Vulnerability Index: Year 2015

Windows Error Reporting Security Feature Bypass Vulnerability Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Microsoft User Profile Service Elevation of Privilege Vulnerability NETLOGON Spoofing Vulnerability NLA Security Feature Bypass Vulnerability Group Policy Remote Code Execution Vulnerability Group Policy Security Feature Bypass Vulnerability CNG Security Feature Bypass Vulnerability WebDAV Elevation of Privilege Vulnerability in mrxdav.sys Virtual Machine Manager Elevation of Privilege Vulnerability Windows Telnet Service Buffer Overflow Vulnerability Network Policy Server RADIUS Implementation Denial of Service Vulnerability TS WebProxy Directory Traversal Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability VBScript Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer ASLR Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability Windows Cursor Object Double Free Vulnerability TrueType Font Parsing Remote Code Execution Vulnerability Windows Font Driver Denial of Service Vulnerability TIFF Processing Information Disclosure Vulnerability Windows Create Process Elevation of Privilege Vulnerability Excel Remote Code Execution Vulnerability Office Remote Code Execution Vulnerability OneTableDocumentStream Remote Code Execution Vulnerability in Microsoft Word 2007 SP3 Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer ASLR Bypass Vulnerability Internet Explorer Cross-domain Information Disclosure Vulnerability Internet Explorer ASLR Bypass Vulnerability Universal Cross-Site Scripting (UXSS) Vulnerability in Microsoft Internet Explorer 9-11 Registry Virtualization Elevation of Privilege Vulnerability Adobe Font Driver Memory Allocation Vulnerability Impersonation Level Check Elevation of Privilege Vulnerability JPEG XR Parser Information Disclosure Vulnerability Microsoft Windows Kernel Memory Disclosure Vulnerability Win32k Elevation of Privilege Vulnerability Memory Consumption and RDP Outage Vulnerability in Microsoft Windows Remote Desktop Protocol (RDP) Malformed PNG Parsing Information Disclosure Vulnerability WTS Remote Code Execution Vulnerability Task Scheduler Impersonation Level Bypass Vulnerability Microsoft Office Component Use After Free Vulnerability Microsoft Office Memory Corruption Vulnerability Adobe Font Driver Kernel Memory Information Disclosure Vulnerability Adobe Font Driver Remote Code Execution Vulnerability Adobe Font Driver Kernel Memory Information Disclosure Vulnerability Adobe Font Driver Remote Code Execution Vulnerability Adobe Font Driver Remote Code Execution Vulnerability Adobe Font Driver Remote Code Execution Vulnerability Adobe Font Driver Remote Code Execution Vulnerability Microsoft Windows Kernel Memory Disclosure Vulnerability Microsoft Windows Kernel Memory Disclosure Vulnerability DLL Planting Remote Code Execution Vulnerability Office Document Remote Code Execution Vulnerability Task Scheduler Elevation of Privilege Vulnerability in Windows 7 and Windows Server 2008 R2 Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability IBM Business Process Manager Multiple Cross-Site Scripting (XSS) Vulnerabilities Insecure Session Cookie Handling in IBM Workflow for Bluemix Cross-Site Scripting (XSS) Vulnerabilities in IBM Business Process Manager (BPM) Process Portal Arbitrary Code Execution Vulnerability in IBM Tivoli and Maximo Asset Management Solutions Arbitrary Web Script Injection Vulnerability in IBM Business Process Manager Arbitrary web script injection vulnerability in IBM Business Process Manager and WebSphere Lombardi Edition Directory Traversal Vulnerability in IBM Tivoli and Maximo Asset Management Solutions Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management Bypassing Access Restrictions on Internal Service Types in IBM Business Process Manager and WebSphere Lombardi Edition XML External Entity (XXE) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM), Rational Quality Manager (RQM), Rational Team Concert (RTC), Rational Requirements Composer (RRC), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Rhapsody Design Manager (DM), and Rational Software Architect Design Manager (RSA DM) Jazz Help System JSP Source Code Disclosure Vulnerability Stack-based Buffer Overflow in IBM V5R4 and IBM i Access for Windows 6.1 and 7.1: A Critical Vulnerability IBM Leads Multiple Versions Cross-Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in IBM Leads Arbitrary Code Execution and Denial of Service Vulnerability in IBM Domino LDAP Server (SPR KLYH9SLRGM) Weak TLS Ciphers in IBM WebSphere Message Broker Toolkit and Integration Toolkit Arbitrary Code Execution via FastBack Mount Port in IBM Tivoli Storage Manager FastBack 6.1.x Buffer Overflow Vulnerability in IBM Tivoli Storage Manager FastBack 6.1 LTPA Token Expiration Vulnerability in IBM Rational Requirements Composer and Rational DOORS Next Generation Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert versions 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 IBM Rational Team Concert Multiple Cross-Site Scripting (XSS) Vulnerabilities Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager versions 2.x, 3.x, 4.x, and 5.x Arbitrary Web Script Injection Vulnerability in IBM Rational DOORS Next Generation and Rational Requirements Composer File-upload restriction bypass vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 Unrestricted Use of FRAME Elements Vulnerability IBM Rational Quality Manager Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary Web Script Injection in IBM Rational Quality Manager (RQM) 4.x and 5.x Arbitrary web script injection vulnerability in IBM Rational CLM, RQM, RTC, RRC, and RDNG Arbitrary Web Script Injection in IBM Leads XML Parser Denial of Service Vulnerability Arbitrary File Read and Possible Administrative Privilege Escalation via XML External Entity (XXE) in IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 Buffer Overflow in SSLv2 Implementation in IBM Domino Arbitrary Code Execution and Denial of Service Vulnerability in IBM Domino 8.5 and 9.0 Sensitive Information Disclosure in powervc-iso-import Command in IBM PowerVC Certificate Validation Bypass in IBM PowerVC Standard 1.2.0.x and 1.2.1.x TLS State Transition Vulnerability in GSKit in IBM Tivoli Directory Server and IBM Security Directory Server Arbitrary Script Injection Vulnerability in IBM WebSphere Portal Arbitrary Code Execution Vulnerability in IBM SPSS Statistics 22.0 through FP1 Arbitrary User Filter Modification Vulnerability in IBM OpenPages GRC Platform Denial of Service Vulnerability in IBM OpenPages GRC Platform Information Disclosure Vulnerability in IBM OpenPages GRC Platform IBM OpenPages GRC Platform Multiple Versions Cross-Site Scripting (XSS) Vulnerability IBM OpenPages GRC Platform Multiple Versions Cross-Site Request Forgery (CSRF) Vulnerability Unspecified Query Operator Vulnerability in IBM Content Collector for Email Improper Access Control in IBM API Management 3.0 before 3.0.4.1 Bypassing Access Restrictions in D-Link DIR-815 Remote Administration UI CSRF Vulnerability in D-Link DIR-815 Devices Allows Authentication Hijacking and XSS Injection Cleartext Storage of Administrative Password in D-Link DIR-815 Devices Cleartext Storage of Wireless Key in D-Link DIR-815 Devices Arbitrary Web Script Injection Vulnerability in IBM Business Process Manager and WebSphere Lombardi Edition Denial of Service Vulnerability in IBM DB2 Arbitrary Web Script Injection Vulnerability in IBM Business Process Manager (BPM) Arbitrary Command Execution Vulnerability in IBM Security SiteProtector System Arbitrary SQL Command Execution Vulnerability in IBM Security SiteProtector System Local Privilege Escalation in IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 Arbitrary Script Injection Vulnerability in textAngular-sanitize.js Arbitrary Web Script Injection Vulnerability in IBM Security SiteProtector System Remote Code Injection Vulnerability in IBM Security SiteProtector System Information Disclosure Vulnerability in IBM Security SiteProtector System IBM Security SiteProtector System Directory Traversal Vulnerability Remote Code Execution and Information Disclosure Vulnerability in IBM Security SiteProtector System 3.0, 3.1.0, and 3.1.1 Predictable MQIPT Session IDs in IBM WebSphere MQ Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) 8.5 Privilege Escalation Vulnerability in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile Arbitrary Script Injection via MQ XR WebSockets Listener in IBM WebSphere MQ 8.0 Arbitrary Script Injection Vulnerability in IBM WebSphere Portal 8.5.0 before CF05 Information Disclosure Vulnerability in IBM Bluemix Liberty Unspecified Vector Privilege Escalation in IBM Domino NSD (SPR TCHL9SST8V) Bypassing Job Creation and Modification Restrictions in IBM InfoSphere Information Server Denial of Service Vulnerability in IBM WebSphere MQ Cluster Repository Manager Unspecified Privilege Escalation Vulnerability in IBM Java Arbitrary Web Script Injection Vulnerability in IBM Business Process Manager and WebSphere Lombardi Edition XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway allows remote file read access via crafted XML data. Arbitrary Web Script Injection in IBM Content Template Catalog for WebSphere Portal CRLF Injection Vulnerability in IBM WebSphere Commerce Privilege Escalation Vulnerability in IBM General Parallel File System (GPFS) Authentication Bypass and Remote Code Execution in IBM General Parallel File System (GPFS) Memory Corruption Vulnerability in IBM General Parallel File System (GPFS) Unspecified Vector Information Disclosure Vulnerability in IBM WebSphere Commerce Predictable Session IDs in Java SockJS Client in Pivotal Spring Framework 4.1.x before 4.1.5 Denial of Service Vulnerability in mod_dav_svn Server Denial of Service Vulnerability in Apache Qpid 0.30 and Earlier OpenSSL FREAK Vulnerability: RSA-to-EXPORT_RSA Downgrade Attack SSL/TLS DH Certificate Authentication Bypass Vulnerability Memory Leak Vulnerability in OpenSSL 1.0.0 and 1.0.1 DTLS State Information Leakage Vulnerability Denial of Service Vulnerability in OpenSSL 1.0.2: ASN.1 Signature-Verification Implementation OpenSSL Use-after-free Vulnerability in d2i_ECPrivateKey Function Certificate Subject Name Validation Vulnerability in wpa_supplicant 2.0-16 LTI Ajax Service Information Disclosure Vulnerability Arbitrary Web Script Injection in Moodle Course Summary Cross-Site Request Forgery (CSRF) Vulnerabilities in Moodle Glossary Module Bypassing Messaging-Disabled Setting in Moodle Information Disclosure Vulnerability in Moodle Calendar Cross-Site Scripting (XSS) Vulnerability in Moodle 2.8.x Denial of Service Vulnerability in Moodle Media Plugin Filter CSRF vulnerability in Moodle allows remote authentication hijacking HTTP Header Spoofing Vulnerability in Django Cross-Site Scripting (XSS) Vulnerability in Django's is_safe_url Function Denial of Service Vulnerability in Django's static.serve view Denial of Service Vulnerability in Django ModelMultipleChoiceField Unspecified Remote Access Bypass Vulnerability in Apache Qpid 0.30 and Earlier Denial of Service Vulnerability in Apache Qpid 0.30 and Earlier Unauthenticated Remote Code Execution via JMX/RMI Interface in Apache Cassandra Information Leakage in Apache WSS4J Allows Recovery of Symmetric Key Bypassing requireSignedEncryptedDataElements Configuration in Apache WSS4J Denial of Service Vulnerability in Apache HTTP Server's mod_lua Module Use-after-free vulnerability in process_nested_data function in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 Arbitrary Code Execution and Denial of Service Vulnerability in PHP's exif_process_unicode Function Insecure Temporary File Vulnerabilities in 389 Administration Server: Version 1.1.38 and Earlier Title: Multiple Temporary File Creation Vulnerabilities in PKI-Core 10.2.0 GHOST: Heap-based Buffer Overflow in glibc's __nss_hostname_digits_dots Function Vulnerability: VNC Password Disclosure in libvirt Denial of Service Vulnerability in Red Hat Enterprise Virtualization (RHEV) Manager Privilege Escalation Vulnerability in Red Hat OpenShift 2's selinux-policy Vulnerability: Privilege Escalation and Denial of Service in Linux Kernel SYSENTER Emulation Uninitialized Stack Pointer Vulnerability in Samba Netlogon Server Implementation Buffer over-read and buffer overflow vulnerabilities in PostgreSQL's to_char function Stack-based buffer overflow in *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 on Windows systems, allowing remote authenticated users to cause denial of service and potentially execute arbitrary code. Multiple buffer overflows in contrib/pgcrypto in PostgreSQL Protocol Message Handling Vulnerability in PostgreSQL Race condition vulnerability in D-Bus allows local denial of service Heap-based Buffer Overflow in libext2fs Library Allows Arbitrary Code Execution Denial of Service Vulnerability in Subversion Servers (CVE-2014-3580) Arbitrary Java Code Execution Vulnerability in Apache Roller 5.1 through 5.1.1 Apache Batik 1.x XML External Entity (XXE) Vulnerability in SVG Conversion Classes Remote Authentication Spoofing Vulnerability in Subversion's mod_dav_svn Server Denial of Service Vulnerability in Apache Xerces-C XMLReader NULL pointer dereference vulnerability in Apache HTTP Server 2.4.12 Arbitrary Code Execution and XXE Vulnerability in Apache Standard Taglibs X.Org Server Denial of Service and Information Disclosure Vulnerability Weak Permissions on Shared Directories in Red Hat Enterprise Virtualization (RHEV) Manager Arbitrary Code Execution via Incomplete Blacklist in Collabtive Avatar Upload WebSocket Hijacking Vulnerability in OpenStack Compute (Nova) Information Disclosure Vulnerability in RhodeCode and Kallithea API Denial of Service and Arbitrary Code Execution Vulnerability in tcpdump's IPv6 Mobility Printer XML External Entity (XXE) Vulnerability in Apache Camel XML Converter XML External Entity (XXE) Vulnerabilities in Apache Camel's XPathBuilder.java Apache Ranger Policy Admin Tool XSS Vulnerability Bypassing Access Restrictions in Apache Ranger Policy Admin Tool Arbitrary File Write Vulnerability in Red Hat kexec-tools Module-Setup.sh Script Denial of Service Vulnerability in Xen 4.5.x on ARM Hardware with GICv2 Contao Directory Traversal Vulnerability Potential SQL Injection in PostgreSQL Zend\Db Adapter Arbitrary File Read Vulnerability in Red Hat redhat-access-plugin for OpenStack Dashboard (horizon) Remote Denial of Service Vulnerability in GNOME NetworkManager via Crafted IPv6 Router Advertisement (RA) Message Use-after-free vulnerabilities in PHP Date Handling XFS Remote Attribute Replacement Vulnerability Denial of Service Vulnerability in ext4_zero_range Function CSRF Vulnerability in Kallithea 0.2 and Earlier Versions Insufficient Audience Validation in PicketLink SAML Assertion Processing Privilege Escalation in libuv before 0.10.34 Arbitrary Code Execution Vulnerability in JBoss RichFaces before 4.5.4 RSA PKCS #1 Signature Algorithm Downgrade Vulnerability Memory Reallocation Vulnerability in slapi-nis Plug-in Incomplete fix for Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 Insecure PRNG Seeding in OpenSSL 1.0.2 Denial of Service Vulnerability in OpenSSL's ASN1_TYPE_cmp Function ASN.1 Structure Reuse Vulnerability in OpenSSL Denial of Service Vulnerability in OpenSSL's X509_to_X509_REQ Function PKCS#7 NULL Pointer Dereference Vulnerability Denial of Service Vulnerability in OpenSSL 1.0.2 on 64-bit x86 Platforms with AES NI Support Denial of Service Vulnerability in OpenSSL 1.0.2: Invalid Signature Algorithms Extension in ClientHello Message Base64 Decoding Integer Underflow Vulnerability OpenSSL SSLv2 Denial of Service Vulnerability Signature Algorithm Mismatch Vulnerability in GnuTLS Denial of Service Vulnerability in QT's BMP Decoder Arbitrary File Deletion Vulnerability in texlive 3.1.20140525_r34255.fc21 and texlive 6.20131226_r32488.fc20 Unrestricted API Access and Denial of Service Vulnerability in Red Hat JBoss Operations Network 3.3.1 Arbitrary Web Script Injection in mod_cluster Manager Web Interface Unspecified Cross-Site Scripting (XSS) Vulnerabilities in Open Source Point of Sale 2.3.1 Unvalidated File Vulnerability in Adobe Flash Player and Adobe AIR Keystroke Information Disclosure Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player and Adobe AIR allows arbitrary code execution Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Out-of-bounds read vulnerability in Adobe Flash Player and Adobe AIR Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Heap-based buffer overflow in Adobe Flash Player and Adobe AIR allows arbitrary code execution Adobe Flash Player Memory Address Discovery Vulnerability Adobe Flash Player Remote Code Execution Vulnerability Double Free Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Remote Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Vulnerability (CVE-2015-0314) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Heap-based Buffer Overflow in Adobe Flash Player Buffer Overflow Vulnerability in Adobe Flash Player Adobe Flash Player Multiple Vulnerabilities Adobe Flash Player Multiple Vulnerabilities Heap-based Buffer Overflow in Adobe Flash Player Adobe Flash Player Multiple Vulnerabilities Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution Vulnerability in Adobe Flash Player Same Origin Policy Bypass in Adobe Flash Player Arbitrary Code Execution Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Bypassing File-Upload Restrictions in Adobe Flash Player Adobe Flash Player Use-After-Free Vulnerability Adobe Flash Player Use-After-Free Vulnerability Arbitrary Script Injection in Adobe Connect Web App Unspecified Cross-Site Scripting (XSS) Vulnerability in Adobe Connect Web App Arbitrary Web Script Injection Vulnerability in Adobe ColdFusion 10 and 11 Double Free Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Buffer Overflow Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution Vulnerability in Adobe Flash Player Memory Address Discovery Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Double Free Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Xen Use-After-Free Vulnerability in HVM Guest Teardown Unspecified Confidentiality Vulnerability in Oracle BI Publisher Unspecified Remote Code Execution Vulnerability in Siebel Core EAI Component Unspecified Remote Code Execution Vulnerability in Siebel Core - EAI Component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Siebel Core - EAI Component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Integrity Vulnerability in Oracle Access Manager Component Unspecified Remote Code Execution Vulnerability in Oracle Transportation Management Unspecified Remote Integrity Vulnerability in Siebel UI Framework Component Unspecified Integrity Vulnerability in Oracle Database Server Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified Confidentiality Vulnerability in Oracle Containers for J2EE Component Unspecified vulnerability in OJVM component in Oracle Database Server Unspecified Confidentiality Vulnerability in Oracle MySQL Server Unspecified Remote Confidentiality Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified Remote Integrity Vulnerability in Oracle WebCenter Content Unspecified vulnerability in Oracle VM VirtualBox component prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 Unspecified Libc Vulnerability in Oracle Sun Solaris 11 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.54 Unspecified Remote Integrity Vulnerability in Oracle Telecommunications Billing Integrator Component Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Java SE and JRockit allows local users to affect integrity and availability via unknown vectors related to Hotspot. Unspecified Integrity Vulnerability in Oracle Siebel CRM Public Sector Portal Unspecified Pluggable Auth Vulnerability in Oracle MySQL Server 5.6.21 and Earlier Unspecified Remote Code Execution Vulnerability in Oracle HTTP Server Unspecified vulnerability in Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified SAML Integrity Vulnerability in Oracle OpenSSO Component Unspecified vulnerability in MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1 - 6.5.2 Remote authenticated users can affect availability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, through DDL-related vectors. Unspecified vulnerability in Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified vulnerability in Oracle Applications DBA component in Oracle E-Business Suite Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 Unspecified Local File System Vulnerability in Oracle Sun Solaris 11 Unspecified Confidentiality Vulnerability in Siebel Life Sciences Component in Oracle Siebel CRM Unspecified Confidentiality Vulnerability in Oracle Business Intelligence Enterprise Edition Unspecified Remote Confidentiality Vulnerability in Oracle Java SE Unspecified Integrity Vulnerability in Oracle Directory Server Enterprise Edition Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM Unspecified vulnerability in Oracle Java SE allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Unspecified Integrity Vulnerability in Oracle Applications Framework Unspecified XA-related vulnerability in Oracle MySQL Server 5.6.22 and earlier Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. Unspecified Swing-related vulnerability in Oracle Java SE allows remote attackers to compromise confidentiality Unspecified RMI-related vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.21 and Earlier Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Encryption Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via JAX-WS vectors Unspecified Serviceability Vulnerability in Oracle Java SE 7u72 and 8u25 Unspecified Confidentiality Vulnerability in Oracle SOA Suite Component Unspecified Session Management Vulnerability in Oracle E-Business Suite 12.1.3 Unspecified Integrity Vulnerability in Oracle Agile PLM Component in Oracle Supply Chain Products Suite 9.3.3 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified vulnerability in Oracle VM VirtualBox component prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Oracle Forms Component Unspecified Local Vulnerability in Oracle Java SE 8u25 Installation Process Unspecified vulnerability in Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1-6.3.5 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.22 and Earlier Unspecified vulnerability in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 Unspecified vulnerability in Oracle VM VirtualBox component prior to 4.3.20 Unspecified Resource Control Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified Local Vulnerability in Oracle Sun Solaris 10 and 11 Affecting Integrity and Availability via RPC Utility Vectors Local Privilege Escalation Vulnerability in Oracle Sun Solaris 10 and 11 via RPC Utility Unspecified Remote Integrity Vulnerability in Oracle Transportation Management Remote authenticated users can disrupt availability in Oracle MySQL Server 5.5.40 and earlier through an unspecified vulnerability related to InnoDB's DDL and Foreign Key functionality. Remote authenticated users can affect availability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, through an unspecified vulnerability related to InnoDB: DML. Unspecified Confidentiality Vulnerability in Oracle Access Manager Integration Unspecified Confidentiality Vulnerability in Oracle Transportation Management Unspecified Confidentiality Vulnerability in Oracle iLearning Component Unspecified Remote Code Execution Vulnerability in Oracle Java SE 8u25 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.22 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.22 and Earlier Unspecified Remote Integrity Vulnerability in Oracle Knowledge Component in Oracle Right Now Service Cloud Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Confidentiality vulnerability in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 Unspecified vulnerability in Oracle Sun Solaris 11.2 affecting ZFS File system Unspecified Remote Integrity Vulnerability in Oracle WebLogic Server Component Unspecified Integrity Vulnerability in Oracle WebCenter Portal Component Unspecified Confidentiality Vulnerability in Oracle OpenSSO Component Unspecified vulnerability in Oracle VM Server for SPARC component allows remote attackers to compromise confidentiality Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Confidentiality Vulnerability in Oracle Database Server XDB Component Unspecified Remote Integrity Vulnerability in Oracle WebCenter Portal Component Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Unspecified vulnerability in Oracle Java SE and JavaFX allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 Unspecified Confidentiality Vulnerability in Oracle Transportation Management Component Unspecified Confidentiality Vulnerability in Oracle Transportation Management Component Unspecified Confidentiality Vulnerability in Oracle Transportation Management Component Unspecified vulnerability in Oracle Transportation Management component allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure Unspecified Remote Integrity Vulnerability in Oracle Retail Back Office Component Unspecified Remote Integrity Vulnerability in PeopleSoft Enterprise HCM Talent Acquisition Manager Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified 2D-related vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 Unspecified Remote Integrity Vulnerability in Oracle Java SE 8u40 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 related to libelfsign Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Integrity Vulnerability in Oracle Enterprise Manager Grid Control MOS 12.1.0.5 and 12.1.0.6 Unspecified Local Denial of Service Vulnerability in Oracle Outside In Technology Component Unspecified Confidentiality Vulnerability in JD Edwards EnterpriseOne Technology Component Unspecified vulnerability in Oracle SQL Trace Analyzer component allows remote authenticated users to compromise confidentiality and integrity Unspecified Remote Integrity Vulnerability in Oracle Java SE Unspecified JCE-related vulnerability in Oracle Java SE and JRockit Unspecified Remote Availability Vulnerability in Oracle Database Server Unspecified Tools-related vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.2.0 and 12.1.3.0 Unspecified Remote Integrity Vulnerability in Oracle Database Server Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u76 and 8u40 Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise SCM Strategic Sourcing Component Unspecified Remote Confidentiality Vulnerability in Oracle Java SE 8u40 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Java SE and JRockit allows remote attackers to affect availability via JSSE vectors Confidentiality vulnerability in Oracle E-Business Suite AMP 121030 and 121020 Unspecified vulnerability in Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 Unspecified vulnerability in Oracle Java SE and Java FX allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76 Unspecified Local Denial of Service Vulnerability in Oracle Outside In Technology Component Unspecified Remote Integrity Vulnerability in Oracle Retail Central Office Component Unspecified Remote Code Execution Vulnerability in Oracle Commerce Platform Confidentiality vulnerability in PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 Unspecified Integrity Vulnerability in Oracle PeopleSoft Enterprise Portal Interaction Hub Component Unspecified Replication Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Unspecified vulnerability in Oracle MySQL Server: Remote authenticated user availability impact via Server : Compiling. Unspecified Remote Integrity Vulnerability in Oracle Siebel CRM 8.1 and 8.2 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite Remote authenticated users can affect availability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, through DDL-related vectors. Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Unspecified Remote Integrity Vulnerability in Oracle Hyperion BI+ Component Unspecified Remote Code Execution Vulnerability in Oracle Commerce Platform Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Open Redirect Vulnerability in EMC Unisphere Central before 4.0 Allows Remote Attackers to Conduct Phishing Attacks Arbitrary Web Script Injection in EMC M&R and ViPR SRM Administrative User Interface Cleartext Data-Center Discovery Credentials Disclosure in EMC M&R and ViPR SRM Arbitrary Code Execution via Unrestricted File Upload in EMC M&R and ViPR SRM Arbitrary File Read Vulnerability in EMC M&R and ViPR SRM Information Disclosure Vulnerability in EMC Documentum D2 API Privilege Escalation via Group Permissions Modification in EMC Documentum D2 Cleartext SQL Password Exposure in EMC Captiva Capture 7.0 and 7.1 Arbitrary Web Script Injection in EMC RSA Certificate Manager and RSA Registration Manager Arbitrary Web Script Injection in EMC RSA Certificate Manager and RSA Registration Manager Denial of Service Vulnerability in EMC RSA Certificate Manager and RSA Registration Manager Arbitrary SQL Command Execution Vulnerability in EMC Secure Remote Services Virtual Edition (ESRS VE) Arbitrary OS Command Execution Vulnerability in EMC Secure Remote Services Virtual Edition (ESRS VE) Multiple Cross-Site Scripting (XSS) Vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 Cleartext Storage of Windows Service Credentials in EMC Documentum xMS 1.1 before P14 Privilege Escalation via System File Modification in EMC Isilon OneFS Default Password Vulnerability in EMC PowerPath Virtual Appliance Buffer Overflow Vulnerability in nsr_render_log in EMC NetWorker Lack of Lockout Mechanism in EMC SourceOne Email Management before 7.2 Unrestricted Password Reset Vulnerability in EMC RSA Identity Management and Governance (IMG) ECDHE-to-ECDH Downgrade Vulnerability in EMC RSA BSAFE Micro Edition Suite and RSA BSAFE SSL-C Vulnerability: Certificate Data Constraint Bypass in EMC RSA BSAFE Suite Vulnerability: Weak TLS State Transitions in EMC RSA BSAFE Micro Edition Suite and RSA BSAFE SSL-C Denial of Service Vulnerability in EMC RSA BSAFE Micro Edition Suite and RSA BSAFE SSL-C Integer Underflow Vulnerability in EMC RSA BSAFE Micro Edition Suite (MES) and Crypto-C ME Arbitrary Command Execution Vulnerability in EMC AutoStart 5.4.x and 5.5.x SQL Injection Vulnerability in EMC Document Sciences xPression xAdmin Interface CSRF Vulnerability in EMC RSA Web Threat Detection Allows User Authentication Hijacking RSA Archer GRC 5.5 SP1 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities X.509 Certificate Verification Vulnerability in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x Insecure Session Cookie Generation in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x Remote Code Execution Vulnerability in EMC Unisphere for VMAX 8.x LDAP Authentication Bypass in EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 D2CenterstageService.getComments DQL Injection Vulnerability D2DownloadService.getDownloadUrls DQL Injection Vulnerability Arbitrary Web Script Injection Vulnerability in EMC Documentum D2 before 4.5 EMC Documentum Thumbnail Server Directory Traversal Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in EMC Documentum Web Applications Directory Traversal Vulnerability in gcab_folder_extract Function in gcab 0.4 Arbitrary Web Script Injection Vulnerability in WebsiteBaker 2.8.3 SP3 Remote Access Vulnerability in ADB P.DGA4001N Router Firmware PDG_TEF_SP_4.06L.6 Buffer Overflow in Samsung iPOLiS Device Manager ActiveX Control Directory Traversal Vulnerability in Open-source ARJ Archiver 3.10.22 Path Traversal Vulnerability in Open-source ARJ Archiver 3.10.22 Insecure WPA Key Generation in ADB P.DGA4001N Router Use-after-free vulnerabilities in WCCP dissector in Wireshark Uninitialized Data Structures Vulnerability in Wireshark WCCP Dissector Out-of-bounds memory access vulnerability in LPP dissector in Wireshark 1.10.x and 1.12.x Use-after-free vulnerabilities in DEC DNA Routing Protocol dissector in Wireshark Incorrect Length Value in SMTP Dissector Allows Remote Denial of Service Buffer Underflow Vulnerability in Wireshark SSL Decrypt Record Function Rowhammer Vulnerability Exploited via NaCl's CLFLUSH Instruction in 2015 MSM-Camera Driver Use-After-Free Vulnerability Heap-based Buffer Overflow in WLAN Driver for Linux Kernel 3.x and 4.x Stack-based Buffer Overflow in WLAN Driver Allows Privilege Escalation via Crafted Application Privilege Escalation via Unverified IOCTL Calls in Linux WLAN Driver Race conditions in ADSPRPC driver for Linux kernel 3.x allow denial of service and potential impact via COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call Denial of Service and Possible Other Impact in TSC Driver for Linux Kernel 3.x Insufficient Filesystem Access Validation in Qualcomm Android Releases from CAF Insecure Ciphersuites in Qualcomm Android Releases: A Critical Vulnerability Buffer Overflow Vulnerability in Qualcomm Android Devices with HSDPA Cross-Site Scripting (XSS) Vulnerabilities in Cisco AsyncOS IronPort Spam Quarantine Denial of Service Vulnerability in Cisco ASA Software with DHCPv6 Relay Configuration (CSCur45455) Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway (Bug ID CSCur12473) SQL Injection Vulnerabilities in Cisco Secure ACS View Reporting Interface XML External Entity (XXE) Vulnerability in Cisco Prime Service Catalog 10.1 Denial of Service Vulnerability in Cisco NX-OS on MDS 9000 Devices (Bug ID CSCuo09129) Improper Restriction of URL Content in Cisco WebEx Meeting Center (CSCus18281) Arbitrary OS Command Execution Vulnerability in Cisco DX650 Endpoints (CSCus38947) Denial of Service Vulnerability in Cisco IOS 15.3(100)M on Cisco 2900 Integrated Services Router CSRF Vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 (Bug ID CSCuo77055) Arbitrary OS Command Execution Vulnerability in Cisco WebEx Meetings Server Remote Code Execution Vulnerability in Cisco WebEx Meeting Center Denial of Service Vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 (Bug ID CSCur44177) Denial of Service Vulnerability in Cisco IOS Zone-Based Firewall (Bug ID CSCuh25672) Denial of Service Vulnerability in Cisco IOS Zone-Based Firewall Implementation (CSCul65003) Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Help Pages Information Disclosure Vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier Cisco WebEx Meetings Server 1.5(.1.131) Cross-Site Request Forgery (CSRF) Vulnerability Administrative Account Enumeration Vulnerability in Cisco WebEx Meetings Server Denial of Service Vulnerability in Cisco IOS and IOS XE RADIUS Implementation Cross-Frame Scripting Vulnerability in Cisco Integrated Management Controller Denial of Service Vulnerability in Cisco Unified IP 9900 Phones Denial of Service Vulnerability in Cisco Unified IP 9900 Phones (Bug ID CSCup92790) Information Disclosure Vulnerability in Cisco Unified IP 9900 Phones Weak File Permissions in Cisco Unified IP 9900 Phones Firmware 9.4(.1) and Earlier Arbitrary File Upload Vulnerability in Cisco Unified IP 9900 Phones Bypassing Content Restrictions via Uuencode Encoding in Cisco Email Security Appliance (ESA) Devices Denial of Service Vulnerability in Cisco IOS Shell (Bug ID CSCur59696) Authentication Bypass Vulnerability in Cisco IOS Authentication Proxy Race condition vulnerability in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause denial of service via crafted network traffic (Bug ID CSCul48736) Race condition vulnerability in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause denial of service via crafted network traffic (CSCuj96752) Race condition vulnerability in Cisco IOS 15.5(2)T and earlier allows bypass of access restrictions via object-group ACL feature, aka Bug ID CSCun21071. Insufficient Access Restrictions in Cisco TelePresence IX5000 Devices (Bug ID CSCus74174) Denial of Service Vulnerability in Cisco Unity Connection SIP Trunk Integration (CSCuh25062) Denial of Service Vulnerability in Cisco Unity Connection SIP Trunk Integration (CSCul20444) Denial of Service Vulnerability in Cisco Unity Connection SIP Trunk Integration (CSCul26267) Denial of Service Vulnerability in Cisco Unity Connection SIP Trunk Integration (CSCul28089) Denial of Service Vulnerability in Cisco Unity Connection Denial of Service Vulnerability in Cisco ASR 5500 SAE Gateway Devices (CSCur13393) Denial of Service Vulnerability in Cisco IOS XR 5.0.1 and 5.2.1 on NCS 6000 and 5.1.3 and 5.1.4 on CRS-X Devices (CSCuq95241) Memory Leak in Cisco ASA WebVPN Subsystem XML External Entity (XXE) Vulnerability in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier Denial of Service Vulnerability in Cisco TelePresence MCU Devices (Bug ID CSCur50347) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (Bug ID CSCus46861) Arbitrary Code Injection via Administrator Report Page in Cisco Web Security Appliance (WSA) Devices (CSCus40627) Remote Code Execution via Crafted HTTP Header in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) Devices Remote Access to System-Management Tools in Cisco Hosted Collaboration Solution (HCS) via Crafted Challenge SOAP Calls (Bug ID CSCuc38114) Bypassing Proxy Restrictions on Cisco Web Security Appliance (WSA) Devices via Malformed HTTP Method (Bug ID CSCus79174) Race condition vulnerability in Cisco IPS SSL implementation during key-regeneration phase of upgrade (Bug ID CSCui25688) Race condition vulnerability in Cisco IOS and IOS XE Neighbor Discovery (ND) protocol implementation Bypassing Access Restrictions in Cisco UCS Integrated Management Controller (IMC) Arbitrary Script Injection in Cisco WebEx Meetings Server Administrative Interface Spoofing Vulnerability in Cisco IOS and IOS XE (CSCup62191) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCup62293) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCup62315) Denial of Service Vulnerability in Cisco IOS VRF Interface (Bug ID CSCsi02145) Denial of Service Vulnerability in Cisco IOS XE Denial of Service Vulnerability in Cisco IOS XE HSL Feature (CSCuo25741) Denial of Service Vulnerability in Cisco IOS XE 2.x and 3.x Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCum36951) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCuo75572) Remote Code Execution and Denial of Service Vulnerability in Cisco IOS XE Cisco IOS XE Layer 4 Redirect Denial of Service Vulnerability Memory Leak Vulnerability in Cisco IOS and IOS XE (CSCum94811) Denial of Service Vulnerability in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 via Malformed CIP UDP Packets (CSCum98371) Cisco IOS Memory Leak Vulnerability via Crafted CIP TCP Packets (CSCun49658) Denial of Service Vulnerability in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 via Malformed CIP TCP Packets (CSCun63514) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCup70579) Cisco Application Networking Manager (ANM) and Device Manager (DM) Cross-Site Request Forgery (CSRF) Vulnerability Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS), Cisco Expressway, and Cisco TelePresence Conductor Authentication Bypass Vulnerability in Cisco TelePresence Video Communication Server and Cisco Expressway Denial of Service Vulnerability in Cisco IPS Software (Bug ID CSCuq40652) Arbitrary Code Injection via POST Request in Cisco Unified Web and E-Mail Interaction Manager (Bug ID CSCus74184) Cisco Network Analysis Module (NAM) Login Page Cross-Site Scripting (XSS) Vulnerability Cisco IOS XR Denial of Service Vulnerability (Bug ID CSCur69192) Arbitrary Command Execution Vulnerability in Cisco NX-OS DHCP Implementation Self-Referential Adjacencies Vulnerability in Cisco IOS ANI Implementation (Bug ID CSCup62157) Arbitrary OS Command Execution Vulnerability in Cisco Virtual TelePresence Server Software (Bug ID CSCus61123) Cisco IOS XR SNMPv2 Denial of Service Vulnerability (Bug ID CSCur25858) Privilege Escalation via Crafted IPC Messages in Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability in Cisco AnyConnect Secure Mobility Client Arbitrary Memory Write Vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and Earlier Arbitrary File Write Vulnerability in Cisco AnyConnect Secure Mobility Client Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability (CSCus00241) Bypassing Local-Network Device Access Restrictions on Cisco CSS 11500 Devices (Bug ID CSCut14855) Arbitrary Code Injection Vulnerability in Cisco WebEx Meetings Server Administration Portal (CSCuq66737) ANI Implementation Vulnerability in Cisco IOS 15.4S and 15.4(3)S Insecure Default Configuration of Cisco Small Business IP Phones SPA 300 and SPA 500 (Bug ID CSCuo52482) Denial of Service Vulnerability in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) Denial of Service Vulnerability in Cisco IOS XR 5.2.2 on ASR 9000 Devices (Bug ID CSCup67822) Password Disclosure Vulnerability in Cisco Mobility Services Engine (MSE) 8.0(110.0) Cisco Cloud Web Security Alert Service XSS Vulnerability Failover IPsec Implementation Vulnerability in Cisco ASA Software Cisco Adaptive Security Appliance (ASA) Software DNS Denial of Service Vulnerability XML Parser Denial of Service Vulnerability in Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability in Cisco ASA FirePOWER and ASA Context-Aware Software Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (Bug ID CSCui57980) Arbitrary File Read Vulnerability in Cisco Unified Call Manager (CM) 9.1(2.1000.28) Denial of Service Vulnerability in Cisco IOS and IOS XE TFTP Server Arbitrary Code Execution Vulnerability in Cisco Unified Communications Domain Manager 8.1(4) (Bug ID CSCup90168) File-Inclusion Vulnerability in Cisco Unified Communications Domain Manager 8.1(4) (Bug ID CSCup94744) SQL Injection Vulnerability in Cisco Unified Communications Domain Manager 8.1(4) Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices (Bug ID CSCub31873) Denial of Service Vulnerability in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 Devices (CSCuq92240) Denial of Service Vulnerability in Cisco IOS 15.1(2)SG4 on Catalyst 4500 Devices with VSS Configuration (CSCuq04574) Denial of Service Vulnerability in Cisco IOS XE 3.10.2S on ASR 1000 with ESP Module and NAT Enabled (CSCup21070) Improper Handling of HTTP Methods in Cisco Cloud Web Security (CSCut69743) Cisco Wireless LAN Controller (WLC) HTML Help System Cross-Site Scripting (XSS) Vulnerability Arbitrary Command Execution Vulnerability in Cisco Secure Desktop (CSD) Arbitrary Code Execution Vulnerability in Cisco Web Security Appliance (WSA) Devices Arbitrary Code Execution Vulnerability in Cisco Web Security Appliance (WSA) Devices ACL Bypass Vulnerability in Cisco ASR 9000 Devices (Bug ID CSCur28806) Denial of Service Vulnerability in Cisco IOS XR on ASR 9000 Devices (CSCur62957) Cisco TC Software before 7.1.0 Cross-Site Scripting (XSS) Vulnerability Open Redirect Vulnerability in Cisco TC Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Web Security Appliance (WSA) Devices with Software 8.5.0-497 (Bug ID CSCut39213) SQL Injection Vulnerability in Cisco Unified Communications Manager (UCM) IVR Component (Bug ID CSCut21563) CSRF Vulnerability in Cisco Secure Access Control Server Solution Engine Arbitrary Command Execution Vulnerability in Cisco UCS Central Software (Bug ID CSCut46961) Unrestricted File Upload Vulnerability in Cisco Unified MeetingPlace 8.6(1.9) Arbitrary Code Injection in Cisco Unified MeetingPlace 8.6(1.9) Administrative Web Interface Cisco Unified MeetingPlace 8.6(1.9) API Cross-Site Request Forgery Vulnerabilities CSRF Vulnerability in Cisco Unified MeetingPlace 8.6(1.9) SOAP API Endpoints Open Redirect Vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0: Remote Phishing Attack via Crafted HTTP Header Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 XSS Vulnerability (Bug ID CSCus85425) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCur29956) Denial of Service Vulnerability in Cisco IOS 15.5S and IOS XE (Bug ID CSCur21348) Denial of Service Vulnerability in Cisco IOS XE 3.10S OTV Implementation Denial of Service Vulnerability in Cisco StarOS 18.1.0.59776 on ASR 5000 Devices (Bug ID CSCut94711) Denial of Service Vulnerability in Cisco StarOS Session-Manager Service (Bug ID CSCud14217) Arbitrary Command Execution Vulnerability in Cisco TelePresence Software Cisco Finesse Server Multiple Cross-Site Scripting (XSS) Vulnerabilities (CSCut53595) SQL Injection Vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) Administrative Web Interface Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) Privilege Escalation Vulnerability in Cisco Unified Communications Manager 10.0(1.10000.12) Denial of Service Vulnerability in Cisco NX-OS on Nexus 1000V and UCS Platforms (CSCub70579) Privilege Escalation via SSH Connection Negotiation in Cisco NX-OS Devices Denial of Service Vulnerability in Cisco TelePresence Devices (Bug ID CSCuj68952) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (CSCum03269) Cross-Site Scripting (XSS) Vulnerabilities in Cisco Headend Digital Broadband Delivery System (dncs 7.0.0.12) Denial of Service Vulnerability in Cisco Videoscape Distribution Suite Service Broker Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Devices Cisco Security Manager (CSM) 4.7(0)SP1(1) Cross-Site Scripting (XSS) Vulnerability Cisco Access Control Server (ACS) 5.5(0.1) Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection Vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) Denial of Service Vulnerability in Cisco WAAS SMB Module (Bug ID CSCuo75645) Denial of Service Vulnerability in Cisco IOS 15.3S via Malformed Q931 SETUP Messages (CSCut37890) Cisco AsyncOS Cross-Site Scripting (XSS) Vulnerability CRLF Injection Vulnerability in Cisco Headend System Release (Bug ID CSCur25580) Cross-Site Scripting (XSS) Vulnerabilities in Cisco Email Security Appliance (ESA) 8.5.6-106 (Bug ID CSCut87743) CSRF Vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) - Bug ID CSCut93970 CSRF Vulnerability in Cisco MediaSense 10.5(1) and Earlier (Bug ID CSCuu16728) Cisco FireSIGHT System Software 5.3.1.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities (CSCuu11099) Arbitrary Script Injection Vulnerability in Cisco Web Security Appliance (WSA) Devices 8.5.0-497 Remote File Upload Vulnerability in Cisco FireSIGHT System Software 5.3.0 Cisco Unified Intelligence Center 10.6(1) Cross-Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) Vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and Earlier (Bug ID CSCut04596) Denial of Service Vulnerability in Cisco Adaptive Security Appliance (ASA) Software Cisco Headend System Release Denial of Service Vulnerability (Bug ID CSCus04097) Denial of Service Vulnerabilities in Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release Remote Code Execution Vulnerability in Cisco Headend System Release Denial of Service Vulnerability in Cisco ACS 5.5(0.46.2) REST API (Bug ID CSCut62022) Arbitrary Cookie Injection Vulnerability in Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release (Bug ID CSCuh25408) Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager Arbitrary Command Execution Vulnerability in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and Earlier Denial of Service Vulnerability in Cisco IP Phone 7861 (CSCus81800) Cisco TelePresence Video Communication Server (VCS) X8.5.1 Cross-Site Scripting (XSS) Vulnerability (CSCut27635) Arbitrary SQL Command Execution Vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) (CSCuu30028) Cisco Finesse 10.5(1) XML Document Vulnerability Privilege Escalation Vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(64) Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Devices (Bug ID CSCug67104) Improper Session Handling in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) XML External Entity (XXE) Vulnerability in Cisco Unified MeetingPlace 8.6(1.9) CSRF Vulnerability in Cisco Headend Digital Broadband Delivery System Allows Remote User Authentication Hijacking IKEv1 XAUTH Bypass Vulnerability in Cisco ASA Software Privilege Escalation Vulnerability in Cisco AnyConnect Secure Mobility Client on Linux (CSCus86790) Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook Cross-Site Scripting (XSS) Vulnerability Improper Session ID Validation in Cisco Unified MeetingPlace 8.6(1.2) Arbitrary File Read Vulnerability in Cisco Unified MeetingPlace 8.6(1.9) (CSCus95603) Denial of Service Vulnerability in Cisco ONS 15454 System Software 10.30 and 10.301 (Bug ID CSCus57263) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco FireSIGHT System Software 6.0.0 Unspecified Command Vulnerability in Cisco Edge 300 Software (Bug ID CSCur18132) Improper AAA Role Implementation in Cisco Prime Network Control System (NCS) - Bug ID CSCur27371 Denial of Service Vulnerability in Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System CRLF Injection Vulnerability in Cisco TelePresence TC 6.x and 7.x on Integrator C SX20 Devices (CSCut79341) Denial of Service Vulnerability in Cisco IOS 12.2 on Catalyst 6500 Devices (Bug ID CSCur70505) Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5RC4 Arbitrary User Dashboard Deletion Vulnerability in Cisco FireSIGHT System Software Cisco ACNS 5.5(9) Cross-Site Scripting (XSS) Vulnerability (CSCuu70650) Remote Denial of Service Vulnerability in Cisco NX-OS Devices Denial of Service Vulnerability in Cisco IOS XR 5.0.1 on Network Convergence System 6000 Devices (Bug ID CSCuq31566) Uninitialized Memory Disclosure in Xen USB Backend Driver Arbitrary Command Execution in osc before 0.151.0 via Shell Metacharacters in _service File Arbitrary Code Execution via Directory Traversal in Novell ZENworks Configuration Management (ZCM) SQL Injection Vulnerability in GetReRequestData Method of GetStoredResult Class in Novell ZENworks Configuration Management (ZCM) Arbitrary File Upload and Execution Vulnerability in Novell ZENworks Configuration Management (ZCM) SQL Injection Vulnerability in Novell ZENworks Configuration Management (ZCM) ScheduleQuery Method Arbitrary File Read Vulnerability in Novell ZENworks Configuration Management (ZCM) FileViewer Class Remote Session ID Exposure in Novell ZENworks Configuration Management (ZCM) Arbitrary Folder Read Vulnerability in Novell ZENworks Configuration Management (ZCM) Remote Code Execution Vulnerability in Novell ZENworks Configuration Management Arbitrary HTML Injection in NetIQ Designer for Identity Manager before 4.5.3 Symlink Attack Vulnerability in dracut Package Stack-based buffer overflows in NetIQExecObject.NetIQExec.1 ActiveX Control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 (ZDI-CAN-2699) Vulnerability: Non-Standard File Generation in Open Buildservice Buffer over-read vulnerability in GStreamer before 1.4.5 allows remote attackers to cause denial of service or execute arbitrary code via crafted H.264 video data in an m4v file Arbitrary JavaScript Execution in Mozilla Firefox Reader Mode HTTP Alternative Services Bypass Vulnerability Insecure PRNG Implementation in Mozilla Firefox DNS Resolver on Android Same Origin Policy Bypass in Mozilla Firefox and Thunderbird Arbitrary JavaScript Code Execution in Mozilla Firefox Use-after-free vulnerability in HTMLSourceElement::AfterSetAttr in Mozilla Firefox before 37.0 allows remote attackers to execute arbitrary code or cause a denial of service. Use-after-free vulnerability in HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 Memory Corruption Vulnerability in Mozilla Firefox's Off Main Thread Compositing Implementation Memory Corruption Vulnerability in Mozilla Firefox's Off Main Thread Compositing (OMTC) Implementation CORS Bypass Vulnerability in navigator.sendBeacon Implementation Memory Corruption Vulnerability in WebRTC Implementation in Mozilla Firefox Clickjacking Vulnerability in Mozilla Firefox on OS X Out-of-Bounds Read Vulnerability in Mozilla Firefox's QCMS Implementation Insecure Lightweight Theme Add-on Installation in Mozilla Firefox Use-after-free vulnerability in AppendElements function in Mozilla Firefox allows remote code execution via crafted MP3 file Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Arbitrary JavaScript Code Execution via Resource: URLs in Mozilla Firefox and Thunderbird Memory Corruption Vulnerability in asm.js Implementation in Mozilla Firefox Arbitrary JavaScript Code Execution via SVG Hash Navigation in Mozilla Firefox, Firefox ESR, and SeaMonkey Clickjacking and Spoofing Vulnerability in Mozilla Firefox UITour::onPageEvent Function JavaScript Object Transition Vulnerability in Mozilla Firefox Arbitrary File Reading and JavaScript Code Execution Vulnerability in Mozilla Firefox Arbitrary File Reading Vulnerability in Mozilla Firefox and Thunderbird Use-after-free vulnerabilities in OpenType Sanitiser: Potential Remote Code Execution Out-of-bounds Write Vulnerability in Mozilla Firefox 36.0 Mozilla Firefox MP3FrameParser Stack-based Buffer Underflow Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox Heap-based buffer overflow in CopyRect function in Mozilla Firefox and Thunderbird Double Free Vulnerability in Mozilla Firefox 36.0 and earlier: Remote Code Execution and Denial of Service Remote Code Execution Vulnerability in Mozilla Firefox via Crafted MP4 Video Memory Allocation Vulnerability in Mozilla Firefox WebGL Implementation Mozilla Firefox IndexedDB Use-After-Free Vulnerability Domain Name Equivalence Vulnerability in Mozilla Firefox Untrusted Search Path Vulnerabilities in Mozilla Firefox and Thunderbird on Windows Unencrypted WebRTC Communication Vulnerability Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Last-Level Cache Side-Channel Attack in Libgcrypt and GnuPG Buffer Overflow in Dulwich C Implementation of apply_delta Function in _pack.c Vulnerability: Arbitrary Code Execution in HP Linux Imaging and Printing (HPLIP) Plugin Downloads Bypassing Signature Verification in Debian dpkg-source Command Denial of Service Vulnerability in libcapsinetwork and monopd before 0.9.8 Arbitrary File Read Vulnerability in Battle for Wesnoth Arbitrary Code Execution via Localization Template in Movable Type Pro and Open Source Arbitrary File Inclusion Vulnerability in django-markupfield before 1.3.2 Denial of Service Vulnerability in Network Block Device (nbd-server) Heap-based Buffer Overflow in libwmf 0.2.8.4: Remote Code Execution via Crafted BMP Image Arbitrary Code Execution Vulnerability in FusionForge Git Plugin Denial of Service Vulnerability in XMLTooling-C Integer Underflows in FreeImage PluginPCX.cpp Leading to Heap Memory Corruption Arbitrary Command Execution Vulnerability in svn-workbench 1.6.2 and Earlier Arbitrary Command Execution via Crafted Image Name in Shutter Arbitrary Code Execution Vulnerability in pitivi's _mediaLibraryPlayCb Function Privilege Escalation via Crashing SDDM Greeter with Certain Themes Remote Code Execution via Shell Metacharacters in TarDiff File Names Symlink Attack Vulnerability in Cool Projects TarDiff Arbitrary Code Execution Vulnerability in Debian Smokeping Package Stack-based buffer overflow in dpkg-deb/extract.c in dpkg before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via a specially crafted old-style Debian binary package. Arbitrary Field Write Vulnerability in trytond Multiple Cross-Site Scripting (XSS) Vulnerabilities in RabbitMQ Management Plugin Man-in-the-Middle Vulnerability in GALAXY Apps Man-in-the-Middle Vulnerability in Samsung Account (com.osp.app.signin) Allows Information Theft and Code Execution Cross-Site Scripting (XSS) Vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 Arbitrary File Read Vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and Earlier Unrestricted File Upload Vulnerability in Mrs. Shiromuku Perl CGI BBS 2.91 Denial of Service Vulnerability in I-O DATA DEVICE NP-BBRM Routers via UPnP Requests Arbitrary Web Script Injection in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 Unspecified Cross-Site Scripting (XSS) Vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and Earlier Arbitrary Web Script Injection in Homepage Decorator PerlTreeBBS 2.30 and Earlier Unverified X.509 Certificates in Smartphone Passbook 1.0.0 Allow for Man-in-the-Middle Attacks Sensitive Information Exposure in Ogaki Kyoritsu Bank Smartphone Passbook Application 1.0.0 for Android Arbitrary Web Script Injection in Saurus CMS Community Edition before 4.7 2015-02-04 Arbitrary Code Execution via Unrestricted File Upload in C-BOARD Moyuku Directory Traversal Vulnerability in CREAR AL-Mail32: Arbitrary File Write Denial of Service Vulnerability in AL-Mail32 before 1.13d Buffer Overflow Vulnerability in CREAR AL-Mail32 before 1.13d CRLF Injection Vulnerability in Squid before 3.1.1 Cross-Site Scripting (XSS) Vulnerabilities in Zen Cart Japanese Edition 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja Arbitrary Code Execution Vulnerability in SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5 Unquoted Windows Search Path Privilege Escalation Vulnerability in Toshiba Bluetooth Stack and Service Station Denial of Service Vulnerability in checkpw 1.02 and Earlier Cryptographic Vulnerability: Integer Overflow in jBCrypt Key-Stretching Implementation Denial of Service Vulnerability in npppd on SEIL Routers Arbitrary File Deletion Vulnerability in KENT-WEB Clip Board before 4.1 Remote Code Execution via Article in KENT-WEB Joyful Note before 5.3 Bypassing CAPTCHA Protection in BestWebSoft Google Captcha Plugin for WordPress Maroyaka CGI Maroyaka Simple Board XSS Vulnerability Maroyaka CGI Maroyaka Image Album XSS Vulnerability Maroyaka CGI Maroyaka Relay Novel XSS Vulnerability Arbitrary SQL Command Execution in All In One WP Security & Firewall Plugin CSRF Vulnerability in All In One WP Security & Firewall Plugin Allows Unauthorized Deletion of 404 Logs Unspecified Cross-Site Scripting (XSS) Vulnerabilities in eXtplorer before 2.1.7 Vulnerability: Non-SSL/TLS Communications in LINE for Android and iOS Arbitrary Code Execution in Futomi CGI Cafe MP Form Mail CGI eCommerce Apache Struts 1 MultiPageValidator Access Restriction Bypass Vulnerability Arbitrary Web Script Injection in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 Duwasai Flashy Theme 1.3 XSS Vulnerability Password Protection Bypass in Semper Fi All in One SEO Pack Plugin for WordPress Remote Code Execution Vulnerability in Saitoh Kikaku Maruo Editor 8.51 and Earlier via Crafted .hmbook File Insecure SSL Certificate Verification in Restaurant Karaoke SHIDAX App 1.3.3 and Earlier on Android CSRF Vulnerability in bBlog Allows Remote User Authentication Hijacking Lhaplus Directory Traversal Vulnerability Lhaplus Buffer Overflow Vulnerability Arbitrary Web Script Injection Vulnerability in TAGAWA Takao TransmitMail Arbitrary File Read Vulnerability in TAGAWA Takao TransmitMail Arbitrary Code Execution Vulnerability in EasyCTF (before 1.4) Unspecified Cross-Site Scripting (XSS) Vulnerability in EasyCTF before 1.4 Session ID Validation Bypass in EasyCTF before 1.4 Arbitrary Web Script Injection via Crafted Attachment Filename in RAKUS MailDealer 11.2.1 and Earlier SQL Injection Vulnerability in graph.php in Cacti before 0.8.6f Arbitrary Web Script Injection in Kajona Backend (XSS) Vulnerability Arbitrary Web Script Injection in Sefrengo Administrative Backend Multiple SQL Injection Vulnerabilities in Sefrengo Administrative Backend CSRF Vulnerability in Banner Effect Header Plugin for WordPress Allows XSS Attacks XML External Entity (XXE) Vulnerability in McAfee ePolicy Orchestrator (ePO) Server Task Log Shared Secret Key Vulnerability in McAfee ePolicy Orchestrator (ePO) XML External Entity (XXE) vulnerability in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 Default Password Vulnerability in Ceragon FibeAir IP-10 Bridges Arbitrary Code Execution Vulnerability in iPass Open Mobile on Windows World-writable Permissions for Root-executed Scripts in Labtech on Linux NULL Pointer Dereference Vulnerability in libhtp 0.5.15 Authentication Bypass Vulnerability in SerVision HVG Video Gateway Devices Hardcoded Administrative Password Vulnerability in SerVision HVG Video Gateway Devices Arbitrary Code Execution Vulnerability in Ektron CMS 8.5 and 8.7 Unauthenticated Remote File Access in ANTlabs InnGate Firmware Absolute Path Traversal Vulnerability in ShareLaTeX 0.1.3 and Earlier Arbitrary Code Execution in Common LaTeX Service Interface (CLSI) Arbitrary PHP Code Execution in Bomgar Remote Support (CVE-2020-XXXX) Default SSH Public Key Vulnerability in Ceragon FibeAir IP-10 Blue Coat Malware Analysis Appliance Search.php Cross-Site Scripting (XSS) Vulnerability Arbitrary Document Listing and Reading Vulnerability in Blue Coat Malware Analysis Appliance Insecure Certificate Verification in Inetc Plugin for NSIS Unencrypted Communication Vulnerability in Basware Banking (Maksuliikenne) before 9.10.0.0 Insecure Function Calls in BIOS Implementations Allow Privilege Escalation Arbitrary Web Script Injection Vulnerability in X-Cart 5.1.6 through 5.1.10 Arbitrary Account Data Manipulation in X-Cart before 5.1.11 Unverified SSL Certificates in Barracuda Web Filter Shared Root CA Certificate in Barracuda Web Filter Enables Man-in-the-Middle Attacks Cross-Site Scripting (XSS) Vulnerabilities in SearchBlox before 8.2 Unrestricted File Upload Vulnerability in SearchBlox Admin Panel Sensitive Information Disclosure in SearchBlox before 8.2 via _cluster/health URI CSRF Vulnerability in SearchBlox Allows Remote User Authentication Hijacking Denial of Service Vulnerability in Suricata DER Parser Hardcoded Password Vulnerability in Pearson ProctorCache Buffer Overflow in libpng's png_read_IDAT_data function Privilege Escalation through Untrusted Search Path Vulnerability in ZTE Datacard MF190V1.0.0B04 Arbitrary Web Script Injection Vulnerability in Inductive Automation Ignition 7.7.2 Arbitrary OS Command Execution in Network Vision IntraVue before 2.3.0a14 on Windows Untrusted Search Path Vulnerabilities in EQATEC.Analytics.Monitor.Win32_vc100.dll and EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 Remote Code Execution Vulnerability in SCADA Engine BACnet OPC Server Remote Code Execution via Format String Vulnerability in SCADA Engine BACnet OPC Server Authentication Bypass Vulnerability in SCADA Engine BACnet OPC Server Buffer Overflow Vulnerability in Schneider Electric Pelco DS-NVs before 7.8.90 Directory Traversal Vulnerability in Honeywell Excel Web XL1000C Controllers CSRF Vulnerability in XZERES 442SR OS Allows Remote Password Hijacking Stack-based buffer overflow vulnerabilities in Moxa VPort ActiveX SDK Plus before 2.8 Cleartext Password Transmission Vulnerability in Omron CX-One CX-Programmer and PLC Devices Reversible Password Storage Vulnerability in Omron CX-One CX-Programmer PACTware 4.1 SP3 Denial of Service Vulnerability Untrusted Search Path Vulnerability in Ecava IntegraXor SCADA Server Information Disclosure Vulnerability in Inductive Automation Ignition 7.7.2 Cleartext Storage of OPC Server Credentials in Inductive Automation Ignition 7.7.2 Session Persistence Vulnerability in Inductive Automation Ignition 7.7.2 Bypassing Brute-Force Protection in Inductive Automation Ignition 7.7.2 Weak Password Hashing in Inductive Automation Ignition 7.7.2 Hardcoded Cleartext Password Vulnerability in Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure: User Enumeration in Schneider Electric InduSoft Web Studio and InTouch Machine Edition Cleartext Credential Transmission Vulnerability in Schneider Electric InduSoft Web Studio and InTouch Machine Edition Cleartext Storage of OPC User Credentials in Schneider Electric InduSoft Web Studio and InTouch Machine Edition Stack-based Buffer Overflow in Moxa SoftCMS ActiveX Control Critical Remote File Upload Vulnerability in Mailcwp v1.99 WordPress Plugin Critical Remote File Upload Vulnerability in fast-image-adder v1.1 WordPress Plugin Critical Open Proxy Vulnerability in Filedownload v1.4 WordPress Plugin Exploiting Blind SQL Injection in Filedownload v1.4 WordPress Plugin Critical XSS Vulnerability Found in Filedownload v1.4 WordPress Plugin Critical Remote File Download Vulnerability in Candidate-Application-Form v1.0 WordPress Plugin Exploiting Remote File Download Vulnerability in recent-backups v0.7 WordPress Plugin Critical Remote File Download Vulnerability in wptf-image-gallery v1.03 Critical Path Disclosure Vulnerability in MP3-jPlayer v2.3.2 WordPress Plugin Vulnerability: Open Proxy in Google Adsense and Hotel Booking Plugin v1.05 Critical Remote File Download Vulnerability in simple-image-manipulator v1.0 WordPress Plugin Critical Blind SQL Injection Vulnerability in Dukapress v2.5.9 WordPress Plugin Mypixs v0.3 WordPress Plugin: Local File Inclusion Vulnerability Critical Remote File Upload Vulnerability in csv2wpec-coupon v1.1 WordPress Plugin Cross-Site Scripting and CSRF Vulnerability in WP-Stats WordPress Plugin Local Denial of Service Vulnerability in Kiddoware Kids Place Home Button Protection Remote Code Execution Vulnerability in FileZilla Server up to 0.9.50 Timing Side-Channel Vulnerability in Token Validation Methods Inefficient Regular Expression Complexity Vulnerability in markdown-it up to 2.x (VDB-216852) Cross Site Scripting (XSS) Vulnerability in admont28 Ingnovarq Unsupported Cross Site Scripting Vulnerability in 82Flex WEIPDCRM Unsupported SQL Injection Vulnerability in 82Flex WEIPDCRM Critical Code Injection Vulnerability in nterchange up to 4.1.0 (CVE-2021-217187) Stack-based buffer overflows in IniNet embeddedWebServer: Remote Code Execution OpenDNS OpenResolve API Cross Site Scripting Vulnerability Improper Output Neutralization in OpenDNS OpenResolve (VDB-217197) Information Exposure through Error Message in sumocoders FrameworkUserBundle up to 1.3.x (VDB-217268) Cross-Site Scripting Vulnerability in WebDevStudios Taxonomy-Switcher Plugin (CVE-2021-217446) Critical SQL Injection Vulnerability in arekk uke (VDB-217485) Critical SQL Injection Vulnerability in glidernet ogn-live (VDB-217487) Critical SQL Injection Vulnerability in jeff-kelley opensim-utils (VDB-217550) Critical SQL Injection Vulnerability in HPI-Information-Systems ProLOD (VDB-217552) Critical SQL Injection Vulnerability in DBRisinajumi d2files (CVE-2021-217561) Cross Site Scripting (XSS) Vulnerability in foxoverflow MySimplifiedSQL IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to write to or delete files via URL encoding vulnerability. Critical SQL Injection Vulnerability in addUser function of ssn2013 cis450Project Cross Site Scripting (XSS) Vulnerability in ritterim Critical SQL Injection Vulnerability in IISH nlgis2's custom_import.pl (VDB-217609) Critical SQL Injection Vulnerability in Fumon Trello-Octometric (VDB-217611) Critical Path Traversal Vulnerability Discovered in hoffie larasync Denial of Service Vulnerability in luelista miniConf up to 1.7.6 Critical SQL Injection Vulnerability in tiredtyrant flairbot (VDB-217618) LDAP Injection Vulnerability in hydrian TTRSS-Auth-LDAP Cross Site Scripting (XSS) Vulnerability in js/roomElement.js of Main Page (VDB-217624) XML External Entity (XXE) Reference Vulnerability in Kelvinmo Simplexrd up to 3.1.0 (VDB-217630) IniNet embeddedWebServer (aka eWebServer) Directory Traversal Vulnerability Critical Pathname Traversal Vulnerability in SUKOHI Surpass (VDB-217642) Critical SQL Injection Vulnerability in purpleparrots 491-Project's Highscore Handler (VDB-217648) Cross Site Scripting (XSS) Vulnerability in HealthMateWeb's createaccount.php Improper Authorization Vulnerability in jvvlee MerlinsBoard's Grade Handler (VDB-217713) Critical SQL Injection Vulnerability in j-nowak workout-organizer (VDB-217714) Critical SQL Injection Vulnerability in gperson angular-test-reporter Critical SQL Injection Vulnerability in kylebebak dronfelipe (VDB-217951) Critical SQL Injection Vulnerability in ACI_Escola (VDB-217965) Critical SQL Injection Vulnerability in nym3r0s pplv2 (VDB-218023) Critical SQL Injection Vulnerability in dobos domino Remote Code Injection Vulnerability in gitlearn's Escape Sequence Handler SQL Injection Vulnerability in Dovgalyuk AIBattle (Unsupported Version) Critical SQL Injection Vulnerability in Dovgalyuk AIBattle (Unsupported Version) Critical Path Traversal Vulnerability Discovered in abreen Apollo (VDB-218307) Critical SQL Injection Vulnerability in gophergala sqldump (VDB-218350) Critical SQL Injection Vulnerability in tutrantta project_todolist Critical SQL Injection Vulnerability in lolfeedback (VDB-218353) Critical SQL Injection Vulnerability in KYUUBl School-Register (VDB-218355) Critical SQL Injection Vulnerability in bmattoso desafio_buzz_woody (VDB-218357) Cross-Site Scripting (XSS) Vulnerability in Overdrive Eletrônica Course-Builder Cleartext Password Storage Vulnerability in IniNet embeddedWebServer Critical SQL Injection Vulnerability in brandonfire miRNA_Database_by_PHP_MySql (VDB-218374) Critical SQL Injection Vulnerability in bony2023 Discussion-Board (CVE-2021-218378) Open Redirect Vulnerability in calesanz gibb-modul-151 (CVE-2021-218379) Critical SQL Injection Vulnerability in prodigasistemas curupira up to 0.1.3 Critical SQL Injection Vulnerability in githuis P2Manage Critical SQL Injection Vulnerability in PictureThisWebServer's routes/user.js (CVE-2021-218399) Critical SQL Injection Vulnerability in 2071174A Vinylmap Critical Access Control Vulnerability in Little Apps Little Software Stats Cross Site Scripting (XSS) Vulnerability in Wikisource Category Browser Cross Site Scripting (XSS) Vulnerability in s134328 Webapplication-Veganguide Heap-based Buffer Overflow Vulnerability in Opto 22 PAC Project and Related Software Versions Critical SQL Injection Vulnerability in MNBikeways Database (VDB-218417) Critical SQL Injection Vulnerability in evandro-machado Trabalho-Web2 (VDB-218427) Injection Vulnerability in Command Line Template Component of galaxy-data-resource up to 14.10.0 (VDB-218451) Critical SQL Injection Vulnerability in saemorris TheRadSystem Critical SQL Injection Vulnerability in VictorFerraresi pokemon-database-php (VDB-218455) Critical Buffer Overflow Vulnerability in AenBleidd FiND (VDB-218458) Critical SQL Injection Vulnerability in tynx wuersch (VDB-218462) Race Condition Vulnerability in oznetmaster SSharpSmartThreadPool Critical SQL Injection Vulnerability in getByMovieId function of ReviewServiceImpl.java (VDB-218476) Critical SQL Injection Vulnerability in viakondratiuk cash-machine (VDB-218896) Stack-based Buffer Overflow Vulnerability in Opto 22 PAC Project Professional, PAC Project Basic, PAC Display Basic, PAC Display Professional, OptoOPCServer, and OptoDataLink Critical SQL Injection Vulnerability in copperwall Twiddit (VDB-218897) Vulnerability in gitter-badger ezpublish-modern-legacy: Weak Password Recovery in kernel/user/forgotpassword.php (VDB-218951) Cross-Site Scripting (XSS) Vulnerability in NREL api-umbrella-web 0.7.1 Cross-Site Scripting (XSS) Vulnerability in tinymighty WikiSEO 1.2.1 on MediaWiki Cross-Site Scripting (XSS) Vulnerability in OpenSeaMap Online Chart 1.2 Cross-Site Scripting (XSS) Vulnerability in Custom-Content-Width 1.0 Critical SQL Injection Vulnerability in dimtion Shaarlier up to 1.2.2 Critical SQL Injection Vulnerability in webbuilders-group silverstripe-kapost-bridge 0.3.3 (CVE-2021-220471) Cross Site Scripting (XSS) Vulnerability in atwellpub Resend Welcome Email Plugin 1.0.1 on WordPress Cross Site Scripting (XSS) Vulnerability in juju2143 WalrusIRC 0.0.2 Emerson AMS Device Manager before 13 SQL Injection Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in NREL api-umbrella-web 0.7.1 Cross-Site Request Forgery Vulnerability in arnoldle submitByMailPlugin 1.0b2.9 XML External Entity (XXE) Reference Vulnerability in libplist 1.12 Critical Vulnerability in harrystech Dynosaur-Rails: Improper Authentication in basic_auth Critical SQL Injection Vulnerability in irontec klear-library chloe Denial of Service Vulnerability in GoPistolet (VDB-221506) Critical SQL Injection Vulnerability in OpenCycleCompass Server-PHP (VDB-221808) Unrestricted Upload Vulnerability in UpThemes Theme DesignFolio Plus 1.2 Critical Format String Vulnerability in ayttm up to 0.5.0.89 (CVE-2021-222267) Remote Cross Site Scripting Vulnerability in flame.js Cleartext Password Storage Vulnerability in Schneider Electric InduSoft Web Studio and Wonderware InTouch Machine Edition Cross-Site Scripting (XSS) Vulnerability in Landing Pages Plugin up to 1.8.7 on WordPress Critical SQL Injection Vulnerability in ByWater Solutions Bywater-Koha-XSLT (VDB-222322) Cross-Site Scripting (XSS) Vulnerability in Qtranslate Slug Plugin up to 1.1.16 on WordPress Cross-Site Scripting (XSS) Vulnerability in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress Cross-Site Scripting (XSS) Vulnerability in Fastly Plugin up to 0.97 on WordPress (VDB-222326) Cross-Site Scripting (XSS) Vulnerability in woo-popup Plugin up to 1.2.2 on WordPress Critical Command Injection Vulnerability in Zarthus IRC Twitter Announcer Bot up to 1.1.0 Critical SQL Injection Vulnerability in grinnellplans-php up to 3.0 (CVE-2021-223801) Cross-Site Scripting (XSS) Vulnerability in Broken Link Checker Plugin up to 1.10.5 on WordPress Critical SQL Injection Vulnerability in CP Appointment Calendar Plugin up to 1.1.5 on WordPress Insecure Credential Encryption in Rockwell Automation RSView32 7.60.00 and Earlier Critical SQL Injection Vulnerability in Dynamic Widgets Plugin up to 1.5.10 on WordPress (VDB-225353) Cross-Site Scripting (XSS) Vulnerability in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress Critical Open Redirect Vulnerability in Freshdesk Plugin 1.7 on WordPress (VDB-226118) Infinite Loop Vulnerability in InternalError503 Forget It up to 1.3 Open Redirect Vulnerability in Icons for Features Plugin 1.0.0 on WordPress Critical Path Traversal Vulnerability in IP Blacklist Cloud Plugin up to 3.42 on WordPress Critical SQL Injection Vulnerability in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3 (Unsupported) Cross-Site Scripting (XSS) Vulnerability in Simplr Registration Form Plus+ Plugin up to 2.3.4 Cross-Site Request Forgery (CSRF) Vulnerability in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress Cross-Site Request Forgery Vulnerability in Video Playlist and Gallery Plugin up to 1.136 on WordPress Hardcoded Credentials Vulnerability in Hospira LifeCare PCA Infusion System Cross-Site Scripting (XSS) Vulnerability in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress Critical SQL Injection Vulnerability in Watu Quiz Plugin up to 2.6.7 on WordPress Open Redirect Vulnerability in WooFramework Branding Plugin up to 1.0.1 on WordPress Open Redirect Vulnerability in WooFramework Tweaks Plugin up to 1.0.1 on WordPress Open Redirect Vulnerability in WooSidebars Plugin up to 1.4.1 on WordPress Open Redirect Vulnerability in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 Cross-Site Request Forgery Vulnerability in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress Cross-Site Scripting Vulnerability in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress Cross-Site Scripting (XSS) Vulnerability in cchetanonline WP-CopyProtect up to 3.0.0 Cross-Site Scripting (XSS) Vulnerability in View All Posts Page Plugin up to 0.9.0 on WordPress Plain Text Storage of Wireless Keys in Hospira LifeCare PCA Infusion System v5 Cross-Site Scripting (XSS) Vulnerability in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress Cross-Site Scripting (XSS) Vulnerability in Beeliked Microsite Plugin up to 1.0.1 on WordPress Critical SQL Injection Vulnerability in wp-donate Plugin up to 1.4 on WordPress Buffer Overflow Vulnerability in Web-Based Management Allows Unauthorized Access Critical SQL Injection Vulnerability in Most Popular Posts Widget Plugin up to 0.8 on WordPress (VDB-241026) Cross-Site Request Forgery Vulnerability in WP Ultimate CSV Importer Plugin 3.7.2 Critical SQL Injection Vulnerability in Easy2Map Photos Plugin 1.0.1 on WordPress Cross-Site Scripting Vulnerability in PlusCaptcha Plugin up to 2.0.6 on WordPress Cross-Site Scripting (XSS) Vulnerability in rt-prettyphoto Plugin up to 1.2 on WordPress Incorrect Comparison Vulnerability in planet-freo up to 20150116 (VDB-252716) PI SQL (AF) Trusted Users Group Allows Bypass of Command Restrictions Cross-Site Request Forgery Vulnerability in Team Circle Image Slider With Lightbox Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in chrisy TFO Graphviz Plugin up to 1.9 on WordPress Cross-Site Scripting (XSS) Vulnerability in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 DLL File Loading Vulnerability in Schneider Electric OFS v3.5 with Vijeo Citect/CitectSCADA Reversible Password Storage Vulnerability in Omron CX-One CX-Programmer and PLC Devices Cross-Site Scripting (XSS) Vulnerabilities in ZOHO ManageEngine ADManager Plus Vulnerability: Silent HTTP Downgrade and Man-in-the-Middle Attacks in Percona Toolkit and Xtrabackup Multiple Cross-Site Scripting (XSS) Vulnerabilities in D-Link DSL-2730B Router (rev C1) Firmware GE_1.01 Privilege Escalation and Information Disclosure via Prepopulated Fact Cache in puppetlabs-stdlib Module Memory Leak in Privoxy's rfc2553_connect_to Function Use-after-free vulnerabilities in Privoxy before 3.0.22 Arbitrary Script Injection in Kiwix before 0.9.1 via pattern parameter Arbitrary File Write Vulnerability in p7zip 9.20.1 Arbitrary Script Injection in ZF-Commons ZfcUser User Login Multiple Cross-Site Scripting (XSS) Vulnerabilities in BEdita 3.4.0 Administrative Backend Arbitrary Script Injection in e107 1.0.4 File Manager (e107_admin/filemanager.php) Open Redirect and Phishing Vulnerability in MantisBT 1.2.0a3 through 1.2.18 Denial of Service Vulnerability in VMware Workstation, Player, and Fusion Denial of Service Vulnerability in VMware Workstation, Player, and ESXi Denial of Service Vulnerability in VMware vCenter Server 5.0, 5.1, and 5.5 Open Redirect Vulnerability in Siemens SIMATIC S7-1200 CPU Devices with Firmware Before 4.1 Session Hijacking Vulnerability in Siemens SCALANCE X-200IRT Switches Arbitrary Script Injection in F5 BIG-IP Application Security Manager (ASM) Open Redirect Vulnerability in Context UI Module in Drupal Arbitrary Web Script Injection in PHPKIT 1.6.6 (Build 160014) Poll Archive Arbitrary Web Script Injection in Croogo Administrative Backend Crea8Social 2.0 Games Feature XSS Vulnerability SQL Injection Vulnerability in Photo Gallery Plugin 1.2.7 for WordPress Arbitrary Web Script Injection in Brother MFC-J4410DW Printer Firmware Arbitrary Script Injection in e107 2.0.0 via Real Name Field Multiple Cross-Site Scripting (XSS) Vulnerabilities in AdaptCMS 3.0.3 Arbitrary PHP Code Execution via Unrestricted File Upload in AdaptCMS 3.0.3 Open Redirect Vulnerability in AdaptCMS 3.0.3 Allows Remote Attackers to Conduct Phishing Attacks Type Confusion Vulnerability in IOSurface Arbitrary Folder Creation Vulnerability in MobileStorageMounter Denial of Service Vulnerability in CoreTelephony on Apple iOS Activation Bypass Vulnerability in Apple iOS Springboard Buffer overflow vulnerabilities in iCloud Keychain: Exploiting data stream manipulation for code execution IOAcceleratorFamily Privilege Escalation Vulnerability Insecure TLS State Transitions Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Inconsistent URL Display Vulnerability in WebKit Passcode Confirmation Interface Vulnerability in Apple iOS Privilege Escalation via Crafted App in Apple iOS and Apple TV Audio Drivers Apple iOS Backup Directory Traversal Vulnerability Arbitrary Code Execution via Crafted Web Site in Apple iOS and OS X Cookie Handling Vulnerability in CFNetwork in Apple iOS and OS X CFNetwork in Apple iOS before 8.3 does not clear HSTS state information, leading to sensitive information exposure Bypassing Same Origin Policy via CFNetwork Session Component in Apple iOS and OS X XML External Entity (XXE) vulnerability in NSXMLParser in Apple iOS before 8.3 and Apple TV before 7.2 allows remote file read access FontParser Memory Corruption Vulnerability Kernel Memory Disclosure Vulnerability in IOAcceleratorFamily HID Device Crafted Code Execution Vulnerability Kernel Memory Disclosure Vulnerability in Apple iOS, OS X, and Apple TV Information Disclosure Vulnerability in IOMobileFramebuffer in Apple iOS and Apple TV iWork File Memory Corruption Vulnerability Race condition vulnerability in setreuid system-call implementation in Apple iOS, OS X, and Apple TV allows for denial of service via a crafted app. Out-of-bounds Memory Access Vulnerability in Apple iOS, OS X, and Apple TV Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, OS X, and Apple TV TCP Header Denial of Service Vulnerability ICMP Redirect Vulnerability in Apple iOS, OS X, and Apple TV IPv6 Packet Spoofing Vulnerability Urgent Data Denial of Service Vulnerability in Apple iOS, OS X, and Apple TV Passcode Disclosure Vulnerability in Apple iOS Keyboards Subsystem Lock Screen Passcode Guessing Vulnerability Lock Screen Passcode Bypass Vulnerability in Apple iOS Credential Exposure in NetworkExtension VPN Configuration Logs Information Disclosure Vulnerability in Apple iOS and Apple TV Podcasts Component Safari iOS 8.3 Vulnerability: Recently Closed Tabs Data Not Cleared Information Disclosure Vulnerability in Apple Safari Information Disclosure Vulnerability in iOS Sandbox Profiles Information Disclosure Vulnerability in Apple iOS and Apple TV Sandbox Profiles Sandbox Bypass Vulnerability in Apple iOS Telephony Component Unblurred Application Snapshots Vulnerability in iOS Task Switcher Privilege Escalation Vulnerability in Apple iOS, OS X, and Apple TV Memory Corruption and Application Crash Vulnerability in libnetcore Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Tap Association Vulnerability in WebKit FTP URL userinfo Field Handling Vulnerability in WebKit Sensitive Information Disclosure in Safari's Private Browsing Implementation Sensitive Browsing-History Information Disclosure via Push-Notification Requests in Apple Safari Improper X.509 Client Certificate Selection in Apple Safari XPC Implementation Vulnerability in Apple OS X Admin Framework Privilege Escalation Vulnerability in Apple Type Services (ATS) in Apple OS X Privilege Escalation Vulnerability in Apple Type Services (ATS) in Apple OS X before 10.10.3 Privilege Escalation Vulnerability in Apple Type Services (ATS) in Apple OS X before 10.10.3 Privilege Escalation Vulnerability in Apple Type Services (ATS) in Apple OS X before 10.10.3 Privilege Escalation Vulnerability in Apple Type Services (ATS) in Apple OS X CoreAnimation Use-After-Free Vulnerability in Apple OS X NVIDIA Graphics Driver Privilege Escalation Vulnerability in Apple OS X Unspecified Denial of Service Vulnerability in Apple OS X Hypervisor Arbitrary Code Execution and Memory Corruption Vulnerability in ImageIO on Apple OS X Buffer Overflow Vulnerability in IOHIDFamily in Apple OS X Denial of Service Vulnerability in Apple OS X Mach_vm_read Functionality Denial of Service Vulnerability in LaunchServices in Apple OS X Vulnerability: Ethernet Flow Control Pause Frame Injection in SR-IOV Cards Privilege Escalation via Crafted Localized String in LaunchServices Buffer Overflow in UniformTypeIdentifiers Component in Apple OS X Code Signing Validation Bypass Vulnerability in Apple OS X Code Signing Validation Bypass Vulnerability in Apple OS X Unencrypted Password-Change Requests in Open Directory Client in Apple OS X Password Exposure in Apple OS X Screen Sharing Log File Integer Overflow Vulnerability in Swift Simulator in Apple Xcode Incorrect Pathname in Apple OS X Server Firewall Configuration Files Allows Remote Bypass of Network-Access Restrictions Bypassing Activity and People Page Restrictions in Apple OS X Server Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Same Origin Policy Bypass in WebKit Same Origin Policy Bypass in WebKit Denial of Service and Messaging Disruption Vulnerability in Apple iOS 8.x through 8.3 Data Corruption and Arbitrary Code Execution Vulnerability in CUPS Arbitrary Web Script Injection in CUPS Template Engine Open Redirect Vulnerability in serve-static Plugin for Node.js Sensitive Data Exposure in RT (Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 LDAP Injection Vulnerability in Apereo Central Authentication Service (CAS) Server Privilege Escalation Vulnerability in NVIDIA Display Driver Remote Code Execution Vulnerability in GSM SIM Utility 6.6 via Long .sms File Entry Arbitrary PHP Code Execution via Unrestricted File Upload in Holding Pattern WordPress Theme Improper Access Restriction in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 Session Fixation Vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and Earlier: Remote Session Hijacking Arbitrary Web Script Injection Vulnerability in PrestaShop Blocklayered Module Arbitrary Web Script Injection in osTicket 1.9.5 and Earlier Exponent CMS 2.3.2 XSS Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in X-Cart 5.1.8 and Earlier via cart.php Arbitrary Web Script Injection in Mango Automation 2.4.0 and Earlier Arbitrary Script Injection in EventSentry Web Reports Denial of Service and Arbitrary Code Execution Vulnerability in PolarSSL's asn1_get_sequence_of Function Arbitrary Code Execution Vulnerability in D-Link and TRENDnet Ping Tool Remote Access to Management Functions in Swisscom Centro Grande (ADB) DSL Routers Directory Traversal Vulnerabilities in pigz 2.3.1: Arbitrary File Write Absolute Path Traversal Vulnerability in KGB 1.0b4 Allows Remote File Write Directory Traversal Vulnerabilities in pax 1:20140703 Remote File Write Vulnerability in pax 1:20140703 Arbitrary File Read/Delete Vulnerability in OpenStack Glance API Symlink Attack Vulnerability in GNU Patch 2.7.1 Symlink Attack Vulnerability in cpio 2.11 with --no-absolute-filenames Option Multiple Directory Traversal Vulnerabilities in HA 0.999p+dfsg-5 PPMD 10.1-5 Directory Traversal Vulnerability Weak File Permission Vulnerability in pxz 4.999.99 Beta 3 Denial of Service Vulnerability in Privoxy before 3.0.22 Arbitrary Script Injection in WP Slimstat Plugin's Save Filters Functionality Unspecified Vulnerabilities in Google Chrome Before 40.0.2214.91 Heap-based Buffer Overflow in Google Chrome: Denial of Service via Crafted MP4 File Double-Free Vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 Integer Underflow Vulnerability in FFmpeg's mov_read_default Function Use-after-free vulnerability in VisibleSelection::nonBoundaryShadowTreeRootNode function in Blink Bypassing Same Origin Policy via V8ThrowException::createDOMException Vulnerability Privilege Escalation via ServiceWorker Registration in Google Chrome Unspecified Vulnerabilities in Google Chrome before 40.0.2214.111 Out-of-Bounds Write Vulnerability in SkBitmap::ReadRawPixels Function in Skia Integer Overflow in Skia's SkAutoSTArray Implementation Out-of-Bounds Write Vulnerability in Skia Filters Implementation Use-after-free vulnerability in V8Window::namedPropertyGetterCustom function in Blink Type Confusion Vulnerability in V8LazyEventListener::prepareListenerObject Function Use-after-free vulnerabilities in DOM implementation in Blink Integer Overflow in SkMallocPixelRef::NewAllocate Function in Skia Use-after-free vulnerability in GIFImageReader::parseData function in Blink Use-after-free vulnerability in Blink leading to denial of service or other impact in Google Chrome Use-after-free vulnerabilities in ServiceWorkerScriptCacheMap implementation in Google Chrome Use-after-free vulnerabilities in Blink's DOM implementation in Google Chrome before 41.0.2272.76 Out-of-bounds read vulnerability in VpxVideoDecoder::VpxDecode function in Google Chrome Out-of-Bounds Read Vulnerability in PDFium Improper URL Restriction in Google Chrome Debugger API Allows Remote Bypass Uninitialized Memory in DragImage::create Function in Blink Denial of Service Vulnerability in RenderCounter::updateCounter Function in Blink Improper Handling of 407 Proxy Authentication Required Status Code in Google Chrome Allows for Cookie-Injection Attacks Type Confusion Vulnerability in Blink's getHiddenProperty Function Unspecified Vulnerabilities in Google Chrome before 41.0.2272.76 Out-of-bounds Write Vulnerability in Google Chrome MidiManagerUsb::DispatchSendMidiData Function Arbitrary Code Execution Vulnerability in Google Chrome Race condition vulnerability in Google Chrome before 41.0.2272.118 allows remote attackers to cause denial of service or other impact via manipulated OpenGL ES commands Bypassing Same Origin Policy via Crafted HTML Document with IFRAME Element in Blink Bypassing Same Origin Policy in Web Audio API Implementation in Google Chrome Use-after-free vulnerability in Google Chrome allows remote attackers to cause denial of service or unspecified impact via renderer IPC messages during a detach operation Out-of-Bounds Write Vulnerability in Skia Library Double Free Vulnerability in OpenJPEG Allows Remote Denial of Service in Google Chrome Out-of-Bounds Read Vulnerability in Google Chrome WebGL Implementation Tapjacking Vulnerability in Google Chrome Type Confusion Vulnerability in Google V8 Engine Use-after-free vulnerability in MutationObserver::disconnect function in Blink Insecure WebSocket Traffic in Google Chrome OpenPDFInReaderView::Update Use-After-Free Vulnerability in Google Chrome Denial of Service Vulnerability in Blink OpenSearch Descriptor XML File Disclosure Vulnerability in Google Chrome Bypassing SafeBrowsing Protection in Google Chrome's FileSystem API Unspecified Vulnerabilities in Google Chrome before 42.0.2311.90 Unspecified Vulnerabilities in Google Chrome before 42.0.2311.135 SpeechRecognitionClient Use-After-Free Vulnerability in Google Chrome Out-of-bounds Write Vulnerability in Google Chrome Partial Circular Buffer Bypassing Same Origin Policy via SCRIPT Element in Blink DOM Implementation Bypassing Same Origin Policy through designMode Inheritance in Blink Use-after-free vulnerability in WebAudio implementation in Google Chrome before 43.0.2357.65 Use-after-free vulnerability in SVG implementation in Blink Insufficient Value Handling in feColorMatrix Filter in Blink Denial of Service Vulnerability in Google Chrome's libvpx Code Memory Initialization Vulnerability in PDFium Use-after-free vulnerabilities in WebRTC implementation in Google Chrome URL Bar Spoofing Vulnerability in Google Chrome for Android Uninitialized Width Field Vulnerability in HarfBuzzShaper.cpp Insecure Spellcheck API Implementation in Google Chrome Arbitrary Script Injection Vulnerability in Google Chrome Bookmarks Feature Unspecified Vulnerabilities in Google Chrome before 43.0.2357.65 Improper URL Scheme Validation in Google Chrome WebUI Controller Factory Same Origin Policy Bypass in Blink Public API Bypassing Same Origin Policy in Blink's v8_types.py Improper Canonicalization of DNS Hostnames in Google Chrome Denial of Service and Memory Read Vulnerability in ICU Heap-based Buffer Overflow in PDFium GPU Process Use-After-Free Vulnerability in Google Chrome Heap-based Buffer Overflow in OpenJPEG: Remote Code Execution in Google Chrome Arbitrary Code Execution via Auto-Open List in Google Chrome Universal Cross-Site Scripting (UXSS) Vulnerability in Google Chrome for Android Use-after-free vulnerability in IndexedDB implementation in Google Chrome before 44.0.2403.89 Google Chrome Use-After-Free Vulnerability in Accessibility Implementation Unpatched Chrome Version Allows URL Spoofing via Crafted PDF Document Integer Overflow in PDFium's CJBig2_Image::expand Function Memory Corruption Vulnerability in SkPictureShader.cpp in Skia Bypassing Content Security Policy (CSP) restrictions in Blink Use-after-free vulnerabilities in PDFium's Document.cpp can lead to denial of service or other unspecified impacts Integer overflows in XML_GetBuffer function in Expat: Remote Code Execution Vulnerability Denial of Service and Use-After-Free Vulnerability in Blink's LocalFrame::isURLAllowed Function XSS Auditor Truncation Vulnerability Universal XSS (UXSS) vulnerability in Google Chrome before 44.0.2403.89 Same Origin Policy Bypass in Blink Insecure Spellcheck API Implementation in Google Chrome Unspecified Vulnerabilities in Google Chrome before 44.0.2403.89 Remote Code Execution Vulnerability in Google V8 Engine Bypassing Same Origin Policy and DOM Tree Corruption in ContainerNode::parserRemoveChild Function in Blink Bypassing Same Origin Policy by Accessing Service Worker in Blink Bypassing Same Origin Policy in Blink DOM Implementation Skia Use-After-Free Vulnerability in SkMatrix::invertNonIdentity Function Multiple use-after-free vulnerabilities in PrintWebViewHelper class in Google Chrome Unicode LOCK Character Spoofing Vulnerability in Google Chrome Bypassing Access Restrictions in Google Chrome WebRequest API Arbitrary URL Access Vulnerability in Google Chrome Use-after-free vulnerability in shared-timer implementation in Blink Information Disclosure Vulnerability in Blink's FrameFetchContext Unspecified Vulnerabilities in Google Chrome before 45.0.2454.85 PDF Viewer Same Origin Policy Bypass in Google Chrome Cross-Context Exception Bypass in Blink Bypassing Same Origin Policy via object-observe.js in Google V8 Arbitrary Memory Write Vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) Arbitrary File Read Vulnerability in Sympa Newsletter Posting Area Plasma Workspace Password Disclosure Vulnerability X Server Input Event Leakage Vulnerability XML External Entity (XXE) Vulnerability in SAP NetWeaver AS ABAP 7.31 and Earlier SQL Injection Vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) (SAP Note 2113333) Arbitrary ABAP Code Injection Vulnerability in SAP HANA Extended Application Services (XS) SAP ERP Dealer Portal Access Restriction Vulnerability Account Creation Bypass in JetBrains TeamCity 8 and 9 USAA Mobile Banking App for Android Vulnerability: Account Information Exposure Buffer Overflow in charset_to_intern function in Info-Zip UnZip 6.10b Insecure SSH Key Upload in Juju Core's Joyent Provider (<=1.25.5) Oxide Use-After-Free Vulnerability in RenderProcessHost Privilege Escalation via Crafted Apport File in Namespace Screen Lock Bypass Vulnerability in Unity Settings Daemon SeaMicro Provisioning Vulnerability: Credential Logging in Ubuntu MAAS (Versions Prior to 1.9.2) File Picker Use-After-Free Vulnerability in Oxide Directory Traversal Vulnerability in Ubuntu Network-Manager Package Local Privilege Escalation in aptdaemon Arbitrary File Write and Privilege Escalation in Apport Race condition vulnerability in Apport allows local users to gain root privileges and write to arbitrary files Arbitrary Code Execution via python-dbusmock AddTemplate() Method Insecure DBUS API in Content Hub allows unauthorized file transfers Privilege Escalation Vulnerability in Linux OverlayFS Implementation Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt allows remote code execution Unauthenticated Package Execution Vulnerability in unattended-upgrades Arbitrary File Creation Vulnerability in LXC 1.1.2 and Earlier Remote Code Execution Vulnerability in oxide-qt's JavaScriptDialogManager Function Memory Leak in Linux Kernel's __key_link_end Function Allows Denial of Service Vulnerability: Container Escape via Crafted AppArmor or SELinux Profile Symlink Attack Vulnerability in LXC Privilege Escalation via Insecure chown in Man-db Cleanup Job GPG Signature Verification Vulnerability in Simple Streams (simplestreams) Denial of Service and Privilege Escalation via Symlink and Hard Link Attacks on kernel_crashdump in Apport Memory Leak in cuse_channel_release Function in Linux Kernel Race Condition Vulnerability in LXD's doUidshiftIntoContainer() Function Arbitrary Python Module Import Vulnerability in Apport Directory Escape Vulnerability in LXCFS before 0.12 Unity-Scope-GDrive Vulnerability: Search Term Logging to Syslog Privilege Escalation via Insecure Permission Check in LXCFS Out-of-Bounds Heap Read Vulnerability in grep's bmexec_trans Function Unspecified Vulnerabilities in Google V8 and Google Chrome Arbitrary Web Script Injection Vulnerability in osTicket before 1.9.5.1 Aruba Instant (IAP) Firmware Heap-based Buffer Overflow Vulnerability Denial of Service Vulnerability in ISC BIND DNSSEC Validation Incomplete Requirements for setattr Operations in Linux Kernel 3.x Allows Capability Stripping Denial of Service Vulnerability Use-after-free vulnerability in _zend_shared_memdup function in OPcache extension in PHP through 5.6.7 NULL Pointer Dereference and Application Crash in PostgreSQL Extension in PHP Weak Password-Hash Algorithm in Siemens SIMATIC STEP 7 (TIA Portal) Allows for Cleartext Password Retrieval Arbitrary Authorization Data Injection in Siemens SIMATIC STEP 7 (TIA Portal) Password Hash Disclosure in Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx, and WIN72xx Devices Insecure Credential Encryption in Siemens SIMATIC WinCC (TIA Portal) and SIMATIC WinCC flexible Multiple Off-by-One Errors in PDFium Font Handling Skia Buffer Over-read Vulnerability in Google Chrome Uninitialized Variable in ImageFrame.h in Blink Buffer Overflow in Customize 35mm Tab in Two Pilots Exif Pilot 4.7.2 Arbitrary Script Injection Vulnerability in Free Reprintables ArticleFR 3.0.5 SQL Injection Vulnerability in Free Reprintables ArticleFR 3.0.5: Remote Code Execution via getProfile Function Directory Traversal Vulnerability in Pixabay Images Plugin for WordPress Arbitrary Code Injection through Pixabay Images Plugin in WordPress SQL Injection Vulnerability in CatBot 0.4.2: Remote Code Execution via lastcatbot Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 SQL Injection Vulnerability in Sequelize: Remote Command Execution via Order Parameter Incomplete Blacklist Vulnerability in Marked 0.3.2 and Earlier: Remote Cross-Site Scripting (XSS) via vbscript Tag Arbitrary Code Execution via Unrestricted File Upload in ferretCMS 1.0.4-alpha SQL Injection Vulnerability in ferretCMS 1.0.4-alpha: Remote Code Execution via admin.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in ferretCMS 1.0.4-alpha Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in ferretCMS 1.0.4-alpha: Remote Authentication Hijacking and Attack Vector Exploitation Arbitrary File Write Vulnerability in Pixabay Images Plugin for WordPress Arbitrary File Write Vulnerability in Pixabay Images Plugin Local File Disclosure Vulnerability in Webmin 1.720 Insecure Sourcing of cmdlineopts.clp in grml-debootstrap Denial of Service Vulnerability in socat Signal Handler Implementations Denial of Service Vulnerability in Privoxy 3.0.23 Unspecified Denial of Service Vulnerabilities in Privoxy Denial of Service Vulnerability in Privoxy Parsers.c Arbitrary Script Injection in Geo Mashup Plugin's Geo Search Widget Arbitrary Script Injection in Banner Effect Header Plugin for WordPress Blubrry PowerPress Podcasting Plugin XSS Vulnerability Unshield 1.0-1 Directory Traversal Vulnerability ArubaOS Remote Access Point (RAP) Console Arbitrary Command Execution Vulnerability Aruba Networks ClearPass Policy Manager (CPPM) XSS Vulnerability in tipsLoginSubmit.action Aruba AirWave XSS Vulnerability in Administrator Interface CSRF Protection Bypass in Aruba AirWave before 8.0.7 Aruba Networks ClearPass Policy Manager (CPPM) Multiple SQL Injection Vulnerabilities SQL Injection Vulnerability in Photo Gallery Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in WordPress Photo Gallery Plugin Directory Traversal Vulnerability in GNU Patch Versions Allowing Arbitrary File Write Directory Traversal Vulnerability in GNU Patch before 2.7.4 Allows Arbitrary File Write Arbitrary SQL Command Execution in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 Directory Traversal Vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 Arbitrary PHP Code Execution via Remote File Inclusion in Magento CE/EE 1.9.1.0 and 1.14.1.0 SQL Injection Vulnerability in NPDS Revolution 13 search.php LDAP / SSO Authentication Extension 2.0.0 for TYPO3 - Improper Authentication Vulnerability Arbitrary Web Script Injection Vulnerability in TYPO3 Content Rating Extension Arbitrary SQL Command Execution in TYPO3 Content Rating Extension Arbitrary Web Script Injection in TYPO3 Content Rating Extbase Extension Arbitrary SQL Command Execution Vulnerability in Content Rating Extbase Extension for TYPO3 Integer Overflow Vulnerability in FreeBSD IGMP Packet Handling World-readable permissions on GELI keyfile in FreeBSD 10.x before 10.1 p9 Arbitrary Command Execution Vulnerability in Larry Wall's Patch Denial of Service Vulnerability in FreeBSD's inet Module with VNET Enabled Arbitrary Command Execution via Crafted Patch File in GNU Patch and FreeBSD Patch Bypassing Access Restrictions in vsftpd 3.0.2 and Earlier Race condition vulnerability in handle_to_path function in Linux kernel through 3.19.1 allows local users to bypass size restrictions and trigger unauthorized read operations Linux Kernel SCTP Use-After-Free Vulnerability Gecko CMS 2.2 and 2.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities SQL Injection Vulnerabilities in Gecko CMS 2.2 and 2.3 Gecko CMS 2.2 and 2.3 Cross-Site Request Forgery (CSRF) Vulnerability in Admin User Addition Multiple Input Validation Vulnerabilities in JAKWEB Gecko CMS Local Privilege Escalation Vulnerability in Puppet Labs Facter 1.6.0 through 2.4.0 Remote Code Execution Vulnerability in Elasticsearch Groovy Scripting Engine Multiple SQL Injection Vulnerabilities in Sefrengo before 1.6.2 Arbitrary File Download Vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 Critical Buffer Overflow Vulnerability in Xymon 4.3.17-1 Arbitrary Web Script Injection in phpBB includes/startup.php (CVE-2015-3414) CSRF Vulnerability in phpBB's message_options Function Cross-Site Scripting (XSS) vulnerability in Roundcube before 1.0.5 via unquoted strings in rcube_washtml.php Multiple SQL Injection Vulnerabilities in My Little Forum before 2.3.4 Arbitrary Web Script Injection Vulnerability in My Little Forum Arbitrary Script Injection in Easing Slider Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Asus RT-N10+ D1 Router Firmware 2.1.1.1.70 Heap-based Buffer Overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 Arbitrary SQL Command Execution in Piwigo Versions Before 2.7.3 SQL Injection Vulnerability in ZeroCMS Administrative Backend Arbitrary Code Execution Vulnerability in fli4l httpd Package Multiple Cross-Site Scripting (XSS) Vulnerabilities in fli4l Web Administration Frontend HTTP Header Injection Vulnerability in fli4l Package Authentication Bypass Vulnerability in Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx, and WIN72xx Devices Buffer Overflow Vulnerability in Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx, and WIN72xx Devices SQL Injection Vulnerability in Restaurant Biller: Remote Code Execution via cid Parameter Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiOS 5.0 Patch 7 Build 4457 Denial of Service Vulnerability in Fortinet FortiOS 5.0 Patch 7 build 4457 Hardcoded Encryption Key Vulnerability in Fortinet FortiClient 5.2.3.091 for Android Certificate Validation Vulnerability in Blue Coat ProxyClient and Unified Agent Vulnerability: Weak Default Passwords in Fortinet FortiAuthenticator 3.0.0 Cleartext Logging Vulnerability in Fortinet FortiAuthenticator 3.0.0 Arbitrary File Read Vulnerability in Fortinet FortiAuthenticator 3.0.0 Privilege Escalation via Shell Access in Fortinet FortiAuthenticator 3.0.0 Arbitrary Web Script Injection Vulnerability in Fortinet FortiAuthenticator 3.0.0 Remote Privilege Escalation Vulnerability in Huawei Quidway Switches Heap Out of Bounds Vulnerability in ClamAV Heap Out of Bounds Vulnerability in ClamAV before 0.98.6 Denial of Service Vulnerability in ClamAV Petite Packer File Handling Session Hijacking Vulnerability in RT (Request Tracker) Versions 4.0.23 and 4.2.x IPv4 Implementation Vulnerability in Linux Kernel SQL Injection Vulnerabilities in Translations in Fork CMS before 3.8.6 Privilege Escalation via Cookie Manipulation in SerVision HVG Video Gateway Devices SQL Injection Vulnerability in Pragyan CMS 3.0 User Profile Library Buffer overflow vulnerability in ADDW macro in GNU C Library (glibc) before 2.21 Buffer Overflow Vulnerability in glibc's ADDW Macro Integer overflows in GraphicBuffer::unflatten function in Android through 5.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in My Little Forum Multiple SQL Injection Vulnerabilities in Xlinkerz EcommerceMajor SQL Injection Vulnerability in CMSJunkie J-ClassifiedsManager Component for Joomla! Arbitrary Web Script Injection Vulnerability in CMSJunkie J-ClassifiedsManager Component for Joomla! Arbitrary SQL Command Execution in ZOHO ManageEngine ServiceDesk Plus (SDP) Information Disclosure Vulnerability in ZOHO ManageEngine ServiceDesk Plus (SDP) Privilege Escalation via Superuser Account Creation in Ansible Tower Authentication Bypass and Information Disclosure in Ansible Tower (aka Ansible UI) Arbitrary JavaScript Code Execution Vulnerability in Symantec NetBackup OpsCenter Unquoted Windows Search Path Vulnerability in Symantec Workspace Streaming Agent CSRF Vulnerability in Symantec Data Loss Prevention Administration Console Authentication Bypass Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 Arbitrary File Write Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 Arbitrary File Read Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 Privilege Escalation Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 Directory Traversal Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 SQL Injection Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 Untrusted Search Path Vulnerability in Symantec Endpoint Protection Client Directory Traversal Vulnerability in Moodle Allows Remote File Read Cross-Site Scripting (XSS) Vulnerability in FancyBox for WordPress Plugin Stack-based Buffer Overflow in Motorola Scanner SDK Weak Permissions in Motorola Scanner SDK Allow Local Privilege Escalation Arbitrary Command Execution in Persistent Systems Radia Client Automation (RCA) Improper Access Restriction in Persistent Systems Radia Client Automation Arbitrary File Deletion Vulnerability in Samsung Security Manager (SSM) Stack-based buffer overflow vulnerabilities in SolarWinds Server and Application Monitor (SAM) - TSUnicodeGraphEditorControl Arbitrary Code Execution Vulnerability in SolarWinds SAM via UNC Path Directory Traversal Vulnerabilities in IceWarp Mail Server before 11.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in FancyFon FAMOC before 3.17.4 SQL Injection Vulnerability in SIPhone Enterprise PBX SQL Injection Vulnerabilities in FancyFon FAMOC before 3.17.4 Arbitrary Memory Write Vulnerability in SoftSphere DefenseWall Personal Firewall 3.24 Polycom RealPresence CloudAXIS Suite XSS Vulnerability SQL Injection Vulnerability in Piwigo before 2.7.4 Allows Remote Authenticated Users to Execute Arbitrary SQL Commands Arbitrary SQL Command Execution in Redaxscript before 2.3.0 Denial of Service Vulnerability in Bro Analyzer/Protocol/DNP3 Buffer Overflow Vulnerability in Bro Analyzer/Protocol/DNP3 Denial of Service Vulnerability in Android AudioPolicyManagerBase.cpp Denial of Service Vulnerability in Android Media Server Component Android Integer Overflow Privilege Escalation Vulnerability Integer Overflow in native_handle_create Function in Android Denial of Service Vulnerability in Android SoundTrigger Service Integer Overflow Vulnerability in Android's IAudioPolicyService.cpp Integer Overflow in Bitmap_createFromParcel Function in Android Arbitrary Code Execution via Integer Overflow in Android's media_server Component Integer Overflow in libstagefright: Remote Code Execution Vulnerability Integer underflows in ESDS::parseESDescriptor function in libstagefright in Android before 5.1.1 LMY48I URI Permission Bypass Vulnerability in Android Settings Application OpenLDAP Remote Denial of Service Vulnerability Double Free Vulnerability in OpenLDAP 2.4.40's get_vrFilter Function Denial of Service Vulnerability in LibTIFF's NeXTDecode Function Out-of-Bounds Read Vulnerability in mini_httpd 1.21 and Earlier Aruba Networks ClearPass Policy Manager (CPPM) Directory Traversal Vulnerability Aruba Networks ClearPass Policy Manager (CPPM) Directory Traversal Vulnerability KGB-Bot 1.33-2 Denial of Service Vulnerability Session Hijacking Vulnerability in Zend Framework 2.2.x and 2.3.x Denial of Service via RTP Port Reclamation Vulnerability in Asterisk Open Source 12.x and 13.x Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Epignosis eFront Open Source Edition before 3.6.15.3 SQL Injection Vulnerability in Centreon's isUserAdmin Function Arbitrary Command Execution in Centreon 2.5.4 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Saurus CMS 4.7.0 ARM GIC Distributor Virtualization Denial of Service Vulnerability Arbitrary Script Injection in Plain Black WebGUI 7.10.29 and Earlier Arbitrary Code Injection through Cross-Site Scripting (XSS) in Hitachi Device Manager and Related Applications Arbitrary Script Injection in DotNetNuke (DNN) before 7.4.0 Arbitrary Script Injection in GD Infinite Scroll Drupal Module CSRF Vulnerability in GD Infinite Scroll Module for Drupal Certificate Validation Vulnerability in Fortinet FortiClient 5.2.028 for iOS Certificate Validation Vulnerability in FortiClient for Android and iOS Fortinet FortiOS 5.0 Patch 7 build 4457 CAPWAP DTLS Protocol Vulnerability Heap-based Buffer Overflow in closefs.c in libext2fs Library in e2fsprogs Denial of Service Vulnerability in Linux Kernel's nft_flush_table Function Denial of Service Vulnerability in Google Email Application 4.2.2.0200 for Android Multiple Cross-Site Scripting (XSS) Vulnerabilities in u5CMS before 3.9.4 Multiple SQL Injection Vulnerabilities in u5CMS before 3.9.4 Directory Traversal Vulnerability in u5CMS Allows Arbitrary File Write Open Redirect Vulnerabilities in u5CMS before 3.9.4: Remote Phishing Attacks via Arbitrary URL Redirection Arbitrary File Read Vulnerability in Elegant Themes Divi WordPress Theme Cross-Site Request Forgery (CSRF) Vulnerabilities in Redirection Page Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerabilities in Mobile Domain Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Spider Facebook Plugin for WordPress CSRF Vulnerabilities in ATutor 2.2 Allow Remote Account Hijacking Cross-Site Request Forgery (CSRF) Vulnerability in Fat Free CRM before 0.13.6 Arbitrary PHP Code Execution via Unrestricted File Upload in Maarch LetterBox and GEC/GED Multiple Cross-Site Scripting (XSS) Vulnerabilities in Open-Xchange Server and OX AppSuite arCHMage 0.2.4 Directory Traversal Vulnerability Insecure Temporary File Usage in Kamailio's kamcmd Administrative Utility Local Privilege Escalation Vulnerability in Kamailio Build Arbitrary Code Execution Vulnerability in Movable Type Pro and Advanced Incorrect Data Types in Stack Randomization Vulnerability Untrusted Search Path Vulnerability in Siemens SIMATIC Software Unencrypted Lookups in Siemens SPCanywhere Application Enable Man-in-the-Middle Attacks SSL Certificate Verification Vulnerability in Siemens SPCanywhere Application Unencrypted Code Loading Vulnerability in Siemens SPCanywhere Android Application Insecure Password Storage in Siemens SPCanywhere Android App Filesystem Architectural Error in Siemens SPCanywhere iOS App Allows Access Restriction Bypass Netatmo Indoor Module Firmware 100 and Earlier: Information Disclosure Vulnerability Unspecified Vector Man-in-the-Middle Vulnerability in Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 Improper Storage of Password Data in Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 Cross-Site Scripting (XSS) Vulnerabilities in Adminsystems CMS before 4.0.2 Arbitrary Code Execution via Unrestricted File Upload in Adminsystems CMS SQL Injection Vulnerabilities in Dell ScriptLogic Asset Manager Denial of Service Vulnerability in GnuPG Keyring DB Denial of Service Vulnerability in GnuPG Keybox Search Functionality Unrestricted Access to Database-Connection Strings in Topline Opportunity Form Denial of Service Vulnerability in MongoDB via Crafted UTF-8 String in BSON Request Topology Spoofing Vulnerability in OpenDaylight L2Switch Fake LLDP Injection Vulnerability in OpenFlow Plugin for OpenDaylight LLDP Relay Vulnerability in OpenFlow Plugin for OpenDaylight Information Disclosure Vulnerability in RhodeCode API Cross-Site Request Forgery (CSRF) Vulnerabilities in Image Metadata Cruncher Plugin for WordPress Arbitrary SQL Command Execution Vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) Arbitrary Web Script Injection Vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) Sensitive Password Information Disclosure in McAfee Data Loss Prevention Endpoint (DLPe) Extension Arbitrary Web Script Injection in McAfee Email Gateway (MEG) Secure Web Mail Client Webform Prepopulate Block Module XSS Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability OWA Modified Canary Parameter Cross Site Scripting Vulnerability Outlook Web App (OWA) Cross-Site Scripting (XSS) Vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 Outlook Web App (OWA) Cross-Site Scripting (XSS) Vulnerability Exchange Forged Meeting Request Spoofing Vulnerability Exchange Error Message Cross Site Scripting Vulnerability Microsoft SharePoint Cross-Site Scripting (XSS) Vulnerability Internet Explorer Memory Corruption Vulnerability HTTP.sys Remote Code Execution Vulnerability Remote Code Injection in Microsoft SharePoint Foundation and Server 2013 Insecure TLS State Transitions in Schannel Active Directory Federation Services Logoff Bypass Vulnerability Microsoft Office for Mac 2011 XSS Vulnerability Microsoft Project Server 2010 and 2013 XSS Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability NtCreateTransactionManager Type Confusion Vulnerability Windows Impersonation Level Privilege Escalation Vulnerability EMF Processing Remote Code Execution Vulnerability MSXML3 Same Origin Policy SFB Vulnerability Windows Hyper-V DoS Vulnerability in Virtual Machine Manager (VMM) ASP.NET Information Disclosure Vulnerability Microsoft Office Component Use After Free Vulnerability Microsoft Office Component Use After Free Vulnerability Microsoft Office Component Use After Free Vulnerability Internet Explorer Memory Corruption Vulnerability Microsoft SharePoint XSS Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer ASLR Bypass Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability OpenType Font Parsing Vulnerability in Windows DirectWrite Library TrueType Font Parsing Vulnerability in Windows DirectWrite Library .NET XML Decryption Denial of Service Vulnerability Windows Forms Elevation of Privilege Vulnerability Windows Kernel Security Feature Bypass Vulnerability Windows Journal Remote Code Execution Vulnerability Kernel Memory Disclosure Vulnerability Kernel Memory Disclosure Vulnerability Kernel Memory Disclosure Vulnerability Kernel Memory Disclosure Vulnerability Kernel Memory Disclosure Vulnerability Microsoft Management Console File Format Denial of Service Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office 2007 SP3 Remote Code Execution Vulnerability VBScript ASLR Bypass Internet Explorer ASLR Bypass Vulnerability VBScript and JScript ASLR Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Clipboard Information Disclosure Vulnerability Internet Explorer Memory Corruption Vulnerability Windows Journal Remote Code Execution Vulnerability Windows Journal Remote Code Execution Vulnerability Windows Journal Remote Code Execution Vulnerability Windows Journal Remote Code Execution Vulnerability Windows Journal Remote Code Execution Vulnerability SharePoint Page Content Remote Code Execution Vulnerability Win32k Elevation of Privilege Vulnerability Service Control Manager Elevation of Privilege Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Privilege Escalation Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Microsoft Silverlight Out of Browser Application Vulnerability Schannel Diffie-Hellman Key Length Restriction Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Microsoft Windows Kernel Information Disclosure Vulnerability Kernel Use-After-Free Vulnerability in Microsoft Windows Win32k Null Pointer Dereference Vulnerability Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability Kernel-mode Drivers Use-After-Free Vulnerability in Microsoft Windows Kernel Object Use After Free Vulnerability in Microsoft Windows Win32k Buffer Overflow Vulnerability in Multiple Windows Versions Kernel Brush Object Use After Free Vulnerability Win32k Pool Buffer Overflow Vulnerability Windows Media Player Remote Code Execution Vulnerability Internet Explorer Cross-Domain Information Disclosure Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Privilege Escalation Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Privilege Escalation Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Microsoft Common Control Use After Free Vulnerability ADFS XSS Elevation of Privilege Vulnerability Windows LoadLibrary EoP Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability SQL Server Elevation of Privilege Vulnerability SQL Server Remote Code Execution Vulnerability SQL Server Remote Code Execution Vulnerability Exchange Server-Side Request Forgery Vulnerability Browser History Disclosure Vulnerability in Microsoft Internet Explorer 9-11 Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Win32k Memory Corruption Elevation of Privilege Vulnerability Mount Manager Symlink Vulnerability Microsoft Office Uninitialized Memory Use Vulnerability Exchange Server 2013 SP1 and Cumulative Update 8 Cross-Site Request Forgery Vulnerability LDAP Authentication Bypass Vulnerability in HiveServer2 Apache Flex before 4.14.1 Cross-Site Scripting (XSS) Vulnerability in asdoc/templates/index.html Out-of-Bounds Write Vulnerability in HWP Filter SSRF Vulnerability in Apache Ambari Proxy Endpoint Allows Port Scans and Unauthorized Service Access Sensitive Information Exposure in Apache Hadoop 2.6.x Intermediate Data Encryption Improper Hostname Validation in rhnreg_ks in Red Hat Network Client Tools Insecure Custom Authentication Realm in Opendaylight's Karaf-Tomcat opendaylight Realm VNC Websocket Frame Decoder Denial of Service Vulnerability Vulnerability: Unauthorized Attachment of Storage Domain to Data-Center by oVirt Users with MANIPULATE_STORAGE_DOMAIN Permissions Buffer Overflow Vulnerability in glibc's gethostbyname_r and other NSS Functions Denial of Service Vulnerability in libssh2's kex_agree_methods Function Uninitialized Memory Access Vulnerability in Lasso's get_or_define_ns Function Critical Vulnerabilities in NextGen Gallery WordPress Plugin: Remote Code Execution and Unauthorized Access Critical File Upload and HTTP Request Vulnerabilities in NextGen Gallery WordPress Plugin CSRF Vulnerability in Zend Framework 2.3.x Denial of Service Vulnerability in OpenSSL 1.0.2 Denial of Service Vulnerability in OpenSSL's BN_GF2m_mod_inv Function Out-of-bounds read vulnerability in X509_cmp_time function in OpenSSL NULL pointer dereference vulnerability in OpenSSL PKCS7_dataDecode function Race condition vulnerability in ssl3_get_new_session_ticket function in OpenSSL Denial of Service Vulnerability in OpenSSL's do_free_upto Function X.509 Basic Constraints cA Spoofing Vulnerability Denial of Service Vulnerability in OpenSSL 1.0.2e Privilege Escalation and Arbitrary Code Execution Vulnerability in Red Hat Gluster Storage RPM Package 3.2 Impersonation Vulnerability in Shibboleth Identity Provider and OpenSAML-J Vulnerability: Insecure Symmetric-Key Feature in NTPd Denial of Service Vulnerability in NTPd's Symmetric-Key Feature Potential Information Disclosure Vulnerability in Samsung S4 (GT-I9500) I9500XXUEMK8 Kernel 3.4 and Earlier Samsung S4 (GT-I9500) Kernel 3.4 Denial of Service and Privilege Escalation Vulnerability Out-of-bounds Write and Code Execution Vulnerability in libXfont NULL Pointer Dereference and Code Execution Vulnerability in libXfont Out-of-bounds Memory Access and Code Execution Vulnerability in libXfont I/O Vector Array Overrun Vulnerability in Linux Kernel Arbitrary Code Execution Vulnerability in Jenkins Combination Filter Groovy Script Jenkins Directory Traversal Vulnerability Denial of Service Vulnerability in Jenkins via Crafted Update Center Data XML External Entity (XXE) Vulnerability in CloudBees Jenkins Unrestricted Access to Reserved Names in Jenkins' User Database Setting XML External Entity (XXE) Vulnerability in CloudBees Jenkins Unspecified Cross-Site Scripting (XSS) Vulnerability in Jenkins before 1.606 and LTS before 1.596.2 Unspecified Cross-Site Scripting (XSS) Vulnerability in Jenkins before 1.606 and LTS before 1.596.2 Privilege Escalation via Forced API Token Change in Jenkins Arbitrary Command Execution via Shell Metacharacters in setroubleshoot's get_rpm_nvr_by_file_path_temporary Function Unverified SSL Certificates in Forman LDAP Connections Vulnerability Stack-based buffer overflow in musl libc's inet_pton function XML External Entity (XXE) Vulnerability in Red Hat JBoss BPM Suite Import Facility XML Entity Expansion (XEE) Attack in libxml: Remote Denial of Service Vulnerability Session Fixation and Sensitive Cookie Information Disclosure in Ruby REST Client (rest-client) before 1.8.0 Heap-based Buffer Overflow in chrony: Remote Code Execution and Denial of Service Vulnerability Uninitialized Pointer Dereference and Remote Code Execution in chrony before 1.31.1 Memory Reallocation Vulnerability in FreeIPA's get_user_grouplist Function Insecure SSL Hostname Verification in Ruby http Gem Unspecified vulnerability in Oracle HTTP Server component affecting availability via Web Listener Directory Traversal Vulnerability in Apache ActiveMQ 5.x for Windows Default Exclude Patterns Vulnerability in Apache Struts 2.3.20 XML External Entity (XXE) Vulnerability in Apache Derby's SqlXmlUtil Code Apache Jackrabbit XXE Vulnerability in WebDAV Request Path Traversal Vulnerability in Cloud Foundry Cloud Controller Apache Cordova Android Configuration Variable Modification Vulnerability Incorrect ACLs in Apache HBase and IBM InfoSphere BigInsights leading to remote attacks and data modification Improper Handling of Files in /tmp in SaltStack before 2014.7.4 Improper File Handling in modules/chef.py in SaltStack before 2014.7.4 CSRF Token Leakage via Leading Space Character in URL Bypassing Timeout Function in Red Hat Enterprise Virtualization Manager (RHEV-M) Web Admin Interface Default Password Vulnerability in Red Hat OpenStack-Puppet-Modules Downgrade Attack Vulnerability in Red Hat Docker Package Bypassing Organization and Location Restrictions in Foreman before 1.7.5 Buffer Overflow Vulnerability in unzoo's EntrReadArch Function Unspecified Vector Denial of Service Vulnerability in unzoo Directory Traversal Vulnerability in Appserver Web Interface Insecure Cookie Transmission in PCS Daemon (pcsd) Sensitive Information Disclosure in AdvancedLdapLodinMogule in Red Hat JBoss EAP before 6.4.1 Arbitrary File Read Vulnerability in OpenStack Cinder Insecure Certificate Verification in OpenStack Keystone Middleware Denial of Service Vulnerability in chrony before 1.31.1 Vulnerability: Access Restriction Bypass and Directory Modification via Crafted ldapmodrdn Call Improper Hostname Validation in OpenSSL Extension in Ruby Remote authenticated users can delete latest version of object in OpenStack Object Storage (Swift) before 2.3.0 OpenDaylight Helium Vulnerability: Missing AAA Restrictions in odl-mdsal-apidocs Feature Buffer Overflow Vulnerabilities in QtBase Module: Remote Code Execution via Crafted BMP Image Buffer Overflow Vulnerabilities in QtBase Module: Remote Code Execution Buffer Overflow Vulnerabilities in QtBase Module: Remote Code Execution via Crafted GIF Image Privilege Escalation via Abrt Crash Reporting Feature Heap-based Buffer Overflow in wpa_supplicant: Remote Code Execution Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Kallithea Administration Pages Local File Deletion Vulnerability in coreutils 8.4 Ember.js XSS Vulnerability in Versions 1.10.x and 1.11.x Privilege Escalation Vulnerability in Pacemaker before 1.1.13 Denial of Service Vulnerability in PowerDNS Recursor and Authoritative Server Symlink Attack on var_log_messages File in ABRT Allows Privilege Escalation World-readable permission on copy of sosreport file in ABRT problem directories allows unauthorized access to sensitive information Out-of-bounds array access vulnerability in FFmpeg's ff_mjpeg_decode_sof function CSRF Vulnerability in Contact Form DB Plugin Allows Unauthorized Deletion of Plugin Records SQL Injection Vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and Earlier ES File Explorer 3.2.4.1 Directory Traversal Vulnerability Arbitrary Command Execution Vulnerability in xdg-open Vulnerability: USB Port Exploitation on Thales nShield Connect Hardware Models Arbitrary Script Injection in Google Doc Embedder Plugin for WordPress Arbitrary Web Script Injection in Fortinet FortiOS 5.2.x SSLVPN Login Page OpenStack Glance Image Registry Denial of Service Vulnerability Race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 leading to privilege escalation Remote File Read Vulnerability in IBM DB2 Arbitrary File Read Vulnerability in IBM Business Process Manager and WebSphere Lombardi Edition Privilege Escalation in WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6 Denial of Service Vulnerability in IBM WebSphere Portal's Remote Document Conversion Service Sensitive Information Disclosure in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM Content Navigator Remote Bypass of HDFS Data-Access Restrictions in IBM InfoSphere BigInsights Cleartext Key Exposure in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 IBM Security Access Manager for Web mDNS Responder Denial of Service and Information Disclosure Vulnerability Session Hijacking Vulnerability in IBM WebSphere DataPower XC10 Appliance 2.1 CSRF Vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 Authorization Bypass in IBM InfoSphere Optim Workload Replay 2.x Arbitrary Code Execution Vulnerability in IBM Tivoli Storage Manager FastBack 6.1 Privilege Escalation via Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack 6.1 Privilege Escalation via Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack 6.1 Denial of Service Vulnerability in IBM WebSphere Portal 8.5 through CF05 Privilege Escalation Vulnerability in IBM InfoSphere DataStage on UNIX Information Disclosure Vulnerability in IBM InfoSphere Information Server Installer Stack-based Buffer Overflow in IBM Domino 8.5 and 9.0 Allows Remote Code Execution via Crafted BMP Image (SPR KLYH9TSMLA) IBM Domino BMP Image Buffer Overflow Vulnerability Bypassing Document-Access Restrictions in IBM Business Process Manager (BPM) Bypassing Access Restrictions on Task-Variable Value Changes in IBM Business Process Manager (BPM) Arbitrary web script injection vulnerability in IBM Business Process Manager (BPM) REST API IBM Rational License Key Server (RLKS) 8.1.4 Vulnerability: Unauthorized Cookie Reading Arbitrary web script injection vulnerability in IBM WebSphere Portal Arbitrary File Read and Administrative Access Vulnerability in IBM InfoSphere Master Data Management Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Master Data Management Arbitrary Web Script Injection Vulnerability in IBM Sterling Selling and Fulfillment Suite Weak Password Hashing Algorithm in IBM Rational Test Control Panel Bypassing Permission Checks in IBM Java Virtual Machine Insecure Session Cookie Transmission in IBM Tivoli Endpoint Manager Denial of Service Vulnerability in IBM Java 8 before SR1 Arbitrary web script injection vulnerability in IBM WebSphere Portal IBM Security QRadar Incident Forensics 7.2.5 XSS Vulnerability Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server Arbitrary URL Redirection Vulnerability in IBM WebSphere Portal 8.0.0 and 8.5.0 Data Movement Vulnerability in IBM DB2 Buffer Overflow Vulnerability in IBM Tivoli Storage Manager FastBack 6.1 Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 Unspecified vulnerability in Oracle WebCenter Portal and Oracle Applications Framework components Privileged Access Vulnerability in IBM WebSphere Application Server Clickjacking Vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) and Related Products Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack Server 6.1 before 6.1.12 Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack Server 6.1 before 6.1.12 Plaintext Information Exposure in IBM Java Security Components Information Disclosure Vulnerability in IBM WebSphere Application Server and WebSphere Virtual Enterprise Unattended Workstation Password Disclosure Vulnerability in IBM Maximo Asset Management Insecure Password Encryption in IBM Maximo Asset Management and Related Products Unspecified Remote Code Execution Vulnerability in IBM DB2 Session Hijacking Vulnerability in IBM WebSphere Application Server (WAS) 8.0.0 and 8.5 Unauthenticated Access to IBM PowerVC Ceilometer NoSQL Database Arbitrary Command Execution Vulnerability in IBM Tivoli Storage Manager FastBack 6.1 Arbitrary File Read Vulnerability in IBM Tivoli Storage Manager FastBack 6.1 Arbitrary File Write and Execution Vulnerability in IBM Tivoli Storage Manager FastBack 6.1 Denial of Service Vulnerability in IBM WebSphere Portal Arbitrary Script Injection in IBM WebSphere Portal 8.0.0 and 8.5.0 Unspecified Privilege Escalation Vulnerability in IBM InfoSphere Master Data Management Privilege Escalation Vulnerability in IBM WebSphere Application Server (WAS) Privilege Escalation via Untrusted Search Path in IBM InfoSphere BigInsights Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 Arbitrary Command Execution Vulnerability in IBM Tivoli Storage Manager FastBack 6.1 Unauthenticated Access to Python Interpreter in IBM PowerVC Standard Edition Caching of HTTPS Responses Vulnerability in IBM Maximo Asset Management IBM AppScan Enterprise Edition 9.0.x XSS Vulnerability Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack Server 6.1 before 6.1.12 Denial of Service (CPU Consumption) Vulnerability in IBM MQ Light Denial of Service Vulnerability in IBM MQ Light Information Disclosure Vulnerability in IBM WebSphere MQ 7.5.x and 8.0.x Denial of Service Vulnerability in IBM MQ Light Unrestricted Encrypted File Access in IBM Tivoli Security Directory Server Arbitrary JavaScript Code Execution Vulnerability in IBM Business Process Manager REST API Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 Stack-based buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 Cross-Site Scripting (XSS) Vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) Information Disclosure in MQ Explorer in IBM WebSphere MQ Arbitrary Script Injection in IBM InfoSphere Master Data Management Collaborative Edition Arbitrary Web Script Injection Vulnerability in IBM Tivoli Common Reporting (TCR) Data Retention Vulnerability in IBM WebSphere DataPower XC10 Appliance Unspecified Denial of Service Vulnerability in IBM Rational CLM and Related Products Sensitive Error-Log Information Disclosure in IBM Tivoli Security Directory Server Bypassing Command Restrictions in IBM Tivoli Security Directory Server Web Administration Tool Privilege Escalation via Argument Injection in IBM Tivoli Security Directory Server and IBM Security Directory Server Authenticated User Command Execution Vulnerability in IBM Security Directory Server Directory Traversal Vulnerability in IBM Tivoli Directory Server and IBM Security Directory Server Arbitrary Web Script Injection Vulnerability in IBM Tivoli Security Directory Server Cross-Site Scripting (XSS) Vulnerabilities in IBM Case Manager 5.2.1 Clickjacking Vulnerability in IBM InfoSphere Master Data Management Collaborative Edition IBM Domino Web Server Cross-Site Scripting (XSS) Vulnerability Sensitive Information Disclosure in IBM InfoSphere Master Data Management Collaborative Edition IBM UrbanCode Build 6.1.x Projects Page Cross-Site Scripting (XSS) Vulnerability Arbitrary Profile Access Vulnerability in IBM InfoSphere Master Data Management Collaborative Edition Bypassing Password Requirement and Reading Private Keys in IBM MQ M2000 Appliances Arbitrary Command Execution Vulnerability in IBM Tivoli Storage Manager FastBack 6.1 Denial of Service Vulnerability in IBM MQ Light Arbitrary web script injection vulnerability in IBM Tivoli Storage Manager for Virtual Environments and Tivoli Storage FlashCopy Manager for VMware SQL Injection Vulnerability in IBM Security QRadar Incident Forensics 7.2.x Privilege Escalation Vulnerability in IBM Systems Director Insecure Cookie Handling in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 Missing HTTPOnly Flag in Set-Cookie Header in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 IBM Security QRadar Incident Forensics 7.2.x Multiple Cross-Site Scripting (XSS) Vulnerabilities Caching of HTTPS Responses Vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 CSRF Vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 Allows Remote Authentication Hijacking Sensitive Information Exposure in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 Arbitrary Code Execution Vulnerability in Jumio SDK for Android (Versions prior to 1.5.0) Panic-Safe Inconsistency in Rust's BinaryHeap Arbitrary Code Execution Vulnerability in MetaIO SDK for Android Cross-Site Scripting Vulnerability in Content Text Slider WordPress Plugin Arbitrary Code Execution Vulnerability in ESRI ArcGis Runtime SDK for Android Arbitrary Code Execution Vulnerability in PJSIP PJSUA2 SDK for Android Arbitrary Code Execution Vulnerability in GraceNote GNSDK SDK for Android Session Expiration Vulnerability in IBM Security QRadar SIEM Unauthenticated Access to WP Attachment Export WordPress Plugin Data IBM Security QRadar SIEM 7.2.x Directory Traversal Vulnerability Sensitive Information Disclosure in IBM Security QRadar SIEM 7.1.x and 7.2.x CSRF Vulnerability in IBM QRadar SIEM 7.1 and 7.2.x Allows Remote Authentication Hijacking CSRF and Stored XSS Vulnerabilities in ClickBank Affiliate Ads WordPress Plugin Unescaped Settings in ClickBank Affiliate Ads WordPress Plugin Allows Cross-Site Scripting Attacks Unescaped Shell Command Injection in Python's Mailcap Module XPath Injection and Code Execution in ruby-saml Gem (CVE-2021-23456) Denial of Service Vulnerability in glibc's fnmatch Library Function Arbitrary Command Execution Vulnerability in IBM QRadar SIEM 7.1 MR2 and 7.2.x Timing Attack Vulnerability in JHipster Generator-JHipster World-readable permissions for SSL keystore password file in MQXR service Denial of Service Vulnerability in IBM WebSphere MQ 7.0.1 Open Redirect Vulnerability in IBM Domino Web Server Cross-Site Scripting (XSS) Vulnerability in IBM Domino Web Server Unspecified Remote Command Execution Vulnerability in IBM QRadar SIEM CRLF Injection Vulnerability in IBM WebSphere Application Server (WAS) Insecure Security Profile Selection in IBM Integration Bus and WebSphere Message Broker Caching of Documents in SSL Sessions Vulnerability Arbitrary Code Execution Vulnerability in MyScript SDK for Android Buffer Overflow Vulnerability in IBM i Access 7.1 on Windows Insecure Session Cookie Transmission in IBM WebSphere eXtreme Scale CSRF Vulnerability in IBM WebSphere eXtreme Scale 7.1.0 and 7.1.1 Improper Logout Actions in IBM WebSphere eXtreme Scale CRLF Injection Vulnerability in IBM WebSphere eXtreme Scale Session Fixation Vulnerability in IBM WebSphere eXtreme Scale 7.1.0 and 7.1.1 Improper Account Lockout Setting in IBM WebSphere eXtreme Scale Arbitrary Script Injection in IBM WebSphere eXtreme Scale 7.1.0 Arbitrary Command Execution Vulnerability in Infoblox Network Automation NetMRI Arbitrary Web Script Injection in Piwigo Administrative Backend Arbitrary SQL Command Execution in Piwigo Administrative Backend CSRF and XSS Vulnerabilities in Acobot Live Chat & Contact Form Plugin for WordPress Arbitrary Script Injection in Contact Form DB WordPress Plugin Incorrect Data Type Vulnerability in sysctl_net_llc.c Incorrect Data Type Vulnerability in Linux Kernel's net/rds/sysctl.c Multiple Cross-Site Scripting (XSS) Vulnerabilities in Visualware MyConnection Server 8.2b Uninitialized Data Vulnerability in Xen Emulation Routines Uninitialized Data Structures Vulnerability in Xen Hypervisor Cross-site scripting (XSS) vulnerability in MantisBT versions 1.2.13 to 1.2.20 Authentication Bypass Vulnerability in TYPO3 RSAAuth Extension CSRF Vulnerability in D-Link DCS-931L Firmware 1.04 and Earlier Arbitrary Code Execution via Unrestricted File Upload in D-Link DCS-931L Firmware 1.04 and Earlier Arbitrary Command Execution Vulnerability in D-Link DAP-1320 Rev Ax Firmware Remote Code Execution Vulnerability in D-Link DIR-645 Router Remote Code Execution Vulnerability in DIR-645 Router Firmware McAfee Agent Log Viewer Clickjacking Vulnerability CRLF Injection Vulnerability in Sierra Wireless AirCard Administrative Console Denial of Service Vulnerability in Zhone GPON 2520 Firmware R4.0.2.566b Memory Truncation Vulnerability in Jabber Open Source Server 2.3.2 and Earlier Out-of-Bounds Read Vulnerability in libin's stringprep_utf8_to_ucs4 Function Directory Traversal Vulnerability in cabextract before 1.6 PTC Creo View Browser Plugin Heap-Based Buffer Overflow Vulnerability SQL Injection Vulnerabilities in Huge-IT Slider Plugin for WordPress (Versions before 2.7.0) Unace 1.2b Integer Overflow Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in DLGuard SQL Injection Vulnerability in Apptha WordPress Video Gallery Plugin SQL Injection Vulnerability in DLGuard 4.5: Remote Code Execution via index.php Arbitrary File Read Vulnerability in MAGMI Plugin for Magento Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in MAGMI Plugin for Magento Server Arbitrary Script Injection in WooCommerce Plugin for WordPress SQL Injection Vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 Arbitrary File Read Vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 Multiple Cross-Site Scripting (XSS) Vulnerabilities in SAP HANA 73 and HANA Developer Edition 80 Arbitrary File Read Vulnerability in SAP BusinessObjects Edge 4.0 FRS CORBA Listener Arbitrary File Write Vulnerability in SAP BusinessObjects Edge 4.0 FRS CORBA Listener Remote Deletion of Audit Events in SAP BusinessObjects Edge 4.0 SAP BusinessObjects Edge 4.0 Auditing Service Information Disclosure Vulnerability Vulnerability: Reuse of X.509 Certificate Private Key in Komodia Redirector SDK Insecure X.509 Certificate Verification in Komodia Redirector SDK JetLeak: Information Disclosure Vulnerability in Eclipse Jetty Critical Remote Code Execution Vulnerability in Datto ALTO and SIRIS Devices Arbitrary Web Script Injection in UNIT4 Prosoft HRMS Login.aspx CSRF Vulnerability in Ilch CMS Allows Remote Authentication Hijacking CSRF and XSS Vulnerability in Easy Social Icons Plugin for WordPress Cross-site scripting (XSS) vulnerability in Panopoly Magic module's live preview allows injection of arbitrary web script or HTML via pane title Arbitrary PHP Code Execution via Unrestricted File Upload in Drupal Avatar Uploader Module Unspecified Cross-Site Scripting (XSS) Vulnerability in Term Queue Module for Drupal Cross-Site Request Forgery (CSRF) Vulnerabilities in CrossSlide jQuery Plugin for WordPress SQL Injection Vulnerability in WordPress Survey and Poll Plugin 1.1.7 Client Certificate Spoofing Vulnerability in mod-gnutls Arbitrary Code Execution Vulnerability in Agilent Technologies Feature Extraction ActiveX Control Stack-based Buffer Overflow in WebGate WebEyeAudio ActiveX Control Connect Function Stack-based Buffer Overflow in WESPPlaybackCtrl Control in WebGate WinRDS Heap-based Buffer Overflow in WebGate eDVR Manager ActiveX Control Use-after-free vulnerability in WESPMonitorCtrl ActiveX control in WebGate eDVR Manager Multiple Buffer Overflow Vulnerabilities in WESP SDK Multiple stack-based buffer overflows in WebGate eDVR Manager: Remote Code Execution Vulnerabilities Multiple Buffer Overflows in WebGate Control Center: Remote Code Execution Vulnerabilities Stack-based Buffer Overflow in WebGate eDVR Manager and Control Center Unspecified Cross-Site Scripting (XSS) Vulnerability in Navigate Module for Drupal SQL Injection Vulnerability in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) view_item.php Cosmoshop Admin-Login Panel XSS Vulnerability Unspecified Remote Access Bypass and Denial of Service Vulnerability in HP Integrated Lights-Out (iLO) Firmware Local Privilege Escalation in HP Operations Manager i Management Pack 1.x for SAP Unspecified Remote Information Disclosure Vulnerability in HP Operations Orchestration Unspecified Remote Authentication Bypass Vulnerability in HP Operations Orchestration 10.x Remote Code Execution Vulnerability in HP LoadRunner 11.52 Unspecified Information Disclosure Vulnerability in HP Intelligent Provisioning Unspecified Remote Code Execution Vulnerability in HP Easy Deploy Unspecified Remote Code Execution Vulnerability in HP Easy Deploy Arbitrary Program Execution Vulnerability in HP Support Solution Framework Unspecified Information Disclosure Vulnerability in HP Capture and Route Software (HPCR) Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 7.x Unauthenticated Remote Code Execution in HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) Unspecified Information Disclosure Vulnerability in HP Access Control Software Unspecified Privilege Escalation Vulnerability in HP SiteScope Arbitrary File Read Vulnerability in HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 Denial of Service Vulnerability in HP SDN VAN Controller Devices Privilege Escalation Vulnerability in HP NonStop Safeguard Security Software Unspecified Privilege Escalation Vulnerability in HP ThinPro Linux and Smart Zero Core Unspecified Access Restriction Bypass Vulnerability in HP WebInspect Privilege Escalation Vulnerability in HP-UX pppoec Privilege Escalation Vulnerability in HP-UX execve System-Call Implementation CSRF Vulnerability in HP System Management Homepage (SMH) before 7.5.0 Unspecified Remote Code Execution Vulnerability in HP Intelligent Provisioning Bypassing Authorization Policy in HP ArcSight Logger Unspecified Remote Code Execution Vulnerability in HP Operations Manager i (OMi) Unspecified Information Disclosure Vulnerability in HP Systems Insight Manager (SIM) Unspecified Vector Vulnerability in HP Systems Insight Manager (SIM) Timing Attack Vulnerability in InvertibleRWFunction::CalculateInverse Function in libcrypt++ 5.6.2 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Issuetracker phpBugTracker before 1.7.0 CSRF Vulnerabilities in Issuetracker phpBugTracker before 1.7.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Issuetracker phpBugTracker before 1.7.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Issuetracker phpBugTracker before 1.7.0 Multiple SQL Injection Vulnerabilities in Issuetracker phpBugTracker before 1.7.0 SQL Injection Vulnerabilities in Issuetracker phpBugTracker before 1.7.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Issuetracker phpBugTracker before 1.7.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in MyBB Administrative Backend Vulnerability: Improper Access Restriction to PCI Command Registers in Xen and Linux Kernel Segment Override Vulnerability in Xen Emulator Vulnerability: Unauthorized Access to VGA Console in Xen 4.5.x and Earlier Denial of Service Vulnerability in TCP Printer in tcpdump Denial of Service Vulnerability in tcpdump's osi_print_cksum Function Force Printer Denial of Service and Arbitrary Code Execution Vulnerability Improper Validation of Cookie Name and Value Characters Vulnerability PuTTY SSH-2 Private Key Memory Leakage Vulnerability Off-by-one Error in pngcrush_measure_idat Function Allows Remote Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in Ericsson Drutt Mobile Service Delivery Platform (MSDP) Directory Traversal Vulnerability in Ericsson Drutt Mobile Service Delivery Platform (MSDP) Allows Remote File Read Open Redirect Vulnerability in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 3PI Manager Zoho ManageEngine AssetExplorer 6.1 XSS Vulnerability Denial of Service Vulnerability in ClamAV's UPX Decoder PHP Object Injection Vulnerability in Slim Middleware/SessionCookie.php DokuWiki ACL Plugin Privilege Escalation Vulnerability Denial of Service Vulnerability in Siemens SIMATIC S7-300 CPU Devices Local Privilege Escalation: MySQL Credentials Disclosure in xaviershay-dm-rails gem 0.10.3.8 for Ruby Arbitrary Command Execution in Roundcube Password Plugin Multiple Buffer Overflows in Roundcube DBMail Driver Multiple Cross-Site Scripting (XSS) Vulnerabilities in ZeusCart 4 Multiple SQL Injection Vulnerabilities in ZeusCart 4 Administrative Backend Information Disclosure Vulnerability in ZeusCart 4 via getphpinfo Action Remote Account Spoofing Vulnerability in Ansible edxapp Role Stack Memory Corruption Vulnerability in Wireshark ATN-CPDLC Dissector Out-of-bounds Read Vulnerability in Wireshark WCP Dissector Denial of Service Vulnerability in Wireshark pcapng_read Function Denial of Service in Wireshark 1.12.x LLDP Dissector Integer Overflow in TNEF Dissector in Wireshark Allows Remote Denial of Service Integer Overflow in Wireshark SCSI OSD Dissector Arbitrary Code Execution via Unrestricted File Upload in Fusion Theme 3.1 for WordPress Cross-Site Scripting (XSS) Vulnerabilities in WP Media Cleaner Plugin 2.2.6 for WordPress SQL Injection Vulnerability in Spider Event Calendar 1.4.9 for WordPress Cross-site scripting (XSS) vulnerability in Entity API module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Beehive Forum 1.4.4's edit_prefs.php SQL Injection Vulnerabilities in WonderPlugin Audio Player Plugin for WordPress Aruba AirWave Remote OS Command Execution and File Disclosure Vulnerability Privilege Escalation Vulnerability in Aruba AirWave Sensitive Settings History Information Disclosure in Evergreen 2.5.9, 2.6.7, and 2.7.4 Access Restriction Bypass Vulnerability in Evergreen CSRF Token Disclosure via Invalid Language Values in phpMyAdmin Multiple Cross-Site Scripting (XSS) Vulnerabilities in NetCracker Resource Management System before 8.2 Arbitrary Command Execution Vulnerability in phpMoAdmin 1.1.2 Information Disclosure Vulnerability in DLGuard 4.5 Arbitrary Code Execution via Help Window Injection in Epicor CRS Retail Store Arbitrary SQL Command Execution in WordPress wp_untrash_post_comments Function Information Disclosure Vulnerability in NetCat 5.01 and Earlier Open Redirect Vulnerability in Drupal Services SSO Server Helper Module Arbitrary SQL Command Execution in Photocrati Theme 4.x for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Ultimate PHP Board (myUPB) 2.2.8 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in WonderPlugin Audio Player Plugin for WordPress Predictable Security Tokens in Lenovo System Update Allows Privilege Escalation Cross-Site Scripting (XSS) Vulnerabilities in Ninja Forms Plugin for WordPress Denial of Service Vulnerability in ClamAV 0.98.7 and Earlier Denial of Service Vulnerability in ClamAV before 0.98.7 Cross-Site Scripting (XSS) Vulnerabilities in Palo Alto Networks Traps Console Management Interface Reflected XSS Vulnerability in Synacor Zimbra Collaboration Server 8.x before 8.7.0 Lenovo System Update Vulnerability: Arbitrary File Execution via Crafted Certificate Privilege Escalation via Race Condition in Lenovo System Update Multiple SQL Injection Vulnerabilities in Betster 1.0.4 Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Address bar spoofing vulnerability in Google Chrome before 41.0.2272.76 with Instant Extended mode Arbitrary web script injection vulnerability in Django ModelAdmin.readonly_fields SQL Injection Vulnerabilities in Webshop hun 1.062S: Remote Code Execution Webshop hun 1.062S Directory Traversal Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Webshop hun 1.062S Denial of Service Vulnerability in Huawei Ascend P7: Remote Phone Process Crash Contact Information Disclosure Vulnerability in Huawei P7 Smartphones Bluetooth Injection Attack Vulnerability in Boosted Boards Skateboards Dell SonicWALL Secure Remote Access (SRA) CSRF Bookmark Hijacking Vulnerability Zimbra Collaboration XSS Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in concrete5 before 5.7.4 Information Disclosure Vulnerability in Huawei OceanStor UDS DeviceManager Arbitrary Code Execution with Root Privileges in Huawei OceanStor UDS Devices Sensitive Information Disclosure in Huawei OceanStor UDS XML Interface Remote Code Execution Vulnerability in Huawei OceanStor UDS Devices Denial of Service Vulnerability in Huawei AR1220 Routers Information Disclosure Vulnerability in Cloudera Manager Untrusted Search Path Vulnerabilities in Telerik Analytics Monitor Library Arbitrary Command Execution in cups-filters (CVE-2014-2707) Arbitrary Conversation Access Vulnerability in Moodle Arbitrary Directory Extraction Vulnerability in Moodle Denial of Service Vulnerability in Moodle's filter/urltolink/filter.php Cross-Site Scripting (XSS) Vulnerabilities in Moodle's lib/javascript-static.js Course Information Disclosure Vulnerability in Moodle Bypassing Access Restrictions in Moodle's Flag as Inappropriate Feature Bypassing Forced-Password-Change Requirement via Web-Services Token in Moodle Moodle Cross-Site Scripting (XSS) Vulnerability in statistics_question_table.php Arbitrary Script Injection in WoltLab Community Gallery 2.0 LZH Decompression Out-of-Bounds Read Vulnerability Arbitrary OS Command Execution in AirLive BU-2015, BU-3026, and MD-3025 Arbitrary OS Command Execution in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP Network Camera Remote Code Execution Vulnerability in Fortinet Single Sign On (FSSO) Stack-based Buffer Overflow in SAP MaxDB and Other Products (SAP Security Note 2124806, 2121661, 2127995, and 2125316) Remote Code Execution Vulnerability in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 Privilege Escalation via Crafted File in Ubuntu Upstart Package Improper Link Restriction on Password-Reset Page in Open edX edx-platform Serendipity 2.0.1 XSS Vulnerability in Category Creation Intel Ethernet Diagnostics Driver Local Privilege Escalation Vulnerability SQL Injection Vulnerabilities in WordPress SEO by Yoast Plugin WordPress SEO by Yoast Plugin CSRF Vulnerabilities Multiple Cross-Site Scripting (XSS) Vulnerabilities in pfSense WebGUI CSRF Vulnerability in pfSense WebGUI Allows Arbitrary File Deletion Session Fixation Vulnerability in Requests Library Denial of Service Vulnerability in nanohttp in libcsoap via Crafted Authorization Header Improper Substring Check in ExportEtherpad.js Allows Information Disclosure in Etherpad 1.5.x before 1.5.2 Use-after-free vulnerability in phar_rename_archive function in PHP before 5.5.22 and 5.6.x before 5.6.6 Absolute Path Traversal Vulnerability in bsdcpio in libarchive 3.1.2 and Earlier Heap-based buffer overflow in Henry Spencer BSD regex library (rxspencer) alpha3.8.g5 on 32-bit platforms, allowing arbitrary code execution Eval Injection Vulnerability in HttpCache Class in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 Integer Overflow Vulnerability in Sandstorm Cap'n Proto Integer Underflow Vulnerability in Sandstorm Cap'n Proto Denial of Service Vulnerability in Sandstorm Cap'n Proto Denial of Service via CPU Consumption in Sandstorm Cap'n Proto SQL Injection Vulnerability in WPML Plugin Allows Remote Code Execution Arbitrary Script Injection in WPML Plugin (before 3.1.9) for WordPress Denial of Service Vulnerability in Django's utils.html.strip_tags Function Cross-Site Scripting (XSS) Vulnerability in Django's utils.http.is_safe_url Function SMACK SKIP-TLS Vulnerability Vulnerability: Cipher-downgrade attack in Mono TLS stack TLS Stack Vulnerability in Mono Allows Remote Attackers to Exploit SSLv2 Fallback Arbitrary Script Injection in Job Manager Plugin for WordPress Weak Cipher Vulnerability in FortiOS Arbitrary Code Injection in WordPress Photo Gallery Plugin Vulnerability: Denial of Service and Out-of-Bounds Heap Read in PCRE's compile_branch Function Denial of Service Vulnerability in PCRE's pcre_compile2 Function PCRE Denial of Service Vulnerability PCRE Denial of Service Vulnerability WooCommerce Plugin XSS Vulnerability in WordPress Late TLS Certificate Verification in WebKitGTK+: Exposing Secure HTTP Requests and Cookies Integer Overflow Vulnerability in libzip Allows Remote Code Execution MyBB (MyBulletinBoard) member.php Cross-Site Scripting (XSS) Vulnerability MyBB MyCode Editor XSS Vulnerability CSRF Vulnerability in MyBB Admin Control Panel (ACP) Login Information Disclosure Vulnerability in MyBB JSON Library Arbitrary Code Execution Vulnerability in TPView.dll Arbitrary Code Execution Vulnerability in VMware Workstation, Player, and Horizon Client Memory Allocation Vulnerability in VMware Workstation, Player, and Horizon Client on Windows Memory Allocation Vulnerability in VMware Workstation, Player, and Horizon Client on Windows Memory Allocation Vulnerability in VMware Workstation, Player, and Horizon Client on Windows Denial of Service Vulnerability in VMware Workstation, Player, and Fusion Unrestricted MBean Registration Vulnerability in VMware vCenter Server Arbitrary Script Injection in VMware vRealize Automation 6.x on Linux Huawei SEQ Analyst XXE Vulnerability Allows Arbitrary File Reading Huawei SEQ Analyst XSS Vulnerability Path Truncation Vulnerability in PHP's move_uploaded_file Function Arbitrary Web Script Injection Vulnerability in SuperWebMailer 5.60.0.01190 and Earlier CSRF Vulnerability in MikroTik RouterOS Allows Password Hijacking Multiple Cross-Site Scripting (XSS) Vulnerabilities in Alkacon OpenCms 9.5.1 and Earlier Unspecified Impact Vulnerability in MyBB Cache Handler Exchange HTML Injection Vulnerability Win32k Elevation of Privilege Vulnerability Hyper-V Buffer Overflow Vulnerability Hyper-V Guest-to-Host Code Execution Vulnerability Win32k Elevation of Privilege Vulnerability Graphics Component EOP Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Kernel-Mode Information Disclosure Vulnerability Windows DLL Remote Code Execution Vulnerability DLL Planting Remote Code Execution Vulnerability Windows RPC Elevation of Privilege Vulnerability Windows Installer Privilege Escalation Vulnerability VBScript Memory Corruption Vulnerability Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability in Windows 7, 8, and Server 2012 Elevation of Privilege Vulnerability in Netlogon Microsoft Excel ASLR Bypass Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Untrusted Search Path Vulnerability in Microsoft Excel: Remote Code Execution via Trojan Horse DLL Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Win32k Information Disclosure Vulnerability Win32k Information Disclosure Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability ATMFD.DLL Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer XSS Filter Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer File Disclosure Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Path Traversal Vulnerability Internet Explorer File Disclosure Vulnerability Internet Explorer Image Caching Information Disclosure Vulnerability Microsoft Office Memory Corruption Vulnerability OLE Elevation of Privilege Vulnerability OLE Elevation of Privilege Vulnerability MSRT Privilege Escalation Vulnerability JScript9 Memory Corruption Vulnerability System Center Operations Manager Web Console XSS Vulnerability Internet Explorer ASLR Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Unsafe Command Line Parameter Passing Vulnerability Microsoft Office Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability OpenType Font Driver Buffer Underflow Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Windows Object Manager Impersonation Elevation Vulnerability Windows Registry Elevation of Privilege Vulnerability Windows Filesystem Elevation of Privilege Vulnerability Microsoft Office Graphics Component Remote Code Execution Vulnerability OpenType Font Parsing Vulnerability in Windows Adobe Type Manager Library Kernel ASLR Bypass Vulnerability MSXML SSL 2.0 Information Disclosure Vulnerability TrueType Font Parsing Vulnerability MSXML ASLR Bypass Vulnerability Memory Corruption Vulnerability in Microsoft Internet Explorer and Edge Memory Corruption Vulnerability in Microsoft Internet Explorer and Edge Memory Corruption Vulnerability in Microsoft Internet Explorer 10 and 11 Memory Corruption Vulnerability in Microsoft Internet Explorer 8 through 11 ASLR Bypass Vulnerability in Microsoft Internet Explorer 10 Memory Corruption Vulnerability in Microsoft Internet Explorer 11 and Edge Memory Corruption Vulnerability in Microsoft Internet Explorer 11 Memory Corruption Vulnerability in Microsoft Internet Explorer 9 and 10 ASLR Bypass Vulnerability in Microsoft Internet Explorer and Edge Memory Corruption Vulnerability in Microsoft Internet Explorer 9 through 11 Memory Corruption Vulnerability in Microsoft Internet Explorer 9-11 Memory Corruption Vulnerability in Microsoft Internet Explorer 7-11 Windows CSRSS Elevation of Privilege Vulnerability Windows KMD Security Feature Bypass Vulnerability TrueType Font Parsing Vulnerability in Multiple Microsoft Products TrueType Font Parsing Vulnerability in Microsoft Windows and Office OpenType Font Parsing Vulnerability in ATMFD.DLL OpenType Font Parsing Vulnerability in Windows Adobe Type Manager Library OpenType Font Parsing Vulnerability OpenType Font Parsing Vulnerability in ATMFD.DLL OpenType Font Parsing Vulnerability TrueType Font Parsing Vulnerability in Microsoft Windows and Office TrueType Font Parsing Vulnerability Windows Shell Impersonation Privilege Escalation Vulnerability Crafted Template Remote Code Execution Vulnerability in Microsoft Office Microsoft Office 2007 SP3 Remote Code Execution Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Integer Underflow Vulnerability MSXML SSL 2.0 Information Disclosure Vulnerability Remote Desktop Session Host Spoofing Vulnerability Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability Server Message Block Memory Corruption Vulnerability in Microsoft Windows Vista SP2 and Server 2008 SP2 UDDI Services Cross-Site Scripting (XSS) Vulnerability SSL 2.0 Vulnerability in WebDAV Client Microsoft Office Memory Corruption Vulnerability Winsock Elevation of Privilege Vulnerability RyuJIT Optimization Elevation of Privilege Vulnerability RyuJIT Optimization Elevation of Privilege Vulnerability RyuJIT Optimization Elevation of Privilege Vulnerability Scripting Engine Memory Corruption Vulnerability Memory Information Disclosure Vulnerability in Microsoft Internet Explorer 10 and 11 Incorrect Flag Usage in Microsoft Internet Explorer 10 and 11 Allows Remote File Deletion (Tampering Vulnerability) Memory Corruption Vulnerability in Microsoft Internet Explorer and Microsoft Edge Arbitrary Code Execution and Denial of Service Vulnerability in Microsoft Internet Explorer and Microsoft Edge Arbitrary Code Execution and Memory Corruption Vulnerability in Microsoft Internet Explorer 7-11 Elevation of Privilege Vulnerability in Microsoft Internet Explorer 11 Arbitrary Code Execution and Memory Corruption Vulnerability in Microsoft Internet Explorer 7-11 Memory Corruption Vulnerability in Microsoft Internet Explorer 9-11 Arbitrary Code Execution and Memory Corruption Vulnerability in Microsoft Internet Explorer 7-11 Scripting Engine Memory Corruption Vulnerability in Microsoft Internet Explorer 8 Memory Corruption Vulnerability in Microsoft Internet Explorer 7 through 11 and Microsoft Edge Arbitrary Code Execution and Memory Corruption Vulnerability in Microsoft Internet Explorer 7-11 Memory Corruption Vulnerability in Microsoft Internet Explorer 7-11 Memory Corruption Vulnerability in Microsoft Internet Explorer 7 and 8 Memory Corruption Vulnerability in Microsoft Internet Explorer 9 Memory Corruption Vulnerability in Microsoft Internet Explorer 7-11 Microsoft Office Elevation of Privilege Vulnerability .NET Elevation of Privilege Vulnerability Exchange Information Disclosure Vulnerability in Outlook Web Access (OWA) OpenType Font Parsing Vulnerability in Adobe Type Manager Library Font Driver Elevation of Privilege Vulnerability in Adobe Type Manager Library Font Driver Elevation of Privilege Vulnerability in Adobe Type Manager Library Windows Media Center RCE Vulnerability Graphics Component Buffer Overflow Vulnerability in Adobe Type Manager Library Win32k Memory Corruption Elevation of Privilege Vulnerability Font Driver Elevation of Privilege Vulnerability in Adobe Type Manager Library Windows Journal Remote Code Execution Vulnerability Windows Journal Remote Code Execution Vulnerability Toolbar Use After Free Vulnerability in Windows Shell Windows Journal DoS Vulnerability Win32k Memory Corruption Elevation of Privilege Vulnerability Win32k Memory Corruption Elevation of Privilege Vulnerability Windows Journal Integer Overflow RCE Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft SharePoint XSS Spoofing Vulnerability Microsoft Office Memory Corruption Vulnerability Windows Impersonation Level Privilege Escalation Vulnerability Windows Task File Deletion Elevation of Privilege Vulnerability MVC Denial of Service Vulnerability in Microsoft .NET Framework 4.5 and later versions Win32k Impersonation Level Privilege Escalation Vulnerability Windows Impersonation Level Privilege Escalation Vulnerability Kernel ASLR Bypass Vulnerability Windows Journal Remote Code Execution Vulnerability jQuery Engine XSS Vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 Lync Server XSS Information Disclosure Vulnerability Hyper-V ACL Bypass Vulnerability Active Directory Denial of Service Vulnerability Skype for Business and Lync Server XSS Elevation of Privilege Vulnerability Memory Corruption Vulnerability in Microsoft Internet Explorer 9-11 Memory Corruption Vulnerability in Microsoft Internet Explorer and Microsoft Edge Exchange Spoofing Vulnerability in Outlook Web Access (OWA) Exchange Spoofing Vulnerability in Outlook Web Access (OWA) Microsoft Office EPS Image Code Execution Vulnerability Win32k Memory Corruption Elevation of Privilege Vulnerability Microsoft Tablet Input Band Use After Free Vulnerability Windows Kernel Memory Corruption Vulnerability Windows Elevation of Privilege Vulnerability Trusted Boot Security Feature Bypass Vulnerability in Microsoft Windows Windows Mount Point Elevation of Privilege Vulnerability Windows Object Reference Elevation of Privilege Vulnerability Microsoft Office Use-After-Free Vulnerability in Excel Microsoft SharePoint Information Disclosure Vulnerability Remote Code Execution Vulnerability in Microsoft Visio 2007 and 2010 Microsoft Office Use-After-Free Vulnerability Password Reset Vulnerability in Drupal 6.x and 7.x Remote Password Change Vulnerability in Manage Engine Desktop Central 9 SQL Injection Vulnerabilities in Web-Dorado ECommerce WD Component 1.2.5 for Joomla! SQL Injection Vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 via order_by parameter Arbitrary SQL Command Execution in ProjectSend (formerly cFTP) r561 via client-edit.php Unspecified Integrity Vulnerability in Oracle Installed Base Component Unspecified DML-related vulnerability in Oracle MySQL Server 5.6.22 and earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Security Vulnerability in Oracle Demand Planning Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier Remote authenticated users can affect availability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, through DDL-related vectors. Unspecified Text Utilities Vulnerability in Oracle Sun Solaris 10 Unspecified vulnerability in MySQL Connectors component in Oracle MySQL 5.1.34 and earlier Unspecified Integrity Vulnerability in MySQL Utilities Component on Windows Unspecified vulnerability in Oracle Sun Solaris 10 Accounting commands Remote Denial of Service Vulnerability in Oracle Sun Solaris 11.2 via Kernel IDMap Local Privilege Escalation Vulnerability in Oracle Health Sciences Argus Safety Component NFSv4 Vulnerability in Oracle Sun Solaris 10 and 11.2 Unspecified vulnerability in Oracle Secure Global Desktop component in Oracle Virtualization 5.1 and 5.2 Unspecified vulnerability in Oracle MySQL Server allows remote authenticated users to affect availability via GIS vectors. Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified Integrity Vulnerability in Oracle Hyperion Enterprise Performance Management Architect Unspecified Remote Availability Vulnerability in Oracle Database Server Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified remote integrity vulnerability in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Local Denial of Service Vulnerability in Oracle Sun Solaris 10 and 11.2 via S10 Branded Zone Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Integrity Vulnerability in Oracle PeopleSoft Enterprise Portal - Interaction Hub Component Unspecified Integrity Vulnerability in Oracle Hyperion Enterprise Performance Management Architect Unspecified vulnerability in Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 Unspecified vulnerability in Oracle VM VirtualBox component allowing local users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle OLAP component in Oracle Database Server 12.1.0.1 and 12.1.0.2 Unspecified Remote Integrity Vulnerability in Oracle Java SE 7u80 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 related to Install Unspecified Integrity Vulnerability in Oracle Business Intelligence Mobile App Unspecified vulnerability in Oracle Database Server RDBMS Scheduler component Unspecified Confidentiality Vulnerability in Oracle Siebel CRM Confidentiality vulnerability in Oracle Java SE and JRockit versions allows remote attackers to compromise data confidentiality Unspecified vulnerability in Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware Unspecified Confidentiality Vulnerability in Oracle Commerce Guided Search / Oracle Commerce Experience Manager Unspecified vulnerability in Oracle Communications Applications components Unspecified vulnerability in Oracle Sun Solaris 11.2 affecting CPU performance counters drivers Unspecified vulnerability in Oracle Applications Framework component in Oracle E-Business Suite: Popup window integrity issue Unspecified DML-related vulnerability in Oracle MySQL Server 5.6.24 and earlier Unspecified LDAP Security Adapter Confidentiality Vulnerability in Oracle Siebel CRM Confidentiality vulnerability in Oracle Java SE 7u80 and 8u45 NVM Express SSD Driver Vulnerability in Oracle Sun Solaris 11.2 Unspecified Confidentiality Vulnerability in Oracle Applications Framework Unspecified Local Denial of Service Vulnerability in Oracle Sun Solaris Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier related to Partition Unspecified Input Validation Vulnerability in Oracle E-Business Suite Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified Confidentiality Vulnerability in Oracle MySQL Server Confidentiality vulnerability in Oracle Java SE versions 6u95, 7u80, and 8u45, and Java SE Embedded versions 7u75 and 8u33, related to JMX. Unspecified Remote Integrity Vulnerability in Oracle PeopleSoft Products 8.54 Unspecified Remote Integrity Vulnerability in Oracle GlassFish and WebLogic Servers Unspecified vulnerability in Oracle Berkeley DB Data Store Component Confidentiality vulnerability in Oracle Java SE and JRockit versions allows remote attackers to compromise data confidentiality via JSSE vectors. Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified Remote Confidentiality Vulnerability in Oracle Java SE CORBA-related vulnerability in Oracle Java SE versions 6u95, 7u80, and 8u45, and Java SE Embedded versions 7u75 and 8u33 Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite Unspecified Local Vulnerability in Oracle Sun Solaris 10 and 11.2 Affecting Confidentiality, Integrity, and Availability Unspecified 2D-related vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 Unspecified vulnerability in Oracle Enterprise Manager Ops Center component Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Confidentiality vulnerability in Oracle Java SE and JavaFX Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified Integrity Vulnerability in Oracle MySQL Server 5.6.24 and Earlier Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.24 and Earlier Unspecified Gzip-related vulnerability in Oracle Sun Solaris 10 and 11.2 Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Confidentiality Vulnerability in Oracle Agile PLM Framework Unspecified Integrity Vulnerability in Oracle Web Applications Desktop Integrator Unspecified Content Management Vulnerability in Oracle Enterprise Manager Unspecified Content Management Vulnerability in Oracle Enterprise Manager Remote authenticated users can affect availability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier through DML-related vectors Confidentiality vulnerability in Oracle Siebel CRM 8.1.1, 8.22, and 15.0 Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Kernel Zones virtualized NIC driver vulnerability in Oracle Sun Solaris 11.2 Unspecified Remote Integrity Vulnerability in Oracle Marketing Component Unspecified vulnerability in Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Database Server Application Express component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified Confidentiality Vulnerability in Oracle Transportation Management Component Unspecified SSL/TLS Support Vulnerability in Oracle Fusion Middleware 11.1.1.7.0 Web Cache Component Unspecified Remote Availability Vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 Unspecified Local Availability Vulnerability in Oracle MySQL Server 5.6.24 and Earlier Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 related to DHCP Server Unspecified vulnerability in Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 Unspecified vulnerability in Oracle Java SE allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Unspecified Cross-Site Scripting (XSS) Vulnerability in Cacti before 0.8.8d Stack-based Buffer Overflow in Linux Kernel Allows Privilege Escalation via Crafted Microcode Header Untrusted Search Path Vulnerability in GNS3 1.2.3: Privilege Escalation via Trojan Horse uuid.dll Denial of Service Vulnerability in ClamAV 0.98.7 and Earlier Denial of Service Vulnerability in Linux Kernel's xsave/xrstor Implementation Arbitrary Code Execution and Privilege Escalation in WP EasyCart Plugin Vulnerability: Man-in-the-Middle Attack in Restkit's SSL/TLS Implementation OAuth Implementation Truncation Vulnerability in librest CSRF Vulnerability in ASUS RT-G32 Routers Allows Password Hijacking Multiple Cross-Site Scripting (XSS) Vulnerabilities in ocPortal Cross-Site Scripting (XSS) Vulnerabilities in MetalGenix GeniXCMS before 0.0.2 SQL Injection Vulnerabilities in MetalGenix GeniXCMS CSRF Vulnerability in MetalGenix GeniXCMS Allows Unauthorized Administrator Account Addition ASUS RT-G32 Routers Firmware XSS Vulnerabilities Information Disclosure Vulnerability in Citrix Command Center Unrestricted Access to Citrix Command Center JMX Servlet Vulnerability Denial of Service Vulnerability in Shibboleth Service Provider (SP) 2.5.4 and earlier Privilege escalation vulnerability in Linux kernel 3.19 before 3.19.3 Unauthorized Access to VM Volumes in OpenStack Compute (nova) Icehouse, Juno, and Havana during Failed Live Migration Buffer Layout Vulnerability in Tor Denial of Service Vulnerability in Tor Multiple Cross-Site Scripting (XSS) Vulnerabilities in Digium Addons Module Arbitrary Resource Blocking and Filter Disabling Vulnerability in AdBlock before 2.21 Kerberos 5 Preauthentication Bypass Vulnerability Denial of Service Vulnerability in MIT Kerberos 5 (krb5) SPNEGO Mechanism Denial of Service Vulnerability in MIT Kerberos 5 (krb5) Denial of Service Vulnerability in MIT Kerberos 5 Memory Corruption Vulnerability in MIT Kerberos 5's iakerb_gss_export_sec_context Function CS-Cart 4.2.4 Cross-Site Request Forgery (CSRF) Vulnerability in Password Change XSS Vulnerability in Websense TRITON AP-EMAIL and V-Series Appliances Cross-Site Scripting (XSS) Vulnerabilities in Websense TRITON AP-WEB and V-Series Appliances Remote Code Injection Vulnerability in realmd via Newline Character in LDAP Response Race condition in AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Arbitrary Code Execution via SVGTextFrame Heap-based Buffer Overflow in Mozilla Firefox and Thunderbird Referrer Policy Bypass in Mozilla Firefox Heap Length Determination Vulnerability in Mozilla Firefox Use-after-free vulnerability in SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 Information Disclosure Vulnerability in Mozilla Firefox for Android Race condition in nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 Buffer Overflow in Mozilla Firefox XML Parser Integer Overflow Vulnerability in libstagefright in Mozilla Firefox Same Origin Policy Bypass in Mozilla Firefox WebChannel.jsm Module Insecure Update Implementation in Mozilla Firefox on Windows SMACK SKIP-TLS Vulnerability Use-after-free vulnerability in Mozilla Firefox allows remote code execution Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Arbitrary File Reading and JavaScript Code Execution in Mozilla Firefox 38.0 and Firefox ESR 38.0 Type Confusion Vulnerability in Mozilla Firefox IndexedDB Implementation Out-of-bounds read vulnerability in AudioParamTimeline::AudioNodeInputValue function in Mozilla Firefox ECC Multiplication Spoofing Vulnerability in Mozilla Network Security Services (NSS) Use-after-free vulnerability in Mozilla Firefox and Thunderbird allows remote code execution Use-after-free vulnerability in Mozilla Firefox allows remote code execution Uninitialized Memory Read Vulnerability in Mozilla Firefox and Thunderbird Memory Access Vulnerability in Mozilla Firefox and Thunderbird Memory Access Vulnerability in nsZipArchive::BuildFileList Function Uninitialized Memory Read Vulnerability in Mozilla Firefox and Thunderbird Uninitialized Memory Read Vulnerability in YCbCrImageDataDeserializer::ToDataSourceSurface Function Unintended Memory Access Vulnerability in ArrayBufferBuilder::append Function Buffer Overflow in nsXMLHttpRequest::AppendToResponseText Function in Mozilla Firefox and Thunderbird Key Pinning Bypass Vulnerability in Mozilla Firefox and Thunderbird Sensitive Information Disclosure in Mozilla Firefox Crash Reporting on OS X Excessive Privileges in PDF.js Allows Arbitrary Code Execution via Same Origin Policy Bypass Arbitrary HTML Injection Vulnerability in Gaia Search App in Mozilla Firefox OS Multiple Cross-Site Scripting (XSS) Vulnerabilities in Gaia Search App in Mozilla Firefox OS Arbitrary Command Execution Vulnerability in Websense TRITON Appliance Manager Cross-Site Scripting (XSS) Vulnerabilities in Websense Triton and V-Series Appliances Unrestricted File Access in Websense TRITON AP-WEB Open Redirect Vulnerability in Drupal 6.x and 7.x Open Redirect Vulnerability in Drupal URL-related API Functions Denial of Service Vulnerability in Xen Toolstack Disaggregation Denial of Service via Preemptibility Vulnerability in XEN_DOMCTL_memory_mapping Hypercall Stack Corruption and Arbitrary Code Execution Vulnerability in FreeXL Stack Corruption and Arbitrary Code Execution Vulnerability in FreeXL CSRF and XSS Vulnerabilities in AB Google Map Travel Plugin for WordPress QEMU PCI Command Register Access Restriction Vulnerability Denial of Service Vulnerability in McAfee Data Loss Prevention Endpoint Remote Code Execution Vulnerability in McAfee Data Loss Prevention Endpoint CSRF Vulnerabilities in McAfee Data Loss Prevention Endpoint (DLPe) Extension Arbitrary Web Script Injection Vulnerability in McAfee Data Loss Prevention Endpoint Arbitrary Code Injection through XSS Vulnerability in Websense TRITON AP-WEB User Account Enumeration Vulnerability in Websense TRITON AP-WEB before 8.0.0 Unspecified Vulnerability in Websense TRITON AP-EMAIL before 8.0.0 with Unknown Impact and Attack Vectors on Port 17703 Cross-Site Scripting (XSS) Vulnerabilities in Websense TRITON AP-DATA before 8.0.0 Clickjacking Vulnerability in Websense TRITON AP-EMAIL Brute Force Attack Vulnerability in Websense TRITON AP-EMAIL Personal Email Manager (PEM) Unspecified Autocomplete Enabled Vulnerability in Websense TRITON AP-EMAIL before 8.0.0 Unspecified Cross-Site Scripting (XSS) Vulnerability in Websense TRITON AP-EMAIL and V-Series Appliances Cross-Site Request Forgery (CSRF) Vulnerabilities in Websense TRITON AP-EMAIL Personal Email Manager (PEM) CSRF Vulnerability in Websense TRITON V-Series Appliances Plaintext Credential Vulnerability in Websense TRITON AP-EMAIL and V-Series Appliances Arbitrary File Upload Vulnerability in Websense TRITON V-Series Appliances Arbitrary File Read Vulnerability in Websense TRITON V-Series Appliances Padding Oracle Vulnerability in Erlang/OTP Arbitrary File Execution via Directory Traversal in GNU Mailman Denial of Service Vulnerability in FreeXL's parse_SST Function Incorrect Data-Type Size in Quassel Message Splitting Vulnerability Stack Consumption Vulnerability in Quassel: Denial of Service via Crafted Message Unrestricted File Upload Vulnerability in Berta CMS Allows Remote Code Execution Arbitrary Web Script Injection Vulnerability in Hotspot Express hotEx Billing Manager 73 Buffer Overflow Vulnerability in Open-source ARJ Archiver 3.10.22 Remote Code Execution and Denial of Service Vulnerability in PHP Phar Extension Improper Crop Input Handling in Papercrop Gem for Ruby on Rails (before 0.3.0) Remote Code Execution Vulnerability in Byzanz GIF Encoder Group join request notifications sent to wrong group leaders vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 Use-after-free vulnerability in PHP unserialize function allows remote code execution Multiple stack-based buffer overflows in ib_fill_isqlda function in DBD-Firebird before 1.19 Unquoted Windows Search Path Vulnerability in Foxit Cloud Safe Update Service Denial of Service Vulnerability in Foxit Reader, Enterprise Reader, and PhantomPDF Arbitrary Deletion Vulnerability in WPML Plugin Vulnerability: WPML Plugin Multiple Action Bypass Cross-site scripting (XSS) vulnerability in ikiwiki before 3.20150329 Remote Code Execution and SuperUser Access Vulnerability in DotNetNuke (DNN) Installation Wizard Cross-Site Scripting (XSS) Vulnerabilities in Project-Pier ProjectPier-Core Remote Code Execution Vulnerability in AirTies DSL Modems Arbitrary SQL Command Execution Vulnerability in Joomla! Component Contact Form Maker 1.0.1 Denial of Service Vulnerability in Huawei Campus Switches RC4 Cipher Bar Mitzvah: Information Disclosure Vulnerability in HP SiteScope and Asset Manager Arbitrary SQL Command Execution in Akronymmanager Extension for TYPO3 Weak Session Identifier Generation in Alcatel-Lucent OmniSwitch Web Interface Alcatel-Lucent OmniSwitch Management Web Interface CSRF Vulnerability Stack-based Buffer Overflow in asn1_der_decoding in libtasn1 Arbitrary Script Injection in Navis DocumentCloud WordPress Plugin The Bar Mitzvah Vulnerability: RC4 Initialization Weakness in TLS and SSL Protocols Unintended Response to Unicast Queries in Synology DiskStation Manager (DSM) Allows for Denial of Service and Information Disclosure Integer Overflow Vulnerability in Hancom Office HanWord Processor SAP NetWeaver Portal XXE Vulnerability (SAP Security Note 2111939) XML External Entity (XXE) Vulnerability in SAP NetWeaver Portal 7.31.201109172004 SAP Mobile Platform XXE Vulnerability: Remote Server Request via Crafted XML (SAP Security Note 2125358) Improper Access Restriction in SAP EMR Unwired and Clinical Task Tracker (SAP Security Note 2117079) Buffer Overflow in C_SAPGPARAM Function in SAP NetWeaver Dispatcher Unrestricted Access Vulnerability in SAP Afaria 7.0.6001.5 Sensitive Information Disclosure in SAP Management Console (SAP Security Note 2091768) SAP Mobile Platform 3 XXE Vulnerability (SAP Security Note 2125513) Denial of Service Vulnerability in SAP Sybase SQL Anywhere 11 and 16 Buffer Overflow Vulnerability in XcListener in SAP Afaria 7.0.6001.5 Unspecified Remote Editors Workspace Access Vulnerability in TYPO3 Neos Denial of Service Vulnerability in Siemens SIMATIC HMI Comfort Panels and WinCC Runtime Advanced Authentication Bypass Vulnerability in Siemens SIMATIC HMI Panels and WinCC Runtime Multiple SQL Injection Vulnerabilities in Simple Ads Manager Plugin for WordPress Arbitrary Code Execution via Unrestricted File Upload in Simple Ads Manager Plugin for WordPress Information Disclosure Vulnerability in WordPress Simple Ads Manager Plugin Unspecified Cross-Site Scripting (XSS) Vulnerability in CA Spectrum 9.2.x and 9.3.x Improper Validation of Serialized Java Objects in CA Spectrum 9.2.x and 9.3.x Denial of Service Vulnerability in Citrix NetScaler ADC and Gateway Vulnerability: Bypassing seccomp and audit protection mechanism in Linux kernel Buffer Overflow in das_watchdog 0.9.0: Local Privilege Escalation via XAUTHORITY Environment Variable CSRF Vulnerability in Citrix NetScaler Nitro API Allows Remote Command Execution Incorrect Content-Type in Nitro API Allows XSS Attacks via file_name Parameter Arbitrary Script Injection in Citrix NetScaler's help/rt/large_search.html Bypassing Firewall Restrictions via Crafted Content-Type Header in Citrix NetScaler AppFirewall Arbitrary Code Execution via Unrestricted File Upload in GoAutoDial GoAdmin CE 3.x Multiple SQL Injection Vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 Arbitrary Command Execution in GoAutoDial GoAdmin CE Arbitrary Command Execution in GoAutoDial GoAdmin CE Arbitrary Command Execution Vulnerability in BitTorrent Sync Client-side authentication vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA Honeywell Tuxedo Touch CSRF Vulnerability Allows Unauthorized Home Automation Commands SQL Injection Vulnerability in ANTlabs InnGate Firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 Devices Arbitrary Web Script Injection in ANTlabs InnGate Firmware Arbitrary File Ownership Change Vulnerability in Synology Cloud Station for OS X CSRF Vulnerability in Blue Coat SSL Visibility Appliance Allows Authentication Hijacking Session Fixation Vulnerability in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 Clickjacking Vulnerability in Blue Coat SSL Visibility Appliance Insecure Cookie Transmission in Blue Coat SSL Visibility Appliance Accellion File Transfer Appliance Directory Traversal Vulnerability Remote Code Execution Vulnerability in Accellion File Transfer Appliance Arbitrary Data Read/Write Vulnerability in Datalex Airline Booking Software Certificate Validation Bypass in Intel McAfee ePolicy Orchestrator (ePO) Arbitrary File Read Vulnerability in Avigilon Control Center (ACC) CSRF Vulnerability in Vesta Control Panel Allows Remote User Authentication Hijacking Arbitrary File Read Vulnerability in Kaseya Virtual System Administrator (VSA) Open Redirect Vulnerability in Kaseya Virtual System Administrator (VSA) Versions 7.x, 8.x, 9.0, and 9.1 Insecure Password Hash Generation in Retrospect and Retrospect Client Grandstream GXV3611_HD Camera Firmware SQL Injection Vulnerability Remote Code Execution Vulnerability in Trane ComfortLink II SCC Firmware Version 2.0.2 Trane ComfortLink II Firmware 2.0.2 DSS Service Remote Code Execution Vulnerability Denial of Service Vulnerability in Ghisler Total Commander FileInfo Plugin Arbitrary Web Script Injection Vulnerability in Chiyu BF-630, BF-630W, and BF-660C Fingerprint Access-Control Devices Remote Authentication Bypass in Chiyu BF-660C Fingerprint Access-Control Devices Cross-Site Scripting (XSS) Vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) Information Disclosure and Configuration Manipulation Vulnerability in Trend Micro Deep Discovery Inspector Default Root Password Vulnerability in Seagate and LaCie Wireless Storage Devices Path Traversal Vulnerability on Seagate and LaCie Wireless Storage Devices Arbitrary Code Execution via Unrestricted File Upload on Seagate and LaCie Wireless Storage Devices Cross-VM ASL INtrospection (CAIN) Attack: Exploiting Kernel Samepage Merging (KSM) Vulnerability CSRF Vulnerabilities in Hexis HawkEye G 3.0.1.4912: Arbitrary Account Addition, Sensor Manipulation, and MD5 Whitelisting Critical Security Vulnerability: Default Admin Password in TRENDnet WiFi Baby Cam TV-IP743SIC Weak and Easily Exploitable Backdoor Passwords in Gynoii System Multiple Backdoor Password Vulnerabilities in Philips In.Sight B120/37 XSS Vulnerability in Philips In.Sight B120/37 via Weaved Cloud Web Service Remote Information Disclosure in Philips In.Sight B120/37 Backdoor Password Vulnerability in Lens Peek-a-View iBaby M6 Vulnerability: Remote Access to Sensitive Information via ibabycloud.com Critical Security Vulnerability: iBaby M3S Backdoor Admin Account Password Set to 'admin' Authentication Bypass Vulnerability in Summer Baby Zoom Wifi Monitor & Internet Viewing System Remote Privilege Escalation in Summer Baby Zoom Wifi Monitor & Internet Viewing System BIOS Flash Attack Vulnerability on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions Devices Format String Vulnerability in Idera Uptime Infrastructure Monitor Client Buffer Overflow Vulnerability in Idera Uptime Infrastructure Monitor 7.4 Client Information Disclosure Vulnerability in Idera Uptime Infrastructure Monitor Hardcoded Root Accounts in Sierra Wireless ALEOS Devices Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226: Remote Code Execution Vulnerabilities Heap-based Buffer Overflow in Medicomp MEDCIN Engine: Remote Code Execution Remote Code Execution Vulnerability in Medicomp MEDCIN Engine Stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166: Remote Code Execution Vulnerability Unverified X.509 Certificate Vulnerability in HP ArcSight SmartConnectors Hardcoded Password Vulnerability in HP ArcSight SmartConnectors Hardcoded Credentials Vulnerability in Actiontec GT784WN Modems CSRF Vulnerability in Actiontec GT784WN Modems: Remote Authentication Hijacking Shared SSH Private Keys in Mobile Devices (MDI) C4 OBD-II Dongles Pose Security Risk Hardcoded SSH Credentials in Mobile Devices' C4 OBD-II Dongles Remote Code Execution Vulnerability in Mobile Devices (MDI) C4 OBD-II Dongles with Firmware 2.x and 3.4.x Inadequate GUI Warning for Login Credentials Configuration in Dedicated Micros Devices Cross-Site Request Forgery (CSRF) Vulnerability in OrientDB Server Community Edition Predictable Session ID Generation in OrientDB Server Community Edition Fixed Source-Port Vulnerability in Securifi Almond Devices Default Password Vulnerability in Securifi Almond Devices CSRF Vulnerability on Securifi Almond Devices Allows Remote Authentication Hijacking Clickjacking Vulnerability in Securifi Almond Devices Clickjacking Vulnerability in OrientDB Server Community Edition IPv6 Neighbor Discovery Protocol Vulnerability IPv6 Neighbor Discovery Protocol Vulnerability: Remote Hop-Limit Reconfiguration Remote Code Execution via Neighbor Discovery Protocol in NetworkManager 1.x Double-chroot attack vulnerability in Linux kernel before 4.2.4 Arbitrary Web Script Injection via User-Agent Header in phpTrafficA 2.3 and Earlier Denial of Service Vulnerability in Node 0.3.2 and URONode before 1.0.5r3 Denial of Service Vulnerability in Tor Hidden Service Server Implementation Denial of Service Vulnerability in Tor Hidden Service Client Implementation Arbitrary Web Script Injection via Incomplete Blacklist Vulnerability in MediaWiki Arbitrary Web Script Injection Vulnerability in MediaWiki Arbitrary web script injection vulnerability in MediaWiki's Html class Arbitrary Web Script Injection via Crafted SVG File in MediaWiki Remote Information Disclosure Vulnerability in MediaWiki Denial of Service Vulnerability in MediaWiki 1.24.x Denial of Service Vulnerability in MediaWiki with HHVM or Zend PHP Arbitrary Script Injection in MediaWiki Preview Functionality Scribunto Extension XSS Vulnerability CSRF Vulnerability in CheckUser Extension for MediaWiki Allows User Hijacking Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 via invalid parameter in wddx format request to api.php Denial of Service Vulnerability in MediaWiki with HHVM SSL Certificate Verification Bypass in Honda Moto LINC 1.6.1 Cross-Site Scripting (XSS) Vulnerabilities in Apache Sling API and Servlets PHP Object Injection Vulnerability in Hajime Fujimoto mt-phpincgi (before 2015-05-15) Stack-based Buffer Overflow in Open CAD Format Council SXF Common Library KanColleViewer Open Proxy Vulnerability Arbitrary Web Script Injection in Zenphoto Image Processor Arbitrary Web Script Injection Vulnerability in ZenPhoto20 1.1.3 and Earlier Directory Traversal Vulnerability in Brandon Bowles Open Explorer Application Bypassing Signature Verification in F21 JWT before 2.0 Authentication Bypass Vulnerability in Igreks MilkyStep Light and Professional Unspecified File Read Vulnerability in Igreks MilkyStep Light and Professional CSRF Vulnerability in Igreks MilkyStep Light and Professional Versions Arbitrary OS Command Execution in Igreks MilkyStep Light and Professional Versions Remote SQL Injection Vulnerability in Igreks MilkyStep Light and Professional Versions Arbitrary Web Script Injection in Igreks MilkyStep Light and Professional Unspecified Remote Access Restriction Bypass Vulnerability in Igreks MilkyStep Light and Professional Unauthenticated Remote Access Vulnerability in Zoho NetFlow Analyzer Zoho NetFlow Analyzer XSS Vulnerability CSRF Vulnerability in Zoho NetFlow Analyzer Allows Remote Authentication Hijacking Arbitrary File Write and Code Execution Vulnerability in CGI RESCUE BloBee 1.20 and Earlier Cross-Site Scripting (XSS) Vulnerability in thoughtbot paperclip gem before 4.2.2 for Ruby JWT Signature Verification Bypass in NAMSHI | JOSE 5.0.0 and Earlier Directory Traversal Vulnerability in osCommerce Japanese 2.2ms1j-R8 and Earlier Arbitrary File Write Vulnerability in Droidware UK Explorer+ File Manager Application Arbitrary Web Script Injection Vulnerability in Cacti settings.php Vulnerability: Non-SSL/TLS Communications in LINE@ for Android and iOS Arbitrary Web Script Injection in LEMON-S PHP Simple Oekaki BBS Arbitrary File Deletion Vulnerability in LEMON-S PHP Simple Oekaki BBS Seeds acmailer Directory Traversal Vulnerability Sysphonic Thetis 2.3.0 Multiple SQL Injection Vulnerabilities Multiple Cross-Site Scripting (XSS) Vulnerabilities in Welcart Plugin for WordPress Arbitrary HTML Document Upload Vulnerability in LEMON-S PHP Gazou BBS plus before 2.36 Unauthenticated Access Vulnerability in Research Artisan Lite before 1.18 Cross-Site Scripting (XSS) Vulnerabilities in Research Artisan Lite before 1.18 Arbitrary File Creation and Code Execution Vulnerability in Webservice-DIC yoyaku_v41 Unauthenticated Reservation Bypass in Webservice-DIC yoyaku_v41 Arbitrary OS Command Execution Vulnerability in Webservice-DIC yoyaku_v41 Remote Code Execution Vulnerability in Yodobashi Application for Android Unverified SSL Certificates in Yodobashi App for Android 1.2.1.0 and Earlier Arbitrary Code Injection via XSS Vulnerability in PHP Kobo Photo Gallery CMS CSRF Vulnerability in PHP Kobo Photo Gallery CMS 1.0.1 Free and Earlier Denial of Service Vulnerability in I-O DATA DEVICE WN-G54/R2 and NP-BBRS Routers Arbitrary Web Script Injection Vulnerability in guide-park.com BBS X102 1.03 Unspecified Cross-Site Scripting (XSS) Vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b Insecure ECB Encryption in Type74 ED Before 4.0 Allows Plaintext Recovery for Small Files Unverified SSL Certificates in Rakuten Card App for iOS 5.2.0-5.2.4: Potential for Man-in-the-Middle Attacks Arbitrary Web Script Injection via imagetitle Parameter in LEMON-S PHP Twit BBS Arbitrary File Read Vulnerability in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 Buffer Overflow Vulnerability in NScripter 3.00: Remote Code Execution via Crafted Save Data Cross-Site Scripting (XSS) Vulnerability in Apache Struts before 2.3.20 Unrestricted Access and Arbitrary File Write Vulnerability in SysAid Help Desk Arbitrary Code Execution via Unrestricted File Upload in SysAid Help Desk Arbitrary File Upload Vulnerability in SysAid Help Desk Directory Traversal Vulnerabilities in SysAid Help Desk before 15.2 Sensitive Information Disclosure in SysAid Help Desk (CVE-XXXX-XXXX) Hardcoded Encryption Key Vulnerability in SysAid Help Desk Multiple SQL Injection Vulnerabilities in SysAid Help Desk XML Entity Expansion (XEE) Attack in SysAid Help Desk before 15.2 Hardcoded Password Vulnerability in SysAid Help Desk Improper Enforcement of Log-out-on-disconnect Feature on Juniper Junos SRX Series Devices Privilege Escalation Vulnerability in Juniper Junos Clickjacking Vulnerability in Juniper Junos J-Web Cross-site scripting (XSS) vulnerability in Juniper Junos Dynamic VPN Insufficient Entropy Generation on QFX3500 and QFX3600 Switches Insecure Console Port Access Vulnerability in Juniper SRX Series Gateways SIP TLS Device Spoofing Vulnerability Weak Permissions in ceph-deploy Keyring File (CVE-XXXX-XXXX) Cross-Site Scripting (XSS) Vulnerabilities in ownCloud Server Community Edition Multiple Cross-Site Scripting (XSS) Vulnerabilities in WebODF before 0.5.5 Arbitrary File Upload Vulnerability in ownCloud Server Icecast Denial of Service Vulnerability Stack-Guard Bypass Vulnerability in Clang LLVM Configuration Settings Bypass in McAfee Advanced Threat Defense (MATD) Unrestricted Access Vulnerability in McAfee Advanced Threat Defense (MATD) Information Disclosure Vulnerability in McAfee Advanced Threat Defense (MATD) Web Interface Directory Traversal Vulnerability in TP-LINK Archer C5, C7, C8, C9, TL-WDR3500, TL-WDR3600, TL-WDR4300, TL-WR740N, TL-WR741ND, and TL-WR841N with Firmware Before 150317 Stack-based Buffer Overflow in KCodes NetUSB Module Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Memory Address Discovery Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player (April 2015) Unspecified Vector Information Disclosure Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Denial of Service Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Reader and Acrobat 10.x and 11.x on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Adobe Reader and Acrobat Use-After-Free Arbitrary Code Execution Vulnerability Unspecified Use-After-Free Vulnerability in Adobe Reader and Acrobat Adobe Reader and Acrobat Use-After-Free Arbitrary Code Execution Vulnerability Unspecified Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability in Adobe Reader and Acrobat Information Disclosure Vulnerability in Adobe Reader and Acrobat Unspecified Use-After-Free Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified JavaScript API Execution Restriction Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Adobe Reader and Acrobat Use-After-Free Arbitrary Code Execution Vulnerability Unspecified Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Adobe Flash Player and Adobe AIR Multiple Vulnerabilities Adobe Flash Player Use-After-Free Vulnerability Bypassing Internet Explorer Protected Mode in Adobe Flash Player and Adobe AIR Unspecified vulnerability in Adobe Flash Player and Adobe AIR allows remote attackers to bypass filesystem write restrictions Unspecified vulnerability in Adobe Flash Player and Adobe AIR allows remote attackers to bypass filesystem write restrictions Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Unspecified vulnerability in Adobe Flash Player and Adobe AIR allows remote attackers to bypass filesystem write restrictions Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows arbitrary code execution via unspecified vectors. Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Remote Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Predictable Memory Address Vulnerability in Adobe Flash Player and Adobe AIR Same Origin Policy Bypass Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Same Origin Policy Bypass Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Stack-based buffer overflow vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Transition from Low Integrity to Medium Integrity in Adobe Flash Player and Adobe AIR Same Origin Policy Bypass Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Arbitrary Code Execution via Integer Overflow in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Photoshop CC Arbitrary Code Execution via Integer Overflow in Adobe Photoshop CC and Adobe Bridge CC Heap-based Buffer Overflow in Adobe Photoshop CC and Adobe Bridge CC Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Photoshop CC and Adobe Bridge CC Adobe Flash Player Heap-based Buffer Overflow Vulnerability Adobe Flash Player and Adobe AIR Multiple Vulnerabilities Same Origin Policy Bypass Vulnerability in Adobe Flash Player and Adobe AIR Same Origin Policy Bypass Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Same Origin Policy Bypass Vulnerability in Adobe Flash Player and Adobe AIR Adobe Flash Player and Adobe AIR Multiple Vulnerabilities Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Denial of Service Vulnerability in tcpdump (CVE-2016-7922) Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Synametrics Technologies Products Multiple Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and Earlier Improper Ownership Check in ABRT's Kernel-Invoked Coredump Processor NTLM Connection Re-Use Vulnerability in cURL and libcurl Out-of-bounds Read/Write Vulnerability in cURL and libcurl Out-of-Bounds Write Vulnerability in cURL and libcurl Denial of Service Vulnerability in libssh 0.6.5 and earlier Arbitrary File Write Vulnerability in ABRT's abrt-handle-upload.in Authenticated Negotiate Connection Re-Use Vulnerability in cURL and libcurl Local Privilege Escalation via Symlink Attack in OpenJDK8 Local Privilege Escalation in ABRT's abrt-dbus Directory Traversal Vulnerability in ABRT-Dbus: Arbitrary File Access and Manipulation Cleartext-Downgrade Vulnerability in Oracle MySQL and MariaDB Vulnerability: Information Leakage via Default cURL and libcurl Configuration CRLF Injection Vulnerability in Zend\Mail Insecure Session Cookie Handling in Foreman before 1.8.1 Vulnerability: Local Privilege Escalation via Symlink Attack in OpenStack DBaaS (Trove) Improper Role Based Authorization in PicketLink before 2.8.0.Beta1 Privilege Escalation in abrt-action-install-debuginfo-to-abrt-cache in ABRT XML External Entity (XXE) Vulnerability in Beaker Server's jobs.py Unescaped </script> Tags in JSON Output Vulnerability XSS Vulnerability in Beaker 20.1 Edit Comment Dialog Unrestricted Access to Admin Pages in Beaker Allows Modification of Power and Key Types XWayland Authentication Bypass Vulnerability Double free vulnerability in PostgreSQL versions before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 Inadequate Error Handling in PostgreSQL snprintf Implementation Inconsistent Error Responses in contrib/pgcrypto in PostgreSQL Cross-Site Scripting (XSS) Vulnerability in askbot 0.7.51-4.el6.noarch Denial of Service Vulnerability in SELinux Policy with fs.protected_hardlinks Set to 0 Weak Permissions in sosreport 3.2 Allow Unauthorized Access to Sensitive Information EidoGo Vulnerability: Cross-Site Scripting (XSS) via Malicious SGF Input Arbitrary PHP Remote Code Execution in custom-content-type-manager Wordpress Plugin Cross-Site Scripting (XSS) Vulnerability in Moodle's Quiz Grading Open Redirect Vulnerabilities in Moodle Sensitive Full-Name Information Disclosure in Moodle Account-Confirmation Feature Inadequate Access Control in Moodle 2.8.x before 2.8.6 Cross-site scripting (XSS) vulnerability in Moodle's external_format_text function Bypassing Login Restrictions in Moodle through Unconfirmed Suspended Account Sensitive Course-Structure Information Disclosure in Moodle Bypassing File Management Restrictions in Moodle Denial of Service Vulnerability in Wireshark DECnet NSP/RT Dissector Apache HTTP Server Chunked Transfer Coding Vulnerability Apache Subversion mod_authz_svn Vulnerability: Unauthorized Access to Hidden Files Bypassing Access Restrictions in Apache HTTP Server 2.4.x Arbitrary Script Injection in Apache Ambari Configuration Change Note Field Sensitive Path Information Disclosure in Apache Subversion Arbitrary Code Execution Vulnerability in Apache Storm 0.10.0 Vulnerability: Expired Password Reset Links Not Updated After Email Change Open Redirect Vulnerability in Cloud Foundry UAA Logout Link CSRF Vulnerability in Cloud Foundry UAA Change Email Form XML Denial of Service Vulnerability in Pivotal Spring Framework Vulnerability in OpenSSL 1.0.2: Incorrect Output in Montgomery Squaring Implementation Denial of Service Vulnerability in OpenSSL RSA PSS ASN.1 Signature Handling ASN1_TFLG_COMBINE implementation vulnerability in OpenSSL Race condition and double free vulnerability in OpenSSL SSL/TLS client OpenSSL SSLv2 Cipher Vulnerability Information Disclosure Vulnerability in WildFly Undertow Module Arbitrary Log Injection Vulnerability in mod_auth in Lighttpd World-readable permissions for web.xml configuration file in Thermostat before 2.0.0 allows unauthorized access to user credentials Privilege Escalation via Crafted LIBMOUNT_MTAB Environment Variable Arbitrary Code Execution via Unrestricted File Upload in h5ai Denial of Service Vulnerability in libreswan 3.9 through 3.12 Arbitrary Code Execution Vulnerability in libmimedir via VCF File Unauthenticated KDC Communication Vulnerability in python-kerberos Lack of 'secure' and 'HttpOnly' attributes in cookies set in Openshift Origin 3 console QEMU PCNET Controller Heap-Based Buffer Overflow Vulnerability Heap-based Buffer Overflow in PCRE and PCRE2: Remote Code Execution Vulnerability Local Privilege Escalation Vulnerability in php-fpm via Symlink Attack Race condition vulnerability in net/sctp/socket.c in Linux kernel before 4.1.2 allows local users to cause denial of service Gesture Bypass Vulnerability in Clutter's Lock Screen Arbitrary Code Execution Vulnerability in pit_ioport_read in Linux Kernel and QEMU Denial of Service Vulnerability in NetKVM Windows Virtio Driver Race condition vulnerability in Red Hat patch to PRNG lock implementation in OpenSSL Stack-based Buffer Overflow in PCRE and PCRE2 due to Mishandling of Group Empty Matches Denial of Service Vulnerability in PolicyKit's Authentication Agent Registration Arbitrary Script Injection in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 Denial of Service Vulnerability in tlslite Library Denial of Service Vulnerability in OpenStack Neutron IPTables Firewall Driver Arbitrary Code Execution Vulnerability in OSSEC 2.7 through 2.8.1 on NIX Systems Denial of Service Vulnerability in ldb_wildcard_compare function IP Address Spoofing Vulnerability in Web Console Denial of Service Vulnerability in Rack Utils.rb Cross-site scripting (XSS) vulnerability in Active Support in Ruby on Rails before 4.1.11 and 4.2.2 Denial of Service Vulnerability in Active Support in Ruby on Rails Integer Overflow in gs_heap_alloc_bytes Function in Ghostscript Allows Remote Denial of Service Man-in-the-Middle Vulnerability in Fedora Cloud Atomic Updates Download Unenforced nsSSL3Ciphers Preference in 389 Directory Server Information Disclosure Vulnerability in Drupal 7.x Render Cache System Open Redirect Vulnerability in Drupal 7.x Field UI Module Open Redirect Vulnerability in Drupal 7.x Overlay Module OpenID Remote Account Takeover Vulnerability in Drupal Privilege Escalation: Remote Authenticated Users can Edit Administrator Users and Change Passwords in Foreman before 1.9.0 HTTP Basic Authentication Credentials Leakage in cURL and libcurl Remote SMB servers can cause out-of-bounds read and crash in cURL and libcurl 7.40.0 through 7.42.1 Denial of Service and User Enumeration Vulnerability in Linux-PAM Off-by-one error in dwarf_to_unw_regnum function in libunwind 1.1 Denial of Service Vulnerability in Pluto IKE Daemon Denial of Service Vulnerability in OpenStack Compute (nova) Weak Permissions in rsyslog Allow Local Users to Access Sensitive Information in /var/log/cron Unrestricted Access to Restricted Resources in Red Hat JBoss Portal 6.2.0 Incomplete Blacklist Vulnerability in chfn Function Allows Denial of Service Inconsistent File State Denial of Service Vulnerability in libuser Race condition in worker_update_monitors_config function in SPICE 0.12.4 allows remote authenticated guest user to cause denial of service or execute arbitrary code on host World-writable permissions in OpenHPI Makefile.am leading to disk consumption denial of service vulnerability Apache Traffic Server HTTP/2 Remote Code Execution Vulnerability Timing Attack Vulnerability in Apache Directory LDAP API Sensitive Password Information Disclosure in Apache CloudStack Insecure VNC Password Preservation in Apache CloudStack Arbitrary Code Execution and Denial of Service Vulnerability in Apache Groovy Denial of Service Vulnerability in Apache Thrift Client Libraries Privilege Escalation via Duplicate Action IDs in PolicyKit Memory Corruption and Privilege Escalation Vulnerability in PolicyKit (polkit) 0.113 and Earlier Improper Path Sanitization in Zend/Diactoros/Uri::filterPath Allows XSS and Open Redirect Attacks Heap-based Buffer Overflow in WriteProlog Function in texttopdf.c Privilege Escalation via Stack-based Buffer Overflow in Xen's xl Command Line Utility Arbitrary Code Injection through 404 Error Page in Red Hat JBoss Operations Network Arbitrary Script Injection in Apache OFBiz ModelFormField.getDescription Method Apache Flex BlazeDS XML External Entity (XXE) Vulnerability Unspecified Remote Authentication Vulnerability in Apache Ambari Arbitrary File Read Vulnerability in Apache Tika Server Open Redirect Vulnerability in Moodle through 2.9.1 Bypassing Access Restrictions in Moodle 2.9.x Cross-site scripting (XSS) vulnerability in user_get_user_details function in Moodle Cross-Site Scripting (XSS) Vulnerabilities in Moodle SCORM Module OpenLDAP Vulnerability: Improper Parsing of OpenSSL-Style Multi-Keyword Mode Cipher Strings Cipher List Disclosure Vulnerability in mod_nss Module Cipherstring Parsing Code Vulnerability in nss_compat_ossl Integer Overflow in texttopdf.c in cups-filters: Remote Code Execution Vulnerability Denial of Service Vulnerability in OpenStack Compute (Nova) Buffer Realignment Vulnerability in HAProxy 1.5.x and 1.6-dev OpenAFS Vulnerability: Stack Data Exposure during VLDB Entry Update OpenAFS before 1.6.13 Vulnerability: Remote Command Spoofing OpenAFS 1.6.x Local Privilege Escalation via Crafted pioctls Commands Memory Corruption and Kernel Panic Vulnerability in OpenAFS Buffer Overflow Vulnerability in Solaris Kernel Extension in OpenAFS Linux Kernel Privilege Escalation via Anonymous Pages Denial of Service Vulnerability in OpenStack Glance (kilo) via Import Task Flow API Improper Handling of Nested NMIs in Linux Kernel x86_64 Platform Improper Handling of Nested NMI in Linux Kernel x86_64 Platform Remote Code Execution via JDWP Service in NetApp OnCommand Workflow Automation Remote Credential Disclosure in FortiMail 5.0.3 - 5.2.3 Out-of-Bounds Read and Denial of Service Vulnerability in Dnsmasq Unrestricted data: URL vulnerability in markdown-it before 4.1.0 Cross-Site Scripting (XSS) Vulnerabilities in NodeBB before 0.7 Arbitrary File Read Vulnerability in Etherpad 1.1.1 through 1.5.2 Yubico ykneo-openpgp Vulnerability: Invalid PIN Bypass Arbitrary Script Injection in Floating Social Bar Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in TheCartPress eCommerce Shopping Cart Plugin for WordPress Arbitrary File Read Vulnerability in TheCartPress eCommerce Shopping Cart Plugin Sensitive Order Detail Information Disclosure in TheCartPress eCommerce Shopping Cart Plugin Arbitrary File Read and Write Vulnerability in ProFTPD 1.3.5 Heap Metadata Corruption Vulnerability in PHP's phar_parse_metadata Function Double free vulnerability in GnuTLS before 3.3.14 in x509_ext.c Directory Traversal Vulnerability in Etherpad 1.1.2 through 1.5.4 Buffer Overflow in rc_mksid Function in Paul's PPP Package (ppp) 2.4.6 and Earlier WordPress Community Events Plugin 1.4 SQL Injection Vulnerability Critical SQL Injection Vulnerability in WordPress Tune Library Plugin (Version < 1.5.5) Symlink Attack Vulnerability in Automatic Bug Reporting Tool (ABRT) Privilege Escalation via Unspecified Environment Variable in CA Common Services Privilege Escalation Vulnerability in CA Common Services Privilege Escalation Vulnerability in CA Common Services Missing HTTPOnly Flag in Hotspot Express hotEx Billing Manager 73 Set-Cookie Header Vulnerability Lenovo USB Enhanced Performance Keyboard Software Debug Output Vulnerability Improper Access Control in Lenovo Fingerprint Manager before 8.01.42 Weak Encryption of User and Administrator BIOS Passwords in Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 Servers Denial of Service Vulnerability in ThinkServer System Manager (TSM) Baseboard Management Controller Insecure Certificate Validation in ThinkServer System Manager (TSM) Allows Server Spoofing SQL Injection Vulnerability in WP Symposium Plugin for WordPress Predictable Session IDs in Trend Micro ScanMail for Microsoft Exchange Stack-based buffer overflows in phar_set_inode function in PHP versions before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 Remote Code Execution via Pipelined HTTP Requests in PHP with Apache HTTP Server 2.4.x Buffer Overflow Vulnerability in Linux Kernel's AESNI-Intel Driver Denial of Service Vulnerability in Linux Kernel TCP Fast Open Implementation Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Inconsistent Display of Camera Permissions in Google Chrome Allows Unauthorized Video Access Lack of RLIMIT_AS and RLIMIT_DATA Limits in NaClSandbox::InitializeLayerTwoSandbox Function in Google Chrome Lack of User Prompt for Fullscreen and Mouselock Changes in Google Chrome Arbitrary File Read Vulnerability in Elasticsearch Site Plugin Race condition vulnerability in prepare_binprm function in Linux kernel before 3.19.6 allows privilege escalation Information Disclosure Vulnerability in Xen 4.2.x through 4.5.x Open Redirect Vulnerability in Ubercart Currency Conversion Module for Drupal OPAC Module CSRF Vulnerability in Drupal Arbitrary Web Script Injection Vulnerability in Drupal Course Module Arbitrary SQL Command Execution in PHPlist Integration Module for Drupal Arbitrary SQL Command Execution in WikiWiki Module for Drupal CSRF Vulnerability in Cloudwords for Multilingual Drupal Module Arbitrary Web Script Injection via Node Title in Cloudwords for Multilingual Drupal Module CSRF Vulnerabilities in Htaccess Module for Drupal CSRF Vulnerability in Todo Filter Module for Drupal CSRF Vulnerabilities in Log Watcher Module for Drupal CSRF Vulnerabilities in Jammer Module for Drupal Cross-Site Scripting (XSS) Vulnerability in Drupal Field Display Label Module CSRF vulnerability allows unauthorized deletion of wishlist purchase intentions in Drupal CSRF Vulnerabilities in Drupal Batch Jobs Module Cross-Site Request Forgery (CSRF) Vulnerabilities in Tadaa! Module for Drupal Arbitrary Script Injection in Wishlist Module for Drupal Open Redirect Vulnerabilities in Tadaa! Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Drupal Room Reservations Module Arbitrary Code Injection through Cross-Site Scripting (XSS) in Drupal Term Merge Module Arbitrary Web Script Injection in Linkit Module for Drupal Arbitrary Script Injection via Node Title in Drupal Video Module CSRF Vulnerability in Contact Form Fields Module for Drupal Unspecified Cross-Site Scripting (XSS) Vulnerability in Drupal Content Analysis Module Nodeauthor Module XSS Vulnerability in Drupal CSRF Vulnerability in Alfresco Module for Drupal Allows Unauthorized Deletion of Nodes CSRF Vulnerabilities in Drupal Patterns Module Allow Authentication Hijacking Arbitrary Script Injection in Classified Ads Module for Drupal Arbitrary Web Script Injection in Taxonews Module for Drupal CSRF vulnerability in Node Invite module for Drupal allows remote hijacking of user authentication Open Redirect Vulnerability in Node Invite Module for Drupal Arbitrary Web Script Injection via Node Title in Node Invite Module for Drupal Access Token Generation Vulnerability in Amazon AWS Module for Drupal CSRF Vulnerabilities in Drupal Corner Module Allow Authentication Hijacking CSRF Vulnerability in Shibboleth Authentication Module for Drupal Quizzler Module XSS Vulnerability in Drupal Open Redirect Vulnerability in Drupal Views Module Unrestricted Access to Default Views Configurations in Drupal Views Module Cross-Site Request Forgery (CSRF) Vulnerabilities in Drupal Feature Set Module Allow Authentication Hijacking XSS Vulnerability in Node Basket Module for Drupal Cross-Site Request Forgery (CSRF) Vulnerabilities in Drupal Node Basket Module Open Redirect Vulnerability in Node Basket Module for Drupal Arbitrary Code Injection Vulnerability in Drupal Commerce Balanced Payments Module Arbitrary Script Injection in Taxonomy Path Module for Drupal Arbitrary Script Injection via Node Title in Drupal Node Access Product Module Cross-Site Scripting (XSS) Vulnerabilities in Taxonomy Tools Module for Drupal CSRF Vulnerability in Drupal Commerce Balanced Payments Module Allows Unauthorized Bank Account Deletion Arbitrary Script Injection in Public Download Count Module for Drupal Facebook Album Fetcher Module for Drupal XSS Vulnerability Bypassing Access Restrictions and Obtaining Sensitive Node Titles in Path Breadcrumbs Module for Drupal Arbitrary Script Injection via Node Title in Drupal Ajax Timeline Module Open Redirect Vulnerability in Commerce WeDeal Module for Drupal Out-of-bounds array access vulnerability in msrle_decode_pal4 function Arbitrary Script Injection in Yii Framework (before 2.0.4) via JSON, Arrays, and IE 6/7 World Readable Access to Shared ZFS File System in sharenfs 0.6.4 Node Access Bypass in Certify Module for Drupal Insufficient Entropy in MD5 Key Generation in ntp-keygen PGP Signature Parsing Vulnerability in Module::Signature Bypassing Signature Verification in Module::Signature Arbitrary Command Execution in Module::Signature before 0.74 Untrusted Search Path Vulnerability in Module::Signature Arbitrary File Access Vulnerability in PHP Arbitrary File Read Vulnerability in PHP Stream Resolution SQLite Denial of Service Vulnerability via Crafted COLLATE Clause Denial of Service Vulnerability in SQLite's sqlite3VdbeExec Function Integer Overflow and Stack-based Buffer Overflow in SQLite's printf.c Use-after-free vulnerability in ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 Denial of Service Vulnerability in X.Org Server's ProcPutImage Function vBulletin 5.x through 5.1.6 Authorization Bypass and Private Message Injection Vulnerability Denial of Service Vulnerability in Dovecot SSL Proxy Cross-Site Scripting (XSS) and Path Disclosure Vulnerability in Wordpress Eshop Plugin Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 via menu2 parameter in admin/main.jsp SQL Injection Vulnerabilities in NetCracker Resource Management System SQL Injection Vulnerability in Accentis Content Resource Management System XSS Vulnerability in Accentis Content Resource Management System SQL Injection Vulnerability in Quassel Server Arbitrary Web Script Injection via Fragment Identifier in Genericons Pydio OS Command Injection Vulnerabilities Pydio Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary Code Execution Vulnerability in Samsung Security Manager (SSM) Arbitrary File Write Vulnerability in Zarafa Collaboration Platform WordPress XSS Vulnerabilities in MySQL without Strict Mode Cross-site scripting (XSS) vulnerability in Plupload Flash Shim 2.1.2 WordPress XSS Vulnerability in wp-db.php Arbitrary Command Execution in Genexis Devices' Parental Control Panel Local Privilege Escalation Vulnerability in Soreco Xpert.Line 3.0 Arbitrary Web Script Injection in Thycotic Secret Server's Basic Dashboard Arbitrary Code Execution Vulnerability in AlienVault Unified Security Management Cross-Site Scripting (XSS) Vulnerabilities in Dell SonicWall SonicOS 7.5.0.12 and 6.x Sensitive Information Disclosure in REST Client for Ruby (rest-client) before 1.7.3 Weak Permissions in SAP Afaria 7.0.6398.0 Windows Client Install Folder Vulnerability Heap-based Buffer Overflow in libaxl 0.6.9: Exploiting XML Document Parsing Vulnerability XML::LibXML Vulnerability: XXE Attacks via _clone Function TelescopeJS before 0.15: User Bcrypt Password Hash Leakage via Websockets SSL Server Spoofing Vulnerability in Squid Proxy Server VENOM: Floppy Disk Controller Vulnerability in QEMU and Xen/KVM Authentication Bypass Vulnerability in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 Arbitrary PHP File Inclusion Vulnerability in Magento CE/EE 1.9.1.0 and 1.14.1.0 Unauthenticated Remote Access Vulnerability in Hospira LifeCare PCA Infusion System Siemens HomeControl for Room Automation Android App SSL Certificate Verification Vulnerability Command Injection Vulnerability in FortiManager Unspecified Parameter XSS Vulnerability in FortiManager FortiManager WebUI FTP Backup Page Vulnerability Arbitrary File Access Vulnerability in Fortinet FortiManager Fortinet FortiManager 5.0.x and 5.2.x XSS Vulnerability Arbitrary Command Execution Vulnerability in Fortinet FortiManager 5.0.x and 5.2.x Privilege Escalation via Crafted CLI Commands in Fortinet FortiManager Arbitrary Web Script Injection in Nagios Business Process Intelligence (BPI) before 2.3.4 Arbitrary Web Script Injection in VirtueMart Component for Joomla! Arbitrary Web Script Injection Vulnerability in Fortinet FortiAnalyzer and FortiManager Untrusted Search Path Vulnerability in SAP ECC Allows Local Privilege Escalation Out-of-Bounds Heap Read Vulnerability in GNU Libtasn1 XML External Entity (XXE) Vulnerability in QlikTech Qlikview Allows SSRF Attacks and Arbitrary File Reading CSRF Vulnerability in Ektron CMS Allows Unauthorized Content Deletion Arbitrary Kernel Memory Read/Write Vulnerability in NVIDIA GPU Driver for FreeBSD Arbitrary Web Script Injection Vulnerability in Fortinet FortiOS DHCP Monitor Page Privilege Escalation via Symlink Attack in Docker Engine Privilege Escalation via iControl API in F5 BIG-IP and related products Mount Namespace Breakout Vulnerability in Docker Engine Insecure Permissions in Docker Engine: Local Privilege Escalation and Information Disclosure Vulnerability Arbitrary Linux Security Modules (LSM) and docker_t Policy Override Vulnerability Denial of Service Vulnerability in Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 Memory Corruption and Crash Vulnerability in Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 Arbitrary Wordpress Option Value Reading Vulnerability in Slideshow Plugin Use-after-free vulnerability in ping_unhash function in Linux kernel before 4.0.3 SQL Injection Vulnerability in phpMyBackupPro Arbitrary PHP Code Execution in phpMyBackupPro before 2.5 Arbitrary PHP Code Execution in phpMyBackupPro 2.5 and Earlier Arbitrary PHP Script Execution in phpMyBackupPro 2.5 and Earlier Denial of Service Vulnerability in bitcoind and Bitcoin-Qt Prior to 0.10.2 Padding-Oracle Vulnerability in Citrix NetScaler ADC and Gateway Devices Privilege escalation vulnerability in usb-creator on Ubuntu Authentication Bypass Vulnerability in Stunnel 5.00 through 5.13 Information Leakage in OpenStack Identity (Keystone) Allows Password and Sensitive Data Exposure through Log Files Cross-Site Scripting (XSS) Vulnerabilities in WP Photo Album Plus Plugin for WordPress Arbitrary File Inclusion Vulnerability in Montala Limited ResourceSpace Arbitrary Code Execution Vulnerability in open-uri-cached Rubygem Privilege escalation vulnerability in VMware Workstation, Player, and Horizon Client on Windows Aruba Networks ClearPass Policy Manager Privilege Escalation Vulnerability Aruba Networks ClearPass Policy Manager Remote Root Privilege Escalation Vulnerability Aruba Networks ClearPass Policy Manager CSRF Authentication Hijacking Vulnerability Aruba Networks ClearPass Policy Manager Privilege Escalation Vulnerability Aruba Networks ClearPass Policy Manager Privilege Escalation Vulnerability CSRF Protection Bypass in Apple Safari and iOS SQLite Authorizer Function Vulnerability Arbitrary Script Injection in WebKit PDF Functionality in Apple Safari Arbitrary Code Execution and Memory Corruption Vulnerability in QT Media Foundation Arbitrary Code Execution and Memory Corruption Vulnerability in QT Media Foundation Arbitrary Code Execution and Memory Corruption Vulnerability in QT Media Foundation Arbitrary Code Execution and Memory Corruption Vulnerability in Apple QuickTime Arbitrary Code Execution and Memory Corruption Vulnerability in Apple QuickTime Arbitrary Code Execution and Memory Corruption Vulnerability in QT Media Foundation Arbitrary Code Execution and Memory Corruption Vulnerability in QT Media Foundation Arbitrary Code Execution and Memory Corruption Vulnerability in QT Media Foundation Arbitrary Code Execution and Memory Corruption Vulnerability in Apple QuickTime XPC Entitlement Verification Bypass Vulnerability in Apple OS X Authentication Bypass Vulnerability in Apple OS X Admin Framework Privilege Escalation via Writeconfig Client Location Restriction Bypass in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X AFP Server Bypassing HTTP Authentication in Apple OS X Apache Server Information Disclosure Vulnerability in AppleGraphicsControl in Apple OS X Memory-layout information disclosure vulnerability in LZVN compression feature in Apple OS X before 10.10.4 AppleThunderboltEDMService Privilege Escalation and Denial of Service Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Type Services (ATS) Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Type Services (ATS) Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Type Services (ATS) Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Type Services (ATS) Bluetooth HCI Interface Privilege Escalation and Denial of Service Vulnerability in Apple OS X HTTPAuthentication Memory Corruption Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText Memory-layout information disclosure vulnerability in Apple iOS and OS X Arbitrary Code Execution Vulnerability in Apple OS X Display Drivers EFI Flash Attack Vulnerability in Apple Mac EFI DDR3 Row-Hammer Vulnerability in Apple Mac EFI Arbitrary Code Execution and Memory Corruption in Apple FontParser Buffer Overflow Privilege Escalation in Intel Graphics Driver on Apple OS X Buffer Overflow Privilege Escalation in Intel Graphics Driver on Apple OS X Buffer Overflow Privilege Escalation in Intel Graphics Driver on Apple OS X Buffer Overflow Privilege Escalation in Intel Graphics Driver on Apple OS X Buffer Overflow Vulnerability in Intel Graphics Driver in Apple OS X Buffer Overflow Vulnerability in Intel Graphics Driver in Apple OS X Buffer Overflow in Intel Graphics Driver in Apple OS X Buffer Overflow in Intel Graphics Driver in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in ImageIO Privilege Escalation Vulnerability in Install.framework on Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in IOAcceleratorFamily in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in IOAcceleratorFamily in Apple OS X FireWire Driver Privilege Escalation and Denial of Service Vulnerability Arbitrary File Write Vulnerability in kextd via Symlink Attack Improper Pathname Validation in Kext Tools Allows Bypass of Kernel Extension Signature Requirements Arbitrary Website Visit Vulnerability in Apple iOS and OS X Mail NTFS Memory Layout Information Disclosure Vulnerability in Apple OS X NVIDIA Graphics Driver Privilege Escalation and Denial of Service Vulnerability in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in QuickTime for Apple OS X Bypassing Launch Restrictions in Apple OS X Bypassing Launch Restrictions via Crafted Library in Apple OS X Arbitrary Command Execution via Crafted Photo File Name in Apple OS X Spotlight Buffer Overflow Vulnerabilities in SQLite printf Functionality Arbitrary Code Execution Vulnerability in systemstatsd in Apple OS X Arbitrary Code Execution and Memory Corruption in TrueTypeScaler in Apple iOS and OS X Memory Layout Information Disclosure Vulnerability in Apple OS X HFS Parameter Handling Vulnerability in Apple iOS and OS X Denial of Service Vulnerability in Apple iOS Application Store Arbitrary Code Execution and Memory Corruption in CoreGraphics via Crafted ICC Profile in PDF Document Arbitrary Code Execution and Memory Corruption in CoreGraphics via Crafted ICC Profile in PDF Document Denial of Service Vulnerability in MobileInstallation on Apple iOS Telephony Subsystem Code Execution Vulnerability in Apple iOS Arbitrary Database Access via WebSQL Table Rename in Apple Safari Automatic Association Vulnerability in Apple iOS Web Site Origin Spoofing Vulnerability in Apple Safari Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Lack of HTTP Strict Transport Security (HSTS) Enforcement in WebKit Bypassing Content Security Policy with Video Control and IMG Element in WebKit Improper Restriction of Cookie Transmission in WebKit Taint Checking Bypass in WebKit for Apple Safari Caching of HTTP Authentication Credentials in Apple Safari User Interface Spoofing Vulnerability in Apple Safari Lock Screen Bypass Vulnerability in Apple iOS Certificate UI Local Privilege Escalation: Time Spoofing in Apple OS X Bypassing User Confirmation Requirement in UIKit WebView Allows Arbitrary FaceTime Calls Symlink Vulnerability in Apple iOS Location Framework Privilege Escalation Vulnerability in Apple OS X before 10.10.5 Privilege Escalation Vulnerability in Apple OS X Kernel XML External Entity (XXE) Vulnerability in Apple OS X Text Formats Denial of Service Vulnerability in Safari for iOS Arbitrary Notification Reading Vulnerability in Apple OS X's Notification Center Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 Information Disclosure Vulnerability in Apple iOS and OS X Privilege Escalation and Denial of Service Vulnerability in Apple OS X DMG Image Handling Arbitrary Code Execution via Integer Overflow in Apple iOS and OS X Kernel Unspecified Memory Corruption Vulnerability in IOFireWireFamily in Apple OS X before 10.10.5 Arbitrary Code Execution and Memory Corruption Vulnerability in IOGraphics Unspecified Memory Corruption Vulnerability in IOFireWireFamily in Apple OS X before 10.10.5 Unspecified Memory Corruption Vulnerability in IOFireWireFamily in Apple OS X before 10.10.5 Arbitrary Code Execution and Denial of Service Vulnerability in Apple OS X SMB Client Insecure Communication in Apple OS X Dictionary App Privilege Escalation Vulnerability in Apple OS X before 10.10.5 Arbitrary Code Execution and Denial of Service via Malformed plist in IOKit Buffer Overflow Vulnerabilities in Apple OS X Bluetooth Subsystem MAC Address Leakage in Apple iOS and OS X Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 for Apple OS X Information Disclosure Vulnerability in Apple OS X Bluetooth Subsystem Quick Look XSS Vulnerability in Apple OS X iCloud User Record Access Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in SceneKit XML External Entity (XXE) Vulnerability in Apple iOS and OS X Office Viewer Telephony Component Vulnerability in Apple OS X with Enabled Continuity Feature Notification Center Service Access Vulnerability in Apple OS X Denial of Service Vulnerability in Apple OS X Bluetooth Subsystem Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 for Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 for Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 for Apple OS X Bypassing Third-Party App-Sandbox Protection in Apple iOS Remote Code Execution Vulnerability in Apple OS X Speech UI Arbitrary Code Execution and Memory Corruption in libxpc on Apple iOS and OS X Arbitrary Code Execution and Denial of Service Vulnerability in TRE Library Arbitrary Code Execution and Denial of Service Vulnerability in TRE Library Arbitrary Code Execution and Denial of Service Vulnerability in TRE Library Apple ID OD Plug-in Password Change Vulnerability Privilege Escalation and Denial of Service Vulnerability in Apple iOS and OS X DiskImages Component Bypassing Single-Cookie Restriction in CFNetwork Cookies Subsystem in Apple iOS Code-signing bypass vulnerability in Apple iOS and OS X Code-Signing Bypass Vulnerability in Apple iOS and OS X Arbitrary Code Execution and Denial of Service Vulnerability in Apple FontParser Code-signing bypass vulnerability in Apple iOS and OS X Code-Signing Bypass Vulnerability in Apple iOS and OS X Memory Corruption Vulnerability in libxml2 Denial of Service Vulnerability in Wireshark LBMR Dissector Denial of Service Vulnerability in Wireshark LBMR Dissector WebSocket Dissector Denial of Service Vulnerability Improper Reference to Previously Processed Bytes Vulnerability in Wireshark WCP Dissector Memory leaks in x11_init_protocol function in Wireshark X11 dissector Insufficient Snapshot Length Denial of Service Vulnerability in Wireshark 1.12.x Denial of Service Vulnerability in Wireshark IEEE 802.11 Dissector Out-of-bounds read vulnerability in Android Logcat file parser in Wireshark 1.12.x before 1.12.5 Stagefright Remote Code Execution Vulnerability Integer Overflow and Memory Corruption in MPEG4Extractor::parseChunk Function Denial of Service Vulnerability in MPEG4Extractor::parse3GPPMetaData Function Integer Underflow and Memory Corruption in MPEG4Extractor::parseChunk Function Integer Underflow and Memory Corruption in MPEG4Extractor::parse3GPPMetaData Function Off-by-one error in MPEG4Extractor::parseChunk function in libstagefright in Android before 5.1.1 LMY48I Address Bar Spoofing Vulnerability in Stock Android Browser Buffer Overflow in BpMediaHTTPConnection's readAt Function in Android Mediaserver Service Buffer Overflow Vulnerabilities in libstagefright: Arbitrary Code Execution in Android Bypassing getRecentTasks Restrictions and Discovering Foreground Application Name in Android Heap-based buffer overflow in BnHDCP::onTransact function in Android before 5.1.1 LMY48I Buffer Overflow in libstagefright: Arbitrary Code Execution Vulnerability Buffer Overflow Vulnerability in Sonivox DLS-to-EAS Converter in Android Arbitrary Code Execution Vulnerability in Android OpenSSLX509Certificate Class Denial of Service Vulnerability in Android 5.1.1 and Earlier: updateMessageStatus Function Unauthenticated Local Privilege Escalation in Android MessageStatusReceiver Service Heap-based Buffer Overflow Vulnerabilities in Android Audio Policy Service Vulnerability in Android SIM Toolkit Framework Allows Intercepting or Emulating Telephony STK SIM Commands Incorrect Process Loading Vulnerability in ActivityManagerService Improper Boundary Identification in Parcel::appendFrom Function in Android Binder Vulnerability: SMS Removal via Crafted Bluetooth Application Unchecked Read Operations in Region_createFromParcel Function in Android Bypassing DEVICE_POWER Permission Requirement in PowerNotificationWarnings.java Obsolete Permission Name Bypass Vulnerability in Android SMSDispatcher Unrestricted Character Input Vulnerability in Android Lockscreen Integer overflows in addVorbisCodecInfo function in libstagefright in mediaserver in Android before 5.1.1 LMY48M Denial of Service Vulnerability in Android Mediaserver (CVE-2015-22954006) Integer overflows in Blob class in Keystore allow arbitrary code execution and key reading Integer Underflow in MPEG4Extractor::parseChunk Function in libstagefright in Android Privilege Escalation Vulnerability in Android Runtime Subsystem Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Sonivox Components Remote Code Execution and Memory Corruption Vulnerability Memory Corruption Vulnerability in libutils in Android before 5.1.1 LMY48T Stagefright Remote Code Execution Vulnerability Skia Media File Remote Code Execution Vulnerability Bypassing Screen-Recording Warning in Android 5.x and 6.0 Privilege Escalation Vulnerability in Android Media Player Framework Open Redirect Vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 qdPM 8.3 Information Disclosure Vulnerability Information Disclosure Vulnerability in qdPM 8.3 Revealing Installation Path Multiple Cross-Site Scripting (XSS) Vulnerabilities in qdPM 8.3 Unrestricted File Upload Vulnerability in qdPM 8.3 Integer Overflow and Buffer Overflow Vulnerability in dcraw 7.00 and Earlier Unvalidated SSL Certificate Expiry Vulnerability in libinfinity Untrusted Search Path Vulnerability in ProxyChains-NG Allows Privilege Escalation Arbitrary Call Triggering via Tel: URL in Jolla Sailfish OS Critical Use-After-Free Vulnerability in Open Litespeed 1.3.10 and Earlier Arbitrary File Read Vulnerability in Bonita BPM Portal Open Redirect Vulnerabilities in Bonita BPM Portal before 6.5.3 RubyGems DNS Hijack Vulnerability CSRF Vulnerabilities in phpMyAdmin Setup Process Allow Authentication Hijacking X.509 Certificate Verification Bypass in phpMyAdmin Multiple Cross-Site Scripting (XSS) Vulnerabilities in Roomcloud Plugin for WordPress Buffer Overflow in set_cs_start function in t1utils: Remote Code Execution Vulnerability Denial of Service in Android Logcat File Parser in Wireshark 1.12.x CodeIgniter Rest Server 2.7.1 Vulnerability: XXE Attacks Insecure SSL Certificate Verification in Ansible Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Authentication Bypass and Remote Control Vulnerability in Huawei E587 Mobile WiFi Information Disclosure Vulnerability in Huawei E355s Mobile WiFi Denial of Service Vulnerability in Huawei Campus Series Switches via Crafted ICMP Request Arbitrary Web Script Injection Vulnerability in Coppermine Photo Gallery Open Redirect Vulnerability in Coppermine Photo Gallery before 1.5.36 Directory Enumeration Vulnerability in Coppermine Photo Gallery before 1.5.36 XML Signature Wrapping Vulnerability in Microsec e-Szigno XML Signature Wrapping Vulnerability in Netlock Mokka before 2.7.8.1204 SQL Injection Vulnerabilities in MetalGenix GeniXCMS Multiple SQL Injection Vulnerabilities in Fiyo CMS 2.0_1.9.1 Cross-Site Scripting (XSS) Vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 Denial of Service Vulnerability in Mitsubishi Electric MELSEC FX3G PLC Devices Directory Traversal Vulnerability in IDS RTU 850C Devices Allows Unauthorized File Access Untrusted Search Path Vulnerability in Schneider Electric Wonderware System Platform Multiple Cross-Site Scripting (XSS) Vulnerabilities in Belden GarrettCom Magnum 6K and Magnum 10K Switches Cleartext Information Disclosure in Advantech WebAccess CSRF Vulnerability in Advantech WebAccess Allows Remote Authentication Hijacking SQL Injection Vulnerability in Advantech WebAccess 8.1 and Earlier Unspecified Cross-Site Scripting (XSS) Vulnerability in Advantech WebAccess before 8.1 Cleartext Password Exposure in Sinapsi eSolar Light Firmware CSRF Vulnerability in XZERES 442SR OS Allows Remote Admin Authentication Hijacking Cleartext Credential Storage Vulnerability in RLE Nova-Wind Turbine HMI Devices Vulnerability: Plain Text Storage of Wireless Keys in Hospira Infusion Systems Vulnerability: Hard-coded accounts in Hospira Infusion Systems Unauthenticated Root Privileges Vulnerability in Hospira Infusion Systems Remote Code Execution Vulnerability in Hospira LifeCare PCA Infusion System 5.0 and Earlier Unauthenticated Device Vulnerability in Hospira Infusion Systems Vulnerability: Storage of Private Keys and Certificates in Hospira LifeCare PCA Infusion System Denial of Service Vulnerability in Hospira LifeCare PCA Infusion System Hardcoded Serial-Console Password Vulnerability in Belden GarrettCom Magnum 6K and Magnum 10K Switches Hardcoded RSA Private Key and Certificate Vulnerability in Belden GarrettCom Magnum 6K and Magnum 10K Switches Remote Denial of Service Vulnerability in Belden GarrettCom Magnum 6K and Magnum 10K Switches Unencrypted Client-Server Data Stream in Schneider Electric StruxureWare Building Expert MPM before 2.15 Predictable TCP Initial Sequence Number (ISN) Generation in Wind River VxWorks Hardcoded Password Vulnerability in SMA Solar Sunny WebBox Remote Code Execution Vulnerability in Hospira Symbiq Infusion System 3.13 and Earlier Denial of Service Vulnerability in Innominate mGuard Devices with Firmware 8.x before 8.1.7 Janitza UMG Devices Cross-Site Request Forgery (CSRF) Authentication Hijacking Vulnerability Default Password Vulnerability in Janitza UMG 508, 509, 511, 604, and 605 FTP Service Remote Information Disclosure Vulnerability in Janitza UMG Devices Janitza UMG Devices Cross-Site Scripting (XSS) Vulnerabilities Unauthenticated Remote Code Execution on Janitza UMG Devices Weak Authentication on Janitza UMG Devices Improper Session Token Generation in Janitza UMG Devices Hardcoded Password Vulnerability in EasyIO EasyIO-30P-SF Controllers GE Multilink Switch XSS Vulnerability Buffer Overflow in Schneider Electric IMT25 Magnetic Flow DTM: Remote Code Execution and Denial of Service Vulnerability SAP Sybase Unwired Platform Online Data Proxy DataVault Vulnerability Arbitrary Code Execution Vulnerability in SAP CRM Business Rules Framework (CRM-BF-BRF) SAP CRM Business Rules Framework (CRM-BF-BRF) SQL Injection Vulnerability (SAP Security Note 2097534) Unspecified Vector Information Disclosure Vulnerability in SAP NetWeaver RFC SDK (SAP Security Note 2084037) Improper Session Flushing in Django 1.8.x Missing HTTPOnly Flag in Set-Cookie Header in pcsd CSRF Vulnerability in TheCartPress eCommerce Shopping Cart Plugin for WordPress Unquoted Windows Search Path Vulnerabilities in McAfee ePO Deep Command Cross-Site Scripting (XSS) Vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in concrete5 before 5.7.4 Arbitrary Command Execution in Dell Sonicwall GMS ViewPoint (GMSVP) Web Application Remote Code Execution and Denial of Service Vulnerability in strongSwan 5.2.2 and 5.3.0 Remote authenticated users can bypass write-access restrictions in Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 and execute unauthorized UPDATE statements. SAP HANA DB Grant.xsfunc Application Log Spoofing Vulnerability Arbitrary File Read Vulnerability in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) Insecure SSL Certificate Validation in AFNetworking Framework Arbitrary Web Script Injection Vulnerability in phpwhois 4.2.5 Information Disclosure Vulnerability in Piriform CCleaner The Logjam Vulnerability: Cipher-Downgrade Attacks in TLS 1.2 and Earlier Integer Signedness Error in OZWPAN Driver Allows Remote Code Execution Insufficient Length Validation in OZWPAN Driver Allows Remote Code Execution Denial of Service Vulnerability in OZWPAN Driver Untrusted Length Field Vulnerability in OZWPAN Driver CSRF Vulnerability in Encrypted Contact Form Plugin Allows XSS Attacks Valve Steam Client Detection Protocol Denial of Service Vulnerability Unverified Certificate Vulnerability in Salt Modules SQL Injection Vulnerability in FeedWordPress Plugin for WordPress RubyGems DNS Hijack Vulnerability Memory Corruption Vulnerability in PHP's phar_parse_tarfile Function Heap-based buffer overflow in PHP FTP extension allows remote code execution Denial of Service Vulnerability in PHP's multipart_buffer_headers Function Path Truncation Vulnerability in PHP Path Truncation Vulnerability in PHP's pcntl_exec Implementation Privilege Escalation Vulnerability in Acunetix Web Vulnerability Scanner (WVS) Cross-site scripting (XSS) vulnerability in pfSense WebGUI allows remote code injection via services_captiveportal_zones.php Directory Traversal Vulnerability in saveFile.jsp in Visual Mining NetChart Development Installation Arbitrary File Renaming and Execution Vulnerability in Visual Mining NetCharts Server Remote Image Reading Vulnerability in Samsung SBeam via NFC Connection Arbitrary File Execution Vulnerability in Samsung Galaxy S5s' createFromParcel Method Arbitrary Code Execution Vulnerability in xzgrep 5.2.x before 5.2.0, before 5.0.0 Array Index Error in tcm_vhost_make_tpg Function in Linux Kernel Predictable Temporary File Names in QEMU's slirp_smb Function Privilege Escalation Vulnerability in WP Membership Plugin 1.2.3 for WordPress Cross-Site Scripting (XSS) Vulnerabilities in WP Membership Plugin 1.2.3 for WordPress Arbitrary File Access Vulnerability in F5 BIG-IP and Enterprise Manager Heap-based Buffer Overflow in keycompare_mb function in GNU Coreutils Integer Overflow in keycompare_mb Function in GNU Coreutils SQL Injection Vulnerability in ConnX ESP HR Management 4.4.0 Privilege Escalation Vulnerability in AlienVault OSSIM Asset Discovery Scanner Arbitrary Command Execution Vulnerability in AlienVault OSSIM Asset Discovery Scanner Denial of Service Vulnerability in IPsec-Tools 0.8.2 Denial of Service Vulnerability in Unisys Libra and FS600 Systems with MCP-FIRMWARE 40.0 Vulnerability: Bypassing URL Signing and Security Rules in Symfony HttpKernel Component Improper Access Restriction in Beckhoff IPC Diagnostics before 1.8 World-readable permissions on /etc/ceph/ceph.client.admin.keyring in ceph-deploy before 1.5.25 allow local users to obtain sensitive information Remote Denial of Service in PgBouncer before 1.5.5 via Password Packet Insecure Cryptography Implementation in VCE Vision Intelligent Operations Cleartext HTTP Response Vulnerability in VCE Vision Intelligent Operations Plug-in for VMware vCenter Heap-based Buffer Overflow in Wavelink Terminal Emulation License Server Heap-based Buffer Overflow in Wavelink ConnectPro's TermProxy Service SQL Injection Vulnerability in NewStatPress Plugin for WordPress Arbitrary Script Injection in NewStatPress Plugin for WordPress SQL Injection Vulnerability in Landing Pages Plugin for WordPress Arbitrary Web Script Injection in Landing Pages Plugin for WordPress SQL Injection Vulnerabilities in GigPress Plugin for WordPress Integer Overflow in libnv6 Module in Dell NetVault Backup Arcserve UDP Directory Traversal Vulnerability Sensitive Credentials Exposure in Arcserve UDP Web Service Arbitrary URL Redirection Vulnerability in Wow Moodboard Lite Plugin for WordPress Arbitrary User Ticket Disclosure in Helpdesk Pro Plugin for Joomla! Multiple Cross-Site Scripting (XSS) Vulnerabilities in Helpdesk Pro Plugin for Joomla! Multiple SQL Injection Vulnerabilities in Helpdesk Pro Plugin for Joomla! Helpdesk Pro Plugin for Joomla! Directory Traversal Vulnerability Arbitrary .ini File Write Vulnerability in Helpdesk Pro Plugin for Joomla! Arbitrary Kernel Memory Read Vulnerability in Fortinet FortiClient Cloudera Navigator SSLv3 Padding-Oracle Vulnerability Hardcoded AES 256 Bit Key Vulnerability in Kankun Smart Socket Unencrypted Backup Confirmation Bypass in Attic Before 0.15 Arbitrary Script Injection Vulnerability in Free Counter Plugin for WordPress Etherpad Frontend Tests Directory Traversal Vulnerability CSRF Vulnerabilities in WP Fastest Cache Plugin before 0.8.3.5 SAP NetWeaver AS Java 7.4 XXE Vulnerability: Remote TCP Request and Intranet Server Access Buffer Overflow Vulnerability in SAP Afaria 7.00.6620.2 SP5 (CVE-2015-5370) Arbitrary Script Injection in Elasticsearch Kibana 4.x Unverified X.509 Certificate Vulnerability in Thycotic Password Manager Secret Server iOS Application Certificate Authority Reverse Proxy Vulnerability in Puppet Enterprise 3.7.x and 3.8.0 Denial of Service Vulnerability in Xen 3.3.x through 4.5.x Unrestricted Access to PCI MSI Mask Bits in Xen 3.3.x through 4.5.x Denial of Service Vulnerability in Xen 3.3.x through 4.5.x QEMU Privilege Escalation Vulnerability in PCI Pass-Through Devices Cross-Site Request Forgery (CSRF) Vulnerabilities in Wing FTP Server before 4.4.7 SQL Injection Vulnerabilities in Users Ultra Plugin for WordPress Arbitrary Code Execution Vulnerability in BlackBerry Link's mc_demux_mp4_ds.ax Codec Demux Clickjacking Vulnerability in BlackBerry Enterprise Server (BES) 12. Use-after-free vulnerability in spl_ptr_heap_insert function in PHP before 5.5.27 and 5.6.x before 5.6.11 Arbitrary Command Execution in Vesta Control Panel (CVE-2021-12345) SQL Injection Vulnerability in ISPConfig Monitor CSRF Vulnerabilities in ISPConfig before 3.0.5.4p7: Account Hijacking and SQL Injection Arbitrary Web Script Injection in Church_Admin Plugin for WordPress SQL Injection Vulnerability in Subrion CMS Before 3.3.3 Allows Remote Authenticated Users to Execute Arbitrary SQL Commands Aruba Networks ClearPass Policy Manager (CPPM) Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary PHP Code Execution via Unrestricted File Upload in ReFlex Gallery Plugin for WordPress Arbitrary URL Redirection Vulnerability in phpwind 8.7's goto.php Arbitrary Web Script Injection Vulnerability in phpwind 8.7's goto.php SQL Injection Vulnerability in Milw0rm Clone Script 1.0: Remote Code Execution via related.php Missing HTTPOnly Flag in Blue Coat SSL Visibility Appliance WebUI Cookie Arbitrary Script Injection in WP Smiley Plugin 1.4.1 for WordPress CSRF Vulnerability in WP Smiley Plugin 1.4.1 for WordPress Allows Remote XSS Attacks Denial of Service Vulnerability in WPS UPnP Function in hostapd and wpa_supplicant Integer Underflow Vulnerability in WMM Action Frame Parser in hostapd and wpa_supplicant Denial of Service Vulnerability in EAP-pwd Server and Peer Implementation Denial of Service Vulnerability in EAP-pwd Server and Peer Implementation Denial of Service Vulnerability in EAP-pwd Server and Peer Implementation EAP-pwd Peer Implementation Denial of Service Vulnerability Type Confusion Vulnerability in PHP SoapClient::__call Method Type Confusion Vulnerability in PHP's do_soap_call Function Arbitrary File Write Vulnerability in Elasticsearch Logstash Directory Traversal Vulnerability in zM Ajax Login & Register Plugin for WordPress Symlink Attack Vulnerability in GNU Parallel Arbitrary File Write Vulnerability in GNU Parallel Denial of Service Vulnerability in SAP Content Server (CVE-2021-XXXX) SAP ABAP & Java Server Denial of Service Vulnerability SAP HANA Web-based Development Workbench SQL Injection Vulnerability SAP ASE Database Platform SQL Injection Vulnerability (SAP Security Notes: 2152278) Unrestricted Access Vulnerability in SAP Afaria (SAP Security Note 2155690) XXE Vulnerability in PAN-OS Management Interface Allows Information Disclosure Grant Table Operation Version Check Bypass Vulnerability in Xen 4.2 through 4.5 Denial of Service Vulnerability in Xen's compat_iret Function Arbitrary Code Execution via Snapshot API in Elasticsearch Asynchronous Key Storage Vulnerability in Cloudera Key Trustee Server Integer Overflow Vulnerability in udf_read_inode Function Race condition in ldsem_cmpxchg function in Linux kernel before 3.13-rc4-next-20131218 allows local users to cause denial of service Authentication Bypass Vulnerability in strongSwan VPN Client Unquoted Windows Search Path Vulnerability in Dell SonicWall NetExtender Siemens Climatix BACnet/IP Communication Module XSS Vulnerability Arbitrary File Read Vulnerability in Linux Kernel Denial of Service Vulnerability in Linux Kernel's collect_mounts Function Inconsistent List Data Structure Vulnerability in Linux Kernel Critical CSRF Vulnerabilities in Codestyling Localization Plugin for WordPress Directory Traversal Vulnerability in phpMyBackupPro 2.1-2.4 via get_file.php Directory Traversal Vulnerability in phpMyBackupPro 2.1 through 2.5 Bypassing Access Restrictions in Cisco Identity Services Engine (ISE) Privilege Escalation via Crafted CLI Parameter in Cisco UCS Central Software 1.2(1a) (CSCut32795) Bypassing E-mail Restrictions via Malformed DNS SPF Record on Cisco Email Security Appliance Privilege Escalation Vulnerability in Cisco IOS 15.2 TCL Interpreter (Bug ID CSCuq24202) Privilege Escalation via Crafted Option Value in Cisco VXC Client 6215 Devices (Bug ID CSCug54412) SQL Injection Vulnerability in Cisco Prime Collaboration Manager Interface CSRF Vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4: User Authentication Hijacking Unspecified Vector Data Modification Vulnerability in Cisco Cloud Portal Denial of Service Vulnerability in Cisco IOS XR 5.2.1 (Bug ID CSCuq95565) WebEx Meeting Center User Enumeration Vulnerability Denial of Service Vulnerability in Cisco IOS XR 5.1.1.K9SEC (Bug ID CSCul63127) Hardcoded Password Vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.x Denial of Service Vulnerability in Cisco NX-OS 5.2(5) on Nexus 7000 Devices (Bug ID CSCud89415) Unspecified HTTP Header Cross-Site Scripting (XSS) Vulnerability in Cisco Web Security Appliance (WSA) Devices Race condition vulnerability in Cisco IOS 15.3S allows remote attackers to cause denial of service in UBR devices. IPv6-to-IPv4 Memory Leak Vulnerability in Cisco IOS 15.3S Denial of Service Vulnerability in Cisco ASR 5000 GGSN Component (Bug ID CSCut68058) Improper Access Restriction in Cisco IOS 12.2SCH on uBR10000 Router CMTS Race condition vulnerability in Cisco IOS 12.2SCH on uBR10000 devices with NetFlow and MPLS IPv6 VPN configuration allows remote attackers to cause denial of service via malformed MPLS 6VPE packets (Bug ID CSCud83396). Memory Leak Vulnerability in Cisco IOS 12.2 on uBR10000 Devices (Bug ID CSCue65051) Denial of Service Vulnerability in Cisco IOS XR 5.3.1 on ASR 9000 Devices (Bug ID CSCut19959) XSS Bypass Vulnerability in Cisco Unified Communications Manager (UCM) 8.0-8.6 (CSCuu15266) Cisco WebEx Meeting Center URL Access Number Disclosure Vulnerability Improper URL Content Restriction in Cisco WebEx Meeting Center (Bug ID CSCup88398) Improper Authorization in Cisco WebEx Meeting Center Allows Unauthorized Access to Host Calendars Cisco WebEx Meeting Center Cross-Site Scripting (XSS) Vulnerability (Bug ID CSCur03806) Privilege Escalation via Crafted INF File in Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows (CSCus65862) Unspecified Remote Information Disclosure Vulnerability in Cisco WebEx Meeting Center (Bug ID CSCut17466) Cleartext Password Discovery Vulnerability in Cisco NX-OS 1.1(1g) on Nexus 9000 Devices (Bug ID CSCuu84391) Cleartext Password Disclosure in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (Bug ID CSCuj01046) Default SSH Root Authorized Key Reuse Vulnerability in Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) Devices Default SSH Host Key Reuse Vulnerability in Cisco Web Security Virtual Appliance, Email Security Virtual Appliance, and Security Management Virtual Appliance Information Disclosure Vulnerability in Cisco Jabber Web-Based User Interface Improper Access Control in Cisco Secure Access Control System and Cisco Identity Services Engine Arbitrary Script Injection Vulnerability in Cisco Unified Presence Server 9.1(1) (CSCuq03773) Improper Access Restriction in Cisco Unified Communications Manager IM and Presence Service 9.1(1) SQL Injection Vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) (Bug ID CSCuq46325) Denial of Service Vulnerability in Cisco IOS XR 5.1.3 via Crafted MPLS LDP Packets (CSCuu77478) Arbitrary OS Command Execution Vulnerability in Cisco Wireless LAN Controller (WLC) Devices (CSCuj39474) Improper RBAC Health Scoring Implementation in Cisco APIC 1.0(1.110a) and 1.0(1e) on Nexus 9000 Devices Vulnerability Denial of Service Vulnerability in Cisco 9900 Phones with Firmware 9.3(2) Cisco Headend System Release Memory Leak Vulnerability (Bug ID CSCus91838) Remote Ad Servers Can Cause Denial of Service in Cisco DCM 15.0.0 (Bug ID CSCur13999) Sensitive Information Disclosure in Cisco Unified Communications Domain Manager 8.1(4)ER1 Cisco Headend System Release Memory Leak Vulnerability (Bug ID CSCus91854) Vulnerability: Arbitrary File Deletion in Cisco NX-OS 6.2(8a) on Nexus 7000 Devices (Bug ID CSCur08416) Arbitrary OS Command Execution Vulnerability in Cisco NX-OS 6.2(10) on Nexus and MDS 9000 Devices (CSCus44856) Cisco Unified MeetingPlace 8.6(1.2) SQL Injection Vulnerability (CSCuu54037) Improper OS Configuration Vulnerability in Cisco NX-OS 6.0(2) and 6.2(2) on Nexus Devices Unrestricted Access to APIC Filesystem Leading to Root Privileges (CSCuu72094 and CSCuv11991) Denial of Service Vulnerability in Cisco AsyncOS on Email Security Appliance Devices with Clustering Enabled Arbitrary OS Command Execution in Cisco NX-OS CLI Parser Denial of Service Vulnerability in Cisco ASA Software (Bug ID CSCul02601) Denial of Service Vulnerability in Cisco ASA Software (Bug ID CSCus84220) Denial of Service Vulnerability in Cisco IP Communicator 8.6(4) (Bug ID CSCuu37656) Denial of Service Vulnerability in Cisco ASA Software 9.3(2) (Bug ID CSCut52679) CSRF Vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 Denial of Service Vulnerability in Cisco IOS XE 3.5.0S on ASR 1000 Devices (Bug ID CSCty94202) Arbitrary Command Execution Vulnerability in Cisco ASR 5000 and 5500 Devices (Bug ID CSCuu75278) CSRF Vulnerability in Cisco TelePresence ISDN Gateway Devices (Bug ID CSCuu90724) CSRF Vulnerability in Cisco TelePresence Serial Gateway Devices (Bug ID CSCuu90728) CSRF Vulnerability in Cisco TelePresence Advanced Media Gateway Devices (Bug ID CSCuu90732) CSRF Vulnerability in Cisco TelePresence IP Gateway Devices (Bug ID CSCuu90734) CSRF Vulnerability in Cisco TelePresence IP VCR Devices (Bug ID CSCuu90736) CSRF Vulnerability in Cisco TelePresence MCU 4500 Devices (Bug ID CSCuu90710) CSRF Vulnerability in Cisco TelePresence MSE 8000 Devices (Bug ID CSCuu90444) Default SSL Certificate Vulnerability in Cisco UCS C Servers Cisco Hosted Collaboration Solution 10.6(1) Cross-Site Scripting (XSS) Vulnerability (CSCuu14862) Unauthenticated Password Reset Vulnerability in Cisco Unified MeetingPlace Web Conferencing Information Disclosure Vulnerability in Cisco Mobility Services Engine (MSE) 10.0(0.1) Denial of Service Vulnerability in Cisco UCS B Blade Server Software 2.2.x Cross-Frame Scripting (XFS) Vulnerability in Cisco Identity Services Engine (ISE) Cisco Identity Services Engine (ISE) Cross-Site Request Forgery (CSRF) Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Infra Admin UI (Bug ID CSCus16052) Denial of Service Vulnerability in Cisco Unified Communications Manager 10.5(1.99995.9) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 Authentication Bypass Vulnerability in Cisco TelePresence TC Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager 10.5(2.10000.5) (Bug ID CSCut19580) Denial of Service Vulnerability in Cisco ASR 5000 Devices (Bug ID CSCut38476) CSRF Vulnerability in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) Denial of Service Vulnerability in Cisco ASR 5000 Devices (Bug ID CSCut11534) Arbitrary Code Execution Vulnerability in Cisco WebEx Meetings Server 2.5MR1 (CSCus56138) Improper VTY Session Closure Vulnerability on Cisco ASR 9000 Devices Denial of Service Vulnerability in Cisco Email Security Appliance (ESA) Devices Privilege Escalation Vulnerability in Cisco UCS Manager Component (Bug ID CSCut32778) Denial of Service Vulnerability in Cisco Prime Collaboration Assurance 10.0 (Bug ID CSCum38844) WebEx Meetings Server 2.5 MR1 Cross-Site Request Forgery (CSRF) Vulnerability Weak Permissions Vulnerability in Cisco Mobility Services Engine (MSE) (CSCuv40504) Denial of Service Vulnerabilities in Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 Denial of Service Vulnerability in Cisco IOS XR 5.3.0 on ASR 9000 Devices (Bug ID CSCur70670) Denial of Service Vulnerability in Cisco IOS XR ASR9k Devices (CSCur88273) Arbitrary File Read Vulnerability in Cisco UCS Central Software 1.3(0.99) (CSCuu41377) Unspecified Web Page Access Restriction Bypass in Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 Devices (Bug ID CSCuu82230) Unverified X.509 Certificate Vulnerability in Cisco Web Security, Email Security, and Content Security Appliances Arbitrary File Write Vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) Denial of Service Vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X (Bug ID CSCut12255) Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices (Bug ID CSCtd72617) Arbitrary Web Script Injection Vulnerability in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) Denial of Service Vulnerability in Cisco IOS XE 3.13S and Earlier Cisco IM and Presence Service XSS Vulnerability (Bug ID CSCut41766) Root Credential Discovery Vulnerability in Cisco Unified Communications Manager 10.5(3.10000.9) Denial of Service Vulnerability in Nexus Data Broker (NDB) on Cisco Nexus 3000 Devices Open Redirect Vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) (Bug ID CSCuv32136) Improper Authorization in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) (Bug ID CSCuo89056) Improper Authorization in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) Allows Removal of Default Messaging-Queue System Folders Denial of Service Vulnerability in Cisco NX-OS on Nexus 9000 Devices (Bug ID: CSCuu77225) Arbitrary System Policy Deletion Vulnerability in Cisco FireSIGHT Management Center 5.3.1.4 Arbitrary Command Execution Vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.2 Bypassing Access Restrictions and Arbitrary Account Creation in Cisco Prime Collaboration Assurance Bypassing System-Database Read Restrictions in Cisco Prime Collaboration Assurance Session Impersonation Vulnerability in Cisco Prime Collaboration Assurance Bypassing Access Restrictions and Creating Administrative Accounts in Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability in Cisco Edge Bluebird Operating System 1.2 on Edge 340 Devices (CSCuu43968) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco Finesse 10.5(1) Information Disclosure Vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 Improper Validation of External DTDs in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 Improper Phone Line Validation in Cisco TelePresence VCS Expressway X8.5.2 Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 Improper Authorization in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 Allows Remote Password Reset (CSCuv12338) Information Disclosure Vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 Bypassing Unicast Reverse Path Forwarding (uRPF) Validation in Cisco ASA Software Improper Privilege Restriction in Cisco Content Security Management Appliance (SMA) Allows Unauthorized Access to Spam Quarantine Folder Buffer Overflow Vulnerability in Cisco NX-OS and MDS Devices via Crafted ARP Packet Buffer Overflow Vulnerability in Cisco NX-OS on Nexus Devices: Remote Denial of Service via Malformed IGMPv3 Packet Privilege Escalation Vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 Privilege Escalation Vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 Improper User Account Validation in Cisco TelePresence VCS Expressway X8.5.2 Allows Remote Command Execution (CSCuv12552) Arbitrary OS Command Execution Vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.2 Privilege Escalation via Invalid Parameters in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 (CSCuv10556) Authentication Bypass Vulnerability in Cisco Prime Infrastructure (PI) 1.4(0.45) and Earlier (Bug ID CSum59958) ProxySG Default Configuration Vulnerability Arbitrary Lua Bytecode Execution in Redis Eval Command Arbitrary Command Execution in XCloner Plugin 3.1.2 for WordPress Arbitrary Script Injection in XCloner Plugin for WordPress Static Code Injection Vulnerability in XCloner Plugin 3.1.2 for WordPress SQL Injection Vulnerability in Cacti before 0.8.8d Bypassing Resource Restrictions in Services Basic Authentication Module for Drupal Information Disclosure Vulnerability in RESTful Web Services Module for Drupal Arbitrary Script Injection in SMS Framework Module for Drupal Arbitrary Script Injection Vulnerability in Drupal inLinks Integration Module SQL Injection Vulnerability in Spider Contacts Module for Drupal CSRF Vulnerability in Spider Contacts Module for Drupal Allows Unauthorized Deletion of Contact Categories CSRF Vulnerabilities in Spider Catalog Module for Drupal Arbitrary File Deletion Vulnerability in Spider Video Player Module for Drupal CSRF Vulnerability in Spider Video Player Module for Drupal Allows Unauthorized Video Deletion CSRF Vulnerability in Custom Sitemap Module for Drupal Allows Unauthorized Sitemap Deletion Arbitrary Script Injection in Ubercart Webform Integration Module for Drupal CSRF Vulnerability in Watchdog Aggregator Module for Drupal Arbitrary Script Injection in Webform Results Table (Drupal) Arbitrary Script Injection via Webform Block Title in Drupal Arbitrary Code Injection via Taxonomy Terms in Ubercart Discount Coupons Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Drupal Registration Codes Module CSRF vulnerability in Drupal Registration Codes Module CSRF Vulnerability in Drupal Registration Codes Module CSRF vulnerability in Tracking Code module for Drupal allows unauthorized disabling of tracking codes Open Redirect Vulnerability in Drupal Finder Module Allows for Phishing Attacks CSRF Vulnerabilities in Campaign Monitor Module for Drupal Taxonomy Accordion Module XSS Vulnerability Arbitrary Script Injection Vulnerability in Mover Module for Drupal Arbitrary Web Script Injection Vulnerability in Simple Subscription Module for Drupal Unpaid Checkout Vulnerability in Commerce Ogone Module for Drupal Arbitrary Web Script Injection Vulnerability in Trick Question Module for Drupal Arbitrary Script Injection Vulnerability in Drupal Site Documentation Module Open Redirect Vulnerability in Perfecto Module for Drupal Arbitrary Script Injection in Drupal Image Title Module Arbitrary Script Injection in OG Tabs Module for Drupal Arbitrary Script Injection via Webform Module in Drupal Sensitive Node Title Disclosure in Chaos Tool Suite (ctools) Module for Drupal Arbitrary Code Injection in Profile2 Privacy Module for Drupal Unspecified Cross-Site Scripting (XSS) Vulnerability in Petition Module for Drupal Arbitrary Script Injection Vulnerability in Crumbs Module for Drupal CSRF vulnerability in Webform Multiple File Upload module for Drupal Arbitrary Web Script Injection Vulnerability in Linear Case Module for Drupal Arbitrary Web Script Injection in Drupal Invoice Module Cross-Site Request Forgery (CSRF) Vulnerabilities in Drupal Invoice Module CSRF Vulnerability in Drupal Decisions Module Allows Unauthorized Voter Removal Arbitrary Code Injection Vulnerability in Ubercart Webform Checkout Pane Module for Drupal Arbitrary Script Injection Vulnerability in Imagefield Info Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in EntityBulkDelete Module for Drupal Arbitrary Web Script Injection in Password Policy Module for Drupal Cross-site scripting (XSS) vulnerability in Current Search Links module for Drupal Bypassing Content Type Restrictions in Open Graph Importer for Drupal Cross-Site Request Forgery (CSRF) Vulnerabilities in Drupal User Import Module CSRF Vulnerability in CiviCRM Private Report Module for Drupal Arbitrary Script Injection in Drupal Display Suite Module (CVE-2021-XXXX) Arbitrary Code Execution Vulnerability in Services Module for Drupal Field Access Bypass Vulnerability in Services Module for Drupal Plaintext Password Storage Vulnerability in HybridAuth Social Login Module for Drupal CSRF Vulnerabilities in Keyword Research Module for Drupal CSRF Vulnerability in Node Template Module for Drupal Allows Unauthorized Deletion of Node Templates Open Redirect Vulnerability in Chaos Tool Suite (CTools) Module for Drupal Remote Information Disclosure Vulnerability in Ring Video Doorbells PSIA Buffer Overflow Vulnerability in Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 Devices ISAPI Buffer Overflow Vulnerability on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 Devices Buffer Overflow Vulnerability in Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 Devices before 3.4.0 Remote Code Execution and Cross-Site Scripting Vulnerability in Moped::BSON::ObjectId.legal? Method Denial of Service Vulnerability in Moped::BSON::ObjectId.legal? Method BSON Injection Vulnerability in BSON (bson-ruby) Gem Arbitrary Web Script Injection via redirect_to Parameter in Nextend Facebook Connect Plugin for WordPress Arbitrary File Read Vulnerability in SE HTML5 Album Audio Player Plugin for WordPress Arbitrary File Inclusion Vulnerabilities in Magnifica Webscripts Anima Gallery 2.6 Lack of Autocomplete Attribute in Zoho NetFlow Analyzer Allows Unauthorized Access Opsview 4.6.2 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities Privilege Escalation and Denial of Service Vulnerability in Huawei Mate 7 Smartphones Privilege Escalation and Denial of Service Vulnerability in Huawei Mate 7 TEEOS Module Directory Traversal Vulnerability in Pimcore Allows Arbitrary File Creation and Modification SQL Injection Vulnerability in Pimcore Allows Remote Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in Ektron CMS before 9.10 SP1 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Adobe Flash Player and Adobe AIR Multiple Vulnerabilities Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 vulnerability Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Adobe Reader and Acrobat Multiple Versions Denial of Service Vulnerability Adobe Reader and Acrobat Multiple Versions Denial of Service Vulnerability Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified vulnerability allowing bypass of access restrictions in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Unspecified vulnerability in Adobe Reader and Acrobat before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X Unspecified vulnerability in Adobe Reader and Acrobat before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Authentication Bypass and Sensitive Information Disclosure in OpenEMR SQL Injection Vulnerability in Cacti's get_hash_graph_template Function Arbitrary Code Execution via Unrestricted File Upload in Aviary Image Editor Add-on For Gravity Forms Plugin SSL Certificate Bypass Vulnerability in ownCloud Desktop Client Cross-Site Scripting (XSS) Vulnerabilities in Cloudera Manager UI before 5.4.3 TLS Implementation Vulnerability in Cavium Cryptographic-Module Firmware CSRF Vulnerability in B.A.S C2Box Allows Remote Account Hijacking Absolute Path Traversal Vulnerability in eFront CMS 3.6.15.4 and Earlier Absolute Path Traversal Vulnerability in eFront CMS File Manager Component File Upload Bypass Vulnerability in eFront CMS Lack of Authorization and Authentication in Kguard Digital Video Recorder 104, 108, v2 Arbitrary Code Injection through zM Ajax Login & Register Plugin for WordPress Denial of Service Vulnerability in libmspack's chmd_init_decomp Function Integer overflows in search_chunk function in libmspack before 0.5 allow remote attackers to cause denial of service Buffer Over-read Vulnerability in libmspack Denial of Service Vulnerability in libmspack's inflate function Off-by-one Error in lzxd_decompress Function in libmspack: Remote Denial of Service Vulnerability Off-by-one Error in READ_ENCINT Macro in libmspack Allows Remote Code Execution Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Out-of-bounds read vulnerability in mozilla::AudioSink function in Mozilla Firefox Address Bar Spoofing Vulnerability in Mozilla Firefox for Android Mozilla Firefox MediaStream Playback Use-After-Free Vulnerability Bypassing Same Origin Policy in Mozilla Firefox via JSON.parse reviver parameter vulnerability Integer Overflow Vulnerability in libstagefright in Mozilla Firefox Integer Overflow in libstagefright: Arbitrary Code Execution via Crafted MPEG-4 Video Data Privilege Escalation via Race Condition in Mozilla Maintenance Service Privilege Escalation and Denial of Service Vulnerability in Mozilla Firefox Updater Mixed-Content Protection Bypass in Mozilla Firefox 40.0 Denial of Service Vulnerability in Mozilla Firefox's JavaScript Implementation Heap-based Buffer Overflow in libvpx: Remote Code Execution via Malformed WebM Video Data Arbitrary Code Execution and Denial of Service Vulnerability in libvpx Memory Corruption Vulnerability in nsTSubstring::ReplacePrep Function Use-after-free vulnerability in StyleAnimationValue class in Mozilla Firefox Memory Corruption Vulnerability in nsTArray_Impl Class Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox Integer Overflow in make_filter_table Function in gdk-pixbuf: Remote Code Execution and Denial of Service Vulnerability Use-after-free vulnerability in XMLHttpRequest::Open implementation in Mozilla Firefox Heap-based buffer overflow in stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 Unprivileged Access to Wi-Fi System Messages in Mozilla Firefox OS Arbitrary File Read and Privilege Escalation Vulnerability in Mozilla Firefox Integer overflows in libstagefright in Mozilla Firefox before 38.0: Arbitrary Code Execution Vulnerability Use-after-free vulnerability in Mozilla Firefox allows remote code execution through CanvasRenderingContext2D implementation Bypassing User Confirmation in Mozilla Firefox Add-on Installation Account Registration Vulnerability in Bugzilla Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Remote Code Execution Vulnerability in Mozilla Firefox Boundary Mishandling in TCP Socket API Implementation in Mozilla Firefox Buffer Over-read and Application Crash in Mozilla Firefox's QCMS Library Arbitrary File Write Vulnerability in Mozilla Firefox Updater Buffer Overflow in libvpx: Remote Code Execution via Crafted VP9 File Remote Code Execution Vulnerability in SavedStacks Class in Mozilla Firefox Address-bar URL spoofing vulnerability in Mozilla Firefox before 41.0 with enabled reader mode HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability Race condition vulnerability in Mozilla Firefox before 41.0 allows remote code execution and denial of service Arbitrary Code Execution via Crafted Header in WebM Video in Mozilla Firefox Improper Color-Depth Handling in Mozilla Firefox on Linux Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Sensitive Hostname Information Disclosure in Mozilla Firefox Arbitrary Code Execution with Chrome Privileges in Mozilla Firefox Memory Corruption Vulnerability in Mozilla Firefox Improper Whitelist in Mozilla Firefox Reader View Allows XSS Attacks via SVG Animations URL Redirection Vulnerability in Mozilla Firefox CORS Bypass Vulnerability in Mozilla Firefox Memory Corruption and Application Crash Vulnerability in Mozilla Firefox Memory Corruption Vulnerability in Mozilla Firefox Remote Code Execution and File Manipulation Vulnerability in Blue Coat Malware Analysis Appliance (MAA) and Malware Analyzer G2 Arbitrary Code Execution via Unrestricted File Upload in EMC Documentum Arbitrary Command Execution Vulnerability in EMC Isilon OneFS Web Administration Interface Root-shell access vulnerability in EMC RecoverPoint for Virtual Machines (VMs) 4.2 Arbitrary File Read Vulnerability in EMC Avamar Server and Avamar Virtual Addition Arbitrary Code Injection through Unspecified Vectors in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 Arbitrary URL Redirection Vulnerability in EMC Documentum Web Applications Incomplete fix for CSRF vulnerability in EMC Documentum WebTop and other components allows remote attackers to hijack user authentication Incomplete Authorization Check in EMC Documentum Content Server Arbitrary Code Execution via Incomplete Authorization Check in EMC Documentum Content Server Arbitrary Code Execution with Super-User Privileges in EMC Documentum Content Server Arbitrary Code Execution in Java Method Server (JMS) in EMC Documentum Content Server Privilege Escalation via Log File in EMC Documentum Content Server Sensitive Information Disclosure in EMC Documentum Content Server Hardcoded Passphrase Vulnerability in EMC Documentum D2 XML External Entity (XXE) Vulnerability in EMC Atmos Unspecified Cross-Site Scripting (XSS) Vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 Unspecified Cross-Site Scripting (XSS) Vulnerabilities in EMC RSA Identity Management & Governance Arbitrary Web Script Injection in EMC RSA Archer GRC 5.x before 5.5.3 Archer GRC 5.x before 5.5.3 Discussion Forum Fields Access Restriction Bypass Vulnerability Cleartext Password Storage Vulnerability in EMC RSA Archer GRC 5.x before 5.5.3 Incomplete Fix for Authorization Verification in EMC Documentum Content Server SmartLock Root-Login Bypass Vulnerability in EMC Isilon OneFS EMC RSA OneStep 6.9 Directory Traversal Vulnerability Cleartext Storage of AnnoDB Password in EMC RSA Web Threat Detection Privilege Escalation via Service Configuration File in EMC RSA Web Threat Detection Cavium cryptographic-module firmware vulnerability in Cisco ASA devices: Spoofing IPSec and IKEv2 Traffic Information Disclosure via LinkUpdateMode Configuration in LibreOffice and Apache OpenOffice Arbitrary Script Injection in MyBB Quick Edit Function File Upload Vulnerability in DeDeCMS 5.7-sp1: Exploiting Getshell Multiple Unspecified Vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client Buffer Overflow Vulnerability in TIBCO Rendezvous and Messaging Appliances Denial of Service Vulnerability in CHICKEN's string-translate* Procedure Arbitrary Script Injection in Nextend Twitter Connect Plugin for WordPress Arbitrary Web Script Injection Vulnerability in Intel McAfee ePolicy Orchestrator (ePO) CSRF Vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL Firmware 1.0.0.20h.HOL Alcatel-Lucent CellPipe 7130 Router XSS Vulnerability in Port Triggering Menu Heap-based Buffer Overflow in libwmf 0.2.8.4's DecodeImage Function Buffer Overflow and Over-read Vulnerability in Arduino JSON's extractFrom Function Cross-Site Scripting Vulnerability in eClinicalWorks Population Health (CCMR) Login.jsp SQL Injection Vulnerability in eClinicalWorks Population Health (CCMR) Cross-Site Request Forgery (CSRF) Vulnerability in eClinicalWorks Population Health (CCMR) Allows Unauthorized User Manipulation Session Fixation Vulnerability in eClinicalWorks Population Health (CCMR) Arbitrary Code Execution with Administrator Privileges in Lenovo Mouse Suite Arbitrary File Read/Write Vulnerability in PHP Type Confusion Vulnerability in PHP SoapFault::__toString Method Type Confusion Vulnerability in PHP SoapClient Implementation Type Confusion Vulnerability in PHP before 5.6.7 Type Confusion Vulnerability in PHP Incomplete Class Function Arbitrary Code Execution via Type Confusion in PHP Exception::getTraceAsString Function Pointer Relationship Vulnerability in Fileinfo Component of PHP Arbitrary Code Execution Vulnerability in PHP Fileinfo Component Arbitrary Code Execution via Unrestricted File Upload in TYPO3 Job Fair Extension Arbitrary Code Execution via Unrestricted File Upload in TYPO3 Frontend User Upload Extension Arbitrary Code Injection through BE User Log Extension in TYPO3 Arbitrary SQL Command Execution in TYPO3 wt_directory Extension (CVE-XXXX-XXXX) Arbitrary SQL Command Execution in TYPO3 Store Locator Extension Arbitrary SQL Command Execution in Smoelenboek Extension for TYPO3 Arbitrary SQL Command Execution in TYPO3 FAQ Extension (js_faq) Arbitrary SQL Command Execution in TYPO3 Developer Log Extension Multiple SQL Injection Vulnerabilities in Easy2Map Plugin for WordPress SQL Injection Vulnerability in Easy2map-photos WordPress Plugin v1.09 Arbitrary File Creation Vulnerability in Easy2Map WordPress Plugin Path Traversal Vulnerability in Easy2map-photos WordPress Plugin v1.09 CSRF Vulnerability in Spina CMS Denial of Service Vulnerability in ISC BIND 9.7.x through 9.9.x and 9.10.x Predictable CSRF Tokens in Hak5 WiFi Pineapple 2.0-2.3 Integer Overflow in PolicyKit's authentication_agent_new_cookie Function Client-side validation vulnerability allows remote attackers to corrupt business logic in B.A.S C2Box before 4.0.0 (r19171) Pragyan CMS 3.0 SQL Injection Vulnerability SQL Injection Vulnerability in LimeSurvey Remote Code Execution Vulnerability in Huawei E5756S Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Koha Multiple Cross-Site Scripting (XSS) Vulnerabilities in Koha Directory Traversal Vulnerabilities in Koha Versions 3.14.x to 3.20.x SQL Injection Vulnerabilities in Koha 3.14.x, 3.16.x, 3.18.x, and 3.20.x Arbitrary SQL Command Execution in Cacti graphs.php LDAP User Account Enumeration Vulnerability Denial of Service Vulnerability in F5 BIG-IP LTM and Related Products Arbitrary Script Injection in Koha opac-addbybiblionumber.pl Vulnerability in SwiftKey Language-Pack Update Implementation on Samsung Galaxy Devices Arbitrary Code Execution via Directory Traversal in SwiftKey Language-Pack Update Implementation on Samsung Galaxy Devices Arbitrary OS Command Execution via escapeshellarg Function in PHP Heap-based buffer overflow in PHP FTP extension (CVE-2015-4022) Incomplete Fix for Table Name Validation in PHP PostgreSQL Extension Stack-based buffer overflow in read_fragment_table_4 function in Squashfs and sasquatch allows for remote denial of service Remote Denial of Service Vulnerability in Squashfs and Sasquatch Stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 Stack-based Buffer Overflow in Panasonic Security API (PS-API) ActiveX SDK Aruba Networks ClearPass Policy Manager Remote Root Privilege Escalation Vulnerability Aruba Networks ClearPass Policy Manager Remote Code Execution Vulnerability Memory Allocation Vulnerability in Wireshark WCCP Dissector Denial of Service in Wireshark GSM DTAP Dissector SQL Injection Vulnerability in EQ Event Calendar Component for Joomla! Arbitrary Web Script Injection Vulnerability in Synology DiskStation Manager (DSM) Cross-Site Scripting (XSS) Vulnerabilities in Synology Photo Station before 6.3-2945 Mailbird 2.0.16.0 XSS Vulnerability SQL Injection Vulnerabilities in Milw0rm Clone Script 1.0: Remote Code Execution via usr and pwd Parameters CSRF Vulnerability in ClickHeat 1.14 and Earlier Allows Password Hijacking Arbitrary Web Script Injection Vulnerability in Enhanced SQL Portal 5.0.7961 Arbitrary Script Injection Vulnerability in Symphony CMS 2.6.2 Remote Code Execution Vulnerability in CA Privileged Access Manager 2.4.4.4 and Earlier Arbitrary Web Script Injection Vulnerability in Xceedium Xsuite 2.4.4.1 and Earlier Arbitrary File Read Vulnerability in Xceedium Xsuite 2.4.4.5 and Earlier Insecure Hardcoded Credentials in Xsuite 2.x Open Redirect Vulnerability in Xsuite 2.4.4.5 and Earlier: Remote Phishing Attack via Redirurl Parameter Unsecured MySQL root User in Xsuite 2.x Allows Unauthorized Database Access Arbitrary File Write Vulnerability in DevExpress AJAX Control Toolkit Arbitrary Script Injection Vulnerability in OpenCart before 2.1.0.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ClipBucket 2.7.0.5 Unsigned Installer Files and Lack of SSL in TimeDoctor Pro Autoupdate Implementation Buffer Overflow Vulnerability in Tiny SRP Library Allows Remote Code Execution TickFa 1.x Ticket.php SQL Injection Vulnerability CSRF Vulnerability in FiverrScript 7.2 Allows Remote Admin Hijacking SQL Injection Vulnerability in Persian Car CMS 1.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Airties RT-210 Web Interface Improper Revocation Checking of Intermediate CA Certificates in FreeRADIUS Weak Password Vulnerability in Polycom RealPresence Resource Manager (RPRM) Information Disclosure Vulnerability in Polycom RealPresence Resource Manager Session Identifier Exposure and Privilege Escalation in Polycom RealPresence Resource Manager (RPRM) Directory Traversal Vulnerabilities in Polycom RealPresence Resource Manager Privilege Escalation via Sudo Misconfiguration in Polycom RealPresence Resource Manager (RPRM) Arbitrary Web Script Injection Vulnerability in Ellucian Banner Student 8.5.1.2 User Account Enumeration Vulnerability in Ellucian Banner Student 8.5.1.2 through 8.7 Weak Password Reset Vulnerability in Ellucian Banner Student 8.5.1.2 through 8.7 NULL pointer dereference vulnerability in kvm_apic_has_events function in Linux kernel through 4.1.3 Zip Attachments Plugin for WordPress Directory Traversal Vulnerability Out-of-Bounds Read Vulnerability in libwmf 0.2.8.4 Libwmf 0.2.8.4 Use-After-Free Denial of Service Vulnerability CSRF Vulnerability in Google Analyticator Wordpress Plugin Cross-site scripting (XSS) vulnerability in Cloud4Wi Splash Portal before 5.9.7 Denial of Service Vulnerability in Linux Kernel's bpf_int_jit_compile Function Absolute Path Traversal Vulnerability in WordPress Rename Plugin 1.0 Arbitrary File Read Vulnerability in Download Zip Attachments Plugin for WordPress Arbitrary Script Injection in IPython 3.x via JSON Error Messages IPython 3.2 Cross-Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in ApPHP Hotel Site 3.x.x: Remote Code Execution via pid Parameter DreamBox DM500-S Cross-Site Scripting (XSS) Vulnerability Arbitrary File Read Vulnerability in Dropbox-PHP Library Directory Traversal Vulnerability in ownCloud Server Allows Remote Code Execution Denial of Service Vulnerability in ownCloud Server Arbitrary SMB Command Execution in ownCloud Server Privilege Escalation via Crafted Request in Pexip Infinity Client API Authentication Concrete5 5.7.3.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities Critical SQL Injection Vulnerability in Concrete5 5.7.3.1 Arbitrary Script Injection in AudioShare 2.0.2's forgot.php AudioShare 2.0.2 - PHP Remote File Inclusion Vulnerability in ajax/myajaxphp.php Unspecified Remote Vulnerability in Oracle Virtualization Sun Ray Software Unspecified Confidentiality Vulnerability in Oracle Sourcing Component Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u80 and 8u45 Unspecified Remote Availability Vulnerability in Oracle MySQL 5.6.20 and Earlier Unspecified JMX-related vulnerability in Oracle Java SE and Java SE Embedded Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified RMI-related vulnerability in Oracle Java SE versions 6u95, 7u80, and 8u45, and Java SE Embedded versions 7u75 and 8u33 Confidentiality vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 Unspecified vulnerability in Oracle Enterprise Manager Grid Control EM Base Platform and EM DB Control allows remote attackers to compromise confidentiality Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u80 and 8u45 Unspecified vulnerability in Oracle MySQL Server affecting confidentiality via Pluggable Auth Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HCM Candidate Gateway Unspecified Integrity Vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in Oracle Database Server RDBMS Partitioning component Unspecified Dialog Popup Vulnerability in Oracle E-Business Suite 12.2.4 Unspecified vulnerability in Oracle JDeveloper component affecting availability via ADF Faces vectors Unspecified vulnerability in Oracle E-Business Suite 12.2.3 allows remote authenticated users to compromise confidentiality via AD Utilities. Unspecified Remote Integrity Vulnerability in Oracle GlassFish and WebLogic Servers Unspecified vulnerability in Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware Unspecified Confidentiality Vulnerability in Oracle Agile Product Lifecycle Management for Process Component Unspecified vulnerability in Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 Unspecified Security Vulnerability in Oracle Java SE and JRockit Remote Code Execution Vulnerability in Oracle Java SE and JRockit Unspecified Remote Availability Vulnerability in Oracle VM Server for SPARC Unspecified Remote Code Execution Vulnerability in Oracle Access Manager Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier: Remote authenticated user availability impact via Server : I_S vectors Unspecified Local Privilege Escalation Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified Remote Confidentiality Vulnerability in Oracle Database Server 12.1.0.2 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.22 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified vulnerability in Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 Unspecified 2D-related vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.24 and Earlier Unspecified vulnerability in Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 Unspecified Security Vulnerability in Oracle Agile PLM Component in Oracle Supply Chain Products Suite 9.3.4 Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified Integrity Vulnerability in Oracle Applications Manager Component in Oracle E-Business Suite Unspecified Local Availability Vulnerability in Oracle MySQL Server 5.6.25 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.24 and Earlier Unspecified Confidentiality Vulnerability in Oracle Transportation Management Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.24 and Earlier Unspecified Local Filesystem Vulnerability in Oracle Sun Solaris 10 and 11.2 Remote Code Execution Vulnerability in Oracle MySQL Server 5.6.24 and earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.24 and Earlier Unspecified Remote Availability Vulnerability in Oracle Hyperion Common Security Component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified vulnerability in Oracle Berkeley DB Data Store Component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified vulnerability in Oracle Berkeley DB Data Store component Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.26 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Confidentiality Vulnerability in Oracle Communications Convergence Component Unspecified vulnerability in Java VM component in Oracle Database Server Unspecified Remote Code Execution Vulnerability in Oracle Utilities Work and Asset Management Unspecified vulnerability in Java VM component in Oracle Database Server on Windows Unspecified Integrity Vulnerability in Oracle Agile PLM Component Unspecified Remote Code Execution Vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified Integrity Vulnerability in Oracle WebCenter Sites Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.26 and Earlier Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to compromise confidentiality via Solaris Kernel Zones. Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Java SE and JRockit R28.3.7 Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products 9.2 Unspecified Serialization Vulnerability in Oracle Java SE Unspecified Libraries Vulnerability in Oracle Java SE Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Local Availability Vulnerability in Oracle Outside In Technology Component Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 related to Deployment Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Confidentiality vulnerability in Oracle Fusion Middleware 11.1.1.9 Oracle HTTP Server component Unspecified vulnerability in Oracle VM VirtualBox component in Windows guest Remote authenticated users can disrupt availability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier through a vulnerability related to Server : DDL. Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.44 and Earlier Kernel Zones Virtualized NIC Driver Vulnerability in Oracle Sun Solaris 11.2 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to compromise confidentiality and integrity via PIA Core Technology vectors. Unspecified Local Vulnerability in Oracle MySQL Server Affecting Confidentiality, Integrity, and Availability Unspecified vulnerability in Oracle Sun Solaris 11.2 affecting Solaris Kernel Zones Unspecified Remote Vulnerability in Oracle Sun Systems Products Suite ILOM Component Unspecified vulnerability in Oracle Sun Solaris 11.2 affecting availability via Solaris Kernel Zones Unspecified Local Confidentiality Vulnerability in Oracle Hyperion 11.1.2.3 Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise FIN Expenses Component Unspecified Confidentiality Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 Confidentiality vulnerability in Oracle PeopleSoft Products 9.2 Unspecified Integrity Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Sun Solaris 11.2 affecting availability via Solaris Kernel Zones Unspecified Integrity Vulnerability in Oracle Identity Manager Legacy UI Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.25 and Earlier Unspecified vulnerability in Oracle Sun Solaris 11.2 related to Utility/Zones Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via CORBA vectors Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Utility/Security Vulnerability in Oracle Sun Solaris 11.2 Unspecified Confidentiality Vulnerability in Oracle JDeveloper Component Unspecified Remote Vulnerability in Oracle E-Business Suite 11.5.10.2 Confidentiality vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51 related to 2D Unspecified Confidentiality Vulnerability in Oracle Siebel CRM IP2014 and IP2015 Confidentiality vulnerability in Oracle Java SE versions 6u101, 7u85, and 8u60, and Java SE Embedded 8u51 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Unspecified 2D-related vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Application Object Library component in Oracle E-Business Suite Unspecified SQL Injection Vulnerability in Oracle Applications Manager Unspecified Remote Integrity Vulnerability in Oracle Configurator Component Unspecified Confidentiality Vulnerability in Oracle Configurator Component with Peoplesoft Integration Unspecified vulnerability in Oracle Payments component in Oracle E-Business Suite Unspecified vulnerability in PeopleSoft Enterprise HCM component allows remote authenticated users to compromise confidentiality and integrity Unspecified XML External Entity (XXE) vulnerability in Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 Arbitrary Command Execution via Serialized Java Object in Oracle WebLogic Server T3 Protocol Traffic Unspecified remote integrity vulnerability in Oracle E-Business Suite 12.x Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox Unspecified Remote Code Execution Vulnerability in Oracle Database Server 12.1.0.1 and 12.1.0.2 Unspecified DML-related vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier Unspecified vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 Unspecified RMI-related vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51 Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified DML-related vulnerability in Oracle MySQL Server 5.6.26 and earlier Unspecified vulnerability in Oracle Database Server Portable Clusterware component Unspecified Integrity Vulnerability in Oracle MySQL Server Confidentiality vulnerability in Oracle Applications Framework component in Oracle E-Business Suite Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.23 and Earlier Unspecified Remote Integrity Vulnerability in Oracle WebCenter Content Component Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 related to Libraries Unspecified Local Kernel Vulnerability in Oracle Sun Solaris 10 and 11.2 Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Java SE 7u85 affecting confidentiality and integrity via unknown vectors in Libraries Unspecified Integrity Vulnerability in Oracle Java SE and JRockit Unspecified vulnerability in Oracle Database Scheduler component Unspecified vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 Unspecified Remote Code Execution Vulnerability in Oracle Enterprise Manager Grid Control Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Local Availability Vulnerability in Oracle Outside In Technology Component Unspecified Local Availability Vulnerability in Oracle Outside In Technology Component Unspecified DML-related vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier Unspecified Remote Integrity Vulnerability in Oracle WebCenter Content Component Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via CORBA vectors Unspecified CORBA-related vulnerability in Oracle Java SE versions 6u101, 7u85, and 8u60, and Java SE Embedded 8u51 Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Confidentiality Vulnerability in Oracle E-Business Suite Unspecified vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4 allows remote attackers to compromise confidentiality via Agent Next Gen vectors. Unspecified vulnerability in Oracle Report Manager component in Oracle E-Business Suite Unspecified vulnerability in PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 affecting ePerformance Unspecified vulnerability in Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 Unspecified Replication Vulnerability in Oracle MySQL Server 5.6.26 and Earlier NSCD-related vulnerability in Oracle Sun Solaris 11.2 allows local users to compromise confidentiality, integrity, and availability Unspecified Integrity Vulnerability in Oracle Agile PLM Component in Oracle Supply Chain Products Suite 9.3.4 Unspecified vulnerability in Oracle Java SE and JRockit allows remote attackers to affect availability via JAXP-related vectors Unspecified Remote Code Execution Vulnerability in Oracle Database Mobile/Lite Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.25 and Earlier Unspecified vulnerability in Oracle VM VirtualBox with Remote Display feature Unspecified Integrity Vulnerability in Oracle Applications Framework Unspecified Confidentiality Vulnerability in Oracle GlassFish Server Component Unspecified vulnerability in Oracle Database Server XDB component Unspecified vulnerability in Oracle Java SE 8u60 affecting JavaFX Unspecified Remote Integrity Vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 Unspecified RMI-related vulnerability in Oracle Java SE versions 6u101, 7u85, and 8u60, and Java SE Embedded 8u51 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.25 and Earlier Remote authenticated users can disrupt availability in Oracle MySQL Server 5.6.23 and earlier through unspecified vulnerability related to Server : DML. Unspecified Confidentiality Vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 Unspecified vulnerability in Oracle Sun Solaris 11.2 affecting Solaris Kernel Zones Unspecified Confidentiality Vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 Unspecified Integrity Vulnerability in Oracle JDeveloper Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.26 and Earlier Unspecified vulnerability in Oracle Java SE and JRockit R28.3.7 allows remote attackers to affect availability via JAXP vectors Unspecified Confidentiality Vulnerability in Oracle Access Manager Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Confidentiality Vulnerability in Oracle HTTP Server Component Unspecified vulnerability in Oracle Sun Systems Products Suite ILOM component Unspecified Confidentiality Vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 Unspecified Integrity Vulnerability in Oracle Agile PLM Component in Oracle Supply Chain Products Suite 9.3.4 Unspecified vulnerability in JD Edwards EnterpriseOne Tools component allows remote attackers to affect confidentiality, integrity, and availability NDMP Backup Service Integrity Vulnerability in Oracle Sun Solaris 11 Unspecified Integrity Vulnerability in Oracle Database Vault Component Unspecified Boot-related vulnerability in Oracle Sun Solaris 11 allows local users to affect availability Unspecified vulnerability in Oracle Database Server XML Developer's Kit for C component Unspecified Integrity Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Oracle Database Server 11.2.0.4 Workspace Manager component Unspecified Remote Integrity Vulnerability in Oracle Applications Framework World-writable permissions in Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager Cleartext Password Exposure in Apache Ambari Remote Authentication Bypass Vulnerability in IBM License Metric Tool and Endpoint Manager for Software Use Analysis Arbitrary Command Execution with Root Privileges in IBM QRadar SIEM Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack Server Remote Code Execution via Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack Server Remote Code Execution via Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack Server Remote Code Execution via Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack Server Remote Code Execution via Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack Server Unspecified Denial of Service Vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 Servlet Spoofing Vulnerability in IBM WebSphere Application Server Arbitrary Web Script Injection in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management Cleartext BigSheets Password Storage Vulnerability in Apache Ambari Denial of Service Vulnerability in IBM WebSphere MQ Light 1.x Denial of Service Vulnerability in IBM WebSphere MQ Light 1.x Denial of Service Vulnerability in IBM WebSphere MQ Light 1.x Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management versions 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management versions 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management versions 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products. Passcode Bypass Vulnerability in IBM Maximo Anywhere Application for Android Bypassing Access Restrictions in IBM Rational Collaborative Lifecycle Management (CLM) and Related Tools Stack-based Buffer Overflow in IBM HTTP Server Administration Server Privilege Escalation Vulnerability in IBM AIX and VIOS with Fibre Channel Adapter Cleartext Password Exposure in IBM Tivoli Storage Manager and FlashCopy Manager Improper Mailbox Selection Vulnerability Denial of Service Vulnerability in IBM Spectrum Protect Client Acceptor Daemon (CAD) Arbitrary Code Execution Vulnerability in IBM Endpoint Manager for Remote Control Weak Encryption Protocol in IBM BigFix Remote Control Improper Certificate Handling in IBM BigFix Remote Control Arbitrary Web Script Injection Vulnerability in IBM Business Process Manager (BPM) Remote Code Execution Vulnerability in IBM Security QRadar SIEM 7.1.x IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 Cross-Site Scripting (XSS) Vulnerability in Web UI Improper Browser Caching in IBM InfoSphere Master Data Management - Collaborative Edition Arbitrary Web Script Injection Vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 Clickjacking Vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition Unencrypted Connection Vulnerability in IBM Tealeaf Customer Experience Weak Permissions in IBM Rational Collaborative Lifecycle Management (CLM) and Related Tools Arbitrary File Read/Write Vulnerability in IBM Security Access Manager for Web Privilege Escalation via Admin AUTH_TOKEN Exposure in IBM UrbanCode Deploy Information Disclosure Vulnerability in IBM Maximo Asset Management Default Administrator Account Vulnerability in IBM Maximo Asset Management and Related Products SQL Injection Vulnerability in IBM Maximo Asset Management Arbitrary Web Script Injection Vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management Arbitrary Web Script Injection in IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications Privilege Escalation Vulnerability in IBM General Parallel File System (GPFS) and Spectrum Scale Unspecified Remote Information Disclosure Vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 Information Disclosure Vulnerability in IBM General Parallel File System (GPFS) and Spectrum Scale Authentication Bypass Vulnerability in IBM Tealeaf Customer Experience Servers Tealeaf Customer Experience Replay Server Directory Traversal Vulnerability Arbitrary Chart Reading Vulnerability in IBM Tealeaf Customer Experience Unspecified Connection Type Credential Discovery Vulnerability in IBM Tealeaf Customer Experience Cleartext Data Exposure in IBM SPSS Modeler Clickjacking Vulnerability in IBM Sterling B2B Integrator 5.2 Arbitrary web script injection vulnerability in IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 Buffer Overflow Vulnerability in IBM Domino SMTP Daemon Local User Credential Spoofing in IBM Rational ClearQuest Bypassing Access Restrictions in IBM WebSphere Portal 8.5.0 before CF08 Arbitrary web script injection vulnerability in IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 Denial of Service Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM Host On-Demand 11.0 through 11.0.14 Arbitrary Command Execution Vulnerability in IBM Tivoli Monitoring Portal Insecure Data Encryption in IBM WebSphere Application Server (WAS) 8.0 and 8.5 Remote authenticated users can gain root access in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 through cluster-wide password-change list vulnerability. Kerberos Credential Cache Information Disclosure Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in IBM WebSphere Commerce Arbitrary Web Script Injection Vulnerability in IBM WebSphere Commerce Arbitrary Web Script Injection Vulnerability in IBM WebSphere Commerce Missing Lockout Mechanism for Invalid Login Attempts in IBM Security Access Manager for Web Authorization Bypass Vulnerability in IBM WebSphere Message Broker and Integration Bus Insecure MAC Algorithm Restriction in IBM Security Access Manager for Web Appliances Vulnerability: Exposed Obfuscated Passwords in IBM Security Access Manager Configuration Files Man-in-the-Middle Attack Vulnerability in IBM Cognos Disclosure Management (CDM) Sensitive Information Disclosure via Crafted REST URL in IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 Arbitrary Ticket Worklog Entry Read Vulnerability in IBM Maximo Asset Management and Other Products Vulnerability: Authentication Bypass via Expired Password in IBM Maximo Asset Management and related products Arbitrary OS Command Execution via LMI Access in IBM Security Access Manager File Read and Upload Vulnerability in IBM Sterling Integrator and Sterling B2B Integrator Arbitrary Table Truncation Vulnerability in IBM InfoSphere BigInsights Remote Authentication Bypass and Information Disclosure in IBM InfoSphere Information Server 11.3 and 11.5 Sensitive Information Disclosure in IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications SQL Injection Vulnerability in IBM Curam Social Program Management 6.1: Remote Code Execution Sensitive Supplier-Bid Information Disclosure in IBM Emptoris Sourcing Cross-site scripting (XSS) vulnerability in IBM Connections versions 3.x to 5.0 before CR3 Cross-site scripting (XSS) vulnerability in IBM Connections versions 3.x to 5.0 before CR3 IBM Connections 3.x to 5.0 Cross-Site Request Forgery (CSRF) Vulnerability XML Entity Expansion Denial of Service Vulnerability SSL Certificate Hostname Validation Bypass in IBM Rational ClearCase Buffer Overflow Vulnerability in IBM Domino SMTP Daemon Information Disclosure and Data Injection Vulnerability in J9 JVM Arbitrary Code Execution via Crafted Flash File in IBM Emptoris Contract Management Local Privilege Escalation Vulnerability in IBM Security Guardium 8.2, 9.0, 9.1, 9.5, and 10.0 Denial of Service Vulnerability in IBM Security QRadar QFLOW Information Disclosure Vulnerability in IBM Rational License Key Server (RLKS) SQL Injection Vulnerability in IBM OpenPages GRC Platform API IBM Emptoris Contract Management Multiple CSRF Vulnerabilities Bypassing Access Restrictions in IBM Maximo Asset Management and SmartCloud Control Desk Critical SQL Injection Vulnerability in Sefrengo before 1.6.5 beta2 Improper Access Restriction in NVIDIA GPU Graphics Driver Allows Privilege Escalation Open Redirect Vulnerability in Ellucian Banner Student 8.5.1.2 through 8.7 XSS Vulnerability in Broken Link Checker Plugin for WordPress Admin Panel Memory Leak Vulnerability in F5 Big-IP and BIG-IQ Components Arbitrary File Download Vulnerability in MantisBT 1.2.19 and Earlier Cross-Site Scripting (XSS) Vulnerability in Anchor CMS before 0.9-dev Arbitrary Code Injection through VendorDef.do in Zoho ManageEngine AssetExplorer 6.1 SP6112 and Earlier Open Redirect Vulnerability in SilverStripe CMS & Framework 3.1.13 via returnURL Parameter Cross-Site Scripting (XSS) Vulnerabilities in SilverStripe CMS & Framework 3.1.13 via admin_username and admin_password parameters in install.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) Beta-1 Absolute Path Traversal Vulnerability in Paypal Currency Converter Basic For WooCommerce Plugin Multiple Cross-Site Scripting (XSS) Vulnerabilities in MetalGenix GeniXCMS 0.0.3 Hardcoded Credentials Vulnerability in SAP NetWeaver's Cross-System Tools and Data Transfer Workbench SAP Mobile Platform 3 XML External Entity (XXE) Vulnerability Sensitive Information Disclosure in Battle for Wesnoth Filesystem Functions Incomplete Fix for Case-Insensitive Filesystem Vulnerability in Battle for Wesnoth Arbitrary File Navigation Vulnerability in AR System Mid Tier Arbitrary File Navigation Vulnerability in BIRT Engine Servlet Heap-based Buffer Overflow in PCRE find_fixedlength Function Arbitrary PHP Code Execution via Incomplete Blacklist Vulnerability in X2Engine X2CRM CSRF Vulnerability in X2Engine X2CRM Allows Unauthorized Creation of Administrative Accounts Multiple Cross-Site Scripting (XSS) Vulnerabilities in X2Engine X2CRM before 5.0.9 SQL Injection Vulnerability in LimeSurvey 2.06+: Remote Code Execution via closedate Parameter Arbitrary File Read Vulnerability in BlackCat CMS Widgets/Logs.php Arbitrary Command Execution in Citrix NetScaler ADC and Gateway Unspecified Cross-Site Request Forgery (CSRF) Vulnerability in django CMS Arbitrary Command Execution in Endian Firewall before 3.0 via chpasswd.cgi Insecure Password Storage in Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite Applications for Android Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified vulnerability in Adobe Reader and Acrobat before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X Unspecified vulnerability in Adobe Reader and Acrobat before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X Unspecified vulnerability allowing bypass of access restrictions in Adobe Reader and Acrobat Denial of Service Vulnerability in Adobe Reader and Acrobat Unspecified vulnerability in Adobe Reader and Acrobat before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Heap-based Buffer Overflow in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat Unspecified vulnerability allowing privilege escalation in Adobe Reader and Acrobat Unspecified Information Disclosure Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Same Origin Policy Bypass Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 vulnerability Use-after-free vulnerability in Adobe Flash Player allows remote code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player ActionScript 3 Use-After-Free Vulnerability in Adobe Flash Player BitmapData Class Use-After-Free Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Denial of Service Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows, OS X, and Linux, and Adobe AIR before 18.0.0.199 allows arbitrary code execution Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Denial of Service Vulnerability in Django Session Backends Arbitrary Header Injection and HTTP Response Splitting Vulnerability in Django Denial of Service Vulnerability in Django 1.8.x Denial of Service Vulnerability in ntpd with Remote Configuration Enabled Stack-based Buffer Overflow in Redcarpet HTML Renderer LivelyCart 1.2.0 SQL Injection Vulnerability in product/search Endpoint Arbitrary File Write Vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 Slider Revolution Plugin 4.2.2 for WordPress - Cross-Site Scripting (XSS) Vulnerability Insecure HTTP to HTTPS Redirection in Foreman 1.1 to 1.9.0-RC1 Object Name Reuse Vulnerability in Pulp Heap-based Buffer Overflow in QEMU IDE Subsystem Allows Arbitrary Code Execution Buffer Overflow and Memory Corruption Vulnerability in Linux Kernel's virtnet_probe Function Privilege Escalation via NMI Handling Vulnerability in Linux Kernel QEMU SCSI Emulation Stack-Based Buffer Overflow Vulnerability Denial of Service Vulnerability in python-kdcproxy before 0.3.2 Insecure Handling of Ceph Credentials in libvirt XML External Entity (XXE) and XML Entity Expansion (XEE) Vulnerability in ZendXml and Zend Framework Denial of Service Vulnerability in OpenStack Cinder, Glance, and Nova Image Parser Arbitrary File Read Vulnerability in OpenStack Glance Image Service Arbitrary Code Execution Vulnerability in Qpid Server on Red Hat Satellite 6 Heap Memory Read Vulnerability in RTL8139 Network Card Device Model in QEMU Double Unplugging Exploit: Privilege Escalation via Use-After-Free Vulnerability in QEMU Bypassing Access Restrictions in Apache Ranger Policy Admin Tool Unspecified vulnerability in Apache Traffic Server 5.3.x before 5.3.2 in HTTP/2 Experimental Feature Apache Struts XSS Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Cloud Foundry Runtime, UAA, and Pivotal Cloud Foundry (PCF) Elastic Runtime Failure to Expire Existing Sessions in Cloud Foundry Runtime and Pivotal Cloud Foundry Password Reset Link Expiration Vulnerability in Cloud Foundry Runtime, UAA, and PCF Elastic Runtime Cross Domain Referer Leakage in Cloud Foundry Runtime, UAA, and PCF Elastic Runtime Apache Tomcat Directory Traversal Vulnerability Denial of Service Vulnerability in Apache CXF Fediz Inadequate Security Enforcement in PortletRequestDispatcher of Red Hat JBoss Portal 6.2.0 OpenSLP 1.2.1 Double Free Denial of Service Vulnerability Clickjacking Vulnerability in Red Hat Enterprise Application Platform and WildFly Improper User Data Display Vulnerability in FreeIPA NULL Pointer Dereference Vulnerability in res_query() Function in libresolv Remote Code Execution in JBoss Console CSRF Vulnerability in A-MQ's Jolokia API Vulnerability: Missing HTTPOnly and Secure Attributes in Red Hat AMQ Cookies CORS Headers Misconfiguration in Red Hat AMQ Denial of Service Vulnerability in sblim-sfcb 1.3.4 and 1.3.18 Unsanitized Escape Characters in Filenames Vulnerability Excessive Web Traffic Vulnerability in Candlepin Allows Information Disclosure CSRF vulnerability in Red Hat Enterprise Application Platform and WildFly Web Console Race condition vulnerability in pcsd in PCS 0.9.139 and earlier allows remote authenticated users to gain privileges Remote Command Execution Vulnerability in PCS 0.9.139 and Earlier VMware Tools Local Privilege Escalation Vulnerability Denial of Service Vulnerability in NTPd via Crafted logconfig Commands Denial of Service Vulnerability in NTPd via Crafted Configuration Command Privilege Escalation via libvdpau VDPAU_DRIVER_PATH Environment Variable Privilege Escalation via Directory Traversal in libvdpau's dlopen Arbitrary File Write Vulnerability in libvdpau Trace Functionality Unauthenticated Remote Login Vulnerability in VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor Double Free Vulnerability in JasPer 1.900.17: Remote Denial of Service via Crafted JPEG 2000 Image CRLF Injection Vulnerability in Apache Cordova File Transfer Plugin Unspecified vulnerability in Apache Traffic Server HTTP/2 Experimental Feature Arbitrary Resource Loading Vulnerability in Apache Cordova iOS Arbitrary Plugin Execution Vulnerability in Apache Cordova iOS Apache Struts 2.x Remote Code Execution Vulnerability Apache Ambari Open Redirect Vulnerability Reflected File Download (RFD) Vulnerability in Spring Framework Integer Underflow Vulnerability in LibreOffice and Apache OpenOffice Buffer overflow vulnerability in LibreOffice and Apache OpenOffice allows for remote code execution via a long DOC file Memory Corruption and Arbitrary Code Execution Vulnerability in LibreOffice and Apache OpenOffice Cross-Site Scripting (XSS) Vulnerability in Ipsilon IdP Server Cross-Site Scripting (XSS) Vulnerability in Ipsilon Identity Provider Server Improper Permission Check in Ipsilon Identity Provider Server Allows Denial of Service Buffer Overflow Vulnerability in colcrt in util-linux Denial of Service Vulnerability in SNTP's ULOGTOD Function Denial of Service Vulnerability in Red Hat Enterprise Application Platform and WildFly JasPer JPEG-2000 Library Use-After-Free Vulnerability in mif_process_cmpt Function Arbitrary Command Execution Vulnerability in Red Hat OpenShift Enterprise 3.0.0.0 Information Disclosure via Cross-Container Object Reference in OpenStack Swift Remote File Name Collision Vulnerability in mkostemp Function Buffer Overflow in VNC Display Driver in QEMU Arbitrary Code Execution Vulnerability in Landing Pages Plugin for WordPress Insecure File Creation and Ownership Vulnerability in CRIU Service Daemon Memory Initialization Vulnerability in glibc Package in RHEL 6.7 and 7.2 Denial of Service Vulnerability in PowerDNS Authoritative Server 3.4.x CRIU Service Daemon Vulnerability: Unauthorized Access to Sensitive Information Race Conditions in OPA-FM and OPA-FF Versions Before 10.4.0.0.196/197 Arbitrary Hosts Report Access and Deletion Vulnerability in Foreman Remote Code Execution via Applet Injection in IcedTea-Web Unsigned Applet Origin Validation Bypass Vulnerability IcedTea-Web Vulnerability: Bypassing Same Origin Policy via Spoofed Codebase Value Heap-Based Buffer Overflow in Protobuf VNC Display Driver Integer Overflow Vulnerability Race condition vulnerability in OpenStack Neutron allows bypassing of IP anti-spoofing controls Unintended Redirect Vulnerability in Apache jUDDI Portal Arbitrary Code Execution via Crafted Extended Attribute in OpenStack Swift-on-File (Swiftonfile) Arbitrary Code Execution Vulnerability in phpWhois Bypassing Application Restrictions in mod_nss with NSSCipherSuite Vulnerability CRLF Injection Vulnerability in Ceph Object Gateway LDAP Authentication Vulnerability in Foreman Allows Remote Access via Exploiting Active Directory Password Lifetime Denial of Service Vulnerability in libvirt's virStorageVolCreateXML API Red Hat Feedhenry Enterprise Mobile Application Platform Reflected File Download Vulnerability Denial of Service Vulnerability in OpenShift Origin 1.0.5 API Server OpenStack Glance Image Service Remote Status Change Vulnerability Symlink Bypass Vulnerability in Samba SAML Web SSO Module Authentication Bypass Vulnerability Arbitrary Code Execution via Serialized JMS ObjectMessage in Apache ActiveMQ 5.x before 5.13.0 Server-Side Request Forgery (SSRF) vulnerability in Adobe BlazeDS Bypassing JavaScript Whitelist Protection in Apache Cordova-Android Denial of Service and Possible Other Impact in Linux Kernel USB Serial Driver (CVE-2015-8104) CSRF Vulnerability in springframework-social before 1.1.3 Heap-based Buffer Overflow in Apache Subversion 1.9.x Heap-based Buffer Overflow in SPICE Allows Arbitrary Code Execution via QXL Commands Heap-based Buffer Overflow in SPICE: Arbitrary Memory Access via Guest QXL Commands Denial of Service Vulnerability in Apache HttpComponents HttpClient Insecure TLS Certificate Verification in pulp-consumer-client 2.4.0 through 2.6.3 Vulnerability: Bypassing Access Restrictions in Moodle Lesson Module Arbitrary File Deletion Vulnerability in Moodle Wiki Component Role Processing Vulnerability in Moodle's enrol_meta_sync Function Predictable password-recovery tokens vulnerability in Moodle Group-based Authorization Check Vulnerability in Moodle Arbitrary Web Script Injection in Moodle Group Overview (XSS) Vulnerability Improper Ordering of Keystone and Swift Staticweb Middleware in TripleO Heat Templates Arbitrary Group Posting Vulnerability in Moodle 2.7.x Symlink Attack Vulnerability in abrt-action-install-debuginfo-to-abrt-cache Arbitrary Command Execution in Rubygem-openshift-origin-console in Red Hat OpenShift 2.2 Predictable Random Values in std::random_device Class Heap Corruption and Privilege Escalation Vulnerability in GNU C Library (glibc) Denial of Service and Arbitrary Code Execution Vulnerability in QEMU's ne2000_receive Function Heap-based Buffer Overflow in QEMU's ne2000_receive Function Vulnerability: Bypassing Secure Boot Restrictions in Grub2 on UEFI Systems Foreman 1.7.0 and Later XSS Vulnerability Incorrect Sequence of Protocol-Initialization Steps in Linux Kernel Allows Denial of Service World Readable CA Agent Certificate and Private Key in FreeIPA CRLF Injection Vulnerability in Kallithea Allows HTTP Response Splitting Attacks Incomplete Fix for Image Deletion Denial of Service Vulnerability in OpenStack Glance Privilege Escalation via Symlink Attack in abrt-hook-ccpp Crypt Function Denial of Service and Arbitrary Memory Read Vulnerability Stack-based buffer overflows in JSON parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 Denial of Service Vulnerability in ircd-ratbox 3.0.9: Exploiting the MONITOR Command Handler Heap-based buffer overflow in PolarSSL and ARM mbed TLS allows remote SSL servers to cause denial of service and possibly execute arbitrary code Memory Leak in SSSD PAC Responder Plugin SLAAC IPv6 Address Leakage Vulnerability in Red Hat Enterprise Virtualization Manager OpenStack Orchestration API (Heat) Template-Validate Command Denial of Service and File Disclosure Vulnerability Samba Vulnerability: Encrypted-to-Unencrypted Downgrade Attack Integer Overflow Vulnerability in pixman's general_composite_rect() Function Google Login Plugin Vulnerability: Bypassing Domain Lockdown in Jenkins Instances Unauthenticated Remote Access to Shadow Copies in Samba Vulnerability: Arbitrary Time Manipulation and Denial of Service in NTP Improper Permission Check in Ipsilon Identity Provider Server Allows Denial of Service Information Disclosure Vulnerability in libreport 2.0.7 before 2.6.3 OpenStack TripleO Heat Templates Remote Metadata Spoofing Vulnerability Unauthorized Server Shutdown Vulnerability in Red Hat JBoss EAP Arbitrary File Write Vulnerability in Kubernetes Remote Code Execution in OpenStack Ironic Inspector via Flask Console Access Denial of Service Vulnerability in KVM and Xen Hypervisors Multiple SQL Injection Vulnerabilities in wp-championship Plugin 5.8 for WordPress Integer Overflow in PuTTY Terminal Emulator: Remote Code Execution Vulnerability Vulnerability: Arbitrary Packet Injection and Denial of Service in WNM Sleep Mode Response Denial of Service Vulnerability in PowerDNS Authoritative Server 3.4.4 Denial of Service Vulnerability in libxml2's xmlStringLenDecodeEntities Function Directory Traversal Vulnerability in libvirt's virStorageBackendFileSystemVolCreate Function Denial of Service Vulnerability in hostapd 2.x Denial of Service in EAP-pwd Message Reassembly Denial of Service Vulnerability in EAP-pwd Confirm Message Handling in wpa_supplicant Sensitive Information Disclosure in Jenkins Fingerprints Pages CSRF Protection Bypass in Jenkins XML External Entity (XXE) Vulnerability in Jenkins CLI Command Allows Arbitrary File Reading Insecure Verification of Shared Secret in Jenkins Information Disclosure Vulnerability in Jenkins CLI Command Overview and Help Pages Jenkins Directory Traversal Vulnerability Improper Access Restriction in Jenkins API Tokens Information Disclosure Vulnerability in Jenkins Incomplete Fix for CVE-2014-3665 Allows Bypass of Slave-to-Master Access Restrictions in Jenkins Arbitrary Code Injection via Slave Offline Status Message in Jenkins Out-of-bounds Memory Read Vulnerability in x509_decode_time Function Insecure Default Credentials in TripleO Heat Templates Remote Information Disclosure Vulnerability in Samba AD LDAP Server Improper Contact List Validation in Moodle 2.9.x before 2.9.3 Allows Spam Attacks via Messaging API Denial of Service Vulnerability in Atto Editor Autosave Feature Memory Leak in OBJ_obj2txt Function in LibreSSL Stack-based buffer overflow in LibreSSL before 2.3.1 due to off-by-one error in OBJ_obj2txt function CSRF vulnerability in Moodle allows hijacking of administrator authentication for statistics requests Cross-Site Scripting (XSS) Vulnerabilities in Moodle Survey Module Allow Remote Code Injection Cross-Site Scripting (XSS) Vulnerability in Moodle Cross-Site Request Forgery (CSRF) Vulnerabilities in Moodle Lesson Module Improper Group-Based Access Restrictions in Moodle Web Service Information Disclosure Vulnerability in Moodle Moodle mod_scorm Availability Date Bypass Vulnerability Bypassing Access Restrictions in Moodle Choice Module Integer Overflow and Heap-Based Buffer Overflow in mod_dav_svn in Apache Subversion Arbitrary Command Execution in Apache Camel's camel-xstream Component Directory Existence Disclosure Vulnerability in Apache Tomcat Session Fixation Vulnerability in Apache Tomcat 7.x, 8.x, and 9.x Arbitrary web script injection vulnerability in Apache Wicket ModalWindow title Arbitrary Command Execution Vulnerability in Apache Camel CSV Export Command Execution Vulnerability Garden-Linux Nstar Executable Vulnerability: Unauthorized Access to Host System Files CSRF Token Bypass Vulnerability in Apache Tomcat X11 Connection Bypass Vulnerability in OpenSSH Novius OS 5.0.1 (Elche) Directory Traversal Vulnerability Open Redirect Vulnerability in Novius OS 5.0.1 (Elche) Allows Remote Phishing Attacks Cross-Site Scripting (XSS) Vulnerabilities in GetSimple CMS before 3.3.6 Arbitrary Code Injection via func Parameter in GetSimple CMS Denial of Service Vulnerability in Juniper EX4600, QFX3500, QFX3600, and QFX5100 Switches Denial of Service vulnerability in Juniper Junos OS Denial of Service Vulnerability in Juniper Junos OS Denial of Service (CPU Consumption) Vulnerability in Juniper Junos Vulnerability: Unintended Wide Data Channel Access in FTPS-Extensions Option Remote Code Execution and Denial of Service Vulnerability in Juniper Junos OS BFD Daemon Denial of Service Vulnerability in Juniper SRX Series Services Gateways Denial of Service Vulnerability in Linux Kernel's UDP Packet Handling Arbitrary Script Injection in Zurmo CRM 3.0.2 via What's going on? Profile Field Denial of Service Vulnerability in Linux Kernel's udp_recvmsg and udpv6_recvmsg Functions Privilege Escalation Vulnerability in HP lt4112 LTE/HSPA+ Gobi 4G Module Remote Code Execution Vulnerability in HP lt4112 LTE/HSPA+ Gobi 4G Module TLS Handshake Message Validation Vulnerability in Pulse Connect Secure Samba DCE-RPC Protocol Downgrade Vulnerability Arbitrary Script Execution Vulnerability in SolarWinds Storage Manager's AuthenticationFilter Class Arbitrary SAML Assertion Injection via X.509 Certificate Mismatch in AdNovum nevisAuth Denial-of-Service Vulnerability in EN100 Ethernet Module Firmware Variants Unspecified Cross-Site Scripting (XSS) Vulnerability in Open-Xchange Server and OX App Suite SQL Injection Vulnerability in GSI WiNPAT Portal Login Form Remote Code Execution in Elasticsearch via Transport Protocol (CVE-2015-3253/CVE-2015-5377) Logstash Remote Communication Eavesdropping Vulnerability Arbitrary Web Script Injection via Email Attachment in AXIGEN Mail Server Memory Corruption Vulnerability in Utf8DecoderBase::WriteUtf16Slow Function Cross-site scripting (XSS) vulnerability in Roundcube Webmail 1.1.x before 1.1.2 in rcmail.php Arbitrary File Read Vulnerability in Roundcube Webmail Information Disclosure Vulnerability in Roundcube Webmail 1.1.x Session Fixation Vulnerability in AxiomSL's Axiom Google Web Toolkit Module 9.5.3 and Earlier Authentication Bypass Vulnerability in Siemens SICAM MIC Devices CSRF Vulnerability in SOGo before 3.1.0 CSRF Vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 Arbitrary Code Injection through Comment XSS Vulnerability in PHPVibe Vulnerability: Bypassing Restrictions in Squid Proxy Server via CONNECT Method Denial of Service Vulnerability in Teradata Gateway Privilege Escalation and Information Disclosure Vulnerability in HP Systems Insight Manager (SIM) Unspecified Information Disclosure Vulnerability in HP Systems Insight Manager (SIM) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HP Systems Insight Manager (SIM) Unspecified Remote Code Execution Vulnerability in HP Systems Insight Manager (SIM) Unspecified Remote Information Disclosure Vulnerability in HP CentralView Applications Unspecified Remote Information Disclosure Vulnerability in HP CentralView Applications Unspecified Remote Information Disclosure Vulnerability in HP CentralView Applications Buffer Overflow Vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 Arbitrary Code Execution and Denial of Service Vulnerability in HP Version Control Repository Manager (VCRM) Information Disclosure Vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 CSRF Vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 Privilege Escalation and Information Disclosure Vulnerability in HP Version Control Repository Manager (VCRM) Unspecified Remote Code Execution Vulnerability in HP KeyView Unspecified Remote Code Execution Vulnerability in HP KeyView Unspecified Remote Code Execution Vulnerability in HP KeyView Unspecified Remote Code Execution Vulnerability in HP KeyView Unspecified Remote Code Execution Vulnerability in HP KeyView Unspecified Remote Code Execution Vulnerability in HP KeyView (ZDI-CAN-2881) Unspecified Remote Code Execution Vulnerability in HP KeyView Unspecified Remote Code Execution Vulnerability in HP KeyView Unspecified Remote Code Execution Vulnerability in HP KeyView Privilege Escalation Vulnerability in HP LoadRunner Controller (ZDI-CAN-2756) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HP Matrix Operating Environment Unspecified Remote Information Disclosure and Data Modification Vulnerability in HP Matrix Operating Environment Unspecified Remote Information Disclosure and Data Modification Vulnerability in HP Matrix Operating Environment Information Disclosure Vulnerability in HP Matrix Operating Environment before 7.5.0 Unspecified Vector Vulnerability in HP Matrix Operating Environment before 7.5.0 Unspecified Remote Information Disclosure and Data Modification Vulnerability in HP Virtual Connect Enterprise Manager (VCEM) SDK Information Disclosure Vulnerability in HP Virtual Connect Enterprise Manager (VCEM) SDK VRF Hopping Vulnerability in HPE Networking Products Unspecified Denial of Service Vulnerability in HP Integrated Lights-Out (iLO) Firmware Remote Denial of Service (DoS) Vulnerability in HP iLO 4 Firmware Versions 2.11 to 2.29 Unspecified Information Disclosure Vulnerability in HP UCMDB Arbitrary Web Script Injection in HP ArcSight Management Center and ArcSight Logger Unspecified Privilege Escalation Vulnerability in HP Software Update Information Disclosure Vulnerability in HP 3PAR Service Processor SP Arbitrary Web Script Injection in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 CSRF Vulnerability in HP StoreOnce Backup System Software Arbitrary Code Execution Vulnerability in HP StoreOnce Backup System Software HP StoreOnce Backup System Software XSS Vulnerability Unspecified Information Disclosure Vulnerability in HP Asset Manager CSRF Vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 SQL Injection Vulnerability in Watchguard XCS 9.2 and 10.0 before Build 150522 Arbitrary Command Execution in Watchguard XCS 9.2 and 10.0 before build 150522 Arbitrary Web Script Injection Vulnerability in Nucleus CMS Title Parameter Arbitrary Web Script Injection Vulnerability in X-Cart 4.5.0 and Earlier Arbitrary Web Script Injection via PATH_INFO in PivotX 2.3.11 Arbitrary Code Execution in PivotX before 2.3.11 Session Fixation Vulnerability in PivotX Fileupload.php SQL Injection Vulnerability in ManageEngine Password Manager Pro (PMP) Arbitrary Script Injection in Snorby 2.6.2 Classification Creation StageShow Plugin for WordPress Open Redirect Vulnerability HTML Injection Vulnerability in AxiomSL's Axiom Google Web Toolkit Module 9.5.3 and Earlier Multiple Vulnerabilities in AxiomSL's Axiom Java Applet Module Bypassing Key-Export Restrictions in Gemalto SafeNet Luna HSM Privilege Escalation Vulnerability in Silicon Integrated Systems WindowsXP Display Manager Privilege Escalation Vulnerability in Silicon Integrated Systems XGI WindowsXP Display Manager Arbitrary Local File Inclusion in Yii2's web\ViewAction WP e-Commerce Shop Styling Plugin Directory Traversal Vulnerability Absolute Path Traversal Vulnerability in MDC YouTube Downloader Plugin 2.1.0 for WordPress Denial of Service Vulnerability in PowerDNS Recursor and Authoritative Server Absolute Path Traversal Vulnerability in Swim Team Plugin for WordPress Absolute Path Traversal Vulnerability in IBS Mappro Plugin for WordPress Directory Traversal Vulnerabilities in Samsung SyncThru 6 before 1.0 Remote Code Execution Vulnerability in BitTorrent and uTorrent via Crafted URL Cross-Site Scripting (XSS) Vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 BIND TKEY Query Denial of Service Vulnerability Denial of Service Vulnerability in Libav's ff_h263_decode_mba Function Arbitrary Web Script Injection in GD bbPress Attachments Plugin for WordPress GD bbPress Attachments Plugin for WordPress Directory Traversal Vulnerability Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Private Only Plugin 3.5.1 for WordPress Cross-Site Scripting (XSS) Vulnerability in Plotly WordPress Plugin Arbitrary Script Injection Vulnerability in Modern Tribe Eventbrite Tickets Plugin for WordPress Camtasia Relay Module XSS Vulnerability Arbitrary Code Injection in MailChimp Signup Submodule in Drupal Arbitrary Script Injection in Smart Trim Module for Drupal Incomplete Cache Rebuilding in Views Module Allows Access to Hidden Content Vulnerability: Access Restriction Bypass in Dynamic Display Block Module for Drupal Arbitrary Code Injection through Video Consultation Module in Drupal Improper Permission Checking in Entityform Block Module for Drupal Arbitrary Code Injection through Cross-Site Scripting (XSS) in Webform Matrix Component Module for Drupal Arbitrary Code Injection in Mobile Sliding Menu Module for Drupal Unrestricted Access to Generated PDF Files in pass2pdf Module for Drupal Arbitrary Script Injection Vulnerability in Drupal Web Links Module Unauthenticated Access to Shipments Overview in Shipwire API Module for Drupal Vulnerability: Insufficient Permission Checks in Drupal Navigate Module Arbitrary Code Injection through Navigate Module in Drupal Arbitrary PHP Code Execution in Hostmaster (Aegir) Module for Drupal Unrestricted Access to Storage API Fields in Drupal Open Redirect Vulnerability in Chamilo Integration Module for Drupal Novalnet Payment Module Ubercart Module SQL Injection Vulnerability Improper Implementation of Include Subdomains Directive in Drupal HSTS Module Unpublished Content Disclosure in Apache Solr Real-Time Module for Drupal Arbitrary Code Injection through Inline Entity Form Module in Drupal XC NCIP Provider Module Cross-Site Request Forgery (CSRF) Vulnerability Access Bypass Vulnerability in Administration Views Module for Drupal Open Redirect Vulnerability in Drupal CCK 6.x-2.x Allows Phishing Attacks Bypassing User Registration Configuration in HybridAuth Social Login Module for Drupal Remote Access to Views via me User Argument Handler in me aliases module for Drupal Shibboleth Authentication Module XSS Vulnerability Arbitrary Script Injection Vulnerability in Drupal Migrate Module Arbitrary Role Addition Vulnerability in Drupal Views Bulk Operations (VBO) Module Memory Leak Vulnerability in F5 BIG-IP and BIG-IQ Products WideImage 11.02.19 applyConvolution Demo Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection in Orchard Users Module Arbitrary Web Script Injection in BlackCat CMS 1.1.2 Heap-based Buffer Overflow in Tidy's ParseValue Function Allows Remote Denial of Service Denial of Service Vulnerability in Tidy's ParseValue Function Buffer Overflow Vulnerability in Samsung Mobile Devices Arbitrary Script Injection in Floating Social Bar WordPress Plugin Multiple Cross-Site Scripting (XSS) Vulnerabilities in Free Reprintables ArticleFR 3.0.6 Cross-Site Request Forgery (CSRF) Vulnerabilities in Free Reprintables ArticleFR 3.0.6 Allow Unauthorized Administrator Account Creation Arbitrary File Read Vulnerability in Elasticsearch Snapshot API Multiple Cross-Site Scripting (XSS) Vulnerabilities in Paid Memberships Pro Plugin for WordPress SQL Injection Vulnerability in Count Per Day Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerabilities in Oxwall before 1.8 Allow Remote Authentication Hijacking qTranslate Plugin XSS Vulnerability in WordPress Remote Command Execution in Belkin N300 Dual-Band Wi-Fi Range Extender Firmware Improper CBC Padding Implementation in Siemens RuggedCom ROS and ROX II HTTPS Service Unspecified Privilege Escalation Vulnerabilities in Citrix NetScaler ADC and Gateway Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows, OS X, and Linux, Adobe AIR before 18.0.0.199, and Adobe AIR SDK before 18.0.0.199: Arbitrary Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Type Confusion Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Unspecified Type Confusion Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 Arbitrary Code Execution and Denial of Service Vulnerability in Adobe Flash Player and Adobe AIR Adobe Flash Player and Adobe AIR Multiple Vulnerabilities Unspecified Impact and Attack Vectors in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows, OS X, and Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 Cross-Site Request Forgery (CSRF) Vulnerability in Adobe Flash Player and Adobe AIR Bypassing Access Restrictions and Information Disclosure in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows, OS X, and Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Memory Address Discovery Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Denial of Service Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows, OS X, and Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Sandbox Bypass Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows, OS X, and Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows, OS X, and Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190: Arbitrary Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Denial of Service Vulnerability in PHP Phar Extension Stack-based buffer overflow in phar_fix_filepath function in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 Arbitrary SQL Command Execution Vulnerability in Zenphoto before 1.4.9 Cross-Site Scripting (XSS) Vulnerability in Zenphoto before 1.4.9 Cross-Site Scripting (XSS) Vulnerability in Zenphoto before 1.4.9 Cross-Site Scripting (XSS) Vulnerability in ZenPhoto before 1.4.9 CSRF Vulnerability in Zenphoto Admin Panel Allows Authentication Hijacking and Denial of Service SQL Injection Vulnerabilities in Powerplay Gallery Plugin 3.3 for WordPress OpenSSH 6.9 Keyboard-Interactive Device Processing Vulnerability Arbitrary Code Execution Vulnerability in edx-platform Course Import Endpoint Privilege Escalation via Symlink Attack in Sudo (CVE-2015-5602) Velocity Template Injection Vulnerability in HipChat for JIRA Plugin Regular-Expression Implementation Vulnerability in Google V8 Denial of Service Vulnerability in Vordel XML Gateway 7.2.2 CSRF Vulnerability in IPython REST API Joomla! CMS Open Redirect Vulnerability (3.0.0 - 3.4.1) Image Export Plugin 1.1 for WordPress Absolute Path Traversal Vulnerability Shared Password Decryption Key Vulnerability in SolarWinds N-Able N-Central Remote Control Vulnerability in Uconnect Entertainment System of Fiat Chrysler Automobiles (FCA) Arbitrary Script Injection via Profile Image Caption in October CMS Arbitrary Script Injection via File Title in October CMS SQL Injection Vulnerability in Enorth Webpublisher CMS Remote Authentication Bypass and Configuration Modification in Chiyu BF-630 and BF-630W Fingerprint Access-Control Devices SSL/TLS Certificate Validation Vulnerability in Logstash Denial of Service and Arbitrary Code Execution Vulnerability in net-snmp 5.7.2 and Earlier Arbitrary Script Injection in WordPress Shortcodes WordPress Subscriber Role Bypass Vulnerability Buffer Overflow in ExecCall Method in FreeBit ELPhoneBtnV6 ActiveX Control Arbitrary Script Injection Vulnerability in OpenDocMan before 1.3.4 Stack-based Buffer Overflow Vulnerability in Yokogawa Industrial Control Systems Stack-based Buffer Overflow Vulnerability in Yokogawa Industrial Control Systems Remote Code Execution Vulnerability in Yokogawa Industrial Control Systems Bypassing URL Whitelist Protection in NTT Broadband Platform Japan Connected-free Wi-Fi Application Arbitrary Code Injection through Crafted SSID in NTT Broadband Platform Japan Connected-free Wi-Fi Application CSRF Vulnerability in Canon PIXMA MG7500 Printers' Remote UI Allows Authentication Hijacking Whitelist Bypass Vulnerability in Newphoria Applican Framework URL Whitelist Bypass Vulnerability in Newphoria Auction Camera Application Bypassing URL Whitelist Protection in Newphoria MEGAPHONE MUSIC Application Bypassing URL Whitelist Protection in Newphoria Koritore Application URL Whitelist Bypass Vulnerability in Newphoria Reversi Application URL Whitelist Bypass Vulnerability in Newphoria Photon Application H2O Directory Traversal Vulnerability Unverified SSL Certificates in niconico App for iOS before 6.38 Enable Man-in-the-Middle Attacks Arbitrary User Settings Modification Vulnerability in baserCMS before 3.0.8 Arbitrary SQL Command Execution Vulnerability in baserCMS before 3.0.8 ICZ MATCHA INVOICE 2.5.7 Multiple SQL Injection Vulnerabilities Remote Code Execution Vulnerability in ICZ MATCHA INVOICE Installer Arbitrary PHP Code Execution in ICZ MATCHA SNS Installer Unspecified Vector Exploit in ICZ MATCHA SNS before 1.3.7 Allows Remote Authenticated Users to Gain Administrative Privileges Arbitrary PHP Code Execution Vulnerability in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 Arbitrary PHP Code Execution Vulnerability in Cybozu Garoon RSS Reader Component (CyVDB-866) Arbitrary SQL Command Execution in phpRechnung before 1.6.5 LDAP Injection Vulnerability in Cybozu Garoon AjaXplorer 2.0 Directory Traversal Vulnerability Dotclear before 2.8.1 Cross-Site Scripting (XSS) Vulnerability Untrusted Search Path Vulnerability in Python.exe on Windows Remote Code Execution Vulnerability in Canary Labs Trend Web Server Dojo Toolkit XSS Vulnerability Insecure Certificate Verification in Adways Party Track SDK for iOS SQL Injection Vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x CSRF Vulnerability in eXtplorer Allows Remote Code Execution Sensitive Information Disclosure in SAND STUDIO AirDroid Application Avast Directory Traversal Vulnerability in ZIP Archive Handling Privilege Escalation Vulnerability in WinRAR Arbitrary Web Script Injection in QNAP QTS File Station CSRF Vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 SSL Certificate Verification Bypass in ANA App for Android and iOS HTML-Scrubber Module XSS Vulnerability SQL Injection Vulnerability in Techno Project Japan Enisys Gw before 1.4.1: Remote Code Execution Arbitrary Code Execution Vulnerability in Techno Project Japan Enisys Gw before 1.4.1 Unspecified Cross-Site Scripting (XSS) Vulnerability in Techno Project Japan Enisys Gw before 1.4.1 Arbitrary File Read Vulnerability in Techno Project Japan Enisys Gw before 1.4.1 Remote Code Execution Vulnerability in TYPE-MOON Fate Series Games Arbitrary Command Execution in eventapp/lib/gcloud.rb Denial of Service Vulnerability in FreeBSD Routed Daemon Kernel Panic Vulnerability in FreeBSD 9.3 and 10.1 World-readable permissions on snmpd.config file in bsnmpd in FreeBSD 9.3, 10.1, and 10.2 allow local users to obtain secret key for USM authentication Arbitrary Code Execution via Unrestricted File Upload in Powerplay Gallery Plugin 3.3 for WordPress Arbitrary Directory Creation Vulnerability in Powerplay Gallery Plugin 3.3 for WordPress Buffer Overflow Vulnerability in Lenovo Service Engine (LSE) Allows Remote Code Execution Arbitrary Code Execution Vulnerability in BitTorrent DHT Bootstrap Server Vulnerability: Clickjacking and CSRF Attacks in Puppet Enterprise Console 3.x Arbitrary PHP Code Execution via Serialized Object in Anchor CMS 0.9.x Cookie Directory Traversal Vulnerability in Geddy Node.js Framework Improper Sign-Extend Operations Vulnerability in Symantec Ghost Solutions Suite and Symantec Deployment Solution Arbitrary Command Execution via Redirect in Symantec Web Gateway Management Console Multiple Cross-Site Scripting (XSS) Vulnerabilities in Symantec Web Gateway Appliances Arbitrary Code Execution via Improper Sudo Configuration in Symantec Web Gateway Arbitrary Command Execution Vulnerability in Symantec Web Gateway Management Console DNS Protocol Limit Bypass: Designate Vulnerability Allows Oversized Record Sets Denial of Service Vulnerability in OpenStack Kilo: Unenforced Quotas for RecordSets and Records Denial of Service Vulnerability in Dell Netvault Backup before 10.0.5 Uninitialized Bitmap Data Structure Vulnerability in Linux Kernel CSRF Vulnerability in Siemens SIMATIC S7-1200 CPU Devices Arbitrary Command Execution in Cumulus Linux Switch Configuration Tools Backend Local Privilege Escalation via Symlink Attack in mktexlsr (TeXLive) Local File Write Vulnerability in mktexlsr (CVE-2021-XXXX) SQL Injection Vulnerability in Open-Xchange OX Guard Public Key Discovery API Arbitrary Shell Command Execution in devscripts' licensecheck.pl Devscripts Argument Injection Vulnerability Use-after-free vulnerability in path_openat function in Linux kernel 3.x and 4.x before 4.0.4 Integer Overflow in sg_start_req Function in Linux Kernel Allows Denial of Service Sensitive Information Disclosure in TIBCO Managed File Transfer Internet Server, Command Center, Slingshot, and Vault Information Disclosure Vulnerability in TIBCO Spotfire Server and Spotfire Analytics Platform Sensitive Log Information Disclosure in TIBCO Spotfire Server and Spotfire Analytics Platform WordPress XSS Vulnerability in Shortcode Processing XMLRPC Privilege Escalation Vulnerability in WordPress Siemens COMPAS Mobile Application Android SSL Certificate Verification Vulnerability Denial of Service Vulnerability in Websense Content Gateway Unrestricted Filename Vulnerability in MISP Cross-Site Scripting (XSS) Vulnerabilities in MISP Template-Creation Feature PHP Object Injection Vulnerability in MISP before 2.3.90 Denial of Service Vulnerability in ISC BIND 9.x World-writable cache directory vulnerability in Doctrine and MongoDB ODM SQL Injection Vulnerability in CodeIgniter Active Record Class' Offset Method Denial of Service Vulnerability in Botan BER Decoder Denial of Service Vulnerability in Botan BER Decoder Weak WPA2 PSK Key Generation Vulnerability in Samsung Smart TVs and Xpress Printers Timing Side-Channel Attack in WordPress Widget Sanitization WordPress CSRF Vulnerability in wp-admin/post.php Arbitrary Script Injection via Widget Title in WordPress Arbitrary Script Injection via Accessibility-Helper Title in WordPress Legacy Theme Preview XSS Vulnerability in WordPress Arbitrary Memory Write Vulnerability in Fortinet FortiClient Drivers Arbitrary Code Execution Vulnerability in Fortishield.sys Driver Privilege Escalation Vulnerability in Fortinet FortiClient Drivers Lenstra Side-Channel Attack on RSA-CRT Implementation in Cavium SDK 2.x HTTP Request Smuggling Vulnerability in Go's net/http Library HTTP Request Smuggling Vulnerability in Go's net/http Library HTTP Request Smuggling Vulnerability in Go's net/http Library Sensitive Information Exposure in Veeam Backup & Replication (B&R) Buffer Overflow in QEMU's virtio-serial-bus.c Allows for Denial of Service Symlink Mishandling Vulnerability in AppleFileConduit in iOS Denial of Service Vulnerability in Apple OS X Fasttrap Driver Denial of Service Vulnerability in Apple OS X Kernel Sandbox_profiles Component Vulnerability in Apple iOS Arbitrary Code Execution and Denial of Service Vulnerability in Apple OS X Data Detectors Engine Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 for Apple OS X Symlink Bypass Vulnerability in Apple iOS Backup (before 8.4.1) Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 for Apple OS X Privilege Escalation via Race Condition in Install.framework Arbitrary Code Execution and Denial of Service Vulnerability in CoreText Arbitrary Code Execution and Denial of Service Vulnerability in Apple FontParser Privilege Escalation and Denial of Service Vulnerability in libpthread Arbitrary Code Execution and Denial of Service Vulnerability in ImageIO Click Spoofing Vulnerability in Apple iOS WebKit Arbitrary Code Execution and Denial of Service Vulnerability in CoreText NTFS Privilege Escalation and Memory Corruption Vulnerability in Apple OS X URL Spoofing Vulnerability in Safari on Apple iOS URL Spoofing Vulnerability in Safari on Apple iOS Air Traffic iOS Directory Traversal Vulnerability URL Spoofing Vulnerability in Safari on Apple iOS Information Disclosure Vulnerability in AppleGraphicsControl in Apple OS X Denial of Service Vulnerability in Apple iOS MSVDX Driver Uniqueness Violation in MobileInstallation Allows Arbitrary Extension Replacement Memory Corruption and Code Execution Vulnerability in Quartz Composer Framework Heap-based Buffer Overflow in SceneKit in Apple OS X Memory Corruption and Application Crash Vulnerability in Apple iOS and OS X Buffer Overflow Vulnerability in IOHIDFamily in Apple iOS and OS X Arbitrary Code Execution and Denial of Service Vulnerability in Apple FontParser AF_INET6 Socket Vulnerability in Apple iOS and OS X Arbitrary Code Execution and Denial of Service Vulnerability in CoreMedia Playback Arbitrary Code Execution and Denial of Service Vulnerability in CoreMedia Playback Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime 7 for Apple OS X Unauthenticated Extension Replacement Vulnerability in Apple Safari Unspecified Data Structure Initialization Vulnerability in ImageIO Unspecified Data Structure Initialization Vulnerability in ImageIO Arbitrary Code Execution and Memory Corruption Vulnerability in IOGraphics Privilege Escalation Vulnerability in Install.framework in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2016-????) Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2016-????) Debugging Feature Bypass Vulnerability in Apple iOS Bypassing Same Origin Policy in WebKit Canvas Implementation in Apple iOS Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Remote Dialing Vulnerability in Apple iOS WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit CFNetwork SSL Component in Apple iOS before 9 X.509 Certificate Verification Vulnerability Information Disclosure Vulnerability in WebKit Cascading Style Sheets (CSS) Content Type Bypass Vulnerability in Apple iOS Same Origin Policy Bypass in WebKit on Apple iOS before 9 HTTP Redirection Bypass Vulnerability in Apple Safari Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS Data Detectors Engine Unspecified Memory Corruption Vulnerability in Intel Graphics Driver Component in Apple OS X Uninitialized Data Structure Vulnerability in Apple iOS NetworkExtension Keychain Credential Deletion Vulnerability in iTunes Store Component of Apple iOS Unintended Screen Lock Bypass Vulnerability in Apple OS X Information Disclosure Vulnerability in IOAcceleratorFamily in Apple iOS Inter-App Communication Information Disclosure Vulnerability in Apple iOS iCloud Keychain Access Vulnerability in Apple OS X Bypassing App-Trust Requirement in Apple iOS via Crafted Enterprise App Privileged API Call Spoofing Vulnerability in SpringBoard on Apple iOS Code-Signing Bypass Vulnerability in Apple iOS before 9 Denial of Service Vulnerability in Apple iOS Removefile Checkint Division Routines Cookie Injection Vulnerability in CFNetwork Proxies Component of Apple iOS Uninitialized Data Structure Vulnerability in Apple iOS Kernel Privilege Escalation and Memory Corruption Vulnerability in IOMobileFrameBuffer on Apple iOS Arbitrary Code Execution and Denial of Service Vulnerability in IOKit Kernel Module in Apple iOS Arbitrary Code Execution and Memory Corruption Vulnerability in IOKit Kernel Module in Apple iOS Arbitrary Code Execution and Memory Corruption Vulnerability in IOKit Kernel Module in Apple iOS Disk Images Component Privilege Escalation Vulnerability Privilege Escalation and Memory Corruption Vulnerability in IOAcceleratorFamily in Apple iOS Apple OS X AppleEvents Filtering Implementation Vulnerability Passcode Reset Vulnerability in AppleKeyStore on iOS before 9 Unencrypted Downgrade Attack in Multipeer Connectivity Component in Apple iOS eSCL Packet Payload Data Disclosure Vulnerability in Apple OS X Time Machine Backup Vulnerability: Unauthorized Access to Keychain Items Game Center App Vulnerability: Information Disclosure of Player's Email Address in Apple iOS Denial of Service Vulnerability in Apple iOS Application Store Component Spoofed Email Sender Address Vulnerability in Apple iOS before 9 HSTS Bypass Vulnerability in CFNetwork HTTPProtocol Component in Apple iOS HSTS Preload List Bypass Vulnerability in Apple iOS and OS X HSTS Bypass Vulnerability in Apple iOS Allows Tracking via Crafted Websites Lock-Screen Bypass Vulnerability in Apple iOS Allows Unauthorized Audio Message Reply Denial of Service Vulnerability in Apple iOS Audio Component Uninitialized Data Structure Vulnerability in IOStorageFamily in Apple iOS before 9 Information Disclosure Vulnerability in IOAudioFamily in Apple OS X Information Disclosure Vulnerability in IOGraphics in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in IOHIDFamily in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in IOHIDFamily on Apple iOS Unspecified Memory Corruption Vulnerability in Apple iOS Kernel Neighbor Discovery Protocol Vulnerability in Apple iOS Information Disclosure Vulnerability in Apple OS X Kernel Debugging Interfaces Unspecified Memory Corruption Vulnerability in IOGraphics in Apple OS X Unspecified Memory Corruption Vulnerability in IOGraphics in Apple OS X Unspecified Memory Corruption Vulnerability in IOGraphics in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText on Apple iOS and iTunes XSS Vulnerability in Apple OS X Notes Allows Injection of Arbitrary Web Script or HTML Privilege Escalation and Memory Corruption Vulnerability in Apple iOS Dev Tools Unspecified vulnerability in Intel Graphics Driver component in Apple OS X before 10.11 Link Misparse Vulnerability in Apple OS X TCP Sequence Number Validation Bypass Vulnerability in Apple iOS Screen-framebuffer access bypass vulnerability in CoreAnimation on Apple iOS before 9 Bypassing Entitlement Protection Mechanism in Apple iOS: Arbitrary Process Access Bidirectional Text-Display and Text-Selection Vulnerability in Apple OS X Terminal Insecure Encryption Parameters in Mail Drop Feature in Apple OS X Cookie Tracking Vulnerability in Apple iOS TLS Handshake Protocol Vulnerability in Apple OS X Privilege Escalation Vulnerability in Apple OS X Install Framework Legacy Component Privilege Escalation via Environment Variables in Apple OS X Remote Commands Component Unspecified Memory Corruption Vulnerability in IOGraphics in Apple OS X Local Privilege Escalation and Denial of Service Vulnerability in Apple OS X SMB Implementation Lock-screen Eavesdropping Vulnerability in Siri on Apple iOS Information Disclosure Vulnerability in SMBClient in Apple OS X Revocation-checking vulnerability in Apple OS X before 10.11 Unspecified Vulnerabilities in SQLite before 3.8.10.2 with Unknown Impact and Attack Vectors Unspecified Memory Corruption Vulnerability in Apple iOS Kernel Privilege Escalation via Address Book Framework in Apple OS X Cache Encryption Key Vulnerability in CFNetwork on Apple iOS Memory Corruption Vulnerability in libpthread on Apple iOS before 9 EFI Component Vulnerability: Denial of Service via Crafted App Improper Deletion of Trash Files in Apple OS X Allows for Sensitive Information Disclosure Kernel Debugging Feature Mismanagement Vulnerability in Apple OS X Unspecified Memory Corruption Vulnerability in Apple iOS Kernel URL Spoofing Vulnerability in Safari for Apple iOS URL Spoofing Vulnerability in Safari for Apple iOS QuickType Password Vulnerability in Apple iOS Redirection Vulnerability in WebKit on Apple iOS before 9 Improper Access Restriction in Xcode Server Allows Information Disclosure Unencrypted Traffic Vulnerability in Xcode Server Unspecified XML Vulnerabilities in Twisted Wiki Server in Apple OS X Server FTP Proxy Server TCP Connection Attempt Vulnerability in Apple iOS Replay Attack Vulnerability in Heimdal for Apple OS X Thunderstrike: EFI Firmware Vulnerability in Apple OS X Keychain Lock State Display Vulnerability Apple Pay Vulnerability: Remote Terminals Exploiting Transaction-Log Feature to Access Sensitive Recent-Transaction Information Denial of Service Vulnerability in tnftpd's Glob Implementation Privilege Escalation and Memory Corruption Vulnerability in Apple watchOS Privilege Escalation and Memory Corruption Vulnerability in Apple watchOS iTunes Software Update Component Vulnerability: Encrypted SMB Credential Exposure Improper Handling of Content-Disposition: attachment Headers in WebKit on Apple iOS before 9 Unspecified Vulnerability in ICU with Unknown Impact and Attack Vectors Lock Screen Bypass Vulnerability in Apple iOS Remote Code Execution and Memory Corruption Vulnerability in Apple iOS and OS X Memory Corruption Vulnerability in CoreGraphics Component Memory Corruption Vulnerability in CoreGraphics Component Arbitrary Code Execution and Memory Corruption in Apple FontParser Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Privilege Escalation Vulnerability in Apple OS X Kernel Memory corruption vulnerability in Apple OS X audio processing Memory corruption vulnerability in Apple OS X audio processing Arbitrary Code Execution and Memory Corruption in ImageIO Arbitrary Code Execution and Memory Corruption in ImageIO Arbitrary Code Execution and Memory Corruption in ImageIO Arbitrary Code Execution and Memory Corruption Vulnerability in ImageIO on Apple OS X Arbitrary Code Execution and Memory Corruption in ImageIO Memory Corruption Vulnerability in Apple iOS and OS X with Accelerate Framework Arbitrary Code Execution and Memory Corruption in Apple FontParser Bypassing Access Restrictions in Apple OS X Keychain via Synthetic Clicks Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText on Apple OS X Privilege Escalation via NVRAM Parameters in Apple OS X Sandbox Subsystem Arbitrary Code Execution via Incomplete Blacklist in SuiteCRM 7.2.2 Arbitrary Code Execution Vulnerability in SuiteCRM before 7.2.3 Incomplete Fix for Race Condition in SuiteCRM Allows Remote Code Execution Arbitrary Pointer Freeing Vulnerability in VideoLAN VLC Media Player 2.2.1 Arbitrary Kernel Memory Write Vulnerability in NVIDIA Display Driver Arbitrary PHP File Upload and Command Execution Vulnerability in Thomson Reuters FATCH Thomson Reuters FATCA 5.2 Directory Traversal Vulnerability Arbitrary Script Injection in ownCloud Server Activity Application Bypassing Access Restrictions via Sharing Link in ownCloud Server Improper State Switching in ownCloud iOS App Allows Credential and Cookie Information Disclosure Cross-Site Scripting (XSS) Vulnerability in TYPO3 sanitizeLocalUrl Function Buffer Overflow in DumpSysVar Function in Remind Arbitrary Command Execution in phpFileManager 0.9.8 Information Disclosure: Database Password Exposure in Froxlor before 0.9.33.2 Bypassing Pass-code Protection in Mozilla Firefox OS for USB Mass Storage Access COPPA Error Page Vulnerability in Mozilla Firefox OS Denial of Service Vulnerability in SharedBufferManagerParent::RecvAllocateGrallocBuffer Function Denial of Service via Session Record Creation in Django Middleware Denial of Service Vulnerability in Django Session Store Weak MAC Verification in Fortinet FortiOS SSL-VPN Novell Filr 1.2 XSS Vulnerability Local privilege escalation vulnerability in mysql-systemd-helper script XPath Injection Vulnerability in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 Denial of Service Vulnerability in ISC BIND 9.9.7 and 9.10.x Improper Algorithm for DNS Query ID Selection in Belkin F9K1102 Firmware 2.10.17 Blank Password Vulnerability in Belkin F9K1102 2 Firmware 2.10.17 Remote Code Execution Vulnerability in Belkin F9K1102 Firmware 2.10.17 CSRF Vulnerability in Belkin F9K1102 2 Firmware 2.10.17 Allows Remote Authentication Hijacking CSRF Vulnerability in PLDT SpeedSurf 504AN and Kasda KW58293 Devices Arbitrary Web Script Injection Vulnerability in PLDT SpeedSurf 504AN and Kasda KW58293 Devices Buffer Overflow Vulnerability in PLDT SpeedSurf 504AN and Kasda KW58293 Devices Default Password Vulnerability in Mediabridge Medialink MWN-WAPR300N Devices Remote Administrative Access Vulnerability in Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 Devices CSRF Vulnerability in Mediabridge Medialink MWN-WAPR300N Firmware 5.07.50 Hardcoded CBC Key and Initialization Vector Vulnerability in Impero Education Pro Arbitrary Program Execution Vulnerability in Impero Education Pro Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in D-Link DIR-816L Wireless Router Firmware Arbitrary Code Execution via Unrestricted File Upload in Vtiger CRM 6.3.0 and Earlier Directory Traversal Vulnerability in QNAP QTS Allows Remote File Access SQL Injection Vulnerabilities in IPSwitch WhatsUp Gold Multiple Cross-Site Scripting (XSS) Vulnerabilities in IPSwitch WhatsUp Gold Remote Code Execution and Denial of Service Vulnerability in Medicomp MEDCIN Engine 2.22.20153.x CSRF Vulnerability in Web Reference Database (refbase) Allows Remote User Hijacking Arbitrary Command Execution in refbase Web Reference Database (CVE-2020-XXXX) SQL Injection Vulnerabilities in Web Reference Database (refbase) 0.9.6 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Web Reference Database (refbase) XML Injection Vulnerability in Web Reference Database (aka refbase) Open Redirect Vulnerabilities in Web Reference Database (refbase) Allow for Phishing Attacks Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Default Password Vulnerability in ZyXEL P-660HW-T1, PMG5318-B20A, and NBG-418N Devices Cross-Site Scripting (XSS) Vulnerabilities in ZyXEL P-660HW-T1 2 Devices with ZyNOS Firmware 3.40(AXH.0) Arbitrary Command Execution Vulnerability in ZyXEL PMG5318-B20A Devices Session Persistence Vulnerability in ZyXEL PMG5318-B20A Management Portal Remote Authentication Bypass Vulnerability in ZyXEL PMG5318-B20A Firmware 1.00AANC0b5 XSS Vulnerability in Spiceworks Desktop (pre-2015-12-01) via SNMP Response Unrestricted File Upload Vulnerability in QNAP Signage Station: Remote Code Execution Bypassing Access Restrictions in NetCommWireless HSPA 3G10WVE Routers Arbitrary Command Execution in NetCommWireless HSPA 3G10WVE Routers XSS Vulnerability in Castle Rock Computing SNMPc before 2015-12-17 via SNMP SQL Injection Vulnerability in Castle Rock Computing SNMPc (before 2015-12-17) via the sc Parameter Unrestricted Authentication Attempts in HP ArcSight Logger SOAP Interface Privilege Escalation Vulnerability in HP ArcSight Products Buffer Overflow in MiniUPnPc's IGDstartelt Function Hardcoded Cryptographic Keys in Qolsys IQ Panel: Remote Code Signature Creation Vulnerability Digital Signature Verification Bypass in Qolsys IQ Panel Software Updates Weak Permissions in EPSON Network Utility 4.10 Allows Privilege Escalation via eEBSVC.exe XSS Vulnerability in Opsview before 2015-11-06 via SNMP Authentication Bypass Vulnerability in QNAP Signage Station Microsoft Office Web Apps XSS Spoofing Vulnerability Microsoft Office Memory Corruption Vulnerability Cross-Site Scripting (XSS) Vulnerability in Microsoft SharePoint Server 2013 and SharePoint Foundation 2013 Microsoft Office Memory Corruption Vulnerability Internet Explorer CWindow Use-After-Free Vulnerability Internet Explorer 8 Elevation of Privilege Vulnerability Internet Explorer Use-After-Free Vulnerability Internet Explorer Memory Disclosure Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Elevation of Privilege Vulnerability VBScript and JScript ASLR Bypass Vulnerability Internet Explorer 11 ArrayBuffer.slice Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Internet Explorer 9-11 Memory Disclosure Vulnerability in Microsoft Edge Microsoft Edge XSS Filter Bypass Vulnerability Scripting Engine Information Disclosure Vulnerability Cross-site Scripting (XSS) Vulnerability in Microsoft Skype for Business and Lync Allows Arbitrary Code Injection Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Disclosure Vulnerability Internet Explorer Memory Corruption Vulnerability Microsoft Browser ASLR Bypass Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Internet Explorer Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Windows Kerberos Security Feature Bypass Vulnerability .NET Information Disclosure Vulnerability Windows Journal Heap Overflow Vulnerability Windows NDIS Buffer Overflow Vulnerability ASP.NET Cross-Site Scripting (XSS) Vulnerability in Microsoft .NET Framework 4 and later versions Windows Kernel Memory Elevation of Privilege Vulnerability Windows Kernel Memory Elevation of Privilege Vulnerability Windows Kernel KASLR Bypass Vulnerability Windows Graphics Memory Remote Code Execution Vulnerability Windows Graphics Memory Remote Code Execution Vulnerability Graphics Memory Corruption Vulnerability in Windows Font Library Graphics Memory Corruption Vulnerability in Windows Font Library Graphics Memory Corruption Vulnerability in Windows Font Library Windows Kernel KASLR Bypass Vulnerability Windows IPSec Denial of Service Vulnerability Schannel TLS Triple Handshake Vulnerability Windows Kernel Security Feature Bypass Vulnerability Microsoft Silverlight ASLR Bypass Vulnerability .NET ASLR Bypass Vulnerability SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 Access Control Policy Bypass Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Excel for Mac Cross-Site Scripting (XSS) Vulnerability Microsoft Office Memory Corruption Vulnerability Windows DNS Use After Free Vulnerability Windows PGM UAF Elevation of Privilege Vulnerability Windows Media Center .mcl File Information Disclosure Vulnerability Windows Library Loading Remote Code Execution Vulnerability Windows Integer Underflow Vulnerability in Uniscribe Media Center Library Parsing RCE Vulnerability Windows Library Loading Remote Code Execution Vulnerability Windows Library Loading Remote Code Execution Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Scripting Engine Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability Internet Explorer XSS Filter Bypass Vulnerability Microsoft Browser Elevation of Privilege Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Microsoft Browser XSS Filter Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Information Disclosure Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Microsoft Browser ASLR Bypass Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer XSS Filter Bypass Vulnerability Microsoft Silverlight ASLR Bypass Vulnerability Microsoft Silverlight RCE Vulnerability Microsoft Edge Remote Code Execution Vulnerability Microsoft Edge Spoofing Vulnerability Remote Privilege Escalation in Microsoft Edge Browser Windows Kernel Memory Elevation of Privilege Vulnerability Outlook Email Processing Remote Code Execution Vulnerability Windows Kernel Memory Elevation of Privilege Vulnerability Windows Kernel Memory Elevation of Privilege Vulnerability Windows Kernel Memory Elevation of Privilege Vulnerability Microsoft Edge XSS Filter Bypass Vulnerability Microsoft Office Memory Corruption Vulnerability in Excel 2007 and Compatibility Pack Internet Explorer CAttrArray Object Memory Corruption Vulnerability Authentication Bypass and Privilege Escalation Vulnerability in Tripwire IP360 VnE Manager Cross-Site Scripting (XSS) Vulnerabilities in Google Analyticator Plugin for WordPress Symlink Attack Vulnerability in Ansible's Chroot, Jail, and Zone Connection Plugins Denial of Service in Wireshark 1.12.x via proto_tree_add_bytes_item Vulnerability Denial of Service Vulnerability in Wireshark 1.12.x Denial of Service Vulnerability in Wireshark 1.12.x Denial of Service Vulnerability in Wireshark ZigBee Dissector Denial of Service Vulnerability in Wireshark GSM RLC/MAC Dissector Denial of Service Vulnerability in Wireshark WaveAgent Dissector Denial of Service Vulnerability in OpenFlow Dissector in Wireshark 1.12.x Denial of Service Vulnerability in Wireshark 1.12.x Denial of Service Vulnerability in Wireshark WCCP Dissector Remote Code Execution in simple-php-captcha Double Free Vulnerability in GnuTLS: Denial of Service via Long DistinguishedName (DN) Entry Denial of Service Vulnerability in Linux Kernel's vhost_dev_ioctl Function XSS Vulnerability in edx-platform's Studio Course Listing Unvalidated Destination Attribute in SAML Assertion Response in PicketLink before 2.7.0 Cisco Unified Web and E-Mail Interaction Manager 9.0(2) Cross-Site Scripting (XSS) Vulnerability in Chat Messages (CSCuo89051) Denial of Service Vulnerability in Cisco ASR 5000 Devices (Bug ID CSCuv62820) Cisco Wireless LAN Controller (WLC) Software 8.1(104.37) IPv6 Traffic Forwarding Vulnerability Arbitrary File Write Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor and UCS Director Denial of Service Vulnerability in Cisco NX-OS SNMP Packet Validation (CSCut84645) Bypassing Access Restrictions and Reading Configuration Files in Cisco TelePresence VCS Expressway X8.5.2 Cisco Prime Infrastructure CSRF Vulnerability Denial of Service Vulnerability in Cisco IOS 15.4(3)M2.2 RADIUS Client Implementation (Bug ID CSCuu59324) Bypassing Access Restrictions and File Manipulation Vulnerability in Cisco ACE 4700 A5 3.0 and Earlier (CSCur23662) Unrestricted Access to Customized Documents in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices via Crafted L2TP Packet Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices (Bug ID CSCsw95482) Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices (Bug ID CSCsw69990) Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices (Bug ID CSCsv98555) Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices with NAT Application Layer Gateway Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices with NAT Application Layer Gateway Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Devices Denial of Service Vulnerability in Cisco ASR 1000 Devices with Software 15.5(3)S (Bug ID CSCuv71273) Insufficient Access Control in Cisco TelePresence IX5000 8.0.3 Denial of Service Vulnerability in Cisco NX-OS and SAN-OS on Nexus and MDS Devices (CSCut25292) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCus19794) IPv6 Snooping Denial of Service Vulnerability Improper RSA Authentication Implementation in Cisco IOS and IOS XE (CSCus73013) Denial of Service Vulnerability in Cisco IOS XE (Bug ID CSCut96933) Cisco TelePresence Server Software Buffer Overflow Vulnerability Format String Vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0: Remote Denial of Service via HTTP Request Denial of Service Vulnerability in Cisco AVC 15.3(3)JA with FlexConnect Enabled (CSCuu47016) Denial of Service Vulnerability in Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 Improper Credential Validation in Cisco Content Security Management Appliance (SMA) 7.8.0-000 Denial of Service Vulnerability in Cisco IOS 15.5(3)M on ISR 800, 819, and 829 Devices (CSCuu13476) Denial of Service Vulnerability in Cisco Web Security Appliance (WSA) 8.0.7 Denial of Service Vulnerability in Cisco AsyncOS on Email Security Appliance (ESA) Devices Denial of Service Vulnerability in Cisco AsyncOS Proxy-Cache Implementation (CSCus10922) Denial of Service Vulnerability in Cisco AsyncOS on Web Security Appliance (WSA) Devices (CSCur39155) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCuu25770) Denial of Service and Traffic Forwarding Vulnerability in Cisco NX-OS on Nexus 9000 Devices (CSCuw13560) Default Account Vulnerability in Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) Denial of Service Vulnerability in Cisco ASR 9000 DHCPv6 Server (Bug ID CSCun36525) Privilege Escalation via Crafted Certificate-Generation Arguments in Cisco AsyncOS SQL Injection Vulnerability in Cisco Unity Connection Web Interface (CSCuv63824) Denial of Service Vulnerability in Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) Denial of Service Vulnerability in Cisco ASR 9000 DHCPv6 Server (Bug ID CSCun72171) RADIUS Disconnect-Request Vulnerability in Cisco Wireless LAN Controller Devices X.509 Certificate Verification Vulnerability in Cisco Spark Mobile Application Cisco TelePresence Server Software 3.0(2.24) Cross-Site Request Forgery (CSRF) Vulnerability Untrusted Search Path Vulnerability in Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability in Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux Denial of Service Vulnerability in Cisco FirePOWER Devices (Bug ID CSCuu10871) Denial of Service Vulnerability in Cisco NX-OS 6.0(2)U6(0.46) on N3K Devices (CSCuw36684) Denial of Service Vulnerability in Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 (CSCuw32211) Denial of Service Vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5(1) (Bug ID CSCuw31632) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (Bug ID CSCub65236) Denial of Service Vulnerability in Cisco TelePresence Server 3.1 and Other Devices (CSCuv01348) Denial of Service Vulnerability in Cisco TelePresence Server and Multiparty Media Devices (CSCuv47565) Remote Configuration Change Vulnerability in Cisco Wireless LAN Controller (WLC) Devices Privilege Escalation Vulnerability in Cisco Aironet 1850 Access Points (Bug ID CSCuv79694) Default Configuration Vulnerability in Cisco Mobility Services Engine (MSE) Allows Unauthorized Access via Oracle Account Bypassing Web-Resource Access Restrictions in Cisco Identity Services Engine (ISE) 2.0 Arbitrary File Write Vulnerability in Cisco TelePresence VCS Expressway (Bug ID CSCuv11969) Cisco RV220W SQL Injection Vulnerability Denial of Service Vulnerability in Cisco Aironet 1800 Devices (Bug ID CSCuv63138) Denial of Service vulnerability in Cisco AsyncOS on ESA, SMA, and WSA devices Arbitrary File Movement Vulnerability in Cisco AnyConnect Secure Mobility Client Unspecified Remote Administrative Access Vulnerability in Cisco Identity Services Engine (ISE) Denial of Service Vulnerability in Cisco ASA DHCPv6 Relay Implementation Cisco ASA Software DNS Response Denial of Service Vulnerability Cisco ASA Software DNS Response Denial of Service Vulnerability Denial of Service vulnerability in Cisco Adaptive Security Appliance (ASA) software Arbitrary File Read Vulnerability in Cisco Prime Collaboration Assurance (PCA) 10.5(1) SQL Injection Vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 (Bug ID CSCut64074) Cisco Prime Collaboration Assurance CSRF Vulnerability SQL Injection Vulnerability in Cisco Prime Collaboration Assurance 10.5(1) Denial of Service Vulnerability in Cisco Prime Infrastructure 2.2 (Bug ID CSCuv56830) Privilege Escalation via SSH Key Addition in Cisco APIC 1.1j (CSCuw46076) Denial of Service Vulnerability in Cisco ASR 5000 and 5500 Devices (Bug ID CSCuw01984) Bypassing Policy Restrictions and Executing Root Commands in Cisco FireSIGHT Management Center Default Account Vulnerability in Cisco Aironet 1800 Devices Cisco APIC-EM 1.0.10 Cross-Site Scripting (XSS) Vulnerability (CSCuw47238) Denial of Service Vulnerability in Cisco ASR 5000 Devices with Proxy Mobile IPv6 (PMIPv6) Component Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Devices (Bug ID CSCuw10610) Denial of Service Vulnerability in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) Devices (CSCuv79202) Bypassing Access Restrictions and Obtaining Sensitive User Information in Cisco ASA CX Context-Aware Security (Bug ID CSCuv74105) SQL Injection Vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) Cisco Secure Access Control Server (ACS) 5.7(0.15) Cross-Site Scripting (XSS) Vulnerability Bypassing RBAC Restrictions in Cisco Secure Access Control Server (ACS) 5.7(0.15) Bypassing RBAC Restrictions in Cisco Secure Access Control Server (ACS) 5.7(0.15) Cisco Secure Access Control Server (ACS) 5.7(0.15) Cross-Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in Cisco Prime Service Catalog 11.0 (Bug ID CSCuw50843) Denial of Service Vulnerability in Cisco ASR 5500 SAE Gateway Devices (Bug ID CSCuw65781) Inconsistent Error Messages in Cisco Unified Communications Domain Manager (CSCut67891) Cross-Site Scripting (XSS) Vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 (Bug ID CSCuu28922) Cross-Site Scripting (XSS) Vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 (Bug ID CSCuv73338) Information Disclosure Vulnerability in Cisco UCS Web Interface (Bug ID CSCuw87226) WeChat Page Cross-Site Scripting (XSS) Vulnerability in Cisco Social Miner 10.0(1) Unverified SSL Certificate Vulnerability in Cisco FireSIGHT Management Center Hardcoded X.509 Certificates and SSH Host Keys Vulnerability in Multiple Cisco Embedded Devices Neighbor Discovery Protocol Vulnerability in Cisco IOS 15.3(3)S0.1 on ASR Devices (Bug ID CSCup28217) Denial of Service Vulnerability in Cisco libSRTP (Bug ID CSCux00686) Arbitrary Command Execution Vulnerability in Cisco DPC3939 (XB3) Devices Bypassing Access Restrictions and Configuration Modification in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) (Bug ID CSCuw42640) Cross-Site Scripting (XSS) Vulnerabilities in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 Information Disclosure Vulnerability in Cisco Content Delivery System Manager Software 3.2 Bypassing Network-Traffic Restrictions via PPP in Cisco IOS 15.2(04)M and 15.4(03)M (CSCur61303) Vulnerability: Cisco IOS 15.2(04)M6 and 15.4(03)S ACL Superseding in Tunnel Interfaces Denial of Service Vulnerability in Cisco Aironet 1800 Devices (Bug ID CSCux13374) File Disclosure Vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 Devices (Bug ID CSCux10608) Denial of Service Vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 Devices via Crafted USB Device (Bug ID CSCux10531) Arbitrary OS Command Execution Vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Arbitrary File Read Vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 Devices (CSCux10621) Cisco Firepower Extensible Operating System 1.1(1.160) Cross-Site Scripting (XSS) Vulnerability Cisco Firepower Extensible Operating System 1.1(1.160) Cross-Site Request Forgery (CSRF) Vulnerability Clickjacking and Unspecified Attacks in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 Devices Debug-Logging Vulnerability in Cisco Networking Services (CNS) for IOS 15.2(2)E3 (Bug ID CSCux18010) CSRF Vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1: User Authentication Hijacking (Bug ID CSCuv72412) Denial of Service Vulnerability in Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) (Bug ID CSCux13379) CSRF Vulnerability in Cisco DPQ3925 Devices with EDVA 5.5.2 (Bug ID CSCuv05943) XML Parser Denial of Service Vulnerability in Cisco ASA Software 8.4 (Bug ID CSCut14223) Arbitrary OS Command Execution Vulnerability in Cisco Firepower Extensible Operating System Denial of Service Vulnerability in Cisco ASR 5000 Devices (Bug ID CSCuv25815) Improper Software Package Loading Vulnerability in Cisco IOS XE 15.4(3)S on ASR 1000 Devices (CSCuv93130) Improper Initialization of Custom Application Permissions in Cisco WebEx Meetings Android App (Bug ID CSCuw86442) Arbitrary Command Execution Vulnerability in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V Devices (Bug ID CSCux14943) Denial of Service Vulnerability in Cisco Web Security Appliance (WSA) FTP Passthrough Feature Cisco UCS Central Software 1.3(0.1) Cross-Site Scripting (XSS) Vulnerability (CSCux33573) Cisco UCS Central Software 1.3(0.1) Server-Side Request Forgery Vulnerability Hardcoded cmuser Account Vulnerability in Cisco Prime Collaboration Assurance Cisco Unity Connection 9.1(1.10) Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in Cisco Unified SIP 3905 Phones (Bug ID CSCuh51331) Denial of Service Vulnerability in Cisco NX-OS on Nexus Devices via Crafted IPv4 DHCP Packets Denial of Service Vulnerability in Cisco NX-OS on Nexus Devices via Malformed IPv4 DHCP Packets Denial of Service Vulnerability in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 Devices via Crafted USB Parameters Improper Access Restriction in Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 Arbitrary Shell Command Execution Vulnerability on Cisco RV110W, RV130W, and RV215W Devices Root Access Vulnerability in Cisco RV110W, RV130W, and RV215W Devices Denial of Service Vulnerability in Cisco Nexus 9000 ACI Mode Switches (Bug ID CSCuq57512) Denial of Service Vulnerability in Cisco Integrated Management Controller (IMC) Cisco Emergency Responder 10.5(1a) Multiple Cross-Site Scripting (XSS) Vulnerabilities (CSCuv25547) Authentication Bypass Vulnerability in Cisco EPC3928 Devices (Bug ID CSCux24941) Arbitrary Web Script Injection Vulnerability in Cisco EPC3928 Devices Improper Firmware Validation in Cisco Small Business SPA30x, SPA50x, SPA51x Phones (Bug ID CSCut67400) Lack of RBAC in Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) Allows Unauthorized Access to Sensitive Credentials (CSCuw84374) Cisco Emergency Responder 10.5(1) and 10.5(1a) Cross-Site Request Forgery (CSRF) Vulnerability Directory Traversal Vulnerability in Cisco Emergency Responder 10.5(1.10000.5) Arbitrary File Upload Vulnerability in Cisco Emergency Responder 10.5(3.10000.9) (CSCuv25501) Cisco Unity Connection 11.5(0.98) Cross-Site Request Forgery (CSRF) Vulnerability STARTTLS Downgrade Vulnerability in Cisco Jabber Cisco Unified Communications Manager MRA Service Identity Validation Bypass Vulnerability Information Disclosure Vulnerability in Cisco FirePOWER Management Center Hardcoded Root and Guest Passwords in Cisco Modular Encoding Platform D9036 Software (Bug ID CSCut88070) Bypassing Read-Only Restrictions and Uploading TLP Files in Cisco TelePresence VCS Expressway X8.6 (CSCuw55651) Insecure Encryption Key Reuse in Cisco TelePresence Video Communication Server (VCS) X8.6 Denial of Service Vulnerability in Cisco UCS 2.2(3f)A on Fabric Interconnect 6200 Devices (CSCuu81757) Arbitrary Web Script Injection Vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) Lack of Role-Based Access Control (RBAC) in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier Insufficient Entropy in Random-Number Generator on Cisco Small Business RV Routers and SA500 Security Appliances Arbitrary File Read Vulnerability in Cisco FireSIGHT Management Center Arbitrary Command Execution via Serialized Java Object in Cisco Products Denial of Service Vulnerability in Cisco WAAS and vWAAS Devices (CSCus85330) Denial of Service Vulnerability in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) Bypassing DCERPC-only ACL in Cisco ASA Software (Bug ID CSCuu67782) Local Privilege Escalation Vulnerability in Cisco APIC Boot Manager (Bug ID CSCuu83985) Denial of Service Vulnerability in Cisco Unified Communications Manager 10.5(0.98000.88) Arbitrary Command Execution Vulnerability in Cisco Prime Network Services Controller 3.0 (CSCus99427) Cisco FireSIGHT Management Center SSL Session Mishandling Vulnerability Remote Information Disclosure Vulnerability in Cisco DPQ3925 Devices IKEv1 Denial of Service Vulnerability in Cisco IOS and IOS XE Denial of Service Vulnerability in Cisco IOS XE 16.1.1 (Bug ID CSCux48405) Denial of Service Vulnerability in Cisco IOS XR 4.2.0-5.3.2 SQL Injection Vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability Arbitrary Command Execution Vulnerability in Cisco FX-OS and UCS Manager (CSCur90888) Denial of Service Vulnerability in Everest PeakHMI Video Server Hardcoded Credentials Vulnerability in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Buffer Overflow Vulnerability in Moxa SoftCMS 1.3 and Prior Buffer Overflow Vulnerability in Moxa SoftCMS 1.3 and Prior Absolute Path Traversal Vulnerability in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Heap-based Buffer Overflow Vulnerabilities in 3S-Smart CODESYS Gateway Server Schneider Electric Modicon PLC Remote File Inclusion Vulnerability Reflected Cross-Site Scripting Vulnerability in Schneider Electric Modicon BMX PLCs XML External Entity (XXE) Vulnerability in CodeWrights HART Comm DTM Components Bypassing Read-Only Protection Mechanism in Moxa EDS-405A and EDS-408A Switches Denial of Service Vulnerability in Moxa EDS-405A and EDS-408A Switches Arbitrary Web Script Injection Vulnerability in Moxa EDS-405A and EDS-408A Switches Remote Code Execution in Advantech WebAccess Browser Plugin CSRF Vulnerability in Resource Data Management Data Manager before 2.2 Script Source Code Exposure Vulnerability in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ Interpreters Arbitrary Password Modification Vulnerability in Resource Data Management Data Manager Improper Initialization of Padding Fields in Eaton Cooper Power Systems ProView and Idea Relays Weak Credential Management in WAGO IO Devices Lack of Privilege Separation in WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 Cleartext Password Exposure in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ Unspecified Cross-Site Scripting (XSS) Vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ Hardcoded SSH Keys Vulnerability in Advantech EKI-122x-BE, EKI-132x, and EKI-136x Devices Arbitrary Web Script Injection in Nordex Control 2 (NC2) SCADA 16 and Earlier Unrestricted Access to ActiveX Controls in Unitronics VisiLogic OPLC IDE Information Disclosure Vulnerability in ACEmanager on Sierra Wireless ALEOS Devices Unauthenticated Remote Administrative Access in Moxa OnCell Central Manager Hardcoded Root Password Vulnerability in Moxa OnCell Central Manager Denial of Service Vulnerability in Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 Denial of Service Vulnerability in 3S-Smart CODESYS Gateway Server Information Disclosure Vulnerability in Schneider Electric Telvent Sage RTUs Remote SQL Injection Vulnerability in Allen-Bradley MicroLogix 1100 and 1400 Devices Arbitrary Web Script Injection Vulnerability in Allen-Bradley MicroLogix 1100 and 1400 Devices Remote Code Execution Vulnerability in Allen-Bradley MicroLogix 1100 and 1400 Devices Arbitrary File Content Injection in Allen-Bradley MicroLogix 1100 and 1400 Devices Denial of Service Vulnerability in Allen-Bradley MicroLogix 1100 and 1400 Devices CSRF Vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x Arbitrary Web Script Injection Vulnerability in Infinite Automation Mango Automation Cloudera Manager Pre-5.4.6 Diagnostic Support Bundles Vulnerability Exposes Sensitive Information Denial of Service Vulnerability in conntrackd of conntrack-tools 1.4.2 and Earlier Arbitrary PHP Code Execution in Magento Community Edition and Enterprise Edition Remote Call Spoofing Vulnerability in Alcatel-Lucent Home Device Manager Directory Traversal Vulnerability in ownCloud Server Allows Remote Users to List Directory Contents and Cause Denial of Service Open Redirect Vulnerability in Puppet Enterprise Console Arbitrary Web Script Injection in Puppet Enterprise Console Arbitrary Web Script Injection in Request Tracker (RT) Cryptography Interface Denial of Service and Memory Corruption Vulnerability in hdbsql Client Arbitrary Script Injection Vulnerability in pfSense before 2.2.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in pfSense before 2.2.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in pfSense before 2.2.3 Arbitrary Web Script Injection Vulnerability in pfSense before 2.2.3 SQL Injection Vulnerability in FreiChat 9.6: Remote Code Execution via get_messages Function SQL Injection Vulnerabilities in J2Store Extension for Joomla! Unspecified Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise and Splunk Light Arbitrary web script injection vulnerability in Splunk Web SQL Injection Vulnerability in sysPass 1.0.9 and Earlier on cygnux.org CSRF Vulnerability in phpLiteAdmin 1.1 Allows Unauthorized Dropping of Database Tables phpLiteAdmin 1.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities Arab Portal 3: Remote SQL Injection in Signup Action Remote Access to USB Connected Printers via IPPUSBXD ATutor LMS 2.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities SQL Injection Vulnerability in WP Symposium Plugin Allows Remote Code Execution CSRF Vulnerability in Portfolio Plugin for WordPress Allows Authentication Hijacking LDAPLoginModule Wildcard Username Brute Force Vulnerability in Apache ActiveMQ 5.x Integer overflows in evbuffer API in Libevent 2.0.x and 2.1.x before 2.1.5-beta Denial of Service Vulnerability in perf_callchain_user_64 Function on ppc64 Platforms Arbitrary Code Execution Vulnerability in PHP 7.x str_ireplace Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in Coppermine Photo Gallery (CPG) 1.5.36's install_classic.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpipam 1.1.010 Arbitrary Web Script Injection in OpenText Secure MFT 2013 and 2014 Arbitrary Code Execution Vulnerability in Palo Alto Networks Panorama VM Appliance Arbitrary Script Injection in YouTube Embed Plugin for WordPress SQL Injection Vulnerability in Epiphany Cardio Server 3.3 Login Page LDAP Injection Vulnerability in Epiphany Cardio Server 3.3, 4.0, and 4.1 Intellect Design Arena Intellect Core Banking Software XSS Vulnerability Zimbra Collaboration Server (ZCS) Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities Arbitrary Web Script Injection in Combodo iTop Dashboard Title CSRF Vulnerability in Cerb before 7.0.4 Allows Unauthorized Account Addition Denial of Service Vulnerability in F5 BIG-IP Products Arbitrary Command Execution Vulnerability in Symantec Web Gateway Management Console SQL Injection Vulnerabilities in Symantec Web Gateway Management Console Arbitrary Web Script Injection Vulnerability in Symantec NetBackup OpsCenter Arbitrary Command Execution Vulnerability in Veritas NetBackup and NetBackup Appliance Unencrypted Administration-Console Traffic Vulnerability in Veritas NetBackup Arbitrary RPC Call Vulnerability in Veritas NetBackup and NetBackup Appliance Arbitrary OS Command Execution Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 Remote Code Execution in Symantec Endpoint Protection Manager (SEPM) 12.1 Information Disclosure Vulnerability in Symantec Endpoint Encryption (SEE) Cleartext Password Exposure in IBM Tivoli Storage Manager and FlashCopy Manager OpenSSH Monitor Component Impersonation Vulnerability OpenSSH Use-After-Free Vulnerability in mm_answer_pam_free_ctx Function World-writable permissions in OpenSSH 6.8 and 6.9 TTY devices vulnerability Privilege Escalation via Symlink Attack in Zarafa Collaboration Platform (ZCP) Unrestricted File Upload and PHP Code Execution in Wolf CMS before 0.8.3.1 Unrestricted File Rename and PHP Code Execution in Wolf CMS Race condition vulnerability in Atlassian Floodlight Controller allows for denial of service via state manipulation attack Denial of Service Vulnerability in SNAP Lite Component of SISCO MMS-EASE and AX-S4 ICCP Products Integer promotion vulnerability in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I Arbitrary Java Code Execution Vulnerability in Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Double Free Vulnerability in OpenJPEG Allows Remote Code Execution or Denial of Service Uninitialized Memory Access Vulnerability in Blink's Decompose Function Vulnerability: Location Bar Spoofing in Google Chrome Arbitrary Script Injection Vulnerability in DataTables Plugin Remote Code Execution Vulnerability in HWPApp.dll via Crafted Heap Spray and HWPX File Information Disclosure Vulnerability in Huawei WLAN AC6005, AC6605, and ACU2 Devices Denial of Service Vulnerability in OpenAFS vlserver Arbitrary Script Injection in MODX Revolution Login Page Directory Traversal Vulnerability in Kaseya Virtual System Administrator (VSA) Directory Traversal Vulnerability in Free Reprintables ArticleFR 3.0.7 and Earlier Unauthenticated Access to Huawei UAP2105 Serial Port and VxWorks Shell Privilege Escalation Vulnerability in Android Mediaserver Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Remote Code Execution via Crafted Metadata in Android libutils Stagefright Remote Code Execution Vulnerability Stagefright Remote Code Execution Vulnerability Denial of Service Vulnerability in Android Mediaserver Privilege Escalation Vulnerability in Android Secure Element Evaluation Kit (SEEK) Plugin Privilege Escalation Vulnerability in SQLite Remote Code Execution and Memory Corruption Vulnerability in Android Mediaserver Memory Corruption Vulnerability in libutils in Android Stagefright Vulnerability in Android Information Disclosure Vulnerability in Android Mediaserver Privilege Escalation Vulnerability in libmedia on Android Bluetooth Debugging Port Privilege Escalation Vulnerability Privilege Escalation and Denial of Service Vulnerability in Android 5.x Remote Code Execution and Memory Corruption Vulnerability in Android Mediaserver Skia Media File Remote Code Execution Vulnerability User-assisted remote code execution vulnerability in Bluetooth on Android 4.4 and 5.x before 5.1.1 LMY48Z Privilege Escalation Vulnerability in Android Kernel Stagefright Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Android SystemUI Vulnerability in Native Frameworks Library Allows Information Disclosure and Bypass of Protection Mechanism Privilege Escalation Vulnerability in Android 6.0 Wi-Fi (CVE-2015-12-01) Android System Server Information Disclosure Vulnerability Privilege Escalation Vulnerability in Android System Server (CVE-2015-12-01) Stagefright Vulnerability in Android Audio File Information Disclosure Vulnerability Vulnerability in Android Media Framework Allows Information Disclosure Android 5.x Wi-Fi Vulnerability: Unauthorized Access to Sensitive Information Privilege Escalation via Screenshot Reading in Android SystemUI Stagefright Vulnerability in Android Stagefright Vulnerability in Android Media File Remote Code Execution Vulnerability in Android Vulnerability in Android Display Drivers Allows Remote Code Execution via Crafted Media File MediaServer Remote Code Execution Vulnerability Privilege Escalation Vulnerability in MediaTek misc-sd Driver Privilege Escalation Vulnerability in Imagination Technologies Driver Privilege Escalation via Widevine QSEE TrustZone Application in Android Vulnerability in prctl_set_vma_anon_name function in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 Bluetooth Pairing Vulnerability in Android 6.0 (Pre-2016) Allows Remote Access to Sensitive Contacts Information Unspecified vulnerability in Android kernel before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows information disclosure and bypass of protection mechanism Vulnerability in Android Setup Wizard Allows Settings Modification and Reset Protection Bypass Information Disclosure Vulnerability in Bouncy Castle Library for Android Denial of Service Vulnerability in Android SyncManager Denial of Service Vulnerability in Android System V IPC Implementation Privilege Escalation via Widevine QSEE TrustZone Application in Android Denial of Service Vulnerability in Xen's xenmem_add_to_physmap_one Function CSRF Vulnerability in Pligg CMS 2.0.2 Allows Remote Administrator Hijacking Arbitrary Script Injection via Autocomplete System in Drupal SQL Injection Vulnerability in Drupal 7.x Database API Comment Filtering System CSRF Vulnerability in Drupal Form API Allows Unauthorized File Upload Sensitive Node Title Disclosure Vulnerability SAP NetWeaver Portal 7.4 XXE Vulnerability (SAP Security Note 2168485) SAP Afaria 7 Client Form XSS Vulnerability SAP Mobile Platform 2.3 XXE Vulnerability Cross-site scripting (XSS) vulnerability in Drupal 7.x and Ctools module 6.x-1.x allows remote code injection via whitelisted HTML element Arbitrary CV File Read Vulnerability in Job Manager Plugin Arbitrary Calendar Reading Vulnerability in ownCloud Server Insecure Storage of SAML SSO Secrets in Open edX edx-platform Arbitrary Web Script Injection Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32 Buffer underflow vulnerability in Debian inspircd package Siemens RUGGEDCOM ROS Vulnerability: IP Forwarding Bypass via VLAN Isolation Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Bypassing Same Origin Policy in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows, OS X, and Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, and Acrobat and Acrobat Reader DC Classic and Continuous versions before 2015.006.30094 and 2015.009.20069 respectively, allows arbitrary code execution via a crafted Optional Content Groups (OCG) object in a WillSave document action. Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, and Acrobat and Acrobat Reader DC Classic and Continuous versions before 2015.006.30094 and 2015.009.20069 respectively, on Windows and OS X Use-after-free vulnerability in popUpMenuEx method in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Buffer Overflow Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat Information Disclosure Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat Information Disclosure Vulnerability in Adobe Reader and Acrobat Information Disclosure Vulnerability in Adobe Reader and Acrobat Information Disclosure Vulnerability in Adobe Reader and Acrobat Information Disclosure Vulnerability in Adobe Reader and Acrobat Information Disclosure Vulnerability in Adobe Reader and Acrobat Information Disclosure Vulnerability in Adobe Reader and Acrobat Unspecified vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Unspecified vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Unspecified Vector Bypass Vulnerability in ANSendForReview Method in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Function call bypass vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Bypassing JavaScript API Execution Restrictions in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified Vector Vulnerability in ANTrustPropagateAll Method in Adobe Reader and Acrobat Bypassing JavaScript API Execution Restrictions in Adobe Reader and Acrobat Bypassing JavaScript API Execution Restrictions in Adobe Reader and Acrobat Information Disclosure Vulnerability in MediaWiki's Special:DeletedContributions Page Timing Attack Vulnerability in MediaWiki's ApiBase::getWatchlistUser Function Arbitrary Web Script Injection in MediaWiki thumb.php Arbitrary Web Script Injection in MediaWiki thumb.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in SemanticForms Extension for MediaWiki Multiple Cross-Site Scripting (XSS) Vulnerabilities in SemanticForms Extension for MediaWiki Denial of Service Vulnerability in GeSHi Extension for MediaWiki Arbitrary web script injection vulnerability in GeSHi's contrib/cssgen.php Denial of Service Vulnerability in TimedMediaHandler Extension for MediaWiki Remote Denial of Service Vulnerability in Quiz Extension for MediaWiki Base64 XSS Vulnerability in MediaWiki Widgets Extension Hardcoded Password Vulnerability in Basware Banking (Maksuliikenne) Hardcoded Password Vulnerability in Basware Banking (Maksuliikenne) 8.90.07.X Insecure Client Enforcement in Basware Banking (Maksuliikenne) before 8.90.07.X Account Locking Bypass Vulnerability in Basware Banking (Maksuliikenne) 8.90.07.X Plaintext Storage of Private Keys in Basware Banking (Maksuliikenne) Improper Access Control of Private Keys in Basware Banking (Maksuliikenne) 8.90.07.X jsoup XSS Vulnerability in Versions Prior to 1.8.3 Buffer Overflow in AIFF File Parsing Function in Vorbis-Tools 1.4.0 and Earlier Remote Code Execution Vulnerability in Ricoh DL FTP Server 1.1.0.6 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Drupal Time Tracker Module Cross-site scripting (XSS) vulnerability in Search API Autocomplete module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Quick Edit Module for Drupal Arbitrary Script Injection in Path Breadcrumbs Drupal Module DOM Tree Insertion Vulnerability in Blink Allows Same Origin Policy Bypass Use-after-free vulnerability in CPDFSDK_PageView implementation in PDFium Use-after-free vulnerability in Google Chrome ServiceWorker Implementation Improper Cast in CPDF_Document::GetPage Function in PDFium Unvalidated Origin in Blink Allows for Sensitive Information Disclosure Denial of Service and Invalid Read/Write Vulnerability in libANGLE's Image11::map Function Race condition and memory corruption vulnerability in FFmpeg's update_dimensions function CORS Bypass via Redirect in CSSFontFaceSrcValue::fetch Function Unspecified Vulnerabilities in Google Chrome before 46.0.2490.71 Out-of-bounds Memory Access Vulnerability in Google V8 JSON Stringifier Google Chrome Use-After-Free Vulnerability in AppCache Update Job Handling AppCache Use-After-Free Vulnerability in Google Chrome AppCache Use-After-Free Vulnerability in Google Chrome Bypassing Same Origin Policy in Google Chrome DOM Implementation Bypassing Same Origin Policy through Delayed Window Proxy Clearing Bypassing Same Origin Policy in Google Chrome DOM Implementation Out-of-Bounds Memory Access Vulnerability in Google Chrome Bypassing Same Origin Policy via DOM Implementation in Google Chrome Out-of-bounds Memory Access Vulnerability in Skia's Convolution Implementation Use-after-free vulnerability in GetLoadTimes function in Google Chrome Type Confusion Vulnerability in PDFium Library Out-of-bounds Array Access Vulnerability in OpenJPEG Use-after-free vulnerability in ContainerNode::notifyNodeInsertedInternal function in Google Chrome Denial of Service Vulnerability in PDFium's JBIG2 Compression Improper Restriction of chrome: URLs in PDFium Allows Bypass of Scheme Restrictions Use-after-free vulnerability in Google Chrome Infobars implementation Integer Overflow in FontData::Bound Function in Google sfntly Insecure Page Dismissal Event Handling in Google Chrome Bypassing Signature-Validation Requirement in Crazy Linker ZIP Archive Vulnerability HTML Injection Vulnerability in Google Chrome CSPSource::hostMatches Function in Google Chrome Allows Bypass of Access Restrictions CSPSourceList::matches function in Google Chrome before 47.0.2526.73 allows bypassing of scheme restrictions Unspecified Vulnerabilities in Google Chrome before 47.0.2526.73 Type Confusion Vulnerability in ObjectBackedNativeHandler Class in Google Chrome Race condition in MutationObserver implementation in Blink Improper Handling of HTML Entities in WebPageSerializerImpl::openTagToString Function in Google Chrome Unspecified Vulnerabilities in Google Chrome before 47.0.2526.80 Remote Code Execution Vulnerability in Google Chrome MIDI Subsystem Arbitrary Code Injection in MDC Private Message Plugin for WordPress Denial of Service Vulnerability in GNU Screen 4.3.1 and Earlier Arbitrary Script Injection in Mass Contact Module for Drupal Arbitrary Web Script Injection Vulnerability in Drupal Spotlight Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in BEdita before 3.6.0 Arbitrary Script Injection in Invision Power Services IPS Community Suite 4.x Sophos Cyberoam CR500iNG-XP Firewall Appliance SQL Injection Vulnerability Denial of Service Vulnerability in Invision Power Services IPS Community Suite Denial of Service Vulnerability in QEMU's process_tx_desc Function Authentication Bypass Vulnerability in Ganglia-Web Authentication Bypass Vulnerability in PgBouncer 1.6.x Uniqueness Violation in decode_ihdr_chunk Function in FFmpeg Integer Underflows in FFmpeg's MJPEG Decoder Out-of-bounds array access vulnerability in FFmpeg's ff_sbr_apply function Invalid Pointer Access Vulnerability in FFmpeg Buffer Overflow Vulnerability in FFmpeg's destroy_buffers Function Uninitialized Context Data Vulnerability in FFmpeg's ALAC Decoder Uninitialized Data Structures in sws_init_context Function in FFmpeg Memory-allocation failure vulnerability in FFmpeg's ff_frame_thread_init function Uninitialized Structure Members Vulnerability in FFmpeg CSRF Vulnerability in Auto-Exchanger 5.1.0 Allows Password Hijacking Insecure Data Transmission in SecureMoz Security Audit Plugin for WordPress SQL Injection Vulnerabilities in WP Limit Login Attempts Plugin Bypassing Multiple reCaptcha Protection in phpMyAdmin Use-after-free vulnerabilities in SPL in PHP versions before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12, leading to remote code execution. Use-after-free vulnerability in PHP SPL unserialize implementation allows remote code execution Directory Traversal Vulnerability in PHP PharData Class Use-after-free vulnerabilities in PHP: Remote code execution via unserialization Use-after-free vulnerability in PHP session deserializer Arbitrary Code Execution via Type Confusion in PHP SoapClient NULL pointer dereference vulnerability in xsl_ext_function_php function in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 PHP XSLTProcessor NULL Pointer Dereference Vulnerability Unrestricted Multiple Voting Vulnerability in MSA vot.Ar 3.1 Authentication Brute-Force Vulnerability in EMC SourceOne Email Supervisor Unspecified Cross-Site Scripting (XSS) Vulnerability in EMC SourceOne Email Supervisor before 7.2 Insecure Session ID Generation in EMC SourceOne Email Supervisor before 7.2 Hardcoded Encryption Keys in EMC SourceOne Email Supervisor 7.2 Cleartext Password Storage Vulnerability in EMC VPLEX GeoSynchrony 5.4 SP1 Privilege Escalation Vulnerability in EMC Isilon OneFS Denial of Service Vulnerability in EMC NetWorker Default Root Password Vulnerability in EMC VPLEX GeoSynchrony 5.4 SP1 and 5.5 Bypassing Privacy-Screen Protection in EMC RSA SecurID Web Agent Directory Traversal Vulnerability in EMC Secure Remote Services Virtual Edition 3.x Denial of Service and Information Disclosure Vulnerability in CA Single Sign-On Domino Web Agent Vulnerability in CA Single Sign-On Web Agents Allows Denial of Service and Information Disclosure Denial of Service and Potential Arbitrary Code Execution in QEMU IDE Core Arbitrary Memory Write Privilege Escalation in Dell Pre-Boot Authentication Driver Unspecified Remote Code Execution Vulnerability in HP LoadRunner Virtual Table Server (VTS) (ZDI-CAN-3138) Information Disclosure Vulnerability in HP Insight Control Server Provisioning Unspecified Local Access Bypass Vulnerability in HPE Network Switches (Software 15.16.x and 15.17.x) Unspecified Local Access Bypass Vulnerability in HPE Network Switches (Software 15.16.x and 15.17.x) Bypassing AssumeRole Permission Requirement in HPE Helion Eucalyptus Unspecified Remote Information Disclosure in HPE UCMDB Browser Arbitrary Code Execution Vulnerability in HPE ArcSight Logger Remote Code Execution Vulnerability in HPE ArcSight Logger Authentication Bypass Vulnerability in HP Vertica 7.1.1 UDx (ZDI-CAN-2914) Denial of Service Vulnerability in OpenLDAP 2.4.42 and Earlier Arbitrary Web Script Injection in Synology Download Station's Create Download Task via File Upload Feature SQL Injection Vulnerability in Synology Video Station Allows Remote Code Execution SQL Injection Vulnerability in Synology Video Station Allows Remote Code Execution Arbitrary Command Execution in Synology Video Station Cross-site scripting (XSS) vulnerability in Synology Download Station allows remote code injection via the Create download task via URL feature Absolute Path Traversal Vulnerability in SiteFactory CMS 5.5.9 SQL Injection Vulnerability in Montala Limited ResourceSpace 7.3.7009 and Earlier Git Credentials Leakage Vulnerability in Salt (CVE-XXXX-XXXX) Arbitrary Script Injection in GoogleSearch (CSE) Component 3.0.2 for Joomla! Arbitrary Script Injection Vulnerability in sourceAFRICA WordPress Plugin Arbitrary Code Injection in Zendesk Feedback Tab Module for Drupal Authentication Bypass and Arbitrary File Write Vulnerability in Kaseya Virtual System Administrator (VSA) Arbitrary Memory Write Vulnerability in VBox Communications Satellite Express Protocol 2.3.17.3 Denial of Service via Crafted DTLS Cookie in wolfSSL (formerly CyaSSL) OpenID Single Sign-On Impersonation Vulnerability Privilege Escalation via Symlink Attack on Ploop Containers in vzctl before 4.9.4 Improper Validation of Password Reset Request in CubeCart 5.2.12 - 5.2.16 and 6.x before 6.0.7 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Nokia Networks @vantage Commander Arbitrary Web Script Injection in vSphere Web Client Unverified X.509 Certificate Vulnerability in VMware vCenter Server VMware Tools HGFS Privilege Escalation and Denial of Service Vulnerability Arbitrary Command Execution via Serialized Java Object in VMware Products Denial of Service and System Crash Vulnerability in Linux Kernel through 4.2.3 Arbitrary Web Script Injection in IPython and Jupyter Notebook Arbitrary Code Injection through Unspecified Vectors in Joomla! 3.4.x Login Module Unrestricted Access to Files in Pentaho Business Analytics and Data Integration Suites Password Information Leakage in Salt-Cloud Linode Driver (CVE-2015-8034) Arbitrary Script Injection via Document Attachment in Coremail XT3.0 SQL Injection Vulnerability in Serendipity's Comment Moderation Function CSRF Vulnerability in JSP/MySQL Administrador Web 1 Allows Remote SQL Injection Arbitrary Web Script Injection Vulnerability in JSP/MySQL Administrador Web 1 Stack-based Buffer Overflow Vulnerabilities in Borland AccuRev License Manager Corel WordPerfect Heap-Based Buffer Overflow Vulnerability ASUS TM-AC1900 Router Remote Code Execution Vulnerability Vindula 1.9 Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in edx-platform before 2015-09-17 via Team Name Open Redirect Vulnerability in Web2py 2.9.11 Allows Remote Attackers to Conduct Phishing Attacks SQL Injection Vulnerability in Farol Web Application Allows Remote Code Execution Bit-Flipping Vulnerability in MultiBit HD Allows Insertion of Unspendable Bitcoin Addresses Cross-Site Request Forgery (CSRF) Vulnerabilities in Contact Form Generator Plugin for WordPress CSRF and XSS Vulnerabilities in Nibbleblog before 4.0.5 Arbitrary Code Execution via Unrestricted File Upload in Nibbleblog My Image Plugin Arbitrary PHP Code Execution Vulnerability in Serendipity before 2.0.2 Arbitrary Script Injection in Serendipity 2k11 Theme Comment Reply Link XML Injection Vulnerability in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras Privilege Escalation via Lenovo System Update Service Cross-Site Scripting (XSS) Vulnerabilities in Ignite Realtime Openfire 3.10.2 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Ignite Realtime Openfire 3.10.2 Arbitrary Code Execution and Memory Corruption Vulnerability in IOHIDFamily Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText Arbitrary Code Execution and Memory Corruption in Apple FontParser Arbitrary Code Execution and Memory Corruption in Apple FontParser Arbitrary Code Execution and Memory Corruption in Apple FontParser GasGauge Privilege Escalation and Memory Corruption Vulnerability in Apple iOS Privilege Escalation Vulnerability in Apple OS X Directory Utility Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Double Free Vulnerability in Apple iOS and OS X Allows Arbitrary File Write Arbitrary File Write Vulnerability in libarchive on Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in Apple Type Services (ATS) Arbitrary Code Execution Vulnerability in Apple iOS Graphics Driver Subsystem Denial of Service Vulnerability in Apple OS X File Bookmark Component Uninitialized Data Structure Vulnerability in Apple iOS and OS X Memory Corruption Vulnerability in Grand Central Dispatch Arbitrary Code Execution and Memory Corruption in Apple FontParser Arbitrary Code Execution and Memory Corruption in Apple FontParser Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText Arbitrary Code Execution and Memory Corruption in Apple FontParser Virtual Memory Reuse Vulnerability in Apple iOS and OS X Disk Images Component Vulnerability in Apple iOS and OS X Memory Corruption Vulnerability in IOAcceleratorFamily X.509 Certificate-Trust Implementation Vulnerability in Apple iOS OCSP Client Certificate Expiry Check Bypass Vulnerability Lock Screen Notification Vulnerability in Apple iOS Contacts Access Bypass Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Uninitialized Data Structure Vulnerability in coreaudiod on Apple OS X Denial of Service Vulnerability in Apple iOS Kernel Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution via Crafted CPIO Archive in Apple iOS, OS X, and watchOS Bypassing User Confirmation Requirement in Apple OS X Script Editor Arbitrary Code Execution and Memory Corruption in Apple FontParser Arbitrary Code Execution and Memory Corruption in Apple FontParser Arbitrary Code Execution and Memory Corruption in Apple FontParser Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Heap-based Buffer Overflow in Apple DNS Client Library Privilege Escalation via Crafted Developer-Signed App in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in CoreText Arbitrary Code Execution and Memory Corruption in Apple FontParser Unspecified vulnerability in NVIDIA driver in Apple OS X before 10.11.1 Unspecified vulnerability in NVIDIA driver in Apple OS X before 10.11.1 Privilege Escalation and Denial of Service Vulnerability in Apple OS X Graphics Drivers Call-Status Information Disclosure Vulnerability in Apple iOS Cookie Overwriting Vulnerability in CFNetwork Gatekeeper Bypass Vulnerability in Apple OS X Remote Code Execution and Denial of Service Vulnerability in Apple AirPort Base Station Firmware Type Conversion Vulnerability in Apple Xcode Swift Implementation Unspecified HTTP Header Configuration Vulnerability in Apple OS X Server Information Disclosure Vulnerability in Apple iWork Applications Remote Code Execution and Denial of Service Vulnerability in Apple iWork, Keynote, Pages, and Numbers Remote Code Execution and Denial of Service Vulnerability in Apple iWork and Pages Apple Mac EFI Argument Mishandling Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in SQLite Mobile Backup in Photos in Apple iOS before 9.2 Directory Traversal Vulnerability Buffer Overflow Vulnerability in Apple iOS, OS X, tvOS, and watchOS Buffer Overflow Vulnerability in Apple Operating Systems Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Privilege Escalation via Union Mounts in Apple OS X Keychain Access Spoofing Vulnerability Privilege Separation Bypass in Apple's Sandbox Feature Privilege Escalation Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Memory Corruption Vulnerability in otools in Apple Xcode before 7.2 Content Extension Misparse Vulnerability Timing Vulnerability in MobileStorageMounter Allows Arbitrary Code Execution in Apple iOS and tvOS Privilege Escalation via Mishandled Kernel-Extension Loading in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in ImageIO Uninitialized Memory Vulnerability in zlib Compression Component in Apple iOS, OS X, tvOS, and watchOS Privilege Escalation Vulnerability in Apple iOS and tvOS Inadequate .gitignore Recognition in Apple Xcode Allows Information Disclosure Memory Corruption Vulnerability in otools in Apple Xcode before 7.2 Keychain Item ACL Validation Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X, tvOS, and watchOS ASN.1 Decoder Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X, tvOS, and watchOS ASN.1 Decoder Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X, tvOS, and watchOS ASN.1 Decoder Bypassing Configuration-Profile Installation Restrictions in Apple OS X and tvOS Privilege Escalation via Crafted Pathname in Apple OS X EFI Kernel Loader Memory Corruption Vulnerability in Apple's OpenGL Implementation Memory Corruption Vulnerability in Apple's OpenGL Implementation Memory Corruption Vulnerability in Apple's OpenGL Implementation Denial of Service Vulnerability in IOThunderboltFamily in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in IOKit SCSI Arbitrary Code Execution Vulnerability in Mobile Replayer of GPUTools Framework in Apple iOS Arbitrary Code Execution Vulnerability in Mobile Replayer of GPUTools Framework in Apple iOS Sandbox Bypass Vulnerability in Apple OS X File Bookmark Component Segment Validation Vulnerability in Apple iOS, tvOS, and watchOS Remote Code Execution and Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in CoreMedia Playback Arbitrary Code Execution and Memory Corruption Vulnerability in CoreMedia Playback Privilege Escalation and Denial of Service Vulnerability in Intel Graphics Driver Component of Apple OS X Privilege Escalation and Denial of Service Vulnerability in Intel Graphics Driver Component of Apple OS X Hypervisor Use-After-Free Privilege Escalation Vulnerability in Apple OS X Segment Validation Vulnerability in Apple iOS and tvOS Lock-screen Siri vulnerability in Apple iOS before 9.2 allows unauthorized access to sensitive content-notification information XML External Entity (XXE) vulnerability in iBooks on Apple iOS and OS X Unspecified Vulnerabilities in Git before 2.5.4 with Unknown Impact and Attack Vectors (Xcode Use Case) Unspecified Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Unspecified Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2015-7093) Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2015-7093) Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2015-7093) Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2015-7093) Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2015-7093) Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2015-7090) Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2015-7091) Heap-based buffer overflow vulnerability in Apple QuickTime before 7.7.9 allows remote code execution or denial of service via crafted TXXX frame in ID3 tag in MP3 data in movie file URL Spoofing Vulnerability in Safari for Apple iOS HSTS Bypass Vulnerability in CFNetwork HTTPProtocol Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple Safari and tvOS Arbitrary Code Execution and Memory Corruption Vulnerability in CoreGraphics Privilege Escalation and Memory Corruption Vulnerability in Intel Graphics Driver Component iWork File Memory Corruption Vulnerability Bluetooth HCI Interface Privilege Escalation and Memory Corruption Vulnerability in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in IOAcceleratorFamily Privilege Escalation and Memory Corruption Vulnerability in Apple OS X and tvOS Disk Images Component Arbitrary Code Execution and Memory Corruption Vulnerability in Apple IOHIDFamily API Arbitrary Code Execution and Memory Corruption Vulnerability in Apple IOHIDFamily API LaunchServices Component Vulnerability in Apple iOS and watchOS Memory Corruption Vulnerability in libxml2 Memory Corruption Vulnerability in libxml2 Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime (CVE-2015-7093) Memory Corruption Vulnerability in Mozilla Firefox Memory Corruption Vulnerability in XULContentSinkImpl::AddText Function in Mozilla Firefox Stack-based Buffer Overflow in AnimationThread Function in Mozilla Firefox Memory Corruption Vulnerability in Mozilla Firefox Arbitrary Code Execution and Denial of Service Vulnerability in ANGLE Library Buffer Overflow Vulnerability in libGLES in ANGLE Memory Corruption Vulnerability in Mozilla Firefox Use-after-poison vulnerability in sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, allowing remote attackers to cause denial of service or execute arbitrary code via crafted OCTET STRING data. Heap-based Buffer Overflow in Mozilla Network Security Services (NSS) ASN.1 Decoder Integer Overflow in NSPR's PL_ARENA_ALLOCATE Implementation CORS Bypass Vulnerability in Mozilla Firefox Address Bar Spoofing Vulnerability in Mozilla Firefox on Android Same Origin Policy Bypass in Mozilla Firefox for Android Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox Add-on SDK Same Origin Policy Bypass and Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox JPEGEncoder Function Race Condition Vulnerability Privileged Context Access Vulnerability in Mozilla Firefox for Android Universal XSS (UXSS) vulnerability in Mozilla Firefox for Android Vulnerability: Remote Code Execution via NSAccessibilityIndexAttribute in Mozilla Firefox CORS Bypass Vulnerability in Mozilla Firefox Buffer Underflow Vulnerability in Mozilla Firefox Improper Handling of Escaped Characters in Location Headers in Mozilla Firefox Denial of Service and Arbitrary Code Execution via Crafted Java Applet in Mozilla Firefox Improper Control of Web Worker WebSocket Creation in Mozilla Firefox Buffer Overflow in ANGLE's TextureStorage11 Class in Mozilla Firefox Memory Corruption Vulnerability in Mozilla Firefox Unspecified Impact Vulnerability in Mozilla Firefox CryptoKey Interface Implementation Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Buffer Overflow in DirectWriteFontInfo::LoadFontFamilyData Function in Mozilla Firefox Unboxed Object Property Storage Vulnerability in Mozilla Firefox Integer Underflow Vulnerability in Mozilla Firefox Same Origin Policy Bypass in Mozilla Firefox before 43.0 Vertical Tab Character Cookie Vulnerability Remote Code Execution via Use-After-Free Vulnerability in Mozilla Firefox Remote Code Execution Vulnerability in Mozilla Firefox Arbitrary Code Execution via Integer Overflow in Mozilla Firefox Integer Overflow in MPEG4Extractor::readMetaData Function in libstagefright in Mozilla Firefox Same Origin Policy Bypass in Mozilla Firefox and Firefox ESR Same Origin Policy Bypass in Firefox Web Workers API Implementation JasPer Decoder Vulnerability in Mozilla Firefox on Linux GNOME Platforms Heap-based Buffer Overflow in Mozilla Firefox on Linux GNOME Platforms via Crafted Truevision TGA Image Denial of Service Vulnerability in Mozilla Firefox HTTP/2 Implementation HTTP/2 Implementation Denial of Service Vulnerability in Mozilla Firefox Buffer Overflow in XDRBuffer::grow function in Mozilla Firefox Buffer Overflow in nsDeque::GrowCapacity Function in Mozilla Firefox Integer Underflow Vulnerability in libstagefright in Mozilla Firefox Privilege Escalation and XSS Vulnerability in Mozilla Firefox WebExtension APIs Authentication Bypass Vulnerability in puppetlabs-mysql 3.1.0 through 3.6.0 Insecure OTP Handling in Tinfoil Devise-two-factor Improper Access Control in Administration Views Module for Drupal Improper Permission Check in Fieldable Panels Panes Module for Drupal Improper Caching of Authenticated User Pages in Drupal RESTful Module Arbitrary Account Tweeting Vulnerability in Twitter Module for Drupal Bypassing Node and Field Validation in Workbench Email Module for Drupal Payment Validation Bypass Vulnerability in Drupal Commerce Commonwealth Module Unspecified Cross-Site Scripting (XSS) Vulnerability in OSF Module for Drupal CSRF Vulnerability in OSF Module for Drupal Arbitrary File Deletion Vulnerability in OSF Module for Drupal Multiple SQL Injection Vulnerabilities in CP Reservation Calendar Plugin for WordPress Remote Denial of Service Vulnerability in rpcbind 0.2.1 and Earlier McAfee Agent Remote Log Viewing Directory Traversal Vulnerability Weak Permissions in Threat Intelligence Exchange (TIE) Secondary Server Configuration Files and Installation Logs Allow Information Disclosure Arbitrary SQL Command Execution Vulnerability in SAP NetWeaver J2EE Engine 7.40 Exploiting XML External Entity (XXE) Vulnerability in SAP Netweaver Cross-Site Scripting (XSS) Vulnerability in AVM FRITZ!OS Push-Service-Mails Feature Buffer Overflow Vulnerability in Boxoft WAV to MP3 Converter Unauthenticated Remote Command Execution in MobaXterm Server D-Link DVG-N5402SP Firmware Directory Traversal Vulnerability Default Password Vulnerability in D-Link DVG-N5402SP Firmware Plaintext Disclosure of Sensitive Information in D-Link DVG-N5402SP Configuration Backup ZTE ZXHN H108N R1A Devices Username and Password Hash Disclosure Vulnerability Remote Authentication Bypass Vulnerability in ZTE ZXHN H108N R1A Devices Absolute Path Traversal Vulnerability in ZTE ZXHN H108N R1A Devices Hardcoded Root Password Vulnerability in ZTE ZXHN H108N R1A Devices Arbitrary Web Script Injection Vulnerability in ZTE ZXHN H108N R1A Devices Arbitrary OS Command Execution via Crafted Serialized Data in Commvault Edge Server 10 R2 Web Console Cookie Arbitrary File Read Vulnerability in Huawei HG532e, HG532n, and HG532s Devices Non-Unique X.509 Certificates and SSH Host Keys Vulnerability in ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N Non-Unique X.509 Certificates and SSH Host Keys Vulnerability Vulnerability: Remote Password Change Interception in ZTE ADSL ZXV10 W300 Modems Remote Password Disclosure in ZTE ADSL ZXV10 W300 Modems Multiple Valid Username and Password Pairs Vulnerability in ZTE ADSL ZXV10 W300 Modems Privilege Escalation via Liebert MultiLink Automated Shutdown v4.2.4 Hardcoded Credentials in QNAP iArtist Lite FTP Service Privilege Escalation via Executable Registration in QNAP iArtist Lite Hijacking Vulnerability in Facebook Proxygen's SPDY/2 Codec SPDY/2 Codec Truncation Vulnerability in Facebook Proxygen Facebook Proxygen HTTPMessage.request State Mismanagement Vulnerability The Amnesia Bug in IAB OpenRTB 2.3 Protocol Implementation: Concealing Ad Transaction Status and Compromising Bid Integrity Hot Plug Attack: Bypassing Self-Encrypting Drive Protection on Samsung and Seagate Drives in Sleep Mode Forced Restart Attack: Bypassing SED Protection on Samsung and Seagate Drives Hot Unplug Attack: Bypassing Self-Encrypting Drive Protection on Seagate ST500LT015 HDDs in eDrive Mode Directory Traversal Vulnerability in Dell iDRAC 6 and 7/8 Format String Vulnerability in Dell iDRAC 7/8 (before 2.21.21.21) - racadm getsystinfo Buffer Overflow Vulnerability in Dell iDRAC 6 and 7/8 Dell iDRAC 7/8 XXE Vulnerability Arbitrary Administrative Command Execution in Dell iDRAC 6 (CVE-2020-5366) Cross-Site Scripting (XSS) Vulnerability in Dell iDRAC 6 and 7/8 Hard-coded Cryptographic Keys in Technicolor C2000T and C2100T Routers Default Password Vulnerability in Amped Wireless R10000 Devices CSRF Vulnerability in Amped Wireless R10000 Firmware 2.5.2.11 Allows Remote Authentication Hijacking Improper Algorithm in Amped Wireless R10000 DNS Query Header Selection Default Password Vulnerability in ReadyNet WRT300N-DD Devices ReadyNet WRT300N-DD Firmware 1.0.26 CSRF Authentication Hijacking Vulnerability DNS Spoofing Vulnerability in ReadyNet WRT300N-DD Firmware 1.0.26 Default Password Vulnerability in ZyXEL NBG-418N Web Administration Interface CSRF Vulnerability in ZyXEL NBG-418N Firmware 1.00(AADZ.3)C0 Allows Remote User Authentication Hijacking Unauthenticated Access Vulnerability in CSL DualCom GPRS CS2300-R Devices Hardcoded Key Vulnerability in CSL DualCom GPRS CS2300-R Devices Default PIN Vulnerability in CSL DualCom GPRS CS2300-R Devices Remote Configuration Modification Vulnerability in CSL DualCom GPRS CS2300-R Devices Hardcoded Administrator Password Vulnerability in Arris DG860A, TG862A, and TG862G Devices Arbitrary Web Script Injection Vulnerability in Arris DG860A, TG862A, and TG862G Devices CSRF Vulnerability in Arris DG860A, TG862A, and TG862G Devices Stack-based Buffer Overflow in havok_write Function in Amazon Fire OS CSRF Vulnerabilities in Zope Management Interface and Plone LDAP Injection Vulnerability in ldapauth-fork before 2.3.3 Denial of Service Vulnerability in QEMU's Virtio-net Support Vulnerability: DNS Query ID Spoofing in Securifi Almond Devices Unspecified SQL Injection Vulnerability in Joomla! 3.2 before 3.4.4 Insecure SSL/TLS Certificate Validation in ownCloud Desktop Client SQL Injection Vulnerability in K2 Blackpearl, Smartforms, and K2 for SharePoint 4.6.7 via AjaxCall.ashx Avira Management Console Update Manager Service Use-After-Free Vulnerability Unspecified Cross-Site Scripting (XSS) Vulnerability in amoCRM Module for Drupal Improper Access Restriction in Scald Module for Drupal Allows Information Disclosure Insecure Access Control in CMS Updater Module for Drupal Arbitrary Web Script Injection Vulnerability in CMS Updater Module for Drupal Arbitrary Code Execution via File Renaming in Bolt CMS Arbitrary OS Command Execution in McAfee Enterprise Security Manager (ESM) Local Guest Users Can Write to Read-Only Disk Image in Xen 4.1.x through 4.6.x Race conditions in aufs3-mmap.patch and aufs4-mmap.patch patches for Linux kernel 3.x and 4.x: Denial of Service and Privilege Escalation Vulnerability Denial of Service Vulnerability in LibTIFF via Crafted TIFF File Arbitrary File Read Vulnerability in Gollum's Precious Module Unauthenticated Remote Member Registration Vulnerability in Plone Plone Multiple Versions Cross-Site Scripting (XSS) Vulnerability Remote authenticated user privilege escalation in Kupu versions 3.3.0-3.3.6, 4.0.0-4.0.10, 4.1.0-4.1.6, and 4.2.0-4.2.7 HTTP Response Header Injection Vulnerability in Plone 3.3.0 through 3.3.6 Arbitrary SQL Command Execution in Appointment Booking Calendar Plugin Arbitrary Web Script Injection in Appointment Booking Calendar Plugin for WordPress Meeting ID Enumeration Vulnerability in Pulse Connect Secure Arbitrary Meeting Access Vulnerability in Pulse Connect Secure Multiple Cross-Site Scripting (XSS) Vulnerabilities in StackIdeas Komento Component for Joomla! XML External Entity (XXE) Vulnerability in Milton Webdav 2.7.0.3 and Earlier Versions High Resolution Time API Information Disclosure Vulnerability World-readable permissions for CA certificate private key in Puppet Server Bypassing Host Whitelist Protection in Puppet Enterprise 2015.3 Arbitrary Code Execution Vulnerability in mcollective-puppet-agent Plugin Local Privilege Escalation Vulnerability in Lenovo System Update Local Privilege Escalation Vulnerability in Lenovo System Update Race Condition Vulnerability in Lenovo System Update Version 5.07.0008 and Prior Bypassing Signature Check in Lenovo System Update Arbitrary JavaScript Code Execution Vulnerability in IPython and Jupyter Notebook SQL Injection in AcyMailing Joomla Component via exportgeolocorder Arbitrary File Upload Vulnerability in JCE Joomla Component 2.5.0 to 2.5.2 SQL Injection Vulnerability in JEvents Joomla Component Arbitrary File Upload Vulnerability in JNews Joomla Component (CVE-2021-XXXX) SQL Injection Vulnerability in JNews Joomla Component (Versions prior to 8.5.0) XSS Vulnerability in JNews Joomla Component (before 8.5.0) via Mailingsearch Parameter XSS Vulnerability in HikaShop Joomla Component before 2.6.0 Critical SQL Injection Vulnerability in ZCMS 1.1 ZCMS JavaServer Pages Content Management System 1.1 XSS Vulnerability Arbitrary Script Injection Vulnerability in zTree 3.5.19.1 Arbitrary Web Script Injection Vulnerability in VASCO DIGIPASS Authentication Plug-in for Citrix Web Interface Arbitrary Script Injection Vulnerability in uDesign WordPress Theme Privilege Escalation via Drive Letter Symbolic Links Impersonation Level Vulnerability in TrueCrypt, VeraCrypt, and CipherShed Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiSandbox WebUI Unauthenticated Remote Shell Access in FortiOS 5.2.3 High Availability Configuration Privilege Escalation Vulnerability in Fortinet FortiClient Linux SSLVPN Arbitrary Web Script Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer CSRF Protection Bypass in HTML_Quickform Library Arbitrary Code Injection via File Upload in Revive Adserver Plugin Upgrade Form Cross-Site Request Forgery (CSRF) Vulnerabilities in Revive Adserver before 3.2.2 Unexpired Session Exploitation in Revive Adserver before 3.2.2 Cache-Control Header Missing in Revive Adserver Admin UI Pages Default Flash Cross-Domain Policy Vulnerability in Revive Adserver before 3.2.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Open Flash Chart 2 Unrestricted Access to run-mpe.php in Revive Adserver before 3.2.2 Arbitrary File Inclusion Vulnerability in Revive Adserver before 3.2.2 Arbitrary Script Injection in Revive Adserver's magic-macros Feature Arbitrary Code Execution Vulnerability in Schneider Electric InduSoft Web Studio Remote Code Execution and Denial of Service Vulnerability in Schneider Electric InduSoft Web Studio Cross-Site Scripting (XSS) Vulnerability in Pie Register Plugin for WordPress Weak ACL in Panda Security URL Filtering Allows Local Privilege Escalation PHP Remote File Inclusion Vulnerabilities in Web Reference Database (refbase) Install.php SQL Injection Vulnerability in install.php in Web Reference Database (refbase) through 0.9.6 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Web Reference Database (refbase) Denial of Service Vulnerability in Node.js 4.0.0, 4.1.0, and 4.1.1 Open-Xchange OX Guard before 2.0.0-rev11 Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Gallery - Photo Albums - Portfolio Plugin for WordPress Arbitrary SQL Command Execution in ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and Earlier SQL Injection Vulnerability in TestLink before 1.9.14: Remote Code Execution via apikey Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in TestLink before 1.9.14 Heap-based Buffer Overflow in FreeSWITCH's parse_string Function Privilege Escalation Vulnerability in Multiple F5 BIG-IP Products Remote Code Execution and Privilege Escalation Vulnerability in F5 BIG-IP and Related Products Bypass of Work-Order Change Restrictions in IBM Maximo Asset Management and Related Products Bypassing Access Restrictions and Data Manipulation Vulnerability in IBM Maximo Asset Management Open Redirect Vulnerabilities in IBM WebSphere Commerce 7.0 through Feature Pack 8: Exploiting Aurora Starter Store for Phishing Attacks Arbitrary web script injection vulnerability in IBM Emptoris Contract Management Information Disclosure Vulnerability in IBM WebSphere Message Broker and IBM Integration Bus XML External Entity (XXE) Vulnerability in IBM Mashup Center 3.0.0.1 Bypassing Access Restrictions and Obtaining Sensitive Document Information in IBM Curam Social Program Management 6.1.x Arbitrary Script Injection in IBM Curam Social Program Management 6.1 Denial of Service Vulnerability in IBM Spectrum Scale and GPFS on AIX Cleartext Password Exposure in IBM Tivoli Storage Manager and FlashCopy Manager CSRF Vulnerability in IBM Mashup Center 3.0.0.1 Allows Remote Authentication Hijacking Improper Restriction of ASNODENAME Option in IBM Spectrum Protect Unspecified Field Cross-Site Scripting (XSS) Vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 Improper Cookie Handling in IBM Sterling B2B Integrator 5.2 Privilege Escalation Vulnerability in IBM Tivoli Monitoring Portal Client Unauthenticated Plaintext Data Retrieval Vulnerability in IBM DataPower Gateways Arbitrary Script Injection Vulnerability in IBM WebSphere Portal 8.0.0 and 8.5.0 Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition Cross-Site Scripting (XSS) Vulnerabilities in IBM UrbanCode Deploy Versions 6.0, 6.1, and 6.2 Denial of Service Vulnerability in AFP Workbench Viewer in IBM i Access 7.1 on Windows Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server versions 7.0 to 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider. Memory Leakage Vulnerability in IBM WebSphere eXtreme Scale and DataPower XC10 Appliance Denial of Service Vulnerability in IBM WebSphere Portal 8.0.0.1 and 8.5.0 Unspecified Information Disclosure Vulnerability in GSKit on IBM MQ M2000 Appliances Unspecified Information Disclosure Vulnerability in GSKit on IBM MQ M2000 Appliances Buffer Overflow Vulnerability in IBM i Access 7.1 on Windows Cross-Site Scripting (XSS) Vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 Bypassing Access Restrictions and Information Disclosure in IBM InfoSphere MDM - Collaborative Edition Remote Code Execution Vulnerability in VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments Arbitrary OS Command Execution Vulnerability in IBM Tivoli Storage Manager for Virtual Environments Insecure Cookie Handling in IBM DataPower Gateway Appliances Open Redirect Vulnerability in IBM WebSphere Portal Arbitrary Virtual Machine Restoration and Sensitive Information Disclosure Vulnerability in IBM Tivoli Storage Manager for Virtual Environments Arbitrary Data Access Vulnerability in IBM Spectrum Scale and GPFS Hadoop Connector Arbitrary Web Script Injection Vulnerability in IBM Sterling B2B Integrator 5.2 Queue Watcher Local User Password Decryption in IBM Capacity Management Analytics 2.1.0.0 Cleartext Username and Password Discovery in IBM Capacity Management Analytics 2.1.0.0 Local User Discovery of Encrypted Credentials in IBM Capacity Management Analytics 2.1.0.0 Bypassing Cognos Application Firewall (CAF) Protection Mechanism via Leading Whitespace in BackURL Field User Permissions Bypass in IBM Tivoli Common Reporting and Cognos Business Intelligence Information Disclosure Vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 Cleartext Web-Services Information Disclosure in IBM Sterling B2B Integrator 5.2 Arbitrary Web Script Injection Vulnerability in InfoSphere Data Architect (IDA) Privilege Escalation Vulnerability in IBM Rational Collaborative Lifecycle Management (CLM), Rational Quality Manager (RQM), Rational Team Concert (RTC), Rational Requirements Composer (RRC), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect Design Manager (RSA DM) Insecure HTTPS Connection in IBM WebSphere Process Server and Business Process Manager Privilege escalation vulnerability in IBM Installation Manager and Packaging Utility Inadequate Search Index Replication in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 Information Disclosure Vulnerability in IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications IBM Flash System V9000 CSRF Vulnerability Allows Remote User Hijacking Bypassing AccessControl REST API Access Restrictions in IBM WebSphere Portal SQL Injection Vulnerability in IBM Maximo Asset Management Weak Encryption Vulnerability in IBM Rational CLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, and RSA DM Arbitrary Command Execution via Serialized Java Object in IBM Products Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management versions 7.5 and 7.6 Information Disclosure Vulnerability in IBM Maximo Asset Management and SmartCloud Control Desk REST API Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM), Rational Quality Manager (RQM), Rational Team Concert (RTC), Rational Requirements Composer (RRC), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect Design Manager (RSA DM) before specified versions allows remote attackers to inject arbitrary web script or HTML. Arbitrary Page Creation Vulnerability in IBM WebSphere Process Server and Business Process Manager Weak Permissions for Content Items in IBM WebSphere Portal Unspecified Vector Object-Storage Admin Password Discovery in IBM Spectrum Scale Arbitrary Script Injection in IBM WebSphere Portal 8.0.x and 8.5.x Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Connections Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Connections Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Connections IBM Connections XXE Vulnerability: Denial of Service via Crafted XML Data Cleartext Certificate-Keystore Password Exposure in IBM WebSphere MQ 8.0.0.4 on IBM i Platforms Incorrect Authorization Checks in IBM Business Process Manager Denial of Service Vulnerability in IBM Jazz Reporting Service (JRS) CSRF Vulnerability in IBM Jazz Reporting Service (JRS) 6.0 Allows Remote User Hijacking and XSS Insertion LDAP Injection Vulnerability in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 Arbitrary Script Injection in IBM Jazz Reporting Service (JRS) 5.x and 6.0 Bypassing Administrator Restrictions in IBM Jazz Reporting Service (JRS) Bypassing Read-Only Restrictions in IBM Jazz Reporting Service Man-in-the-Middle Vulnerability in IBM Jazz Reporting Service (JRS) 5.x and 6.x Cross-site scripting (XSS) vulnerability in IBM Rational CLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, and RSA DM LDAP Injection Vulnerability in IBM WebSphere Portal Bypassing Queue-Manager Command Access Restrictions in IBM WebSphere MQ 8.x Arbitrary Web Script Injection Vulnerability in IBM Rational Engineering Lifecycle Manager Sensitive Information Disclosure in IBM Rational Engineering Lifecycle Manager Arbitrary Web Script Injection Vulnerability in IBM Rational Engineering Lifecycle Manager Arbitrary Web Script Injection Vulnerability in IBM Rational Engineering Lifecycle Manager Information Disclosure Vulnerability in IBM Maximo Asset Management and Related Products LDAP Password Disclosure in IBM Spectrum Scale Weak Permissions for Python Scripts in IBM SPSS Statistics 22.0.0.2 and 23.0.0.2 Cookie Modification Vulnerability in IBM InfoSphere Information Server Arbitrary Script Injection in IBM WebSphere Portal 8.0.x and 8.5.x Arbitrary Web Script Injection in IBM InfoSphere Master Data Management Local Privilege Escalation Vulnerability in IBM InfoSphere Information Server Installation Process Cross-Domain Resource Modification Vulnerability in IBM Cloud Orchestrator Services Bypassing Lock Screen in GNOME Display Manager (gdm) by Holding Escape Key Heap-based Buffer Overflow in xmlDictComputeFastQKey Function in libxml2 Heap-based Buffer Overflow in xmlParseXmlDecl Function in libxml2 Heap-based Buffer Overflow in xmlGROW Function in libxml2 Out-of-Bounds Heap Read Vulnerability in libxml2's xmlParseMisc Function Arbitrary Command Execution via Serialized Java Object in Red Hat Products Insecure Data Encryption in Red Hat CloudForms Management Engine (CFME) RSA Private Key Recovery Vulnerability in Zend Framework QEMU pcnet_receive Function Heap-Based Buffer Overflow Vulnerability Stack-based Buffer Overflow in Libnsgif Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Libnsgif 0.1.2 Denial of Service Vulnerability in Libnsbmp 0.1.2 Heap-based Buffer Overflow in bmp_decode_rle function in Libnsbmp 0.1.2 Denial of Service Vulnerability in Linux Kernel's ext4 Filesystem Vulnerability: Stack-based Buffer Overflow in systemd's nss-mymachines Module Electromagnetic Emanation Attack on Libgcrypt's Elliptic-Point Curve Multiplication Buffer Overflow in QEMU's pcnet_receive Function Allows Remote Code Execution Denial of Service Vulnerability in Linux Kernel's PIT Counter Restoration Information Disclosure Vulnerability in OpenStack Ironic 4.2.0 through 4.2.1 Denial of Service Vulnerability in Linux Kernel's Aiptek Tablet Driver Denial of Service Vulnerability in ONOS before 1.5.0 with ifwd App SQL Injection Vulnerabilities in Double Opt-In for Download Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Foreman Information Popups Header Spoofing Vulnerability in Phusion Passenger Cross-Site Scripting (XSS) Vulnerabilities in Apache Wicket RadioGroup and CheckBoxMultipleChoice Classes Bypassing Parent Table Access Restrictions in Apache Hive with Ranger and SqlStdHiveAuthorization Arbitrary Code Execution in Cool Video Gallery Plugin 1.9 for WordPress Arbitrary Pod Log Reading Vulnerability in Kubernetes Local Privilege Escalation via Symlink Attack in sosreport Arbitrary Web Script Injection Vulnerability in Jenkins CSRF Vulnerability in Jenkins Allows Authentication Hijacking CSRF Bypass Vulnerability in Jenkins Unverified Plugin Files in Jenkins Update Site Data Vulnerability Denial of Service Vulnerability in Samba 4.x LDAP Server Arbitrary Code Execution in Histogram Class of colorscore Gem Outdated Bundled CA Certificates Vulnerability in libgwenhywfar Local Privilege Escalation Vulnerability in aRts and kdelibs3 Arbitrary Command Execution Vulnerability in Red Hat Enterprise Virtualization Manager Arbitrary Code Execution via Unrestricted Protocols in Git Remote Helper Programs Token Manipulation Vulnerability in OpenStack Identity (Keystone) and keystonemiddleware Multiple stack-based buffer overflows in libresolv library in glibc before 2.23 Arbitrary File Read Vulnerability in OpenStack Compute (Nova) Denial of Service Vulnerability in QEMU's MSI-X MMIO Support Race condition in keyctl_read_key function in Linux kernel before 4.3.4 allows for denial of service or other impact Arbitrary Code Execution and Denial of Service Vulnerability in Ruby's Fiddle::Handle Implementation Heap-based Buffer Overflow in gdk-pixbuf-scale.c Allows Remote Code Execution via Crafted BMP File Race condition vulnerability in nfnetlink_log module in Red Hat Enterprise Linux 7, kernel-rt, and Red Hat Enterprise MRG 2 Memory Write Vulnerability in libtiff 4.0.6 TIFFVGetField Function Heap-based Buffer Overflow in giffix.c in giflib 5.1.1 Privilege Escalation Vulnerability in DeleGate 9.9.13 Denial of Service Vulnerability in librsvg's _rsvg_node_poly_build_path Function Denial of Service Vulnerability in librsvg before 2.40.12 Apache ActiveMQ Client Remote Shutdown Command Vulnerability Arbitrary ACL Modification Vulnerability in Samba 3.x and 4.x Privilege Escalation: Unauthorized Access to Private Images in Kubernetes/OpenShift3 Cross-Site Scripting (XSS) Vulnerabilities in TeamPass 2.1.24 and Earlier CSRF Vulnerability in TeamPass 2.1.24 and Earlier Allows Authentication Hijacking Multiple SQL Injection Vulnerabilities in TeamPass 2.1.24 and Earlier Ember.js Cross-Site Scripting (XSS) Vulnerability USB Device Insertion Vulnerability in Linux Kernel SQL Injection Vulnerability in Yeager CMS 1.2.1: Remote Code Execution via passwordreset&token Parameter Yeager CMS 1.2.1 Password Recovery SQL Injection Vulnerability SQL Injection Vulnerability in Yeager CMS 1.2.1: Arbitrary SQL Command Execution in yeager/y.php/tab_USERLIST Multiple Server-Side Request Forgery (SSRF) Vulnerabilities in Yeager CMS 1.2.1 Arbitrary Code Execution via Unrestricted File Upload in Yeager CMS 1.2.1 TLS 1.2 Handshake Protocol Collision Vulnerability in Mozilla Network Security Services (NSS) Timing-based Authentication Bypass in Ruby on Rails Improper Implementation of Destroy Option in Active Record Nested Attributes Cross-site scripting (XSS) vulnerability in rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x Rails-html-sanitizer Gem XSS Vulnerability Cross-site scripting (XSS) vulnerability in rails-html-sanitizer gem before 1.0.3 in Ruby on Rails 4.2.x and 5.x Denial of Service via Wildcard Controller Route in Ruby on Rails Weak ACL in SafeNet Authentication Service End User Software Tools for Windows Allows Privilege Escalation Weak ACL in SafeNet Authentication Service IIS Agent Allows Privilege Escalation via Executable Modification Weak ACL in SafeNet Authentication Service TokenValidator Proxy Agent Allows Privilege Escalation Integer Overflow in VxWorks _authenticate Function Allows Remote Code Execution Weak Permissions in Cisco VPN Client 5.x through 5.0.07.0440 Allows Privilege Escalation via vpnclient.ini PCMan's FTP Server 2.0.7 Directory Traversal Vulnerability BisonWare BisonFTP 3.5 Directory Traversal Vulnerability Konica Minolta FTP Utility 1.0 Directory Traversal Vulnerability Arbitrary Web Script Injection Vulnerability in Splunk Web Cross-Site Scripting (XSS) Vulnerability in Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 CSRF Vulnerability in Zimbra Collaboration Suite Login Form Arbitrary System Command Execution in Apache James Server 2.3.2 CSRF Vulnerabilities in McAfee Vulnerability Manager's Organizations Page Privilege Escalation via Uninitialized Data Comparison in Linux Kernel IPC Object Implementation Arbitrary Command Execution via JavaScript API in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat SaveAs feature Unspecified Vector Vulnerability in ANVerifyComments Method in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, and Acrobat and Acrobat Reader DC Classic and DC Continuous before 2015.006.30094 and 2015.009.20069 respectively, allowing arbitrary code execution through improper EScript exception handling. Unspecified Vector Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Bypassing JavaScript API Execution Restrictions in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, and Acrobat and Acrobat Reader DC Classic and DC Continuous versions before 2015.006.30094 and 2015.009.20069 respectively, on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unspecified vulnerability in Adobe Reader and Acrobat versions 10.x and 11.x, Acrobat and Acrobat Reader DC Classic, and Acrobat and Acrobat Reader DC Continuous on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Same Origin Policy Bypass Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows arbitrary code execution via crafted tabStops property in TextFormat object Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213: Arbitrary code execution via crafted validity property in TextLine object Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213: Arbitrary code execution via crafted deblocking property in Video object Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213: Arbitrary Code Execution Vulnerability Remote Code Execution Vulnerability in Adobe Flash Player 18.x, 19.x, and 11.x Arbitrary Code Execution Vulnerability in Adobe Flash Player Arbitrary Code Execution Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Denial of Service Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary Code Execution via Crafted DefineFunction Atoms Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary code execution via crafted gridFitType property value Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary Code Execution via Crafted globalToLocal Arguments Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary Code Execution via Crafted attachSound Arguments Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary Code Execution via Crafted actionExtends Arguments Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary Code Execution via Crafted actionCallMethod Arguments Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary Code Execution via crafted actionInstanceOf arguments Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary Code Execution via Crafted setMask Arguments Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241: Arbitrary Code Execution via Crafted getBounds Call Remote Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 FTP Active Mode Fallback Vulnerability in Tails before 1.7 Cross-Site Scripting (XSS) Vulnerabilities in PayPal Pro Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in ResAds Plugin for WordPress Arbitrary Code Injection via map_id Parameter in Easy2Map WordPress Plugin Arbitrary File Inclusion Vulnerabilities in Easy2Map Plugin for WordPress SQL Injection Vulnerabilities in Support Ticket System Plugin for WordPress Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 Heap-based Buffer Overflow and Application Crash in gdk-pixbuf Integer Overflow in pixops_scale_nearest Function in gdk-pixbuf: Remote Code Execution Vulnerability Bypassing Authorization and Reading Uploaded Files in Ipswitch MOVEit DMZ and MOVEit Mobile Cross-Site Scripting (XSS) Vulnerability in Ipswitch MOVEit File Transfer Information Disclosure Vulnerability in Ipswitch MOVEit DMZ CSRF Vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and Earlier Arbitrary Script Injection in Ipswitch MOVEit Mobile before 1.2.2 Username Enumeration Vulnerability in Ipswitch MOVEit DMZ Multiple SQL Injection Vulnerabilities in Pie Register Plugin for WordPress Absolute Path Traversal Vulnerability in Font Plugin for WordPress Arbitrary Code Execution via Unrestricted File Upload in GLPI Remote authenticated users can create super-admin accounts in GLPI before 0.85.3 Algorithmic complexity vulnerability in Address.pm in the Email-Address module: Denial of Service via Crafted String OpenSMTPD Use-After-Free Vulnerability in req_ca_vrfy_smtp and req_ca_vrfy_mta Denial of Service Vulnerability in ntpd's crypto_xmit Function Denial of Service Vulnerability in ntpd (Incomplete Fix for CVE-2014-9750) Null Byte Injection in Zend Framework's PDO Adapters Remote Code Execution via Crafted Password-Protected ZIP Archive in Info-ZIP UnZip 6.0 Denial of Service Vulnerability in Info-ZIP UnZip 6.0 via Empty bzip2 Data Remote Command Execution in icewind1991 SMB before 1.0.3 Arbitrary Code Execution via Crafted Mount Point Option in ownCloud Server Double-free vulnerability in sPLT chunk structure and png.c in pngcrush before 1.7.87 Memory Leak Vulnerability in ntpd's CRYPTO_ASSOC Function Denial of Service Vulnerability in ntpd (Incomplete Fix for CVE-2014-9750) Arbitrary File Write Vulnerability in NTP ntpd Remote Configuration Denial of Service Vulnerability in NTPD Client via Crafted KOD Messages Unspecified Impact Vulnerability in NTP Rate Limiting Feature Multiple Cross-Site Scripting (XSS) Vulnerabilities in Secure Data Space SDS-API before 3.5.7 Remote Authentication Bypass in Ignite Realtime Openfire 3.10.2 Arbitrary Web Script Injection in 4images 1.7.11 and Earlier Arkeiad Daemon Authentication Bypass and Command Execution Vulnerability ATutor 2.2 and Earlier: Cross-Site Scripting (XSS) Vulnerability in popuphelp.php Arbitrary PHP Code Execution in ATutor 2.2 and Earlier Security Group Bypass Vulnerability in OpenStack Compute (Nova) Multiple SQL Injection Vulnerabilities in Realtyna RPL Component for Joomla! Realtyna RPL Component CSRF Vulnerability: Remote Authentication Hijacking Stagefright Remote Code Execution Vulnerability Privilege Escalation Vulnerability in Android Mediaserver Denial of Service Vulnerability in Android Mediaserver Privilege Escalation Vulnerability in AMD fglrx-driver before 15.7 Privilege Escalation via Symlink Attack in AMD fglrx-driver SQL Injection Vulnerabilities in SAP HANA DB Web-based Development Workbench Cross-site scripting (XSS) vulnerability in role deletion in SAP HANA DB 1.00.091.00.1418659308 SQL Injection Vulnerabilities in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) Web-based Development Workbench Cross-site scripting (XSS) vulnerability in user creation in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) Eval Injection Vulnerability in SAP HANA Developer Edition DB 1.00.091.00.1418659308 Denial of Service Vulnerability in SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 SAP Mobile Platform 3.0 SP05 ClientHub DataVault Keystream Disclosure Vulnerability Cleartext Transmission of Sensitive Login Information in Avira Mobile Security App for iOS Denial of Service Vulnerability in Huawei P7 and P8 GPU Driver XML External Entity (XXE) Vulnerability in PRTG Network Monitor Lenstra Attack: RSA Key Extraction in wolfSSL Authentication Bypass and Sensitive Information Disclosure/Modification in NetApp Data ONTAP Buffer Overflow in afReadFrames Function in audiofile Library Denial of Service Vulnerability in Juniper Chassis with Trio Chipset Line Cards and Junos OS Denial of Service Vulnerability in Juniper vSRX Virtual Firewalls Denial of Service Vulnerability in Juniper Netscreen and ScreenOS Firewall Products Unauthenticated Root Access Vulnerability in Juniper Junos OS Denial of Service Vulnerability in Juniper Junos OS SSH Server Denial of Service and Arbitrary Code Execution in Juniper ScreenOS SSH-PKA Configuration Juniper ScreenOS Multiple Versions Remote Administrative Access Vulnerability Vulnerability: Weak Encryption Implementation in Juniper ScreenOS Arbitrary File Write Vulnerability in Gummi 0.6.5 Denial of Service Vulnerability in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1 libxpc in launchd in Apple OS X before 10.11 allows remote attackers to cause a denial of service through unrestricted process creation for network connections Unspecified vulnerability in Mail in Apple OS X before 10.11 allows information disclosure during e-mail printing Improper Padding Initialization in OpenAFS Rx Acknowledgement Packet Construction Vulnerability Improper Padding Initialization in OpenAFS Rx Acknowledgement Packet Vulnerability Insufficient Entropy in IV Generation for AES-CBC Encryption in Lemur 0.1.4 Hardcoded Password Vulnerability in ZOHO ManageEngine OpManager 11.5 build 11600 and Earlier SQL Injection Vulnerability in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier Buffer Overflow in Konica Minolta FTP Utility 1.0: Remote Code Execution and Denial of Service Vulnerability Remote Code Execution Vulnerability in Konica Minolta FTP Utility 1.0 Arbitrary OS Command Execution Vulnerability in baserCMS 3.0.2 through 3.0.8 Denial of Service Vulnerability in Dell SonicWall TotalSecure TZ 100 Devices Cross-site scripting (XSS) vulnerability in Newphoria Applican Framework before 1.13.0 for Android and iOS Cross-Site Scripting (XSS) Vulnerability in Newphoria Applican Framework Arbitrary PHP Code Execution via Unrestricted File Upload in Kirby Panel Component Arbitrary OS Command Execution in PC-EGG pWebManager Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Garoon 4.0.3 Improper Restriction of IMG Loading in Cybozu Garoon 3.x and 4.x Arbitrary Web Script Injection Vulnerability in JosephErnest Void before 2015-10-02 Unverified SSL Certificates in Gurunavi App for iOS before 6.0.0 Enable Man-in-the-Middle Attacks Directory Traversal Vulnerability in ManageEngine Firewall Analyzer 8.0 and Earlier Versions Unrestricted Access Permissions in ManageEngine Firewall Analyzer before 8.0 Let's PHP! Frame High-Speed Chat XSS Vulnerability Unspecified Cross-Site Scripting (XSS) Vulnerability in Let's PHP! p++BBS before 4.10 Arbitrary SQL Command Execution Vulnerability in BOKUBLOCK BbAdminViewsControl Plugins for EC-CUBE GANMA! App for iOS has a critical SSL certificate verification vulnerability. NTT DATA Smart Sourcing JavaScript Module XSS Vulnerability Unsecured WPA2-PSK Passphrase Discovery in ASUS Japan WL-330NUL Devices Arbitrary Command Execution Vulnerability in ASUS Japan WL-330NUL Devices Denial of Service Vulnerability in ASUS Japan WL-330NUL Devices Arbitrary Web Script Injection Vulnerability in ASUS Japan WL-330NUL Devices Multiple SQL Injection Vulnerabilities in Collne Welcart Plugin for WordPress Remote Administrative Operations Vulnerability in Corega CG-WLBARGS Devices Open Proxy Service Vulnerability in Corega CG-WLBARAGM Devices Open DNS Resolver Vulnerability in Corega CG-WLNCM4G Devices Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Office 9.0.0 through 10.3.0 Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Office 9.0.0 through 10.3.0 Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Office 9.0.0 through 10.3.0 Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Office 9.0.0 through 10.3.0 Kernel Crash Vulnerability in Linux SLIP Driver OptiPNG 0.6.4 Use-After-Free Remote Code Execution Vulnerability Uninitialized Memory Read Vulnerability in gif2png NULL pointer dereference vulnerability in phar_get_entry_data function in PHP before 5.5.30 and 5.6.x before 5.6.14 Denial of Service Vulnerability in PHP's phar_parse_zipfile Function Heap-based Buffer Overflow in libsndfile 1.0.25: Remote Code Execution via AIFF File Header Eval Injection Vulnerability in Form Manager Plugin for WordPress Arbitrary PHP Code Execution via vB_Api_Hook::decodeArguments Method in vBulletin 5 Connect 5.1.2 through 5.1.9 Arbitrary Code Execution in Sensio Labs Twig Template.php TOCTOU Race Vulnerability in libbluray MountManager Class Denial of Service Vulnerability in Xen's hypercall_create_continuation Function Unlimited printk Console Messages Denial of Service Vulnerability in Xen 4.4.x, 4.5.x, and 4.6.x Race condition in relinquish_memory function in Xen 4.6.x and earlier allows local domains to cause denial of service via memory reduction Arbitrary File Inclusion Vulnerability in Piwik before 2.15.0 Arbitrary PHP Code Execution and SSRF Vulnerability in Piwik's DisplayTopKeywords Function Race condition vulnerability in IBM System Networking Switch Center (SNSC) and Lenovo Switch Center allows remote attackers to obtain privileged-account access and read arbitrary text files Arbitrary JSP Code Execution Vulnerability in IBM System Networking Switch Center and Lenovo Switch Center Improper Encryption of Administrator Password in IBM System Networking Switch Center and Lenovo Switch Center Race condition vulnerability in IBM System Networking Switch Center (SNSC) and Lenovo Switch Center allows remote attackers to obtain privileged-account access and read arbitrary files Multiple Cross-Site Scripting (XSS) Vulnerabilities in Kentico CMS 8.2 Open Redirect Vulnerability in Kentico CMS 8.2 through 8.2.41 Padding-Oracle Attack Vulnerability in Botan 1.11.x Denial of Service Vulnerability in Botan before 1.11.22 Improper Wildcard Matching in Botan 1.11.x before 1.11.22 Timing Vulnerability in Botan's PKCS#1 Padding Decoding Unauthenticated Remote Code Execution in SAP HANA Database 1.00 SPS10 and earlier Arbitrary File Deletion Vulnerability in Adobe Reader and Acrobat Denial of Service and Application Crash via Crafted Packet in Wireshark 1.12.x Privilege Escalation Vulnerability in Cloudera Hue (CDH 5.x before 5.4.9) Denial of Service Vulnerability in Linux Kernel USB Driver Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Improper Validation of Level 2 Page Table Entries in Xen Allows Privilege Escalation via Crafted Superpage Mapping Vulnerability: Information Disclosure via VLAN Sniffing in Siemens RUGGEDCOM ROS Bypassing Secure Boot Restrictions in Linux Kernel Arbitrary File Upload Vulnerability in SolarWinds Storage Manager Arbitrary Command Execution Vulnerability in SolarWinds Log and Event Manager (LEM) Arbitrary Code Execution Vulnerability in SolarWinds Log and Event Manager (LEM) Command Line Management Console (CMC) Remote Code Execution Vulnerability in Huawei FusionServer Rack Servers Remote authenticated operators can change server information in Huawei FusionServer rack servers due to failure in verifying user permissions. Unlimited Query Attempts Vulnerability in Huawei FusionServer Rack Servers Huawei FusionAccess Virtual Cloud Desktop Denial of Service Vulnerability Denial of Service Vulnerability in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 Unified Gateways CF Card Information Disclosure Vulnerability in Huawei Network Devices Huawei E3272s-153TCPU-V200R002B491D09SP00C00 Denial of Service (DoS) Vulnerability Integer Overflow Vulnerability in NTP-dev.4.3.70 Allows for Out-of-Bounds Memory Copy Operation Remote Code Execution and Denial of Service Vulnerability in ntpd Denial of Service Vulnerability in ntpd Arbitrary File Overwrite Vulnerability in NTPd Denial of Service Vulnerability in ntpq in NTP 4.2.x and 4.3.x Arbitrary Code Execution and Denial of Service Vulnerability in NTP Refclock Driver Buffer Overflow in NTP Password Management Functionality Denial of Service Vulnerability in NTPd's decodenetnum Function Default Password Vulnerability in OpenNMS Arbitrary SQL Command Execution in Joomla! 3.2 before 3.4.5 Unspecified SQL Injection Vulnerability in Joomla! 3.2 before 3.4.4 Unauthenticated Access to Sensitive Information in Joomla! 3.2 before 3.4.5 Stack-based Buffer Overflow in Persistent Accelerite Radia Client Automation Remote Code Execution in Accelerite Radia Client Automation Improper Role Based Access Control Implementation in Persistent Accelerite Radia Client Automation Remote Bypass of Access Restrictions in Persistent Accelerite Radia Client Automation Privilege Escalation via Stereoscopic 3D Driver Service in NVIDIA GPU Graphics Driver Unquoted Windows Search Path Vulnerability in NVIDIA GPU Graphics Driver Multiple integer overflows in NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux vulnerability Authentication Bypass Vulnerability in NTPd Denial of Service Vulnerability in Linux Kernel's key_gc_unused_keys Function URL Redirection Vulnerability in phpMyAdmin Buffer Overflow Vulnerability in KiTTY Portable 0.65.0.2p and Earlier: Remote Code Execution via Long Nickname Unverified Edit Permission Vulnerability in ctools Drupal Module Arbitrary SQL Command Execution Vulnerability in Drupal 7 SQL Server Driver SQL Injection Vulnerabilities in User Dashboard Module for Drupal Arbitrary Script Injection in Taxonomy Find Module in Drupal Arbitrary Code Injection through Stickynote Module in Drupal 7.x Sensitive Event Registration Information Disclosure Vulnerability in Entity Registration Module for Drupal Colorbox Module Access Restriction Bypass Vulnerability LDAP Authentication Bypass Vulnerability in MongoDB Server 3.0.0 to 3.0.6 Uninitialized Structure Member Vulnerability in vivid_fb_ioctl Function Uninitialized Structure Member Vulnerability in dgnc_mgmt_ioctl Function Sensitive Volume Information Disclosure in NetApp Data ONTAP Vulnerability: Unauthorized Backup Listing and Deletion in NetApp SnapCenter Server 1.0 Directory Traversal Vulnerability in WifiHs20UtilityService on Samsung S6 Edge (LRX22G.G925VVRU1AOE2) Weak Permissions in Samsung S6 Edge EmailComposer Application Buffer Overflow Vulnerabilities in Exynos Seiren Audio Driver on Samsung S6 Edge Race condition vulnerability in Samsung Graphics 2D Driver in Android L(5.0/5.1) devices allows local users to trigger memory errors (SVE-2015-4598) Stack-based Buffer Overflow in Samsung m2m1shot_compat_ioctl32 Function HTML Injection Vulnerability in SecEmailUI of Samsung Galaxy S6 Remote Code Execution Vulnerability in Samsung LibQjpeg on Samsung SM-G925V Local Denial of Service Vulnerability in Samsung Gallery on Samsung Galaxy S6 Memory Corruption and SIGSEGV Vulnerability in LibQJpeg on Samsung Galaxy S6 Remote Code Execution Vulnerability in Samsung Galaxy S6 Edge Local Denial of Service Vulnerability in Samsung Gallery on Samsung Galaxy S6 Unauthenticated Information Disclosure in Joomla! 3.x before 3.4.5 Information Disclosure Vulnerability in Mango Automation 2.5.x and 2.6.x Arbitrary OS Command Execution in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 Sensitive Information Disclosure in Mango Automation 2.5.x and 2.6.x Arbitrary SQL Command Execution Vulnerability in Infinite Automation Mango Automation Unrestricted File Upload Vulnerability in Mango Automation 2.5.x and 2.6.x Remote Code Execution Vulnerability in Unitronics VisiLogic OPLC IDE before 9.8.02 Remote Password-Hash Backup File Disclosure in LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 Devices Directory Traversal Vulnerability in Honeywell Midas Gas Detectors Cleartext Password Exposure in Honeywell Midas Gas Detectors Stack-based Buffer Overflow in Hospira Communication Engine (CE) Allows Remote Attackers to Cause Denial of Service or Other Impact HTTP Location Header Bypass Vulnerability in Exemys Telemetry Web Server Hardcoded Credentials Vulnerability in Saia Burgess Devices Arbitrary Java Code Execution Vulnerability in Tibbo AggreGate Server Service Arbitrary Java Code Execution with SYSTEM Privileges in AggreGate Server Service Authentication Bypass in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 Cleartext Credential Exposure in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 Arbitrary Web Script Injection in Sauter EY-WS505F0x0 moduWeb Vision 1.6.0 Untrusted Search Path Vulnerability in Open Automation OPC Systems.NET Multiple Buffer Overflows in F1BookView ActiveX Control in Schneider Electric ProClima Remote Code Execution Vulnerability in SearchBlox 8.3 before 8.3.1 Hardcoded Credentials Vulnerability in Pro-face GP-Pro EX Shared SSL Private Key Vulnerability in Westermo WeOS eWON Firmware Vulnerability: Session Data Retention on Log-Off eWON Devices Firmware CSRF Vulnerability eWON Devices Firmware < 10.1s0 Information Disclosure Vulnerability Arbitrary Web Script Injection Vulnerability in eWON Devices Lack of Autocomplete Attribute in eWON Devices' Password Field Increases Remote Attack Surface Unspecified GET Request Vulnerability in eWON Devices Hardcoded Credentials Vulnerability in Adcon Telemetry A840 Telemetry Gateway Base Station Lack of SSL Support in Adcon Telemetry Gateway Base Station Allows Man-in-the-Middle Attacks Adcon Telemetry A840 Telemetry Gateway Base Station Information Leakage Vulnerability Log-file Path Disclosure Vulnerability in Adcon Telemetry A840 Telemetry Gateway Base Station Arbitrary File Reading Vulnerability in Motorola Solutions MOSCAD IP Gateway CSRF Vulnerability in Motorola Solutions MOSCAD IP Gateway Allows Password Hijacking Stack-based Buffer Overflow in Schneider Electric Modicon M340 PLC BMXNOx and BMXPx Devices via Long Password in HTTP Basic Authentication Authentication Bypass Vulnerability in Advantech EKI-132x Devices Heap-based Buffer Overflow in Unitronics VisiLogic OPLC IDE Allows Remote Code Execution Invalid Curve Attack in Bouncy Castle Java Library Denial of Service Vulnerability in libxml2 2.9.2 Out-of-bounds Read and Crash Vulnerability in libxml2's xmlParseConditionalSections Function Open Redirect Vulnerability in Drupal Overlay, jQuery Update, and LABjs Modules Denial of Service via SSL Parameter Renegotiation in Ganeti RESTful Control Interface Information Disclosure Vulnerability in Ganeti's RESTful Control Interface Unity8 Information Exposure Vulnerability Enables Unauthorized MTP Service Activation Weak ACL in SafeNet Authentication Service Remote Web Workplace Agent Allows Privilege Escalation Weak ACL in SafeNet Authentication Service for Outlook Web App Agent Allows Privilege Escalation Weak ACL in SafeNet Authentication Service for AD FS Agent Allows Privilege Escalation Weak ACL in SafeNet Authentication Service for NPS Agent Allows Privilege Escalation Weak ACL in SafeNet Authentication Service Windows Logon Agent Allows Privilege Escalation Weak ACL in SafeNet Authentication Service Windows Logon Agent Allows Privilege Escalation Weak ACL in SafeNet Authentication Service for Citrix Web Interface Agent Allows Privilege Escalation XXE Vulnerability in SAP NetWeaver Application Server Allows Local File Inclusion via nwbc_ext2int URI Memory Leak Vulnerability in Xen Hypervisor Denial of Service Vulnerability in Xen's p2m_pod_emergency_sweep Function Unlimited printk Console Messages Denial of Service Vulnerability in Xen 3.2.x through 4.6.x Denial of Service Vulnerability in Xen's Memory Balloon Calculation NTP Replay Attack Vulnerability NTP Vulnerability: Impersonation Attacks via Skeleton Key NTP Denial of Service Vulnerability Unfiltered Special Characters in ntpq saveconfig Command Vulnerability NULL pointer dereference vulnerability in ntpd allows remote denial of service NTP Stack Exhaustion Denial of Service Vulnerability NTP Denial of Service Vulnerability Unspecified Cross-Site Scripting (XSS) Vulnerability in Compass Rose Drupal Module Out-of-bounds read vulnerability in png_convert_to_rfc1123 function in libpng Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Horde Groupware Weak Permissions in Valve Steam 2.10.91.91 Install Folder Allows Privilege Escalation via Trojan Horse Remote Code Execution and Denial of Service Vulnerability in SAP HANA 1.00.095 (SAP Security Note 2197428) Buffer Overflow Vulnerabilities in mDNSResponder Arbitrary Code Execution and Denial of Service Vulnerability in mDNSResponder Cross-site scripting (XSS) vulnerability in WordPress user list table Incomplete Fix for Race Condition in rds_sendmsg Function in Linux Kernel SAP HANA DB Web Dispatcher Service Information Disclosure Vulnerability Denial of Service Vulnerability in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) via EXECUTE_SEARCH_RULE_SET Stored Procedure (SAP Security Note 2175928) Arbitrary Code Execution Vulnerability in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) Arbitrary Code Execution Vulnerability in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) via SQL Login (SAP Security Note 2197428) Type Confusion Vulnerability in libxslt 1.1.28 Allows Denial of Service Browser Cache Credential Leakage Vulnerability in Citrix NetScaler ADC and Gateway Multiple Cross-Site Scripting (XSS) Vulnerabilities in Citrix NetScaler ADC and Gateway Information Disclosure Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway SQL Injection Vulnerabilities in Citrix Command Center Administration Web UI Denial of Service Vulnerability in ISC BIND 9.x Denial of Service Vulnerability in MediaWiki Chunked Upload API Denial of Service via Chunked Upload in MediaWiki Unthrottled File Upload Vulnerability in MediaWiki Improper Access Restriction in MediaWiki Allows Removal of Revision Suppressions Information Disclosure Vulnerability in MediaWiki Thumbnail ImageMagick Argument Arbitrary Script Injection via PageTriage Toolbar in MediWiki Improper Implementation of Hideuser Functionality in Echo Extension for MediWiki OAuth Extension in MediaWiki Allows Bypassing IP Address Access Restrictions Improper Signature Validation in MWOAuthDataStore::lookup_token Function Arbitrary Web Script Injection in Icinga Classic-UI CSV Export and Pagination Feature Buffer Overflow in lldpd's lldp_decode Function Allows Remote Code Execution Denial of Service Vulnerability in lldpd before 0.8.0 Arbitrary Message Decryption Vulnerability in OpenPGP.js Memory Corruption Vulnerability in skb_copy_and_csum_datagram_iovec Function Default Privileged Account Vulnerability in Clustered Data ONTAP Versions 8.0, 8.3.1, and 8.3.2 Incomplete Blacklist Vulnerability in F5 BIG-IP Configuration Utility Privilege Escalation via Access Policy Manager Customization Configuration in F5 BIG-IP Authentication Bypass Vulnerability in strongSwan's EAP-MSCHAPv2 Plugin Authentication Bypass Vulnerability in McAfee Enterprise Security Manager (ESM) Insecure Lock Screen Bypass via Hot Swapping Monitors Heap-based Buffer Overflow in verify_vbr_checksum function in exfatfsck Denial of Service Vulnerability in Node.js HTTP Parser Remote Code Execution Vulnerabilities in SAP 3D Visual Enterprise Viewer (VEV) via Crafted 3DM and Flic Animation Files Arbitrary Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer (VEV) via Crafted Filmbox Document Out-of-Bounds Indexing Vulnerabilities in SAP 3D Visual Enterprise Viewer (VEV) XXE Vulnerability in Hudson (org.jvnet.hudson.main:hudson-core) before 3.3.2 Unprivileged Author Exploits Markup Setting Vulnerability in Textpattern 4.5.7 Insecure Password-Reset Hash Tethering in Textpattern 4.5.7 Weak Permissions on Salt Cache Data Allow Local Information Disclosure Denial of Service Vulnerability in libxml2 2.9.1 Heap-based Buffer Overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiManager GUI Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiManager GUI Arbitrary Code Execution Vulnerability in Samsung SmartViewer Arbitrary Code Execution Vulnerability in Samsung SmartViewer's rtsp_getdlsendtime Method Integer Overflow Vulnerabilities in NDEF Record Parser Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows arbitrary code execution via crafted loadSound call Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player allows arbitrary code execution Use-after-free vulnerability in Adobe Flash Player allows arbitrary code execution Unspecified Input Mishandling Vulnerability in Adobe Premiere Clip App for iOS Unspecified Cross-Site Scripting (XSS) Vulnerability in Adobe ColdFusion 10 and 11 Unspecified Cross-Site Scripting (XSS) Vulnerability in Adobe ColdFusion 10 and 11 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Remote Code Execution and Denial of Service Vulnerability in Android Mediaserver Remote Code Execution and Denial of Service Vulnerability in Android Mediaserver Information Disclosure Vulnerability in Android Mediaserver Out-of-bounds Heap Read Vulnerability in Cyrus IMAP Integer Overflow in index_urlfetch function in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 Integer Overflow in index_urlfetch function in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 Private Browsing URL Recording Vulnerability in qt5-qtwebkit Integer Overflow and Stack-Based Buffer Overflow in Redis Lua Struct Library Information Disclosure Vulnerability in Field as Block Module for Drupal Bypassing Logout Protection Mechanism in Login Disable Module for Drupal Memory Initialization Vulnerability in Huawei eSpace Unified Gateways Denial of Service Vulnerability in Huawei USG Unified Security Gateways Vulnerability: Reversible Encryption Algorithm Weakness in Huawei Routers Vulnerability: Key Storage Vulnerability in Huawei AR, Quidway, and S-Series Routers VPN Routing and Forwarding (VRF) Hopping Vulnerability in Huawei Routers Heap-based buffer overflow vulnerability in Huawei Mate 7 and P8 phones allows for denial of service or arbitrary code execution Arbitrary Kernel Memory Access Vulnerability in Huawei P7 Phones Privilege Escalation and Information Disclosure Vulnerability in TIBCO LogLogic Unity Open Redirect Vulnerability in Cloudera HUE before 3.10.0 Allows Remote Attackers to Conduct Phishing Attacks Information Disclosure Vulnerability in Monster Menus Module for Drupal Heap-based Buffer Overflow in Google Picasa 3.9.140 Build 239 and Build 248 Out-of-bounds memory vulnerability in F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 Denial of Service Vulnerability in F5 BIG-IP and Related Products Insecure Permissions in net-snmp Package Allow Unauthorized Access to snmpd.conf Arbitrary Code Execution Vulnerability in Jenkins CLI Subsystem Denial of Service Vulnerability in KVM and Xen Hypervisors Cross-Site Scripting (XSS) Vulnerability in Roundcube Webmail's Drag-n-Drop File Upload Arbitrary Code Execution via Format String Vulnerability in latex2rtf Remote Code Execution via Format String Vulnerability in GNU a2ps 4.14 Information Disclosure Vulnerability in LenovoEMC NAS Devices Lenovo System Update Privilege Escalation Vulnerability Lenovo System Update Local Privilege Escalation Vulnerability Privilege Escalation via Untrusted Search Path Vulnerability in Symantec Endpoint Protection Session Fixation Vulnerability in Symfony's Remember Me Login Feature Timing Attack Vulnerability in Symfony Security Component Buffer overflow vulnerabilities in libpng's png_set_PLTE and png_get_PLTE functions CSRF Vulnerability in Elasticsearch Kibana Allows Authentication Hijacking NTP Origin Timestamp Bypass Vulnerability Origin Timestamp Impersonation Vulnerability in NTP before 4.2.8p7 Replay Attack Vulnerability in NTPq Protocol Information Disclosure Vulnerability in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 Heap Memory Corruption Vulnerability in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 Local Privilege Escalation in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 Arbitrary OS Command Execution Vulnerability in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 CSRF Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 SQL Injection Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 Arbitrary Code Execution Vulnerability in Symantec Endpoint Protection Unquoted Windows Search Path Privilege Escalation Vulnerability in Symantec Endpoint Encryption (SEE) 11.x SQL Injection Vulnerability in Symantec Embedded Security: Critical System Protection (SES:CSP) and Data Center Security: Server Advanced Server (DCS:SA) Denial of Service Vulnerability in NTP's getresponse Function Remote Code Execution Vulnerability in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 Sensitive Application Secrets Disclosure in Django's get_format Function Vulnerability in SIMATIC NET CPs Allows Unauthenticated Administrative Operations IPv6 MTU Value Validation Vulnerability Out-of-bounds Array Access Vulnerability in ljpeg_decode_yuv_scan Function in FFmpeg Out-of-bounds array access vulnerability in FFmpeg HEVC parsing function Unvalidated Uncompressed Runs in FFmpeg's decode_uncompressed Function Out-of-bounds Array Access Vulnerability in FFmpeg's JPEG2000 Decoder Stack-based Buffer Overflow in SolarWinds DameWare Mini Remote Control URI Handler Heap-based Buffer Overflow in Google Picasa Allows Remote Code Execution World-readable permissions for /var/lib/lxd/unix.socket in lxd-unix.socket systemd unit file in Ubuntu lxd package before 0.20-0ubuntu4.1 Denial of Service Vulnerability in Huawei P7 and P8 Camera Driver Remote Signal Strength Measurement Vulnerability in Huawei P8 Devices Denial of Service Vulnerability in Huawei ALE and GEM-703L Smartphones Denial of Service Vulnerability in Huawei ALE and GEM-703L Smartphones Remote Code Execution Vulnerability in Huawei VP9660 Multi-Point Control Unit Directory Traversal Vulnerability in Huawei AR Routers Denial of Service Vulnerability in Huawei eSpace U2980 and U2990 Unified Gateways Memory Leak Vulnerability in Huawei eSpace 8950 IP Phones Denial of Service Vulnerability in Huawei eSpace IP Phones Information Disclosure Vulnerability in UC Profile Module for Drupal Arbitrary Script Injection Vulnerability in MAYO Theme for Drupal OpenStack Glance 11.0.0 Image Signature Bypass via MD5 Collision Spiffy 5.4 Directory Traversal Vulnerability Remote Code Execution Vulnerability in Arista EOS Management-Plane Access (Bug 138716) Vulnerability: SHA-2 Digest Manipulation in Sudoers Plugin Denial of Service Vulnerability in F5 BIG-IP Traffic Management Microkernel Heap-based Buffer Over-read Vulnerability in libxml2 2.9.2 XML Parser Denial of Service and Information Disclosure Vulnerability Arbitrary Web Script Injection in Synnefo Internet Management Software (IMS) 2015 Arbitrary File Upload and Execution Vulnerability in ManageEngine Desktop Central 9 Non-unique X.509 certificates and SSH host keys vulnerability in OpenStage and OpenScape Desk Phones Cleartext Serial Number Vulnerability in RSI Video Technologies Videofied Devices ClearText Traffic Vulnerability in Frontel Protocol on RSI Video Technologies Videofied Devices Vulnerability: Lack of Integrity Protection in Frontel Protocol on Videofied Devices CSRF Vulnerabilities in AXIS Communications Products Axis Network Cameras: Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary Command Execution Vulnerability in AXIS Network Cameras' devtools.sh Script Resource Injection Vulnerability in AXIS Communications Products SQL Injection Vulnerability in Ipswitch WhatsUp Gold Improper Algorithm in Buffalo WZR-600DHP2 DNS Query Header Selection Vulnerability DNS Spoofing Vulnerability in NETGEAR WNR1000v3 Devices Untrusted Search Path Vulnerability in F-Secure Online Scanner: Remote Code Execution and DLL Hijacking DNS Spoofing Vulnerability in Huawei Mobile WiFi E5151 and E5186 Routers Arbitrary Password Reset Vulnerability in Dovestones AD Self Password Reset Arbitrary File Read Vulnerability in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux Remote Account Takeover Vulnerability in Fisher-Price Smart Toy Bear Devices Remote Denial of Service Vulnerability in RTMPDump 2.4 Remote Code Execution Vulnerability in RTMPDump 2.4 RTMPDump 2.4 Denial of Service Vulnerability Arbitrary File Write Vulnerability in LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 Arbitrary File Read Vulnerability in LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 Multiple Buffer Overflows in Flexera FlexNet Publisher Allow Remote Code Execution Arbitrary File Read Vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D Devices Information Disclosure Vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D Devices Bypassing Filesystem Encryption in Web Viewer 1.0.0.193 on Samsung SRN-1670D Devices Default Password Vulnerability in SeaWell Networks Spectrum SDC 02.05.00 SeaWell Networks Spectrum SDC 02.05.00 - Directory Traversal Vulnerability in configure_manage.php Remote Viewer Users Can Gain Administrative Control in SeaWell Networks Spectrum SDC 02.05.00 Denial of Service Vulnerability in QuickHeal 16.00 Hardcoded Root Password Vulnerability in Zhuhai RaySharp Firmware Unauthenticated Remote Live Video Access in Swann SRNVW-470LCD and SWNVW-470CAM Devices Hardcoded Private Key Vulnerability in NETGEAR D3600 and D6000 Devices Cleartext Administrator Password Disclosure in NETGEAR D3600 and D6000 Devices Multiple SQL Injection Vulnerabilities in RXTEC RXAdmin UPDATE 06 / 2012 Login Page Remote Code Execution Vulnerability in KNX ETS 4.1.5 (Build 3246) via Crafted KNXnet/IP UDP Packet Weak Permissions in Polycom BToE Connector Allows Privilege Escalation via Trojan Horse File Clipboard Data Leakage Vulnerability in Huawei Document Security Management (DSM) Software Integer Overflow Vulnerability in Huawei P7 Phones Denial of Service Vulnerability in Huawei Sophia-L10 Smartphones Buffer Overflow Vulnerability in Huawei P8 HIFI Driver Interface Access Control Vulnerability in Huawei P8 and Mate S Smartphones LXDM Authentication Bypass Vulnerability Cherry Music Directory Traversal Vulnerability Arbitrary Script Injection in Cherry Music Playlist Creation Off-by-one Error in afs_pioctl.c in OpenAFS: Denial of Service Vulnerability Padding Validation Vulnerability in GnuTLS CBC Modes Devise Gem Remember Me Cookie Vulnerability Regular Expression Denial of Service (ReDoS) in ms package for Node.js versions prior to 0.7.1 Array Index Error in LightDM: Remote Denial of Service via XDMCP Request Out-of-Bounds Heap Read Vulnerability in libxml2's xmlParseXMLDecl Function Heap-based buffer overflow vulnerability in HIFI driver on Huawei P8 and Mate S smartphones Heap-based buffer overflow vulnerability in HIFI driver on Huawei P8 and Mate S smartphones Bridge Hijacking Vulnerability in Apache Cordova-Android Arbitrary Code Execution Vulnerability in NetApp OnCommand System Manager 8.3.x before 8.3.2 NULL pointer dereference vulnerability in ext4_fill_super function in the Linux kernel before 2.6.34 Privilege Escalation via Crafted Environment in OpenSSH Arbitrary File Write Vulnerability in IPTables-Parse Module Arbitrary Command Execution Vulnerability in foomatic-rip and foomatic-filters Unspecified vulnerability in NVIDIA GPU graphics driver allows local users to obtain sensitive information, cause denial of service, or gain privileges Weak Encryption Vulnerability in SAP Manufacturing Integration and Intelligence (MII) Allows Password Decryption and Downgrade Attacks Denial of Service Vulnerability in SAP Plant Connectivity (PCo) Agent Session ID Replay Vulnerability in Huawei VCN500 Horizontal Privilege Escalation Vulnerability in Huawei Video Content Management (VCM) Remote IP Address Change Vulnerability in Huawei VCN500 SQL Injection Vulnerability in Huawei VCN500 OMU (V100R002C00SPC201) Clear-text Password Logging Vulnerability in Huawei VCN500 Software Information Disclosure Vulnerability in Huawei FusionCompute Denial of Service Vulnerability in Huawei P8 and Mate7 Phones Denial of Service and Potential Impact Vulnerability in Xen 4.6.x and Earlier Improper Page Handback Vulnerability in Xen Hypervisor Improper Lock Release in Xen's memory_exchange Function Denial of Service Vulnerability in Xen's libxl Toolstack Library Denial of Service Vulnerability in QEMU qemu-kvm eepro100 Emulator Sensitive Information Disclosure in Redmine Time Logging Form Cross-site scripting (XSS) vulnerability in SourceBans allows remote code injection via advSearch parameter Cross-Site Scripting (XSS) Vulnerabilities in Calls to Action Plugin for WordPress Gwolle Guestbook Plugin Remote File Inclusion Vulnerability Arbitrary File Inclusion Vulnerability in Zen Cart 1.5.4 Cross-Site Scripting (XSS) Vulnerability in Role Scoper Plugin for WordPress Arbitrary Web Script Injection in Ultimate Member WordPress Plugin Multiple SQL Injection Vulnerabilities in Bitrix Orion Extfeedbackform Module SQL Injection Vulnerabilities in Bitrix mcart.xls Module 6.5.2 and Earlier Directory Traversal Vulnerability in Bitrix.xscan Module Allows Arbitrary File Renaming Directory Traversal Vulnerability in Bitrix MPBuilder Module Arbitrary Code Execution via Serialized Data in Atlassian Bamboo Unauthenticated Access and Privilege Escalation in Atlassian Bamboo Hardcoded Password Vulnerability in Harman AMX Devices JPEG 2000 Image Processing Vulnerability Integer overflow vulnerability in ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 Out-of-bounds array access vulnerability in FFmpeg's smka_decode_frame function Array Index Error in smal_decode_segment Function in LibRaw Memory Object Initialization Vulnerability in Libraw's phase_one_correct Function Privilege Escalation via User Cookie and Username Parameter in ntopng SQL Injection Vulnerability in Cacti 0.8.8f and Earlier: Remote Code Execution via rra_id Parameter Grub2 Integer Underflow Vulnerabilities Cache Poisoning Vulnerability in Composer Remote Denial of Service Vulnerability in ISC Kea DHCP Servers Information Disclosure Vulnerability in Linux Kernel's Btrfs Filesystem Handling of Compressed Inline Extents PHP-Fusion 9 XSS Vulnerability Arbitrary Web Script Injection in Symphony CMS 2.6.3 SQL Injection Vulnerability in Cacti 0.8.8f and Earlier Cleartext Password Data Exposure in KeePassX XML Export CSRF Protection Bypass via _method Parameter in CakePHP 2.x and 3.x PCRE Heap-based Buffer Overflow Vulnerability Heap-based buffer overflow vulnerability in PCRE and PCRE2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression. PCRE match function vulnerability in pcre_exec.c (ZDI-CAN-2547) PCRE before 8.38 Remote Code Execution Vulnerability PCRE Buffer Overflow Vulnerability PCRE Buffer Overflow Vulnerability PCRE Lookbehind Assertion Buffer Overflow Vulnerability PCRE Integer Overflow Vulnerability PCRE before 8.38 Remote Code Execution Vulnerability Denial of Service Vulnerability in PCRE before 8.38 PCRE before 8.38 Vulnerability: Denial of Service and Uninitialized Memory Read PCRE Regular Expression Denial of Service Vulnerability PCRE Vulnerability: Denial of Service and Buffer Overflow via Crafted Regular Expression PCRE before 8.38 - Mishandling of -q Option for Binary Files Vulnerability PCRE Integer Overflow Vulnerability PCRE Denial of Service Vulnerability Arbitrary Code Execution via Integer Overflow in Grassroots DICOM (GDCM) ImageRegionReader Out-of-Bounds Read Vulnerability in GDCM's JPEGLSCodec::DecodeExtent Function Arbitrary Web Script Injection in Atlassian Confluence (before 5.8.17) via PATH_INFO Information Disclosure Vulnerability in Atlassian Confluence Vulnerability: DNS Rebinding Attack via Shell In A Box's HTTPS Fallback Implementation Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Unspecified vulnerability in Adobe Flash Player and Adobe AIR before 20.0.0.204 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player allows arbitrary code execution Use-after-free vulnerability in Adobe Flash Player allows arbitrary code execution Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via crafted XML object during toString call Arbitrary Code Execution via Type Confusion in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player and Adobe AIR before 20.0.0.204 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player allows arbitrary code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution via Integer Overflow in Adobe Flash Player Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204: MP3 COMM Tag Buffer Overflow Vulnerability Use-after-free vulnerability in Adobe Flash Player allows arbitrary code execution Use-after-free vulnerability in Adobe Flash Player DisplacementMapFilter Implementation Use-after-free vulnerability in Adobe Flash Player allows arbitrary code execution Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via crafted filters property value in TextField object Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Bypassing ASLR Protection in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows arbitrary code execution via unspecified vectors Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 vulnerability Heap-based Buffer Overflow in AGM.dll in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Race condition vulnerability in resolver.c in ISC BIND 9.9.8 and 9.10.3 allows remote attackers to cause denial of service Replay Attack Vulnerability in Swift3 Before 1.9 Improper Access Control in Samba's samldb_check_user_account_control_acl Function Insecure Cookie Transmission in Puppet Enterprise Console Buffer Overflow in png_set_PLTE Function in libpng Sensitive Information Disclosure in Redmine Issues API Open redirect vulnerability in valid_back_url function in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 CRLF Injection Vulnerabilities in PHPMailer before 5.2.14 Redmine Flash Message XSS Vulnerability Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Use-after-free vulnerability in Google Chrome allows unauthorized access to audio output device