certificates in Mahabharata Audiocast Android App 1.0 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in com.w88235ff7bdc2fb574f1789750ea99ed6 (Android App 0.1) Unverified X.509 Certificates Vulnerability in Open Electrical Webser Application for Android Unverified SSL Certificates in MOL bringaPONT Android App 1.1 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Tsushima Travel Guide App for Android SSL Certificate Verification Bypass in Zoho Books - Accounting App for Android SSL Certificate Verification Vulnerability in wSaudichannelAlNasr Android App Unverified SSL Certificates in Voices.com Android App 1.5 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in JW Cards Android App 3.8.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in InstaMessage Android App Allow Man-in-the-Middle Attacks UC Browser HD for Android: Man-in-the-Middle Vulnerability Man-in-the-Middle Attack Vulnerability in Kingsoft Clip (Office Tool) for Android Unverified X.509 Certificates Vulnerability in Juiker (aka org.itri) Application 3.2.0829.1 for Android SSL Certificate Verification Vulnerability in 5SOS Family Planet Application Unverified SSL Certificates in Wedding Photo Frames-Love Pics App for Android Certificate Verification Vulnerability in Candy Girl Party Makeover Application Insecure SSL Certificate Verification in Morocco Weather App for Android SSL Certificate Verification Bypass in Galaxy Online 2 Android App Vulnerability: SSL Certificate Verification Bypass in The Weather Channel Android App Man-in-the-Middle Attack Vulnerability in NBA Game Time 2013-2014 Android App Vendormate Mobile Application 3.0 for Android SSL Certificate Verification Vulnerability Unverified X.509 Certificates Vulnerability in StarSat International Android App Insecure SSL Certificate Verification in Phonearabs4 Application 1.4 for Android Unverified SSL Certificates in Utah Jazz Android App 2.0.0 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Maher Zain App for Android Unverified X.509 Certificates in Embry-Riddle Android App 1.4.04 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in 7Sage LSAT Prep - Proctor Android App: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in Sporting Club Uphoria Android App (Version 2.1.0) Unverified SSL Certificates in TechRadar News Android App 1.0 Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Chifro Kids Coloring Game for Android Unverified SSL Certificates in ABC Lounge Webradio App for Android Insecure SSL Certificate Verification in Airlines International Android App 1.0 Unverified SSL Certificates in MedQuiz: Medical Chat and MCQs App for Android SSL Certificate Verification Vulnerability in WebMD Android App Unverified SSL Certificates in SlotMachine Android App Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in fastin (aka moda.azyae.fastin.net) Android App 1.0 Unverified SSL Certificates in iTriage Health Android App 5.29 Unverified X.509 Certificates in My Mobile Day Android App 1.3 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Kayak Angler Magazine Android App 3.12.0 Unverified SSL Certificates in Pesca de Carpa Lite Android App 1.0 Unverified SSL Certificates in Pharmaguideline Android App 1.2.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Pescuit Crap Lite Android App 1.0 Insecure SSL Certificate Verification in Comics Plus Android App Unverified SSL Certificates in Soap Making App for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in SchoolXM Android App 1.2 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in 30A (com.app30a) Android App SSL Certificate Verification Bypass in Mikeius (Official App) for Android Unverified SSL Certificates in ThinkPal Android App 1.6.3 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Grilling with Rich (aka com.grilling.with.rich) Android App 1.0 Unverified SSL Certificates in Melodigram Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Alfa-Bank Android App (Version 5.5.1.1) Unverified X.509 Certificate Vulnerability in Westpac Mobile Banking Application for Android Insecure Certificate Verification in My T-Mobile Android App SSL Certificate Verification Vulnerability in Wine Making Application 3.7.15 for Android Vulnerability: Insecure SSL Certificate Verification in imagine Next bmobile Application SSL Certificate Verification Vulnerability in EPL Hat Trick Android App Unverified SSL Certificates in Ultimate Target-Armored Sniper App 1.0.1 for Android SSL Certificate Verification Vulnerability in Maccabi Tel Aviv Android App SSL Certificate Verification Vulnerability in Well-Being Connect Mobile Application Unverified SSL Certificates in XD Forum Android App 3.9.17 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in John MacArthur App 1.0.26 for Android Unverified SSL Certificates in All around Cyprus Android App 2.11 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Hearsay: A Social Party Game (aka air.com.lip.per) App 1.7.000 for Android Unverified SSL Certificates in Al-Ahsa News Android App 2.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Family Location App for Android Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Infiniti Roadside Assistance Android App Unverified X.509 Certificates Vulnerability in SeeOn (com.seeon) Application 4.0.7 for Android SSL Certificate Verification Vulnerability in GEMAIRE's HVAC Assist Application for Android Unverified SSL Certificates in American Nurses Association Android App 1.0.0 Insecure SSL Certificate Verification in $0.99 Kindle Books Android App (com.kindle.books.for99) 6.0 SSL Certificate Verification Bypass in Grasshopper Beta Android App Insecure SSL Certificate Verification in Mindless Behavior Fan Base App for Android Unverified SSL Certificates in Sunnat e Rasool Android App 2.0 Unverified X.509 Certificate Vulnerability in Vector Outage Manager Application for Android Lack of SSL Certificate Verification in SDN Forum (TapaTalk) Android App Insecure SSL Certificate Verification in Reddit Aww Android App (Version 1.2.1) SSL Certificate Verification Vulnerability in AlqoranVideos Application 1.0 for Android Unverified X.509 Certificates in Qin Story Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Downton Abbey Fan Portal Application 1.0 for Android Insecure SSL Certificate Verification in Harem Thief Dating App (Version 1.2.1) for Android Insecure SSL Certificate Verification in Aprende a Meditar (com.rareartifact.aprendeameditar544CB0A2) Android App 1.0 Unverified SSL Certificates in Bongomovie App for Android Allow Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in Codename Birdgame Application 1.0 for Android Unverified X.509 Certificates Vulnerability in Assyrian Android App Insecure SSL Certificate Verification in No Fuss Home Loans Application Unverified X.509 Certificates in Afro-Beat Android App (com.zero.themelock.tambourine) Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Juggle! FREE (com.jakyl.juggleforfree) Application 3.0.0 for Android Unverified SSL Certificates in Anywhere Anytime Yoga Workout App for Android Insecure SSL Certificate Verification in Meteo Belgique Android App 3.2 Insecure SSL Certificate Verification in Aerospace Jobs Android App (Version 1.399) Unverified SSL Certificates in United Heritage Mobile App for Android Insecure SSL Certificate Verification in United Educational CU Android App (Version 1.0.27) Unverified X.509 Certificates in CIH Quiz Game App 1.3 for Android Unverified SSL Certificates in USEK Application 1.0.8 for Android Unverified SSL Certificates in Light for Pets Android App Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in United Advantage NW Federal Cr Application 1.7 for Android Unverified X.509 Certificates in blueeleph Android App 1.0 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Goat Forum Android App (Version 3.9.15) Unverified SSL Certificates in Cart App for Android: A Man-in-the-Middle Vulnerability MeiTalk Android Application SSL Certificate Verification Vulnerability Unverified SSL Certificates in Aloha Stadium App for Android: A Man-in-the-Middle Vulnerability SSL Certificate Verification Bypass in Abraham Tours Android App (v1.1.2) SSL Certificate Verification Vulnerability in Campus Link - Campus TV HKUSU Application 2.2 for Android Unverified SSL Certificates in Fermononrespiri Mobile Application 3.8.6 for Android SSL Certificate Verification Vulnerability in Renny McLean Ministries App for Android Insecure SSL Certificate Verification in Math for Kids - Subtraction Application Unverified X.509 Certificates in Counter Intuition App 1.2 for Android Allows Man-in-the-Middle Attacks Unverified X.509 Certificates in Oman News Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Anaheim Library 2Go! Android App (CVE-2021-XXXX) Unverified SSL Certificates in INVEX Android App 1.0.2 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in The Angel Reigns Android App (Version 1.2.6.185) Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Suriname Radio Android App 1.5 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Arch Friend Android App 0.4.2 Allow Man-in-the-Middle Attacks Vulnerability: Insecure SSL Certificate Verification in AAPLD Android Application Insecure SSL Certificate Verification in Beekeeping Forum Android App (Version 3.9.15) Unverified SSL Certificates in LocalSense Android App 1.2.1 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in Abu Ali Anasheeds App for Android Insecure SSL Certificate Verification in McMaster Marauders Android App 1.0.1 Unverified SSL Certificates in Investigation Tool (aka gov.ca.post.lp.itool) App 1.0.0 for Android Unverified X.509 Certificates in Bloom Township 206 Android App 4.0.500 Allow for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Frank Matano App 1.0 for Android Unverified SSL Certificates in First Assembly NLR Android App 2.8.0 Unverified SSL Certificates in Bank of Moscow EIRTS Rent Android App 1.0.0 Unverified SSL Certificates in Deschutes Public MobileLibrary Application 4.5.110 for Android Unverified X.509 Certificates in Weibo (Magic.Weibo) Android App 1.2 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Thanodi - Setswana Translator (com.thanodi.thanodi) App 1.0.0 for Android Unverified X.509 Certificates Vulnerability in OLA School Android App Unverified X.509 Certificates Vulnerability in Active 24 Android App Insecure SSL Certificate Verification in RIMS 2014 Annual Conference App for Android Unverified SSL Certificates in Aloha Guide Android App 1.5 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in klassens (com.mcreda.klassens.apps) Application 1.0 for Android Unverified X.509 Certificates in Sentinels Randomizer Android App 1.1.0 SSL Certificate Verification Bypass in Vouch! (com.voucherry.voucherry) Android App 2.1.6 Unverified X.509 Certificates in WISDOM (aka lvtu99.com.nescmxiaoniuniu) Application 2.1 for Android Unverified SSL Certificates in The Cove Application 1.0.2 for Android Insecure SSL Certificate Verification in OHBM 20th Annual Meeting App for Android Lapp Group Catalogue Android App 1.4 SSL Certificate Verification Vulnerability Unverified X.509 Certificate Vulnerability in Amebra Ameba Application 1.0.0 for Android Unverified X.509 Certificate Vulnerability in Voetbal Application 4.7.2 for Android Insecure SSL Certificate Verification in Nerdico Android App 1.9 Stable Unverified X.509 Certificates in kuailecaidengmi Android App 1.7.12.15 Unverified X.509 Certificates in kamkomesan Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Teatro Franco Parenti Android App 1.4.0 Unverified X.509 Certificates Vulnerability in Tic-Tac To The MAX FREE (aka com.tothemax) Application 1.2 for Android Unverified SSL Certificates in DK ONLINE Beta Android App 1.0.2 SSL Certificate Verification Vulnerability in Gulf Credit Union Mobile App Unverified X.509 Certificates in Hook Android App 0.9.3 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Covet Fashion - Shopping Game for Android Unverified SSL Certificates in Hippo Studio Android App 1.0 Allow for Man-in-the-Middle Attacks Bersa Forum Android App 3.9.16 SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in AuctionTrac Dealer Application for Android Unverified SSL Certificates in Instaroid Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in The Herbal Guide Android App 1.0 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in DS photo+ Android App 3.3 Allow Man-in-the-Middle Attacks Hillside Android App 1.1 Vulnerability: SSL Certificate Verification Bypass Unverified SSL Certificates in Groupama toujours la Android App 1.3.0 Unverified X.509 Certificates in Alma Corinthiana Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in My Wedding Planner App 1.5 for Android Allow Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in RTI INDIA Android App (3.8.21) Unverified X.509 Certificates in The Daily Advertiser Print Android App 6.7 Unverified SSL Certificates in The Sweatshop Android App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in ABC Sing-Along App for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in MediaFire Android App 1.1.1 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Four Seasons Beverly Hills Android App: Man-in-the-Middle Attack Vulnerability Unverified SSL Certificates in Horoscopes and Dreams App for Android Insecure SSL Certificate Verification in DS File Android App (com.synology.DSfile) 4.1.1 Insecure Certificate Verification in SED Account Android App (com.starkville.smartapps) 1.153.0034 Unverified X.509 Certificates in New Beginnings CFC Android App 1.1 Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in LedLine.gr Official Android App (v1.4.0.9) SSL Certificate Verification Bypass in Foxit MobilePDF - PDF Reader for Android Unverified SSL Certificates in EyeXam Android App Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Long (com.imop.longjiang.android) App 1.0.4 for Android Unverified X.509 Certificates Vulnerability in AHRAH (com.vet2pet.aid219426) Android App Insecure SSL Certificate Verification in Car Wallpapers HD App for Android SSL Certificate Verification Vulnerability in Mostafa Shemeas (com.mostafa.shemeas.website) Application 1.0 for Android Unverified SSL Certificates in Daum Maps - Subway Android App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Trial Tracker Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Terrarienbilder.com Forum Android App 3.8.20 Insecure SSL Certificate Verification in ArtAcces Android App 1.0 Unverified X.509 Certificates Vulnerability in Mootorratturid & biker.ee Application 1.0 for Android Unverified SSL Certificates in Forest River Forums Android App Allow for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in The Jamal Bates Show Application SSL Certificate Verification Vulnerability in HomeAdvisor Mobile Application for Android Unverified SSL Certificates in Sortir en Alsace Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in DS audio Android App 3.4 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Barcode Scanner Application 2.3.0 for Android SSL Certificate Verification Vulnerability in BGEnergy Android App Unverified SSL Certificates in Hogs Fly Crazy (com.pedrojayme.hogsflycrazy) Android App 1.0.0 Unverified SSL Certificates in TTNET Muzik Android App Allow for Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in AMGC (com.amec.uae) Application 6.0 for Android Lack of X.509 Certificate Verification in ModSim Connected Android App 2.0 Lack of SSL Certificate Verification in Woodforest Mobile Banking App for Android Unverified X.509 Certificates Vulnerability in American Express Serve Android App Unverified X.509 Certificates in Santander Personal Banking Android App 2.1 Unverified SSL Certificates in RBFCU Mobile Application for Android Equifax Mobile App for Android: SSL Certificate Verification Vulnerability TradeHero Android App 2.2.5 SSL Certificate Verification Vulnerability PNC Virtual Wallet Android App SSL Certificate Verification Vulnerability Vulnerability: SSL Certificate Verification Bypass in Western Federal Credit Union Android App Unverified SSL Certificates in CNNMoney Portfolio App for Android (Version 1.0.2) Vulnerability: SSL Certificate Verification Bypass in Ford Credit Account Manager Application Insecure SSL Certificate Verification in Academy Sports + Outdoors Visa Android App Insecure SSL Certificate Verification in WePhone Android App (com.wephoneapp) 1.03.00 SSL Certificate Verification Bypass in EXPRESS Android Application 2.5.3 Unverified SSL Certificates in PennyTalk Mobile App for Android Allow Man-in-the-Middle Attacks Lack of SSL Certificate Verification in GunBroker.com Android App 1.1.2 Certificate Verification Vulnerability in CouponCabin - Coupons & Deals App for Android Vodafone Avantaj Cepte Android App SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in Kalahari.com Shopping App for Android Unverified SSL Certificates in Pushpins Grocery Coupons App for Android Unverified SSL Certificates in Lucktastic Android App 1.2.6 Unverified SSL Certificates in Throne Rush Android App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Yik Yak Android App 2.0.002 Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Skyrim Map Android App 2.1 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Boopsie MyLibrary Android App: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in Jazeera Airways Android App (Version 2.7) SSL Certificate Verification Vulnerability in EAGE Amsterdam 2014 App Unverified X.509 Certificate Vulnerability in RADIOS DEL ECUADOR Application for Android SSL Certificate Verification Bypass in Anjuke Android App 7.1.7 Insecure SSL Certificate Verification in Gulf Power Mobile Bill Pay Application for Android SSL Certificate Verification Vulnerability in The Safe Browser - The Web Filter (aka com.cloudacl) Application 1.2.5 for Android Unverified X.509 Certificates in H2O Human Harmony Organization Android App 1.6.5 Unverified SSL Certificates in Loli Chocolate Cake Application 1.0.0 for Android Unverified SSL Certificates in Rakuten Install App for Android Insecure SSL Certificate Verification in Forum IC Android App (Version 3.3.12) Coca-Cola FM Peru Android App 2.0.41716 SSL Certificate Verification Vulnerability Unverified SSL Certificates in MemorizeIt! Android App 1.7.2 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in diziturky HD 2015 Android App Vulnerability: Insecure SSL Certificate Verification in IRA Conference App Unverified X.509 Certificates in Dive The World Android App 1.53 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Houcine El Jasmi (com.devkhr31.houcineeljasmi) Application 1.0 for Android Unverified X.509 Certificates in mama.cn Android App 1.02 Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in www.knote.kr Smart Application 1.0.3 for Android SSL Certificate Verification Vulnerability in Bikers Underground Android App Unverified SSL Certificates in Metalcasting Newsstand Android App (Version 3.12.0) Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Canal 44 Android App 1.0 Allow Man-in-the-Middle Attacks Lack of SSL Certificate Verification in Buckhorn Grill Android App (Version 2.8) Unverified SSL Certificates in KFAI Community Radio Android App 2.0.4 Unverified SSL Certificates in Dubrovnik Guided Walking Tours Android App (v1.3.2) Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Metro News Android App 1.6.5 Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Steyr Forum Android App (Version 3.9.12) Unverified SSL Certificates in Allt om Brollop Android App 1.53 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Myanmar Housing : mmHome (aka com.mmhome3) Application 1.3 for Android Unverified SSL Certificates in Rastreador de Celulares Application 5.0.0 for Android Unverified X.509 Certificate Vulnerability in AIHce 2014 Android App Unverified SSL Certificates Vulnerability in Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) Application 3.2.3 for Android Unverified SSL Certificates in Treves Dance Center Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in All Navalny Android App 1.10 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in Toraware Takojyou Application 1.3 for Android Unverified X.509 Certificates Vulnerability in the Physics Chemistry Biology Quiz App Certificate Verification Vulnerability in ColorMania - Color Quiz Game (Android App) Unverified X.509 Certificates Vulnerability in IDS 2013 Android App Unverified X.509 Certificates in China CITIC Bank Credit Card App for Android Allows Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Apostilas Musicais Android App 1.0 Insecure SSL Certificate Verification in Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) Application 5.0.0 for Android Unverified X.509 Certificates Vulnerability in Absolute Lending Solutions (com.soln.S008F6C05EC0B63264B429F6D76286562) Application 1.0073.b0073 for Android Insecure SSL Certificate Verification in NOS Alive Android App Unverified SSL Certificate Vulnerability in Alisha Marie (Unofficial) App Unverified X.509 Certificates in Konigsleiten Android App 1.0 Allow for Man-in-the-Middle Attacks Lack of SSL Certificate Verification in mitfahrgelegenheit.at Android App (2.3.0) Unverified X.509 Certificates in Neeku Naaku Dash Dash Android App 1.0 Unverified X.509 Certificates in Re:kyu Android App 1.0 Allow for Man-in-the-Middle Attacks Archie Comics Android App 1.07 SSL Certificate Verification Vulnerability Unverified X.509 Certificates in TH3 Professional Al Mohtarif Android App 1.0 Unverified X.509 Certificates Vulnerability in Akne Ernahrung (com.rareartifact.akneernahrung72010074) Android App 1.0 Certificate Verification Vulnerability in Mt. Airy News Android App Certificate Verification Bypass in OneFile Ignite Android App (Version 1.19) Insecure SSL Certificate Verification in Manga Facts Android App (Version 1.0) Unverified SSL Certificates in AFTERLIFE WITH ARCHIE Android App 2.4.1 SSL Certificate Verification Vulnerability in Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) Application 4.0.1 for Android Unverified X.509 Certificates in Le Grand Bleu (com.appzone468) Android App 1.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Hydrogen Water (com.appzone628) Android App 1.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in scottcolibmn (com.bredir.boopsie.scottlib) Application 4.5.110 for Android Unverified SSL Certificates in ISMRM-ESMRMB 2014 Android App (com.coreapps.android.followme.ismrm_esmrmb14) 6.0.8.5 Unverified X.509 Certificates in QinCard Android App 2.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Multitrac Application 1.04 for Android Unverified X.509 Certificates in SudaniNet Android App 2.0 Allow Man-in-the-Middle Attacks Certificate Verification Vulnerability in Elk Grove PublicStuff Android App Unverified X.509 Certificate Vulnerability in feiron (aka es.sw.feironmobile.app) Application 1.1 for Android Unverified X.509 Certificates in Hanyang University Admissions Android App 2.1.3 Allows for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in FAZ.NET Android App Unverified SSL Certificates in West Bend School District Android App 4.0.500 Albion College Android App 2.1.16 SSL Certificate Verification Vulnerability SSL Certificate Verification Vulnerability in Grandma's Grotto Android App Unverified SSL Certificates Vulnerability in Deltin Suites Android App (Version 3.4.1) Insecure SSL Certificate Verification in North American Ismaili Games App for Android Unverified SSL Certificates in Easy Video Downloader for Android: A Man-in-the-Middle Vulnerability Kazakhstan Radio Android App 2.5 SSL Certificate Verification Vulnerability Unverified SSL Certificates in Care4Kids Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in MifaShow Hairstyles App: A Man-in-the-Middle Vulnerability Unverified X.509 Certificates in Twin Lin Android App: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in Aeroexpress Android App (Version 2.6.2) SSL Certificate Verification Vulnerability in eLearn Android App Unverified X.509 Certificates Vulnerability in Karim Rahal Essoulami Application 1.0 for Android SSL Certificate Verification Vulnerability in MiWay Insurance App for Android Unverified SSL Certificates in LINE PLAY Android App 2.3.1.1 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Taiwan Business Bank Android App 2.04 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Arabic Troll Football Android App 1.0.1 Insecure Certificate Verification in NBE (com.nbe.app) Android Application 1.1 SSL Certificate Verification Vulnerability in Shots (com.shots.android) Application 1.0.8 for Android SSL Certificate Verification Vulnerability in Georgia Packing App Unverified SSL Certificates in Pregnancy Tips App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Mass Gaming TV App for Android Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Quotes in Images (pt.lumberapps.imagensfrases) App 3.7.5 for Android SSL Certificate Verification Vulnerability in Germanwings Android App Unverified SSL Certificates Vulnerability in Albasit Artes y Danza Application Unverified X.509 Certificates in LiveAuctions.tv Android App 2.005 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in Timeless Black Android App (Version 2.10.6) Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Codeeta Coupons Application Unverified X.509 Certificate Vulnerability in Atecea (com.atecea) Application 1.2 for Android Insecure SSL Certificate Verification in adidas Eyewear Android App (Version 1.2) Man-in-the-Middle Attack Vulnerability in Martial Arts Battle Card Application Unverified SSL Certificates in Dino Village Android App Allow for Man-in-the-Middle Attacks PinkFong TV Android App SSL Certificate Verification Vulnerability Unverified X.509 Certificates Vulnerability in Questoes OAB Android Application SSL Certificate Verification Vulnerability in Paul Alexander Campaign App Unverified X.509 Certificates Vulnerability in Jian Ren Application 1.5.1 for Android SSL Certificate Verification Bypass in Sopexa Pavillon France Android App (CVE-2021-XXXX) Unverified X.509 Certificate Vulnerability in Goodwin Application 1.15 for Android Insecure SSL Certificate Verification in PETA Android App 1.1 Unverified X.509 Certificate Vulnerability in Foconet Application 1.0 for Android Unverified SSL Certificates in HydFM Android App 1.1.9 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Master Mix Application for Android Insecure SSL Certificate Verification in Forum FrAndroid Beta Application 3.4.3 for Android HKBN My Account Android Application SSL Certificate Verification Vulnerability UTSA Mobile Application 1.4.21 for Android SSL Certificate Verification Vulnerability Unverified SSL Certificates in NWTC Mobile Application 1.4.17 for Android Unverified SSL Certificates in Coffee Inn Android App 2.0.1 Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Funny Photo Color Editor Android App Unverified SSL Certificates in JJ Texas Hold'em Poker App for Android Unverified X.509 Certificates in Mahasna Batik Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Tim Ban Bon Phuong Android App 2.2 Unverified SSL Certificates in LOVE DANCE Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Clarks Inn Android App 3.3.0 SSL Certificate Verification Vulnerability in Diabetes Forum Application for Android Insecure SSL Certificate Verification in Leg Surgery - Kids Games (com.harriskerioe.legsurgery) App for Android Insecure SSL Certificate Verification in Modelisme.com Forum/Portail Application 3.6.9 for Android Unverified X.509 Certificates in Find Color Android App 1.1.1 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in The Hardest Game Collection (aka com.lotfun.abuse) Application 1.5.0 for Android SSL Certificate Verification Vulnerability in Who-is-it? Lite Application for Android LIFE TIME FITNESS Android App 1.9 SSL Certificate Verification Vulnerability Unverified X.509 Certificates Vulnerability in Esercizi per le donne (com.rareartifact.eserciziperledonne6D5578C6) App 1.0 for Android Unverified SSL Certificates in Ibis Pau Centre Android App 1.0 Unverified X.509 Certificates in Bultmonster Registret Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in Dieta Dukan passo a passo App for Android Unverified X.509 Certificates Vulnerability in RedAtoms Three Android App Unverified X.509 Certificates Vulnerability in MYHABIT Android App Unverified SSL Certificates in The Cure Viewer Application for Android Certificate Verification Vulnerability in Senator Inn & Spa Android App Unverified SSL Certificate Vulnerability in The Harmonizers Planet Application SSL Certificate Verification Bypass in Quest Federal CU Mobile Application for Android SSL Certificate Verification Vulnerability in Noble Sticker FREE Android App Unverified SSL Certificates in Al Jazeera Android App 6.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Wild Women United Android App 1.0 Unverified SSL Certificates in UniCredit Investors Android App 1.0 Unverified SSL Certificates in SimGene Android App 1.3 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in My nTelos Android App Unverified SSL Certificates in Cadpage Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in Street Walker Android App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Bust Out Bail Android App 1.1 Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in George Wassouf Android App 1.0 Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Ocean Avenue Mobile Pro Application 2.0 for Android Bear ID Lock Application Vulnerability: SSL Certificate Verification Bypass SSL Certificate Verification Bypass in SomTodo - Task/To-do Widget Application 2.0.3 for Android Unverified X.509 Certificates Vulnerability in givenu give Application 1.5.3 for Android SSL Certificate Verification Vulnerability in Sahab Alkher App for Android Unverified SSL Certificates in City Star ME Android App 1.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Musica de Barrios Sonideros Application Unverified X.509 Certificates in NCCI's Annual Issues Symposium Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Yeast Infection App for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Hong Kong Tatler Society Android App 3.0 Insecure SSL Certificate Verification in Efendimizin Sunnetleri Android App Unverified SSL Certificates in TheDevildogGamer Android App 1.0 Unverified SSL Certificates in Your Tango Android App 1.0 Allow for Man-in-the-Middle Attacks Lack of X.509 Certificate Verification in MODSIM World 2014 Android App SSL Certificate Verification Vulnerability in Min Ajlik Application 1.0 for Android SSL Certificate Verification Vulnerability in Bikers Romagna (com.bikers.romagna) Android App 1.0 Unverified SSL Certificates in Ben10 Omniverse Walkthrough App 0.7 for Android Unverified X.509 Certificates Vulnerability in Nigerias Business Directory Android App Unverified SSL Certificates in LegalEra Android App 3.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates Vulnerability in BTD5 Videos App Unverified X.509 Certificates in Neumann Student Activities Android App (CVE-2021-XXXX) Unverified SSL Certificate Vulnerability in Aventino Brand App 2.2 for Android Insecure SSL Certificate Verification in Air War Hero (com.dev.airwar) Android App 3.0 Unverified SSL Certificates in Autocar India Android App 3.03 Allow Man-in-the-Middle Attacks Venezia Map Android App SSL Certificate Verification Vulnerability SSL Certificate Verification Vulnerability in com.wAndSocialREWApps 0.1 for Android Unverified X.509 Certificates in HAPPY Application 2.0 for Android Unverified SSL Certificates in Sanctuary Asia Android App 3.0 Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Gulf Coast Educators FCU Android App (Version 1.0.27) Unverified SSL Certificates in Payoneer Sign Up Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in Romeo and Juliet Android App (jp.co.cybird.appli.android.rjs) 1.0.6 Unverified X.509 Certificates Vulnerability in Sigong Ebook Application for Android Insecure SSL Certificate Verification in No Disturb Application for Android Unverified X.509 Certificates in Jiu Jik Android App 1.4.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in Hesheng 80 (com.ireadercity.c29) Application 3.0.2 for Android Vulnerability: SSL Certificate Verification Bypass in i Newspaper Android App Unverified SSL Certificates in Killer Screen Lock App for Android Allow Man-in-the-Middle Attacks Vulnerability: SSL Certificate Verification Bypass in Top Roller Coasters Europe 1 Application Unverified SSL Certificates in JDM Lifestyle Android App 6.4 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in COMPETITION INFORMATION Android App Allows Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in MyVCCCD Android App (Version 1.4.14) Vulnerability: Insecure SSL Certificate Verification in Sacramento Kings Android App Unverified SSL Certificates in Ubooly Android App 4.3.0 Allow Man-in-the-Middle Attacks Vulnerability: SSL Certificate Verification Bypass in Superbike Magazine Android App Insecure Certificate Verification in Fylet Secure Large File Sender Application for Android Unverified SSL Certificates in Woodcraft Magazine Android App 3.0 Unverified X.509 Certificates Vulnerability in www.sm3ny.com Application 1.0 for Android Unverified SSL Certificates in Talk Radio Europe Android App 3.3.10 SSL Certificate Verification Vulnerability in Car Insurance Quote Comparison App Unverified X.509 Certificate Vulnerability in Oskarshamnsliv Android App Unverified X.509 Certificates Vulnerability in gymnoOVP (iOVP) Application 1.2 for Android SSL Certificate Verification Vulnerability in Orakel-Ball Android App Unverified X.509 Certificates in The Human Factor Application for Android SSL Certificate Verification Vulnerability in Stop Headaches and Migraines App for Android Unverified X.509 Certificates in Nesvarnik Android App 1.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Android Excellence (aka an.exc.ap) App 1.4.1 for Android Unverified SSL Certificates in NASA Universe Wallpapers Xeus Android App 1.0 Insecure SSL Certificate Verification in Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) Application 0.1 for Android NRA Journal Android App SSL Certificate Verification Vulnerability SSL Certificate Verification Bypass in Forest Area FCU Mobile Application Unverified SSL Certificates in Itography Item Hunt App 3.0.3 for Android Unverified X.509 Certificates Vulnerability in GNAM 2013 Android App Unverified X.509 Certificates Vulnerability in Model Laboratory Android App Unverified SSL Certificates in Dhanam Android App 3.1 Unverified X.509 Certificates in Lansing State Journal Print Android App 6.7 SSL Certificate Verification Bypass in Brevir Harian V2 (com.brevir.harian.v) Android App 2.0 Lack of SSL Certificate Verification in IP Alarm Application 1.4 for Android Unverified SSL Certificates in Motor 3.0 Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Football Espana Magazine Android App Insecure SSL Certificate Verification in Toyota OC Android App (Version 3.6.1) Unverified SSL Certificates in Argus Leader Print Edition Android App 6.7 Unverified SSL Certificates in Digital Content NewFronts 2014 Android App (com.coreapps.android.followme.newfronts2014) 6.0.7.6 Unverified SSL Certificates in Jambatan PBB Semporna Android App Unverified X.509 Certificate Vulnerability in PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) Application 2.1 for Android Unverified X.509 Certificates in Ayuntamiento de Coana Android App 0.2 K7FWFilt.sys Kernel Mode Driver Heap-Based Buffer Overflow Vulnerability Multiple SQL Injection Vulnerabilities in Dolibarr ERP/CRM before 3.6.1 Arbitrary Script Injection in Google Calendar Events Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Contact Form DB Plugin for WordPress Unspecified Remote Code Execution Vulnerability in Citrix NetScaler ADC and Gateway Out-of-Bounds Read and Crash Vulnerability in Squid 3.x Vulnerability in Squid 3.x Allows Information Disclosure and Denial of Service TrustRoot Not Respected in Python Twisted 14.0 HTTP Client Insecure Certificate Verification in OpenStack Keystone Middleware Denial of Service Vulnerability in Linux Kernel's SMB2_tcon Function Arbitrary PHP Code Execution in MantisBT XmlImportExport Plugin Cross-Site Scripting (XSS) Vulnerabilities in NEX-Forms Lite Plugin for WordPress Arbitrary Script Injection in Easy MailChimp Forms Plugin for WordPress SQL Injection Vulnerability in Huge-IT Image Gallery Plugin for WordPress Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x Improper Supervisor Mode Permissions in Xen x86_emulate Function Unprivileged Software Interrupt Vulnerability in Xen Hypervisor Arbitrary Web Script Injection Vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) CSRF Vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) Allows Remote Password Hijacking Remote Code Execution via Malformed Environment Variables in GNU Bash Race condition vulnerability in Puppet Server 0.2.0 allows unauthorized access to sensitive information during package installation or upgrade. Command Injection Vulnerability in FarLinX X25 Gateway Directory Traversal Vulnerability in FarLinX X25 Gateway through 2014-09-25 Arbitrary Data Write Vulnerability in FarLinX X25 Gateway (CVE-2014-09-25) SQL Injection Vulnerability in Enalean Tuleap before 7.5.99.4 XML External Entity (XXE) Vulnerability in Enalean Tuleap 7.2 and Earlier: Arbitrary File Read Arbitrary Command Execution via User-Agent Header in Enalean Tuleap World-writable Permissions in ElectricCommander Allows Arbitrary Code Execution Max Foundry MaxButtons Plugin XSS Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in WP Google Maps Plugin before 6.0.27 for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in LiteCart 1.1.2.1 and Earlier Integer Overflow in bufferobject.c in Python Allows Information Disclosure Bash Redirection Vulnerability: Out-of-Bounds Array Access and Application Crash via Crafted Here Documents (Redir_Stack Issue) Off-by-one error in read_token_word function in GNU Bash through 4.3 allows remote attackers to cause denial of service or possibly have other impact via deeply nested for loops (word_lineno vulnerability). Improper MSR Range in x2APIC Emulation in Xen Allows Denial of Service and Information Disclosure Session Ticket Spoofing Vulnerability in Go 1.1 before 1.3.2 Openfiler 2.99.1 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities Denial of Service Vulnerability in qs Module in Node.js Eval Injection Vulnerability in Syntax-Error Package Allows Remote Code Execution Improper Token Access in Crumb Plugin for Node.js with CORS Agent Access Vulnerability in TIBCO Managed File Transfer Internet Server, Command Center, Slingshot, and Vault Information Disclosure Vulnerability in Spotfire Web Player Engine Multiple CSRF Vulnerabilities in OMERO Web Interface Arbitrary Web Script Injection via Crafted SVG File in MediaWiki Arbitrary Web Script Injection in TYPO3 JobControl Extension SQL Injection Vulnerabilities in JobControl Extension for TYPO3 Downgrade Attack Vulnerability in libzmq (ZeroMQ/C++) 4.0.5 Replay Attack Vulnerability in libzmq (ZeroMQ/C++) 4.0.x Denial of Service Vulnerability in Exuberant Ctags 5.8 via Crafted JavaScript File Eval Injection Vulnerability in bassmaster Plugin for Hapi Server Framework Arbitrary File Write Vulnerability in Apt's Changelog Command IPv6 Implementation Vulnerability in Linux Kernel 3.2.x through 3.2.63 Arbitrary Command Execution Vulnerability in GParted Arbitrary Command Execution via Shell Metacharacters in run-mailcap (CVE-2014-7209) Stack-based Buffer Overflow Vulnerabilities in Yahoo! Messenger 11.5.0.228 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.x before 4.2.9.1 Remote Denial of Service Vulnerability in TeamSpeak Client 3.0.14 and Earlier Buffer Overflow Vulnerability in TeamSpeak Client 3.0.14 and Earlier: Remote Denial of Service via Crafted Chat/Server Data Code Execution Vulnerability in Android's addJavascriptInterface Method Arbitrary Code Execution via Invalid UTF-8 Byte Sequences in Rejetto HTTP File Server (HFS) 2.3c and Earlier Arbitrary Code Execution via Akeeba Restore in Joomla! and WordPress Denial of Service Vulnerability in Joomla! Versions 2.5.4 - 2.5.26, 3.x - 3.2.6, and 3.3.x - 3.3.5 Information Leakage Vulnerability in OpenStack oslo-incubator, Cinder, Nova, and Trove Insecure Password Logging Vulnerability in OpenStack Oslo Utility Library Unsecured Default Passwords in GE Healthcare Discovery XR656 and XR656 G2 Default Passwords in GE Healthcare Precision THUNIS-800+: Potential Security Risk Remote Code Execution via ARI Framework in FreePBX Eval Injection Vulnerability in TWiki Plugins.pm Arbitrary File Upload Vulnerability in TWiki 6.0.0 and Earlier on Windows Stored XSS Vulnerability in Contact Form Integrated With Google Maps WordPress Plugin Arbitrary Script Injection in Easy Contact Form Solution Plugin for WordPress Arbitrary Java Method Execution in TSUTAYA Application for Android SSL/TLS Server Certificate Verification Vulnerability in SumaHo Application Unrestricted Access to LG Electronics Mobile WiFi Router Web Administration Interface Denial of Service Vulnerability in OpenAM Core Server Remote Code Execution Vulnerability in JustSystems Ichitaro Software IPA iLogScanner 4.0 Cross-Site Scripting (XSS) Vulnerability Buffer Overflow Vulnerability in Allied Telesis Networking Devices TCP Session Timer Denial of Service Vulnerability XML External Entity (XXE) Vulnerability in Yokogawa Electric Corporation FAST/TOOLS WebHMI Server Unspecified Vulnerabilities in Texas Instruments OMAP Mobile Processor Driver Arbitrary Command Execution Vulnerability in FUJITSU Android Devices Physical Proximity Vulnerability in ARROWS Me F-11D Allows Unauthorized Access to Flash Memory Denial of Service Vulnerability in Internet Initiative Japan Inc. SEIL Series Routers Denial of Service Vulnerability in PPPAC and SEIL Series Routers Critical SQL Injection Vulnerability in DBD::PgPP 0.05 and Earlier Arbitrary Web Script Injection Vulnerability in KENT-WEB Clip Board Insecure Storage of Product Credentials in Kaku-San-Sei Million Arthur before 2.25 for Android Remote Code Execution via Server Side Includes (SSI) in ULTRAPOP.JP i-HTTPD Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD directory index page rendering Cross-Site Scripting (XSS) Vulnerability in ULTRAPOP.JP i-HTTPD Omake BBS Component Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD via crafted HTTP header Cross-Site Scripting (XSS) Vulnerabilities in Chyrp Users Management Unspecified Cross-Site Scripting (XSS) Vulnerability in LinPHA Denial of Service Vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 Unspecified Cross-Site Scripting (XSS) Vulnerability in Ricksoft WBS Gantt-Chart Add-on for JIRA Unspecified Cross-Site Scripting (XSS) Vulnerability in Ricksoft WBS Gantt-Chart Add-on for JIRA Arbitrary OS Command Execution Vulnerability in ASUS Routers CSRF Vulnerability in ASUS JAPAN Routers Unauthenticated Local Login Vulnerability in Simple Desktop Display Manager (SDDM) Privilege Escalation Vulnerability in Simple Desktop Display Manager (SDDM) Unverified X.509 Certificates in getmail 4.0.0 through 4.43.0 Allow Man-in-the-Middle Attacks Lack of Hostname Verification in getmail 4.44.0 IMAP-over-SSL Implementation Unverified X.509 Certificate Vulnerability in getmail 4.0.0 through 4.44.0 Cross-site scripting (XSS) vulnerability in ZyXEL SBG-3300 Security Gateway login page Denial of Service Vulnerability in ZyXEL SBG-3300 Security Gateway Unauthenticated TELNET Access Vulnerability in Konke Smart Plug K Arbitrary Web Script Injection Vulnerability in Tenable Nessus 5.x Web UI CSRF Vulnerability in Shenzhen Tenda Technology Tenda A32 Router Firmware 5.07.53_CN Allows Remote Reboot Hijacking Directory Hash Collision Vulnerability in Linux Kernel Predictable Initialization of Random Seeds in Linux Kernel on Certain Intel Processors Arbitrary OS Command Execution in Symantec Web Gateway Management Console Buffer Overflow Vulnerability in Symantec Deployment Solution 6.9 and Earlier on Windows XP and Server 2003 Unintended Content Injection in Symantec PGP Universal Server and Encryption Management Server Arbitrary Shell Command Execution in Symantec PGP Universal Server and Encryption Management Server SQL Injection Vulnerability in Symantec Critical System Protection (SCSP) and Symantec Data Center Security: Server Advanced (SDCS:SA) Cross-Site Scripting (XSS) Vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Springshare LibCal 2.0 API Open Redirect Vulnerability in Click-Through Feature in Newtelligence dasBlog 2.1, 2.2, and 2.3 Arbitrary Web Script Injection in NYU OpenSSO Integration 2.1 and Earlier Open Redirect Vulnerability in NYU OpenSSO Integration 2.1 and Earlier for Ex Libris Patron Directory Services (PDS) Cross-Site Scripting (XSS) Vulnerability in MediaWiki Special Pages Arbitrary Code Execution Vulnerability in SpagoBI 5.0.0 Accessibility Engine Unspecified Vulnerability in Enfold Theme's Folder Framework Privilege Escalation via Improperly Protected setuid Functionality in Centrify Server Suite and Centrify DirectControl ArubaOS Administrative Interface Authentication Bypass Vulnerability Arbitrary Command Execution via GNOME Shell Screen Lock Vulnerability Weak Permissions on SGI Tempo Allow Unauthorized Access to Sensitive Information Weak File Permissions Vulnerability in SGI Tempo on SGI ICE-X Systems Weak Permissions on SGI Tempo Allows Unauthorized Access to Password Hashes and Sensitive Information Unverified X.509 Certificates Vulnerability in ForoSocuellamos Application 1.1 for Android SSL Certificate Verification Vulnerability in Where2Stop-Cardlocks-Free Application Unverified X.509 Certificates in Ali Visual Android App 1.0 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in One You Fitness App for Android Unverified X.509 Certificates in Intelligent SME Android App 3.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Where Atlanta Android App 3.0.2 Unverified SSL Certificates in Safe Arrival App for Android Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Aloha Bail Bonds Android App 1.1 Unverified X.509 Certificates Vulnerability in SHIRAKABA Android App 1.0 Firenze Map Android App Vulnerability: SSL Certificate Verification Bypass Unverified SSL Certificates in Dignity Dialogue Android App 3.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Business Intelligence App for Android Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in ETA Mobile Application 1.6.6 for Android Unverified SSL Certificates in Macau Business Android App 3.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Brain Abundance Info App for Android Allows Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Motoring Classics Android App (Version 1.8.6) XtendCU Mobile Application 1.0.28 for Android SSL Certificate Verification Vulnerability Unverified SSL Certificates in TodaysSeniorsNetwork Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in Aloha Guide (aka com.aloha.guide.japanese) App 1.3 for Android Unverified SSL Certificates in Where Dallas Android App 3.0.2 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Liver Health - Hepatitis C App for Android Certificate Verification Vulnerability in Taking Your Company Public Application Unverified SSL Certificates in Acorn Estate Agents Android App 3.1 Unverified X.509 Certificates Vulnerability in faailkhair (aka com.faailkhair.app) Application 1.0 for Android Unverified SSL Certificate Vulnerability in Cuanto Conoces A un Amigo Application 2.0 for Android SSL Certificate Verification Vulnerability in Old Bike Mart Android App Unverified X.509 Certificates in SAsync Application 1.2.0 for Android Unverified SSL Certificates in Echo News Android App (v1.10 beta) Enable Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Classic Arms & Militaria Application Unverified SSL Certificates in DIYChatroom Android App 3.4.0 Bespoke Android Application 3.0 SSL Certificate Verification Vulnerability Insecure SSL Certificate Verification in HOT CARS Android App 3.0 Unverified SSL Certificates in GLOBAL MOVIE MAGAZINE Android App 3.0 Unverified SSL Certificates in India's Anthem Android App (appinventor.ai_opalfoxy83.India_Anthem) 1.0 Unverified SSL Certificates in JAZAN 24 Android App 1.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Penumbra eMag Android App 3.0 Allow for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Grandparenting is Great (aka com.app_gig.layout) Application 1.400 for Android Vermont Powder Android App 4.1 SSL Certificate Verification Vulnerability Unverified SSL Certificates in MAPA DA MINA Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in How To Boil Eggs (com.appmakr.app842173) Android App: A Man-in-the-Middle Vulnerability SSL Certificate Verification Vulnerability in Harry's Pub (com.emunching.harryspub) Android App 1.0.0 Unverified X.509 Certificates in Naranjas Con Tocados Android App 0.1 Unverified SSL Certificates in Promotional Items Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Identity Application 3.01 for Android Unverified X.509 Certificates Vulnerability in TuS 1947 Radis Android App Unverified X.509 Certificates Vulnerability in Compassion Satisfaction Application Vulnerability: Insecure SSL Certificate Verification in Il Brillo Parlante Application SSL Certificate Verification Vulnerability in Job MoBleeps Application SSL Certificate Verification Vulnerability in Magic Balloonman Marty Boone Application SSL Certificate Verification Vulnerability in Mr.Sausage Application 1.301 for Android SSL Certificate Verification Vulnerability in Inspire Weddings Android App Unverified SSL Certificates in SPIN - Motion Comic App for Android SSL Certificate Verification Vulnerability in Childcare Application SSL Certificate Verification Vulnerability in Facebook Profits on Steroids Application for Android Unverified X.509 Certificates in Jobranco Android App 1.1 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Kiddie Kinderschoenen Application 1.0 for Android Cedar Kiosk Android App 1.1 SSL Certificate Verification Vulnerability Unverified SSL Certificates in Alternative Connection Application for Android Insecure SSL Certificate Verification in Joe's Lawn Service Android App (v1.5) SSL Certificate Verification Bypass in Aperture Mobile Media Application Unverified X.509 Certificates in ACC Advocacy Action App for Android Allows Man-in-the-Middle Attacks Unverified SSL Certificates in The Sunday Indian Oriya Android App 3.0.1 Unverified SSL Certificates in Amnesia Groove Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Enchanted Fashion Crush App for Android Insecure SSL Certificate Verification in Synx Addictive Puzzle Game Application 1.0 for Android Unverified SSL Certificates in Russian Federation Traffic Rules App for Android Unverified SSL Certificates in 100 Beauty Tips App for Android: A Man-in-the-Middle Vulnerability Unverified X.509 Certificates Vulnerability in www.alaaliwat.com Android App (4.9) Unverified X.509 Certificate Vulnerability in USF BCM Android Application (com.appmakr.app193115) SSL Certificate Verification Bypass in PocketKnife Bravo Super Android App Unverified SSL Certificates Vulnerability in ileri Gazetesi - Yozgat Application Unverified X.509 Certificates Vulnerability in Dil Bilgisi Kurallari Application 1.0 for Android Unverified X.509 Certificate Vulnerability in Suzanne Glathar (com.app_sglathar.layout) Application 1.399 for Android Unverified X.509 Certificates in SK encar Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in NZHondas.com Android App 3.6.14 Insecure SSL Certificate Verification in Belaire Family Orthodontics App for Android Unverified X.509 Certificates Vulnerability in Deakin University Android App SSL Certificate Verification Vulnerability in Game Day Tix Android App Android Application 'Gary Johnson for President '12' (com.GaryJohnson2012) 0.75.13439.53899 Vulnerability: SSL Certificate Verification Bypass Unverified SSL Certificates in Liburan Hemat (com.liburan.bro) Android App 1.0 Insecure SSL Certificate Verification in Aptallik Testi Application 4.0 for Android Unverified X.509 Certificates Vulnerability in Rajendra Suriji Application 1.1 for Android Unverified SSL Certificates in CLEO Malaysia Android App Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in The Asylum! (aka com.nobexinc.wls_96362255.rc) Application 3.3.10 for Android Unverified SSL Certificates in Craft Stamper Magazine Android App Insecure SSL Certificate Verification in Real Academia de Bellas Artes Android App 1.0 Vulnerability: SSL Certificate Verification Bypass in BBC Knowledge Magazine App for Android Unverified SSL Certificates in PokeCreator Lite Android App 1.1 Allow for Man-in-the-Middle Attacks SSL Certificate Verification Bypass in Just Bureaucracy Android App Unverified SSL Certificates in Revel in the Rideau Lakes Android App (com.mytoursapp.android.app326) 1.0.6 Unverified X.509 Certificates in HEA Mobile Application for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Youth Incorporated Android App 3.0 Insecure SSL Certificate Verification in Quran Abu Bakr AshShatiri Free Android App SSL Certificate Verification Bypass in Doodle Devil Free Android App (CVE-2021-XXXX) Insecure SSL Certificate Verification in Hunting Trophy Whitetails Android App Unverified X.509 Certificates Vulnerability in 7725.com Three Kingdoms App for Android Unverified SSL Certificates in Flood-It Android App 4.2 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in Breeze Jersey Android App Allows Man-in-the-Middle Attacks Insecure SSL Certificate Verification in CalculatorApp 4.0 for Android Insecure SSL Certificate Verification in Student ID Application 1.2 for Android Unverified SSL Certificates in RTSinfo Android App 1.4.8 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in AJD Bail Bonds Android App 1.1 Unverified X.509 Certificate Vulnerability in SOS Recette Application 1.0 for Android Unverified SSL Certificates in Love Horoscope Guide App for Android SSL Certificate Verification Vulnerability in bene+ odmeny a slevy (aka cz.gemoney.bene.android) Application 1.2.3 for Android Unverified X.509 Certificates Vulnerability in Pakan Ken Tube (com.PakanKen) Android App 0.1 Unverified SSL Certificates in Face Fun Photo Collage Maker 2 Android App (v1.3.0) Allow Man-in-the-Middle Attacks Baidu Navigation Android App 3.5.0 SSL Certificate Verification Vulnerability Unverified SSL Certificates in LEGEND OF TRANCE Android App: A Gateway for Man-in-the-Middle Attacks Bilingual Magic Ball Android App SSL Certificate Spoofing Vulnerability Unverified SSL Certificates in Dattch - The Lesbian App (com.dattch.dattch.app) for Android Unverified SSL Certificates in DealSide Institutional Android App Allow for Man-in-the-Middle Attacks X.509 Certificate Verification Vulnerability in My NGEMC Account Application Unverified X.509 Certificates in allnurses Android App 3.4.10 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Shaklee Product Catalog Android App 2.0 SSL Certificate Verification Vulnerability in Detox Juicing Diet Recipes App Unverified SSL Certificates in Zoella Unofficial Android App 1.4.0.5 Unverified SSL Certificates in Digit Magazine Android App 3.01 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in Electronics For You Android App Unverified SSL Certificates in BloomYou Valentine Android App 2.4 Unverified X.509 Certificates Vulnerability in The Press-Leader Application Unverified SSL Certificates in Slots Heaven:FREE Slot Machine App for Android SSL Certificate Verification Vulnerability in A King Sperm Android App Unverified SSL Certificates in Fashion Story: Neon 90's App for Android Allow Data Theft SSL Certificate Verification Bypass in IM5 Fans Planet Android App (Version 2.3.1) Certificate Verification Bypass in Magic Stamp (vn.avagame.apotatem) Android App 2.8 Unverified SSL Certificates in PC Advisor Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Live TV Browser App for Android HoneyBee Mag Android App 3.0 SSL Certificate Verification Vulnerability SSL Certificate Verification Vulnerability in AG Klettern Odenwald (de.appack.project.agko) Application 1.2 for Android SSL Certificate Verification Vulnerability in The Best Beginning (aka com.bbbeta) Application 2.0 for Android Unverified X.509 Certificate Vulnerability in I Know the Movie (com.guilardi.jesaislefilm2) Application for Android Unverified X.509 Certificates Vulnerability in international-arbitration-attorney.com Android App Unverified X.509 Certificate Vulnerability in CSApp - Colegio San Agustin Application 1.0 for Android Lack of X.509 Certificate Verification in Ionic View Application for Android SSL Certificate Verification Vulnerability in Healthy Lunch Diet Recipes App Insecure SSL Certificate Verification in NashaPlaneta.su Android App (v1.02) Insecure SSL Certificate Verification in ETG Hosting Application 2.0 for Android Unverified SSL Certificates in Desire2Learn FUSION 2014 Android App Insecure Certificate Verification in Coca-Cola FM Guatemala Android App Insecure SSL Certificate Verification in it.tinytap.attsa.notlost Application 1.6.1 for Android Unverified SSL Certificates in Mitsubishi Road Assist Android App Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in ADT Aesthetic Dentistry Today Android App Vineyard All In Android App: Man-in-the-Middle Attack Vulnerability Unverified X.509 Certificates Vulnerability in Menaka - Marathi (com.magzter.menakamarathi) Android App 3.0 Unverified SSL Certificates in Short Stories (com.ireadercity.c48) App 3.0.2 for Android Unverified SSL Certificates in Secretos de belleza App 1.0 for Android Unverified X.509 Certificates Vulnerability in The 100 Books (aka com.ireadercity.c20) Application 3.0.2 for Android Unverified X.509 Certificates in Kontan Kiosk Android App Allow Man-in-the-Middle Attacks Certificate Verification Vulnerability in LogosQuest - Beginnings (com.wLogosQuest) Application 1.0 for Android Insecure SSL Certificate Verification in Portfolium Android App SSL Certificate Verification Bypass in The Space Cinema Android App (Version 2.0.6) SSL Certificate Verification Vulnerability in The Sword (com.ireadercity.c25) Application 3.0.2 for Android Unverified SSL Certificates in Translation Widget Application for Android Insecure SSL Certificate Verification in Escucha elDiario.es Android App (Version 1.2.3) Unverified SSL Certificates in AppTalk Application 1.4.8 for Android Unverified SSL Certificates in Realtime Music Rank Android App Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Hector Leal Android App: Exploiting SSL Vulnerability Unverified X.509 Certificates in Help For Doc Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in A Very Short History of Japan (com.ireadercity.c51) App 3.0.2 for Android SSL Certificate Verification Vulnerability in Graffit It (com.presenttechnologies.graffitit) Application 1.1.2 for Android Insecure SSL Certificate Verification in Top Hangover Cures App for Android Unverified SSL Certificates in Bail Bonds Android App: A Man-in-the-Middle Vulnerability Unverified SSL Certificates in Central East LHIN News Android App: A Man-in-the-Middle Vulnerability Unverified X.509 Certificates Vulnerability in Myanmar Movies HD Android App Insecure SSL Certificate Verification in Bowl Expo 2014 Android App Unverified SSL Certificates in Cycling Manager Game Cff Android App 1.0 SSL Certificate Verification Bypass in Nova 92.1 FM Android App SSL Certificate Verification Vulnerability in Anderson Musaamil Application 1.400 for Android Unverified X.509 Certificates in Maccabi Pakal Android App: A Man-in-the-Middle Vulnerability Unverified X.509 Certificates in Radio Bethlehem RB2000 Android App 1.0 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Bed and Breakfast App for Android Unverified X.509 Certificates Vulnerability in Domain Name Search & Web Host Application for Android Unverified SSL Certificates in Immunize Canada Android App 1.0.1 SSL Certificate Verification Bypass in Savage Nation Mobile Web Application for Android Unverified SSL Certificates in Horsepower Android App (Version 2.10.11) Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Bodyguard for Hire Application Unverified SSL Certificates in PRIX IMPORT Android App 1.0 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in GES Agri Connect Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in NotreDame Seguradora Android App 1.2 Allow Man-in-the-Middle Attacks Certificate Verification Vulnerability in Funny & Interesting Things App for Android Insecure SSL Certificate Verification in Classic Racer Android App Insecure SSL Certificate Verification in Service Academy Forums Android App (Version 3.6.12) Critical Vulnerability in Headlines News India App Puts User Data at Risk Certificate Verification Vulnerability in Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) Application 1.0 for Android Unverified X.509 Certificates Vulnerability in l'Informatiu (com.linformatiu.spm) App 2.0 for Android Unverified X.509 Certificates in Blood (com.sheridan.ash) App 2.1 for Android SSL Certificate Verification Vulnerability in The Secret City - Motion Comic Application 2.1.7 for Android Unverified SSL Certificates in Buddhist Prayer App for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Texas Poker Unlimited Hold'em Android App 1.2.0 Vulnerability: SSL Certificate Verification Bypass in Basketball News & Videos App Insecure SSL Certificate Verification in Noticias Bebes Beybies (com.beybies) Android App 1.0 SSL Certificate Verification Vulnerability in Zombie Diary Application Unverified SSL Certificates in GET NYCE Lightworks Android App Allow for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in The Bouqs - Flowers Simplified (aka com.bouqs.activity) Application 1.8.4 for Android Unverified X.509 Certificate Vulnerability in Apparound BLEND Application for Android Unverified SSL Certificates in zroadster.com Android App 2.4.13.17 SSL Certificate Verification Vulnerability in Everest Poker Android App Unverified SSL Certificates in InstaTalks Android App 1.3.1 Lack of X.509 Certificate Verification in Fabasoft Cloud Android App SSL Certificate Verification Vulnerability in Health Advocate SmartHelp Application for Android Certificate Verification Vulnerability in Tactical Force LLC Application for Android Unverified SSL Certificates Vulnerability in Simple Car Care Tip and Advice App Unverified X.509 Certificate Vulnerability in Rando Noeux Application for Android Unverified X.509 Certificate Vulnerability in Stift Neuburg (de.appack.project.neuburg) Application 1.1 for Android Unverified SSL Certificates Vulnerability in iMig 2012 (aka com.webges.imig) Application 1.0.0 for Android Unverified SSL Certificate Vulnerability in Marcus Butler Unofficial App Insecure SSL Certificate Verification in Best Greatness Quotes App for Android Insecure SSL Certificate Verification in Fire Equipments Screen Lock Application for Android Unverified SSL Certificates in Grey's Anatomy Fan App for Android SSL Certificate Verification Vulnerability in The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) Application 7.2 for Android Unverified SSL Certificates in Droid Survey Offline Forms Application 2.5.2 for Android Unverified SSL Certificates in eBiblio Andalucia Android App: A Man-in-the-Middle Vulnerability Unverified X.509 Certificates in Chien Binh Bakugan 2 LongTieng Android App 2.0 Insecure SSL Certificate Verification in B&H Photo Video Pro Audio Android App (Version 2.5.1) Unverified SSL Certificates in Bieber News Now Android App (Version 12.0.5) Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Thailand Investor News Android App 1.39s SSL Certificate Verification Vulnerability in Quotes of Travis Barker Application Unverified X.509 Certificates in Water Lateral Sizer Android App 1.2 Allows Man-in-the-Middle Attacks ACN2GO Android App 1.7 Vulnerability: SSL Certificate Verification Bypass Insecure SSL Certificate Verification in Biplane Forum Android App (Version 3.7.14) Unverified SSL Certificates in Blocked in Free (aka com.blueup.blocked) App 1.0 for Android ICBC Banking Android App 2.40 Vulnerability: SSL Certificate Verification Bypass Unverified X.509 Certificates Vulnerability in WebPromoExperts Android App SSL Certificate Verification Vulnerability in Demon (com.ireadercity.c24) App 3.0.2 for Android Unverified X.509 Certificate Vulnerability in FOL Mobile App for Android SSL Certificate Verification Vulnerability in Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) Application 1.1 for Android Unverified X.509 Certificates Vulnerability in devada.co.uk Android App 1.2 SSL Certificate Verification Bypass in Paramore Android App (Version 2.3.4) Unverified X.509 Certificate Vulnerability in Fabulas Infantiles (com.mobincube.android.sc_9I1A3) Application 3.0.0 for Android SSL Certificate Verification Vulnerability in Poker Puzzle Application for Android Unverified X.509 Certificate Vulnerability in FRONT Android Application Unverified X.509 Certificates Vulnerability in Gravey Design Android App Insecure SSL Certificate Verification in Easy Tips For Glowing Skin App (Version 1.0) Certificate Verification Vulnerability in Actors Key Application for Android Unverified X.509 Certificates in Concursive Android App 2.1 Allow for Man-in-the-Middle Attacks Unverified X.509 Certificates in Swamiji.tv Android App 2.0 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Carrier Enterprise HVAC Assist Android App Unverified SSL Certificates in iStunt 2 Android App (Version 1.1.2) Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in KKMobileApp for Android Unverified SSL Certificates in The Lost Temple Android App (Version 1.6) Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in e-Kiosk Android App 1.74 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in WASPS Official Programmes Android App SSL Certificate Verification Vulnerability in Warrior Beach Retreat Application Insecure SSL Certificate Verification in Physics Forums Android App (Version 3.9.22) SSL Certificate Verification Vulnerability in www.roads365.com (aka ydx.android) Application 1.0.1 for Android Unverified SSL Certificates in Interior Design App for Android Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in Authors On Tour - Live! (aka com.appmakr.app122286) Android App: A Man-in-the-Middle Vulnerability SSL Certificate Verification Vulnerability in EIN Lookup Android App Unverified SSL Certificates in Affinity Mobile ATM Locator App for Android Insecure SSL Certificate Verification in Guess the Pixel Character Quiz App (v1.3) for Android SSL Certificate Verification Vulnerability in Atme Application 1.0.10 for Android Unverified X.509 Certificate Vulnerability in Acorn Comms (aka com.acorncomms.app) Application 3.0 for Android Unverified SSL Certificates in Yulman Stadium App for Android: A Man-in-the-Middle Vulnerability Insecure SSL Certificate Verification in Fling Gold Android App (Version 1.1.3) Vulnerability: SSL Certificate Verification Bypass in Villa Antonia (com.appbuilder.u7p5019) Application Unverified SSL Certificates in News Revolution - Bahrain App 3.2 for Android Allows for Man-in-the-Middle Attacks Unverified SSL Certificates in Dino Zoo Android App Enable Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Adopt O Pet Application for Android Unverified SSL Certificates in United Hawk Nation Android App 2.1 Unverified SSL Certificates Vulnerability in Fabuestereo 88.1 FM App for Android SSL Certificate Verification Vulnerability in Hotel Room Application for Android Unverified SSL Certificates in Pegasus Airlines Android App Allow Man-in-the-Middle Attacks Unverified X.509 Certificate Vulnerability in C.R. Group Android App 1.0 Unverified X.509 Certificate Vulnerability in Go MSX MLS Android App SSL Certificate Verification Vulnerability in EMT-Paramedic Lite Android App SSL Certificate Verification Vulnerability in BOOKING DISCOUNT Android App Unverified SSL Certificates in SMARTalk Android App Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Classic Car Buyer Android App SSL Certificate Verification Vulnerability in JJA- Juvenile Justice Act 1986 (com.felix.jja) Application 1.0 for Android SSL Certificate Verification Bypass in Magicam Photo Magic Editor (mobi.magicam.editor) Application 5.0 for Android SSL Certificate Verification Vulnerability in Dresden Transport Museum App Unverified SSL Certificates in Indian Management App 3.0 for Android Unverified X.509 Certificates Vulnerability in ExpeditersOnline.com Forum App for Android Unverified SSL Certificates in The Gent Magazine Android App 3.0 Allow for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Masquito Blogger Application for Android Insecure Certificate Verification in com.wGoNittyGritty Application for Android Unverified X.509 Certificates in Bilingual Magic Ball Relajo Android App Allows Man-in-the-Middle Attacks Unverified SSL Certificates in American Waterfowler Android App: A Man-in-the-Middle Vulnerability Insecure Certificate Verification in Coca-Cola FM Honduras Android App Certificate Verification Vulnerability in Ads Free. Cz Advert Application 1.4 for Android SSL Certificate Verification Vulnerability in Motor Town: Machine Soul Free (aka com.alawar.motortownfree) Application 1.1 for Android Unverified X.509 Certificate Vulnerability in Tekno Apsis (com.teknoapsis) Application 2.4 for Android Certificate Verification Vulnerability in TicketOne.it Android App Insecure SSL Certificate Verification in Home Made Air Freshener App (v1.1) for Android Unverified X.509 Certificates in Scudetto App 2.7 for Android Allow Man-in-the-Middle Attacks SSL Certificate Verification Bypass in VMware vForums 2014 Android App Unverified SSL Certificates in GR8! TV Android App 3.0 Allow for Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Free Canadian Author Previews Application Insecure Certificate Verification in Razer Comms - Gaming Messenger for Android Insecure SSL Certificate Verification in com.ChamberMe.SCBPSOUTHERNCO Android App SSL Certificate Verification Vulnerability in Home Improvement App for Android SSL Certificate Verification Vulnerability in GzoneRC - The RC Hobby Hub (com.wGzoneRC) Android App 0.1 Insecure SSL Certificate Verification in myfone Shopping Android App Unverified SSL Certificates in Sheikh Mujib Biography App for Android (com.wbongobondho) 0.1 Lent Experience Android App Vulnerability: SSL Certificate Verification Bypass Unverified SSL Certificates Vulnerability in JusApp! (com.tapatalk.jusappcombrforum) 3.7.5 for Android SSL Certificate Verification Vulnerability in Corvette Museum App Unverified X.509 Certificates Vulnerability in easaa Baoneng Android App 1.0 Unverified SSL Certificates in Halftime Magazine Android App 3.0 Unverified SSL Certificates in Eyvah! Bosandim ozgurum Application 0.1 for Android Xinhua International Android App 5.5.0 SSL Certificate Verification Vulnerability Unverified SSL Certificates in The Flying Fox Android App Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in DoNotTrackMe - Mobile Privacy Application Insecure Certificate Verification in ahtty Android Application (Version 1.97.16) Unverified SSL Certificates in The Terrorizer Magazine Android App Allow for Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Atkins Diet Free Shopping List App Unverified X.509 Certificates in Outdoor Design And Living Android App Allows Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in The Raven - The Culture Lover (aka com.booksbyraven) Application 1.60 for Android Unverified SSL Certificates in India Today Telugu Android App Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Tiket.com Hotel & Flight App for Android Vulnerability: SSL Certificate Verification Bypass in Skin&Ink Magazine Android App Insecure SSL Certificate Verification in ibon (aka tw.net.pic.mobi) Android App 3.2.1 Insecure SSL Certificate Verification in GIGA HOBBY Android App (Version 1.0.6) Unverified SSL Certificates in Ultimate Christian Radios App for Android Unverified X.509 Certificates Vulnerability in Mills-Hazel Property Management App Unverified SSL Certificates in Travel+Leisure Android App 3.0 Allow Man-in-the-Middle Attacks Certificate Verification Vulnerability in BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) Application 1.13 for Android Unverified X.509 Certificates in Better Homes and Gardens Aus Android App: A Man-in-the-Middle Vulnerability SSL Certificate Verification Vulnerability in President Clicker Application for Android SSL Certificate Verification Vulnerability in Indian Jeweller App for Android Insecure SSL Certificate Verification in Carnegie Mellon Silicon Valley Android App Unverified X.509 Certificate Vulnerability in Chemssou Blink Application 1.0 for Android Insecure SSL Certificate Verification in Rally Albania Live 2014 Android App SSL Certificate Verification Vulnerability in Golosinas Simpson1 Android App SSL Certificate Verification Vulnerability in Dj Brad H (com.dreamstep.wDjBradH) Android App 0.90 Unverified X.509 Certificates Vulnerability in The Logan Banner Android App Unverified SSL Certificates in Radio de la Cato Android App 2.0 Allow Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in Karaf Magazin Android App Unverified X.509 Certificates in Reds Anytime Bail Android App 1.1 Allow Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Dr. Sheikh Adnan Ibrahim (com.amitaff.adnanIbrahim) App 1.0 for Android Unverified X.509 Certificates in FMAC Android App 1.0 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Anahi A Adopter FR Application for Android Insecure SSL Certificate Verification in The Pony Magazine Android App Unverified SSL Certificates in The Healing Bookstore Android App 0.1 SSL Certificate Verification Vulnerability in Noticias del Vaticano Android App Insecure SSL Certificate Verification in Humor Ironias y Realidades App for Android Man-in-the-Middle Attack Vulnerability in Musulmanin.com Android Application Unverified SSL Certificates in Flight Manager Android App 4.0 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Fusion Flowers - Weddings Application SSL Certificate Verification Vulnerability in Garip Ve Ilginc Olaylar App Lack of SSL Certificate Verification in CamDictionary Android App Unverified SSL Certificates in The Taster Magazine App for Android Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Recetas de Tragos Android App 0.1 Unverified X.509 Certificates Vulnerability in NASIOC Android App (Version 3.8.0) Circa News Android App 2.1.3 SSL Certificate Verification Vulnerability Unverified X.509 Certificate Vulnerability in Condor S.E. Application 1.399 for Android Unverified SSL Certificates in eTopUpOnline Android App 3.4.9 Unverified X.509 Certificates in Radiohead Fan Android App 4.6.2 Insecure SSL Certificate Verification in The Awful Ninja Game (Android App) Unverified X.509 Certificate Vulnerability in AMKAMAL Science Portfolio Application SSL Certificate Verification Vulnerability in Jazz Lovers Radio App for Android Unverified SSL Certificates in Health Assistance Service Application 2.4.1 for Android Insecure SSL Certificate Verification in Ink Cards (aka com.sincerely.android.ink) Application 2.0.4 for Android Unverified SSL Certificates in Bite it! (aka com.ASA1Touch.Bite_it) App 1.1.8 for Android Unverified X.509 Certificates in Listen up! mirucho (aka jp.ameba.kiiteyo.android) Application 1.1.8 for Android Unverified SSL Certificates in Semper Invicta Fitness App 1.1 for Android SSL Certificate Verification Vulnerability in The Hundred Thousands Kid Book Application Unverified X.509 Certificate Vulnerability in 7 Habits Personal Development App for Android Insecure SSL Certificate Verification in A+ (aka cn.xrzcm) Application 1.0.1 for Android Unverified X.509 Certificates Vulnerability in The Analects of Confucius (com.azbc88881.lunyu) Android App 8.0 Unverified X.509 Certificates Vulnerability in Accurate Lending (com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) Application 1.0021.b0021 for Android Unverified SSL Certificates in Lagu POP Indonesia App 2.0 for Android Unverified SSL Certificates in World Tamil Bayan Android App Allow Man-in-the-Middle Attacks Unverified X.509 Certificates in MB Tickets Android App 3.0.1 Allow Man-in-the-Middle Attacks Unverified SSL Certificates in Cleveland Football STREAM Application 2.1.0 for Android SSL Certificate Verification Vulnerability in Herbs & Flowers Dictionary Application Unverified SSL Certificates in The Champak - Hindi Android App 3.0.1 Unverified SSL Certificates in Kavita KS Android App 2.4 Unverified SSL Certificates in The Slingshot Forum App for Android SSL Certificate Verification Vulnerability in Epc World Android App Unverified SSL Certificates in Kuran'in Bilimsel Mucizeleri Android App Unverified X.509 Certificates in Pakistan Cricket News Android App Allows Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Marijuana Handbook Lite - Weed Application Insecure SSL Certificate Verification in Macedonia Hacienda Hotel App for Android SSL Certificate Verification Vulnerability in Bill G. Bennett Android App Unverified SSL Certificates in Schon! Magazine Android App 3.0 Allow Man-in-the-Middle Attacks Vulnerability: Insecure SSL Certificate Verification in AAAA Discount Bail Android App Unverified SSL Certificates in English Football Magazine Android App 3.0 Unverified SSL Certificates in iShuttle Android App 1.0 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in The Best Free Giveaways Application for Android Unverified SSL Certificates in Zillion Muslims Android App 1.1 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Backyard Wrestling Android App Vulnerability: Insecure SSL Certificate Verification in CB - Calciatori Brutti (com.calciatori.brutti) Application 1.0 for Android Unverified SSL Certificates in Knights of the Void Android App (Version 2.1.7) Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in Harpers Bazaar Art Android App Allow for Man-in-the-Middle Attacks Unverified SSL Certificates in House365 Radio Android App 3.2.3 Allow Man-in-the-Middle Attacks Insecure SSL Certificate Verification in Thai Food App for Android Insecure SSL Certificate Verification in Coca-Cola FM Brasil Android App Insecure SSL Certificate Verification in Squishy Birds Android App (com.tatmob.squishybirds) 1.0.1 Unverified X.509 Certificates Vulnerability in The Daily Green (aka it.opentt.blog.dailygreen) Application 2014.07 dlygrn for Android Vulnerability: SSL Certificate Verification Bypass in Top Roller Coasters Europe 2 Application Unverified X.509 Certificates in Woodward Bail Android App 1.1 Allow Man-in-the-Middle Attacks Man-in-the-Middle Attack Vulnerability in Gangsta Auto Thief III (com.apptreestudios.gdup3) Application 1.1 for Android Unauthenticated Bind Vulnerability in Apache CloudStack Predictable URL Encryption Vulnerability in Apache Wicket Predictable Token Values Vulnerability in Apache Struts 2.0.0 through 2.3.x before 2.3.20 Bypassing SecurityManager Protection in Apache Tomcat EL Evaluation Cross-Site Scripting (XSS) Vulnerabilities in Spacewalk and RHN Satellite 5.7.0 and Earlier Arbitrary Web Script Injection Vulnerability in Spacewalk and RHN Satellite Denial of Service Vulnerability in Red Hat CloudForms 3 Management Engine (CFME) SQL Injection Vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 Denial of Service Vulnerability in QEMU's set_pixel_format Function JBoss Undertow Directory Traversal Vulnerability Arbitrary Command Execution Vulnerability in GNU C Library (glibc) 2.21 Directory Traversal Vulnerability in Action Pack in Ruby on Rails Multiple Directory Traversal Vulnerabilities in Sprockets Server.rb Denial of Service Vulnerability in OpenStack Neutron DNS Configuration Unrestricted File Size Vulnerability in Linux Kernel Splice Write Operations Vulnerability: VNC Password Disclosure in Libvirt's virDomainGetXMLDesc API D-Bus Denial of Service Vulnerability Out-of-bounds read and ASLR bypass vulnerability in Linux kernel's trace_syscalls.c Privilege Escalation and Denial of Service Vulnerability in Linux Kernel's ftrace Subsystem Bypassing Access Restrictions in JBoss Security Bypassing Password Requirement in FreeIPA Two-Factor Authentication Directory Traversal Vulnerability in Action Pack in Ruby on Rails Arbitrary web script injection vulnerability in Moodle Feedback module Information Disclosure Vulnerability in Moodle 2.7.x Access Control Bypass in Moodle LTI Module Sensitive Information Disclosure in Moodle through mod/data/edit.php Insecure Group Permissions in Moodle Forum Web Service Unrestricted File Upload Vulnerability in Moodle 2.6.x and 2.7.x Cross-Site Request Forgery (CSRF) Vulnerabilities in Moodle LTI Module Remote authenticated users can delete wiki pages in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 by exploiting delete access in a separate subwiki. Cross-Site Request Forgery (CSRF) Vulnerabilities in Moodle Forum Module XML External Entity (XXE) Vulnerability in RESTEasy 2.3.7 and 3.0.9 Arbitrary Code Execution Vulnerability in QEMU's host_from_stream_offset Function Denial of Service Vulnerability in Linux Kernel SCTP Implementation Race condition in Linux kernel before 3.17.4 allows denial of service via crafted application in KVM x86 emulation Denial of Service Vulnerability in Linux Kernel on ARM64 Platform Arbitrary Command Execution Vulnerability in BSD mailx 8.1.2 and Earlier Insufficient Number of Possible Temporary Passwords in Moodle Improper Access Control in Moodle Tag Autocomplete Denial of Service Vulnerability in Moodle IP Lookup Functionality Information Disclosure Vulnerability in Moodle 2.6.x and 2.7.x Inadequate Authorization Verification in JBoss EAP Allows Unauthorized Attribute Manipulation Arbitrary Script Injection in FreeIPA Web UI via Breadcrumb Navigation Session Hijacking Vulnerability in oVirt 3.2.2 through 3.5.0 Arbitrary Script Injection in JBoss RichFaces via Crafted URL Sensitive Information Disclosure in JBoss Application Server (WildFly) JacORB Subsystem Authentication Bypass Vulnerability in D-Link DNS-320L, DNS-327L, DNR-326, DNS-320B, DNS-345, DNS-325, and DNS-322L Arbitrary String Username Cookie Bypass Vulnerability in D-Link DNR-326 Stack-based Buffer Overflow in D-Link Firmware Allows Remote Code Execution Unauthenticated Remote Photo Publication Vulnerability in D-Link DNS-320L and DNS-327L Remote Code Execution Vulnerability in Apple OS X IOHIDSecurePromptClient Function Arbitrary Administrator Account Creation Vulnerability in ManageEngine Desktop Central Arbitrary File Read and Directory Listing Vulnerability in ZOHO ManageEngine Applications Manager, OpManager, and IT360 SQL Injection Vulnerabilities in ZOHO ManageEngine OpManager and IT360 Arbitrary File Write and Execution Vulnerabilities in ZOHO ManageEngine OpManager, IT360, and Social IT Plus Arbitrary SQL Command Execution in ZOHO ManageEngine OpManager and IT360 SQL Injection Vulnerabilities in ZOHO ManageEngine OpManager, IT360, and Social IT Plus Arbitrary Code Injection Vulnerability in Context Form Alteration Module for Drupal Arbitrary Script Injection in Custom Search Module for Drupal Arbitrary SQL Command Execution Vulnerability in Open-Xchange (OX) AppSuite Unrestricted Access to Comodo GeekBuddy VNC Server Vulnerability CSRF Vulnerability in HP System Management Homepage (SMH) Allows Remote Authentication Hijacking Unspecified Remote Vulnerability in HP LaserJet CM3530 Multifunction Printer Unspecified Remote Code Execution Vulnerability in HP Integrated Lights-Out (iLO) Firmware Unspecified Denial of Service Vulnerability in HP-UX Kernel Insecure Key Management in HP Helion Cloud Development Platform 1.0 Authentication Bypass Vulnerability in HP-UX PAM Configuration with libpam_updbe Unspecified Denial of Service Vulnerabilities in HP OpenVMS TCP/IP 5.7 before ECO5 HP Insight Control Server Cross-Site Scripting (XSS) Vulnerability Unspecified Privilege Escalation Vulnerability in HP SiteScope 11.1x and 11.2x HTTP TRACE Method Information Disclosure Vulnerability in HP Universal CMDB (UCMDB) Probe Unspecified Remote Authenticated Vulnerabilities in HP ArcSight Logger Unspecified Remote Vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Multiple Cross-Site Scripting (XSS) Vulnerabilities in HP XP P9000 Software Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Remote Code Execution Vulnerability in HP Point of Sale OPOS Drivers Address bar spoofing vulnerability in Google Chrome before version 38.0.2125.101 Use-after-free vulnerability in CPDF_Parser::IsLinearizedFile function in PDFium Integer Overflow in OpenJPEG's opj_t2_read_packet_data Function PDFium Use-After-Free Vulnerability in Google Chrome Buffer Overflow Vulnerability in OpenJPEG: Remote Code Execution in Google Chrome Buffer Overflow Vulnerability in Skia Library Bypassing Access Restrictions in Google Chrome for Android Pepper Plugins Use-After-Free Vulnerability in Google Chrome Use-after-free vulnerabilities in ScreenOrientationController.cpp in Blink Integer overflows in CheckMov function in Google Chrome Uninitialized Integer Vulnerability in SkDashPathEffect.cpp Unspecified Vulnerabilities in Google Chrome before 39.0.2171.65 Unverified Deserialization Vulnerability in Android ObjectInputStream Arbitrary Code Execution and Denial of Service Vulnerability in dhcpcd Arbitrary Code Execution and Memory Corruption Vulnerability in dhcpcd Bluetooth Pairing Access Restriction Bypass via Crafted NFC Tag Integer Overflow Vulnerability in libstagefright in Android Unspecified Integer Overflow Vulnerability in libstagefright in Android Integer Overflow Vulnerability in libstagefright in Android Denial of Service Vulnerability in Android's ISurfaceComposer.cpp Privilege Escalation Vulnerability in Android Mediaserver (Versions 2.2 - 5.x) Privilege Escalation Vulnerability in Android Mediaserver (Versions 4.0.3 - 5.x) GoogleAuthUtil.getToken method in Google Play services SDK allows unauthorized access to Google accounts Memory Corruption Vulnerability in ICU Regular Expressions Package Use-after-free vulnerability in Google Chrome IndexedDB Implementation WebAudio Use-After-Free Vulnerability in Google Chrome Memory Corruption Vulnerability in ICU Regular Expressions Package Memory Corruption Vulnerability in Google V8 SimplifiedLowering::DoLoadBuffer Function Denial of Service Vulnerability in Google Chrome's V8 Engine Use-after-free vulnerability in HTMLScriptElement::didMoveToNewDocument function in Blink Use-after-free vulnerability in Blink's DOM implementation allows for remote code execution Memory Corruption Vulnerability in Google V8 JavaScript Engine Use-after-free vulnerability in Element::detach function in Blink Use-after-free vulnerability in matroska_read_seek function in FFmpeg before 2.5.1 Use-after-free vulnerability in Blink DOM implementation in Google Chrome before 40.0.2214.91 Use-after-free vulnerability in Google Chrome Speech Implementation Use-after-free vulnerability in ZoomBubbleView::Close function in Google Chrome Off-by-one errors in libavcodec/vorbisdec.c leading to use-after-free vulnerability Memory Corruption Vulnerability in Google Chrome's Fonts Implementation Same Origin Policy Bypass in Google Chrome with Harmony Proxy Memory Initialization Vulnerability in ICU Collator Implementation Out-of-bounds read vulnerability in SelectionOwner::ProcessTarget function in Google Chrome Uninitialized Memory Vulnerability in Google Chrome Fonts Implementation Out-of-Bounds Read Vulnerability in Skia Library Out-of-bounds read vulnerability in PDFium's sycc422_to_rgb function Denial of Service Vulnerability in OpenJPEG Out-of-bounds read vulnerability in RenderTable::simplifiedNormalFlowLayout function in Blink Denial of Service Vulnerability in OpenJPEG AppCache SSL Certificate Spoofing Vulnerability Android Debug Bridge (ADB) Directory Traversal Vulnerability Vulnerability in Android ADB Tool Allows Injection of Malicious APKs and Arbitrary Code Execution Race condition vulnerability in bindBackupAgent method in Android 4.4.4 allows local users to execute arbitrary code or gain system privileges Directory Traversal Vulnerability in Android 4.4.4 MTP Server Arbitrary Script Injection in Pods Plugin for WordPress Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Pods Plugin for WordPress Arbitrary Web Script Injection in BulletProof Security Plugin for WordPress SQL Injection Vulnerability in BulletProof Security Plugin for WordPress Bypassing Metadata Constraints in OpenStack Object Storage (Swift) Unspecified Vulnerabilities in Google V8 Leading to Denial of Service and Potential Impact VDSM SSL Connection Blocking Vulnerability Denial of Service Vulnerability in Linux Kernel's pivot_root Implementation Vulnerability: Unprivileged Users Can Cause Denial of Service by Remounting Root Filesystem as Read-Only Arbitrary Code Injection Vulnerability in BlueMasters Theme for Drupal Arbitrary Code Injection in SimpleCorp Theme for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Zen Theme for Drupal Arbitrary SQL Command Execution Vulnerability in Joomla! CMS 3.1.x and 3.2.x Arbitrary Web Script Injection Vulnerability in Joomla! CMS 2.5.x and 3.x Arbitrary Web Script Injection Vulnerability in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 Joomla! CMS GMail Authentication Bypass Vulnerability Directory Traversal Vulnerability in EspoCRM before 2.6.0 Allows Remote File Inclusion Remote Code Execution via installProcess Parameter in EspoCRM Arbitrary Code Injection via desc Parameter in EspoCRM before 2.6.0 Information Disclosure Vulnerability in Cisco Unity Connection 10.5 and Earlier (Bug ID CSCur06493) Privilege Escalation Vulnerability in Cisco Unified Computing System on B-Series Blade Servers Privilege Escalation Vulnerability in Cisco IOS XE 3.5E and Earlier on WS-C3850, WS-C3860, and AIR-CT5760 Devices (Bug ID CSCur09815) Vulnerability: Man-in-the-Middle Attack via Spoofed X.509 Certificate in Cisco Unified Communications Manager Uninitialized Packet Buffer Vulnerability in Cisco IOS DLSw Implementation Unspecified HTTP Handler Access Vulnerability in Cisco-Meraki Devices Arbitrary Command Execution Vulnerability in Cisco-Meraki Devices Physical Access Shell Access Vulnerability in Cisco-Meraki Devices CSRF Vulnerability in Cisco Integrated Management Controller Allows User Hijacking Denial of Service Vulnerability in Cisco IOS DHCP Implementation on Aironet Access Points (Bug ID CSCtn16281) Denial of Service Vulnerability in Cisco IOS on Aironet Access Points (Bug ID CSCul15509) Arbitrary Firmware Installation Vulnerability in Cisco-Meraki Devices User Account Enumeration Vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) Remote Code Execution Vulnerability in Cisco OpenH264 1.2.0 and Earlier Remote Code Execution Vulnerability in Cisco OpenH264 1.2.0 and Earlier Local Privilege Escalation Vulnerability in Cisco Integrated Management Controller Cisco IOS XR Denial of Service Vulnerability via LISP TCP Sessions (Bug ID CSCuq90378) Race condition vulnerability in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices Authentication Bypass Vulnerability in Cisco ISB8320-E DVR Cisco Prime Infrastructure Quick Discovery Password Disclosure Vulnerability Absolute Path Traversal Vulnerability in Cisco Unified Communications Manager (CUCM) RTMT API (Bug ID CSCur49414) Information Disclosure Vulnerability in Cisco Unified Computing System Arbitrary OS Command Execution Vulnerability in Cisco Unified Communications Domain Manager 8 (Bug ID CSCuq50205) Cisco ASA WebVPN Portal Login Page Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in Cisco NX-OS TACACS+ Command-Authorization Implementation (Bug ID CSCur54182) Cisco IOS XR Denial of Service Vulnerability (Bug ID CSCub63710) Arbitrary Guest Account Access Vulnerability in Cisco Identity Services Engine (ISE) Sponsor Portal (Bug ID CSCur64400) Denial of Service Vulnerability in Cisco IronPort Email Security Appliance (ESA) Vulnerability: Information Disclosure in Cisco Identity Services Engine (ISE) Periodic-Backup Feature Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Domain Manager 8 Cisco ECDS Directory Traversal Vulnerability (Bug ID CSCuo90148) Denial of Service Vulnerability in Cisco Unified Communication Domain Manager Platform Software (Bug ID CSCup25276) Arbitrary Web Script Injection Vulnerability in Cisco AnyConnect Secure Mobility Client and Cisco HostScan Engine Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities Cisco ASA Software 9.2(.3) and Earlier Challenge-Response Authentication Bypass Vulnerability CORS Vulnerability in Cisco Jabber Guest Server API (Bug ID CSCus19789) Information Disclosure Vulnerability in Cisco Jabber Guest Server API Cisco Jabber Guest Server Cross-Site Scripting (XSS) Vulnerability (CSCus08074) Remote Authentication Bypass Vulnerability in Cisco Secure Access Control System (ACS) Cisco Secure Access Control System (ACS) Multiple Cross-Site Scripting (XSS) Vulnerabilities (CSCuq79019) Open Redirect Vulnerability in Cisco Secure Access Control System (ACS) Web Interface (Bug ID CSCuq74150) Cisco WebEx Meetings Server Cross-Site Scripting (XSS) Vulnerability (CSCuj40381) CSRF Vulnerability in Cisco WebEx Meetings Server Allows Remote Authentication Hijacking OutlookAction LI Vulnerability in Cisco WebEx Meetings Server Remote Code Execution Vulnerability in Cisco WebEx Meetings Server Cisco WebEx Meetings Server 1.5 CAPTCHA Bypass Vulnerability User Account Enumeration Vulnerability in Cisco WebEx Meetings Server Remote Code Execution Vulnerability in Cisco WebEx Meetings Server Unencrypted Transmission of Sensitive Data in Adobe Digital Editions 4 Cross-Site Scripting (XSS) Vulnerabilities in YOOtheme Pagekit CMS 0.8.7 Open Redirect Vulnerability in YOOtheme Pagekit CMS 0.8.7 Multiple Cross-Site Scripting (XSS) Vulnerabilities in OpenMRS 2.1 Standalone Edition Remote Read Access Vulnerability in OpenMRS 2.1 Standalone Edition Administration Module CSRF Vulnerability in OpenMRS 2.1 Standalone Edition Allows Remote User Hijacking Buffer Overflow in Foxit PDF SDK ActiveX SetLogFile Method Arbitrary Web Script Injection Vulnerability in Tribune Module for Drupal Arbitrary Code Injection via Custom Copyright Information in Professional Theme for Drupal Arbitrary Script Injection Vulnerability in NewsFlash Theme for Drupal Arbitrary Script Injection Vulnerability in Drupal Print Module Arbitrary Script Injection in MAYO Drupal Theme XML Entity Expansion (XEE) Attack in REXML Parser Arbitrary PHP Code Execution via filter_result_result Parameter in TestLink before 1.9.13 Information Disclosure Vulnerability in TestLink 1.9.13: Revealing Installation Path in Error Message SQL Injection Vulnerability in OSClass Search::setJsonAlert Method Directory Traversal Vulnerability in OSClass Allows Arbitrary File Inclusion Unrestricted File Upload Vulnerability in OSClass 3.4.3 Race condition vulnerability in ext4_file_write_iter function in Linux kernel through 3.17 allows denial of service via write action and F_SETFL fcntl operation Cross-Site Scripting (XSS) Vulnerability in WordPress Post Highlights Plugin Null Byte Authentication Bypass Vulnerability in Zend Ldap Arbitrary SQL Command Execution via Null Byte in Zend Framework XML Entity Expansion (XEE) Attack in REXML Parser Denial of Service Vulnerability in X.Org X Window System Integer Overflow Vulnerabilities in X.Org X Window System and X.Org Server Multiple Integer Overflows in GLX Extension in X11 and X.Org Server Integer Overflow in ProcDRI2GetBuffers Function in X.Org Server X.Org X Window System XInput Extension Remote Code Execution Vulnerability Out-of-bounds Read/Write Vulnerability in X.Org X Window System Remote Code Execution Vulnerability in X.Org X Window System Remote Code Execution and Denial of Service Vulnerability in GLX Extension Remote Code Execution Vulnerability in XVideo Extension Denial of Service and Arbitrary Code Execution Vulnerability in XFree86 and X.Org X Window System X11 Server Denial of Service and Arbitrary Code Execution Vulnerability Vulnerability in SProcXFixesSelectSelectionInput Function in X.Org X Window System Denial of Service and Arbitrary Code Execution in X.Org Server Denial of Service Vulnerability in OpenVPN Unrestricted Access to cn=changelog LDAP Sub-tree in 389 Directory Server Cirrus VGA Emulator Heap-Based Buffer Overflow Vulnerability NULL pointer dereference vulnerability in mod_dav_svn in Apache Subversion before 1.7.19 and 1.8.x before 1.8.11 Vulnerability: Bypassing Access Restrictions in Apache HTTP Server with mod_lua Arbitrary Web Script Injection in Apache ActiveMQ Administration Console Apache Tomcat Connectors (mod_jk) before 1.2.41 allows unauthorized access to restricted artifacts Unhashed Password Storage Vulnerability in 389 Directory Server Arbitrary Code Execution and File Disclosure Vulnerability in UberFire Framework 0.3.x Arbitrary File Access Vulnerability in KIE Workbench 6.0.x Denial of Service Vulnerability in ELF Parser of File Before 5.21 Denial of Service Vulnerability in softmagic.c RPM Integer Overflow and Stack-Based Buffer Overflow Vulnerability Denial of Service Vulnerability in netcf's find_ifcfg_path Function Unspecified Configuration Vulnerability in Thermostat Agent Denial of Service Vulnerability in DB_LOOKUP Function in GNU C Library Race condition vulnerability in JBoss Weld allows information disclosure via stale thread state Buffer Overflow in bGetPPS Function in Antiword 0.37: Remote Denial of Service Vulnerability Denial of Service Vulnerability in OpenStack Dashboard (Horizon) XML External Entity (XXE) Vulnerability in Drools and jBPM before 6.2.0 Arbitrary Code Execution Vulnerability in HTCondor Scheduler (CVE-XXXX-XXXX) Denial of Service Vulnerability in LibTIFF 4.0.3 Out-of-Bounds Write Vulnerability in LibTIFF Denial of Service and Out-of-Bounds Write Vulnerability in LibTIFF 4.0.3 Zero Size Denial of Service Vulnerability in LibTIFF 4.0.3 Denial of Service Vulnerability in QEMU Implementation of virConnectGetAllDomainStats Double Free Vulnerability in libssh 0.5.x and 0.6.x before 0.6.4 Bypassing ESPFIX and ASLR Protections in Linux Kernel TLS Implementation Improper Paravirt_Enabled Setting in KVM Guest Kernels Allows ASLR Bypass NULL Pointer Dereference and Daemon Crash Vulnerability in libvirt's storageVolUpload Function Denial of Service Vulnerability in libvirt's qemuDomainMigratePerform and qemuDomainMigrateFinish2 Functions Double Free Vulnerability in JasPer JPEG 2000 Image Processing Library JasPer Heap-Based Buffer Overflow in jp2_decode Function Remote Code Execution Vulnerability in Info-ZIP UnZip 6.0 and Earlier via Crafted Zip File Remote Code Execution Vulnerability in Info-ZIP UnZip 6.0 and Earlier Remote Code Execution Vulnerability in Info-ZIP UnZip 6.0 and Earlier via Crafted Zip File Use-after-free vulnerability in process_nested_data function in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 Privilege Escalation via Delegation of Authority in Samba AD DC CSRF Vulnerability in Doorkeeper Allows Authentication Hijacking Heap-based Buffer Overflows in SoX WAV File Processing Heap-based Buffer Overflow in ICU4C's resolveImplicitLevels Function Inconsistent Integer Data Type Vulnerability in ICU4C's resolveImplicitLevels Function Arbitrary Code Execution Vulnerability in Midgard2 10.05.7.1 Arbitrary File Write Vulnerability in OpenDaylight Defense4All 1.1.0 and Earlier CRLF Injection Vulnerability in libcurl 6.0 through 7.x Vulnerability: Man-in-the-Middle Attack via Spoofed Certificate in libcurl XML Signature Bypass Vulnerability in Apache Santuario XML Security for Java 2.0.x before 2.0.3 Denial of Service Vulnerability in OpenStack Neutron L3 Agent Heap-based Buffer Overflow in Gst.MapInfo Function in Vala 0.26.0 and 0.26.1 GnuTLS CA Certificate Validation Vulnerability D-Bus Message Path Filtering Vulnerability in fso-gsmd, fso-frameworkd, fso-usaged, and other fso modules Heap-based buffer overflow in jpc_dec_process_sot function in JasPer 1.900.1 and earlier Stack-based Buffer Overflow in JasPer JPEG 2000 Image Processing Library InfiniBand User Verbs Memory Registration Vulnerability Incorrect Conntrack Entry Generation in Linux Kernel Allows Bypass of Access Restrictions Sensitive Column Value Disclosure via Constraint Violation in PostgreSQL XML External Entity (XXE) Vulnerability in Spacewalk and RHN Satellite 5.7 and Earlier Red Hat Satellite 5 XMLRPC Directory Traversal Vulnerability Insecure Certificate Verification Configuration in Red Hat CloudForms 5.x Arbitrary Code Execution Vulnerability in powerpc-utils-python Arbitrary Code Execution Vulnerability in CUPS Browsing Feature Insecure Certificate Hostname Validation in VDSM and VDSClient: Facilitating Man-in-the-Middle Attacks Local Privilege Escalation Vulnerability in Red Hat Satellite 6 Privilege Escalation via USER and HOME Environment Variables in automount 5.0.8 Arbitrary Command Execution Vulnerability in ovirt-node 3.0.0-474-gb852fd7 Memory Resource Controller in Linux Kernel Allows Denial of Service via Memory-Constrained Cgroup Inappropriate Locking Approach in Linux Kernel Filesystem Implementation Allows Denial of Service via AIO Operations Vulnerability: Linux Kernel NULL Pointer Dereference and System Crash in pmd_none_or_trans_huge_or_clear_bad Function eDeploy Vulnerability: Remote Code Execution via HTTP File Download Authentication Bypass Vulnerability in Red Hat JBoss Fuse before 6.2.0 DTLS Memory Corruption Vulnerability Bypassing max_meta_count Constraint in Red Hat Gluster Storage Vulnerability: Image Cache Poisoning in Docker Engine JSON Injection Vulnerability in Docker Engine Authentication Bypass and Denial of Service Vulnerability in MongoDB on Red Hat Satellite 6 SG_IO Buffer Data Leakage Vulnerability in Red Hat Enterprise Linux 7 and MRG-2 Off-by-one Error in OpenLDAP 2.4 DNS SRV Message Processing Vulnerability Access Control Bypass in Foreman Satellite 6 Stack-based Buffer Overflow in liblouis: Remote Code Execution Vulnerability Integer Overflow in TigerVNC: Remote Code Execution and Denial of Service Vulnerability Remote Denial of Service Vulnerability in XRegion of TigerVNC Truncated MD4 Checksum Vulnerability in librsync Remote Retrieval of Administrator's MD5 Password Hash in Linksys SMART WiFi Firmware Remote Information Disclosure and Data Modification Vulnerability in Linksys SMART WiFi Firmware CSRF Vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 Arbitrary Web Script Injection Vulnerability in CA Release Automation SQL Injection Vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 Multiple Cross-Site Scripting (XSS) Vulnerabilities in QPR Portal 2014.1.1 and Earlier QPR Portal 2014.1.1 and Earlier XSS Vulnerability in RID Parameter QPR Portal before 2012.2.1 Note Modification and Deletion Vulnerability Stack-based buffer overflows in Honeywell OPOS Suite allow remote code execution Remote Privilege Escalation and Arbitrary Code Execution in BMC Track-It! 11.3 Buffer Overflow in Tianocore EDK2 Reclaim Function Allows Privilege Escalation IPMI Session ID Brute-Force Vulnerability in Dell iDRAC6 and iDRAC7 Certificate Data Constraint Bypass Vulnerability in OpenSSL Arbitrary Web Script Injection Vulnerability in Voice Of Web AllMyGuests 0.4.1 SQL Injection Vulnerabilities in Voice Of Web AllMyGuests 0.4.1 Arbitrary SQL Command Execution in Bacula-Web 5.2.10 via jobid Parameter Arbitrary Script Injection Vulnerability in Modal Frame API Module for Drupal Vulnerability in NVIDIA Linux Discrete GPU Drivers Allows Remote Code Execution Arbitrary Web Script Injection via HTTP Referer Header in Splunk Enterprise 5.0.x Arbitrary Web Script Injection Vulnerability in Splunk Web Arbitrary Web Script Injection Vulnerability in Splunk Web Arbitrary Web Script Injection in In-Portal CMS 5.2.0 and Earlier Open Redirect Vulnerability in C97net Cart Engine SQL Injection Vulnerability in C97net Cart Engine 4.0: Remote Code Execution via item_id Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in C97net Cart Engine before 4.0 Arbitrary Web Script Injection in SAP BusinessObjects BI EDGE 4.0 Send to Inbox Functionality Username Enumeration Vulnerability in SAP BusinessObjects Denial of Service Vulnerability in SAP BusinessObjects BI Edge 4.0 Remote Information Disclosure Vulnerability in SAP BusinessObjects Edge 4.0 Sensitive Information Disclosure in SAP Netweaver AS ABAP 7.31 Business Warehouse (BW) Remote Code Execution via Eval Injection in SAP HANA Developer Workbench Cross-Site Scripting (XSS) Vulnerabilities in SAP HANA Developer Edition Revision 70 Timing-based Port Scanning Vulnerability in SAP BusinessObjects Explorer 14.0.5 build 882 XML External Entity (XXE) vulnerability in SAP BusinessObjects Explorer 14.0.5 build 882 Arbitrary Script Injection Vulnerability in Webform Validation Module for Drupal Cross-site scripting (XSS) vulnerability in Drupal Webform module Arbitrary Web Script Injection in Easy Social Drupal Module Arbitrary Web Script Injection in Custom Search Module for Drupal Stack-based Buffer Overflow in Aircrack-ng's gps_tracker Function Stack-based Buffer Overflow in Aircrack-ng's tcp_test Function Denial of Service Vulnerability in Aircrack-ng (buddy-ng.c) Denial of Service Vulnerability in Aircrack-ng Network.c Denial of Service Vulnerability in TYPO3 Calendar Base Extension Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.0.x, 4.1.x, and 4.2.x Weak Permissions in fal_sftp Extension for TYPO3 Information Disclosure Vulnerability in Dynamic Content Elements (DCE) Extension for TYPO3 Sensitive Information Exposure in Schrack Technik microControl Firmware Cross-Site Scripting (XSS) Vulnerability in EspoCRM Account Name Field Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Huawei HiLink E3236 and E3276 Devices Denial of Service Vulnerability in VMware Driver of OpenStack Compute (Nova) Arbitrary Command Execution Vulnerability in WP-DBManager Plugin Sensitive Information Disclosure in WP-DBManager Plugin Arbitrary File Read Vulnerability in WP-DBManager Plugin Arbitrary Code Execution via Unrestricted File Upload in HelpDEZk 1.0.1 and Earlier Arbitrary Script Injection via SVG File in VideoWhisper Webcam Plugins for Drupal 7.x Arbitrary SQL Command Execution in Nuevolab Nuevoplayer for ClipShare 8.0 and Earlier SQL Injection Vulnerability in phpTrafficA 2.3 and Earlier: Remote Code Execution via User-Agent Header Remote Control Vulnerability in Samsung Mobile Devices: Unauthorized Screen Locking via Find My Mobile Network Traffic Authentication Bypass Vulnerability in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04 Arbitrary Script Injection in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and Earlier Arbitrary PHP Code Execution in Smarty Template (CVE-2020-15227) SQL Injection Vulnerability in CNIL CookieViz 1.0.1: Remote Code Execution via Domain Parameter Arbitrary Script Injection Vulnerability in CNIL CookieViz's json.php Out-of-Bounds Read Vulnerability in ImageMagick's HorizontalFilter Function PCX Parser Out-of-Bounds Read Vulnerability Insecure Direct Object Reference in Zhone zNID 2426A Web Administrative Portal Arbitrary Password Disclosure in Zhone zNID GPON 2426A before S3.0.501 Weak ACL in Huawei EC156, EC176, and EC177 USB Modem Products Allows Privilege Escalation Untrusted Search Path Vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 Directory Traversal Vulnerability in GLPI before 0.84.8 Remote Code Execution Vulnerability in Realtek SDK's miniigd SOAP Service Remote Control and Manipulation of Vivint Sky Control Panel 1.1.1.9926 Arbitrary SQL Command Execution Vulnerability in WordPress Spreadsheet (wpSS) Plugin 0.62 Arbitrary Web Script Injection Vulnerability in WordPress Spreadsheet (wpSS) Plugin 0.62 Xornic Contact Us Multiple Cross-Site Scripting (XSS) Vulnerabilities SQL Injection Vulnerability in openSIS 4.5 through 5.3: Remote Code Execution Aruba Networks ClearPass Policy Manager SQL Injection Vulnerability Aruba Networks AirWave Privilege Escalation and Command Execution Vulnerability Incorrect Calculation of Pages in kvm_iommu_map_pages Function Arbitrary File Write Vulnerability in VMware Products Certificate Validation Vulnerability in VMware vCenter Server Appliance (vCSA) Arbitrary Tenant Information Disclosure in AirWatch by VMware On-Premise 7.3.x Privilege Escalation via VMware vCloud Automation Center (vCAC) VMRC Function Arbitrary SQL Command Execution in GB Gallery Slideshow Plugin 1.5 for WordPress Arbitrary Script Injection in Drupal Site Banner Module Arbitrary Script Injection Vulnerability in Webasyst Shop-Script 5.2.2.30933 Arbitrary Script Injection in TableField Module 7.x-2.x Cross-Site Scripting (XSS) Vulnerabilities in Marketo MA Module for Drupal Cross-Site Scripting (XSS) Vulnerability in Splunk 6.1.1 via HTTP Referer Header Cross-Site Scripting (XSS) Vulnerabilities in Megapolis.Portal Manager Authentication Bypass Vulnerability in InFocus IN3128HD Projector Firmware 0.26 Unrestricted Access to cgi-bin/webctrl.cgi.elf in InFocus IN3128HD Projector Firmware 0.26 Buffer Overflow Vulnerability in Advantech EKI-1200 Gateways with Firmware Before 1.63 Remote Code Execution in Advantech AdamView 4.3 and Earlier via Stack-Based Buffer Overflows Arbitrary Command Execution in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point Advantech WebAccess Stack-Based Buffer Overflow Vulnerability Hard-coded credentials vulnerability in AirLive IP Cameras Privilege Escalation via Buffer Overflows in Schneider Electric VAMPSET Session Hijacking Vulnerability in Sendio Web Interface Critical DLL Hijacking Vulnerability in Corel Software Suite Untrusted Search Path Vulnerabilities in Corel CAD 2014 Allow Arbitrary Code Execution and DLL Hijacking Untrusted Search Path Vulnerability in Corel Painter 2015: Arbitrary Code Execution and DLL Hijacking Untrusted Search Path Vulnerability in Corel PDF Fusion Allows Arbitrary Code Execution and DLL Hijacking Untrusted Search Path Vulnerability in Corel VideoStudio PRO X7 and FastFlick Untrusted Search Path Vulnerabilities in Corel FastFlick: Arbitrary Code Execution and DLL Hijacking Denial of Service Vulnerability in systemd-shim 8 ACL Bypass Vulnerability in Asterisk Open Source and Certified Asterisk Bypassing PJSIP ACL Rules in Asterisk Open Source 12.x and 13.x Denial of Service Vulnerability in ConfBridge in Asterisk 11.x and Certified Asterisk 11.6 Race condition vulnerability in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 in chan_pjsip channel driver allows remote attackers to cause denial of service. PJSIP Channel Driver Use-After-Free Vulnerability in Asterisk Open Source Remote Code Execution in Asterisk ConfBridge Privilege Escalation via DB Dialplan Function in Asterisk Open Source Weak Permissions in Wibu-Systems CodeMeter Runtime Allows Privilege Escalation via Trojan Horse File Arbitrary Code Execution Vulnerability in Dell SonicWALL Global Management System (GMS), SonicWALL Analyzer, and SonicWALL UMA Privilege Escalation via SSH Access in Unify OpenStage SIP and OpenScape Desk Phone IP V3 Devices Insufficient Entropy in Session Cookies in Unify OpenStage SIP and OpenScape Desk Phone IP V3 Devices Remote Code Execution Vulnerability in ARRIS VAP2500 Management Portal Authentication Bypass in ARRIS VAP2500 Firmware before FW08.41 Credential Exposure in ARRIS VAP2500 Management Portal Critical Vulnerability: Hard Coded Weak Credentials in Barracuda Load Balancer 5.0.0.015 Critical Privilege Escalation Vulnerability in Barracuda Load Balancer 5.0.0.015: Exploiting Improperly Protected SSH Key Cross-Site Request Forgery (CSRF) Vulnerability in Xavoc Technocrats xEpan CMS Session Token Disclosure Vulnerability in Adobe Flash Player and Adobe AIR Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Privilege escalation vulnerability in Adobe Flash Player and Adobe AIR Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified JavaScript API Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Unspecified vulnerability in Adobe Reader and Acrobat before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X Unspecified JavaScript API Vulnerability in Adobe Reader and Acrobat XML External Entity (XXE) Vulnerability in Adobe Reader and Acrobat Same Origin Policy Bypass in Adobe Reader and Acrobat 10.x and 11.x Unspecified Use-After-Free Vulnerability in Adobe Reader and Acrobat Unspecified Use-After-Free Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat 10.x and 11.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat 10.x and 11.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Web Script Injection via User-Agent Header in Moxi9 PHPFox Replay Attack Vulnerability in CA Cloud Service Management (CSM) before Summer 2014 Authentication Token Bypass Vulnerability in CA Cloud Service Management (CSM) CSRF Vulnerability in CA Cloud Service Management (CSM) before Summer 2014 XML External Entity (XXE) Vulnerability in CA Cloud Service Management (CSM) before Summer 2014 Incorrect Library Ordering in OpenSSH with Kerberos Support in FreeBSD 9.1, 9.2, and 10.0 Uninitial