Vulnerability Index: Year 2016

Scripting Engine Memory Corruption Vulnerability Microsoft Edge Memory Corruption Vulnerability Same Origin Policy Bypass in Microsoft Internet Explorer 9-11 Windows Mount Point Elevation of Privilege Vulnerability Windows Mount Point Elevation of Privilege Vulnerability Windows GDI32.dll ASLR Bypass Vulnerability Win32k Remote Code Execution Vulnerability Microsoft Office Memory Corruption Vulnerability SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 Access Control Policy Bypass Vulnerability Microsoft Office ASLR Bypass Vulnerability DLL Loading Elevation of Privilege Vulnerability in Microsoft Windows DirectShow Heap Corruption Remote Code Execution Vulnerability DLL Loading Remote Code Execution Vulnerability DLL Loading Remote Code Execution Vulnerability Windows Remote Desktop Protocol Security Bypass Vulnerability MAPI DLL Loading Elevation of Privilege Vulnerability Microsoft Office Memory Corruption Vulnerability in InfoPath 2007, 2010, and 2013 Microsoft Office Memory Corruption Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Exchange Information Disclosure Vulnerability Outlook Web Access (OWA) Cross-Site Scripting (XSS) Vulnerability Outlook Web Access (OWA) Cross-Site Scripting (XSS) Vulnerability Outlook Web Access (OWA) Cross-Site Scripting (XSS) Vulnerability Exchange Spoofing Vulnerability in Outlook Web Access (OWA) .NET Framework Stack Overflow Denial of Service Vulnerability Silverlight Runtime Remote Code Execution Vulnerability Microsoft Office Memory Corruption Vulnerability Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability ADFS 3.0 Denial of Service Vulnerability Windows Journal Memory Corruption Vulnerability SharePoint Server Cross-Site Scripting (XSS) Vulnerability Windows Elevation of Privilege Vulnerability DLL Loading Remote Code Execution Vulnerability Windows DLL Loading Remote Code Execution Vulnerability Windows DLL Loading Denial of Service Vulnerability in Sync Framework Remote Code Execution Vulnerability in Windows Reader Windows Forms Information Disclosure Vulnerability Win32k Elevation of Privilege Vulnerability Windows Kerberos Security Feature Bypass Network Policy Server RADIUS Implementation Denial of Service Vulnerability WebDAV Elevation of Privilege Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office 2007 SP3 Remote Code Execution Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Security Feature Bypass Vulnerability PDF Library Buffer Overflow Vulnerability in Microsoft Windows Internet Explorer Hyperlink Object Library Information Disclosure Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Same Origin Policy Bypass Vulnerability Internet Explorer Same Origin Policy Bypass Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Microsoft Browser Spoofing Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Microsoft Edge ASLR Bypass Vulnerability Critical Memory Corruption Vulnerability in Microsoft Edge Windows Elevation of Privilege Vulnerability Hyper-V Remote Code Execution Vulnerability Hyper-V Information Disclosure Vulnerability Hyper-V Information Disclosure Vulnerability Windows OLE Memory Remote Code Execution Vulnerability Windows OLE Memory Remote Code Execution Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Windows Media Parsing Remote Code Execution Vulnerability Secondary Logon Elevation of Privilege Vulnerability Library Loading Input Validation Remote Code Execution Vulnerability Windows Media Parsing Remote Code Execution Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Microsoft Edge Memory Corruption Vulnerability Windows PDF Library Remote Code Execution Vulnerability Windows PDF Library Remote Code Execution Vulnerability OpenType Font Parsing Vulnerability in Adobe Type Manager Library OpenType Font Parsing Vulnerability in Adobe Type Manager Library Microsoft Office Memory Corruption Vulnerability Microsoft Edge Remote Code Execution Vulnerability Microsoft Edge Remote Code Execution Vulnerability Microsoft Edge Referer Policy Information Disclosure Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Windows SAM and LSAD Downgrade Vulnerability Microsoft Edge Remote Code Execution and Memory Corruption Vulnerability Microsoft Edge Remote Code Execution Vulnerability .NET XML Signature Spoofing Vulnerability USB Mass Storage Elevation of Privilege Vulnerability Microsoft Office Memory Corruption Vulnerability Windows Secondary Logon Elevation of Privilege Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft APP-V ASLR Bypass Vulnerability Microsoft Exchange Information Disclosure Vulnerability Office Memory Corruption Vulnerability in Microsoft Excel 2010, Word for Mac 2011, and Excel Viewer Microsoft Office Memory Corruption Vulnerability Microsoft Office Visual Basic Macro Certificate-Store Private Key Information Disclosure Vulnerability Microsoft Video Control Remote Code Execution Vulnerability Win32k Elevation of Privilege Vulnerability Graphics Memory Corruption Vulnerability in Microsoft Windows and Office Applications MSXML 3.0 Remote Code Execution Vulnerability .NET Framework Library Loading Privilege Escalation Vulnerability TLS/SSL Information Disclosure Vulnerability in Microsoft .NET Framework HTTP.sys Denial of Service Vulnerability Windows CSRSS Security Feature Bypass Vulnerability Windows DLL Loading Remote Code Execution Vulnerability Windows OLE Remote Code Execution Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Edge Remote Code Execution Vulnerability Microsoft Edge Memory Corruption Vulnerability Microsoft Edge Memory Corruption Vulnerability Microsoft Edge Same Origin Policy Bypass Vulnerability Internet Explorer 9 Memory Corruption Vulnerability DLL Loading Remote Code Execution Vulnerability in Microsoft Internet Explorer 11 Microsoft Edge Same Origin Policy Bypass Vulnerability Internet Explorer File Existence Disclosure Vulnerability Internet Explorer Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability Internet Explorer 11 Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Kernel-Object Address Disclosure Vulnerability Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability Remote Code Execution via Malformed RPC Requests in Windows Operating Systems Windows Shell Remote Code Execution Vulnerability Windows Kernel Symbolic Link Privilege Escalation Vulnerability Hypervisor Code Integrity Security Feature Bypass in Microsoft Windows 10 Gold and 1511 Windows Journal Remote Code Execution Vulnerability Microsoft Office Graphics RCE Vulnerability Direct3D Use After Free Vulnerability in Microsoft Windows Windows Media Center Remote Code Execution Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Internet Explorer Security Feature Bypass Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Internet Explorer 9-11 Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Internet Explorer File Permissions Bypass Vulnerability Windows Imaging Component Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability Microsoft Office Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability GSKit MD5 Collision Vulnerability in IBM Security Network Protection 5.3.1 User Task Data Leakage Vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator Task API Information Disclosure Vulnerability Open Redirect Vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 User Enumeration Vulnerability in IBM Cloud Orchestrator 2.3 and 2.4 IBM Cloud Orchestrator Local Authenticated Server Slowdown Vulnerability Clickjacking Vulnerability in IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 Denial of Service Vulnerability in IBM WebSphere Commerce Arbitrary Script Injection Vulnerability in IBM WebSphere Portal 8.5.0 before CF09 IBM Sterling B2B Integrator Standard Edition Information Disclosure Vulnerability Denial of Service Vulnerability in IBM DB2 Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 Arbitrary File Upload Vulnerability in IBM Tivoli Endpoint Manager Denial of Service Vulnerability in IBM DB2 9.7, 10.1, and 10.5 Stack-based Buffer Overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 Stored Cross-Site Scripting Vulnerability in IBM Cognos Business Intelligence and IBM Cognos Analytics Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Business Intelligence and IBM Cognos Analytics XML External Entity (XXE) Denial of Service Vulnerability in IBM Rational Team Concert IBM Cognos TM1 Cross-Site Scripting (XSS) Vulnerability Arbitrary Purchase-Order Work Log Access Vulnerability in IBM Maximo Asset Management 7.6 Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Forms Server Arbitrary SQL Command Execution Vulnerability in IBM Marketing Platform Unspecified Information Disclosure Vulnerability in IBM WebSphere Commerce Privilege Escalation Vulnerability in IBM Informix Dynamic Server 11.70.xCn on Windows IBM Business Process Manager (BPM) Multiple Versions Cross-Site Scripting (XSS) Vulnerability Open Redirect Vulnerability in IBM Marketing Platform 10.0 Allows for Phishing Attacks Arbitrary Web Script Injection Vulnerability in IBM Marketing Platform 8.6.x and 9.x Root Access Vulnerability in IBM Power Hardware Management Console (HMC) Sensitive Information Disclosure in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0 before FP12 Sensitive Information Disclosure in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0 before FP12 Arbitrary SQL Command Execution Vulnerability in IBM Marketing Platform Information Disclosure Vulnerability in IBM OpenPages GRC Platform Hardcoded Password Vulnerability in IBM Security Guardium Database Activity Monitor 10 Arbitrary Command Execution Vulnerability in IBM Security Guardium Database Activity Monitor Local Information Disclosure in IBM Security Guardium Database Activity Monitor 10 ClearText Transmission of Sensitive Data in IBM Security Guardium Unspecified Remote Code Execution Vulnerability in IBM Security Guardium Database Activity Monitor Lack of HSTS Protection in IBM Security Guardium Database Activity Monitor Spoofing Vulnerability in IBM Security Guardium Database Activity Monitor Sensitive Information Disclosure through Application Error Message Arbitrary web script injection vulnerability in IBM WebSphere Portal versions 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 Arbitrary web script injection vulnerability in IBM WebSphere Portal versions 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 XML External Entity (XXE) Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM Security Guardium Sensitive Cleartext Information Disclosure in IBM Security Guardium Versions 8.2, 9.x, and 10.x SSL Session Information Disclosure Vulnerability in IBM Security Guardium SQL Injection Vulnerability in IBM Security Guardium Database Activity Monitor XML External Entity (XXE) Vulnerability in IBM InfoSphere Information Governance Catalog Local User Decryption of Master Key Vulnerability Arbitrary web script injection vulnerability in IBM Financial Transaction Manager (FTM) for ACH, Check, and Corporate Payment Services XML External Entity Injection (XXE) Vulnerability in IBM Cognos Business Intelligence 10.1 and 10.2 Stored Cross-Site Scripting Vulnerability in IBM Marketing Platform 9.1 and 10.0 Bypass of +dsp Authority Requirement in IBM WebSphere MQ 8.x Memory Leak Vulnerability in IBM WebSphere MQ 8.x Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Curam Social Program Management and IBM Care Management Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management Privilege Escalation and Denial of Service Vulnerability in IBM Spectrum Scale and General Parallel File System Buffer Overflow Vulnerability in IBM SDK, Java Technology Edition Cross-Site Scripting (XSS) Vulnerability in IBM Campaign Allows for Cookie Theft Insecure TLS Version Default in IBM AIX and VIOS Sensitive Cleartext Secure-Property Information Disclosure in IBM UrbanCode Deploy XML External Entity (XXE) Vulnerability in IBM Financial Transaction Manager (FTM) for ACH, Check, and Corporate Payment Services Arbitrary Web Script Injection in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 Nonce Reuse Vulnerability in IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1 Unverified Server Identity Vulnerability in IBM UrbanCode Deploy Agents CSRF Vulnerability in IBM Financial Transaction Manager (FTM) for ACH, Check, and Corporate Payment Services Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management and related products Clickjacking Vulnerability in IBM Financial Transaction Manager (FTM) for ACH, Check, and Corporate Payment Services Sensitive Information Disclosure in IBM Financial Transaction Manager (FTM) for Multi-Platform Arbitrary Code Execution via Crafted Serialized JMS ObjectMessage in IBM Financial Transaction Manager (FTM) Heap-based Buffer Overflow in KeyView PDF Filter in IBM Domino 8.5.x and 9.x Heap-based Buffer Overflow in KeyView PDF Filter in IBM Domino 8.5.x and 9.x Heap-based Buffer Overflow in KeyView PDF Filter in IBM Domino 8.5.x and 9.x Arbitrary web script injection vulnerability in IBM Information Server Framework and InfoSphere Information Server Denial of Service Vulnerability in IBM AIX and VIOS Jumbo Frames IBM iNotes before 8.5.3 FP6 IF2 Cross-Site Scripting (XSS) Vulnerability Arbitrary Script Injection in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 XML External Entity (XXE) vulnerability in IBM Rational Collaborative Lifecycle Management, Rational Quality Manager, Rational Team Concert, Rational DOORS Next Generation, Rational Engineering Lifecycle Manager, Rational Rhapsody Design Manager, and Rational Software Architect Design Manager before iFix8, iFix11, iFix18, and iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference. Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management and related products Unspecified Privilege Vulnerability in IBM Tivoli Business Service Manager Unspecified Vector Vulnerability in IBM i Access 7.1 on Windows XML External Entity (XXE) Vulnerability in IBM Security AppScan Bypassing Item-Selection Restrictions in IBM Maximo Asset Management Arbitrary Command Execution Vulnerability in IBM BigFix Platform Cleartext System Password Disclosure in IBM BigFix Platform Arbitrary Web Script Injection Vulnerability in IBM BigFix Platform IBM BigFix Platform Cross-Site Request Forgery (CSRF) Vulnerability Local User Access to Potentially Sensitive Information in IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) Log Files Missing HTTP Strict-Transport-Security Header in IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) Allows Remote Information Disclosure IBM Security Guardium Database Activity Monitor 10 Directory Traversal Vulnerability Sensitive Information Disclosure in IBM TRIRIGA Application Platform Arbitrary JSP Page Access Vulnerability in IBM TRIRIGA Application Platform Heap-based Buffer Overflow in KeyView PDF Filter in IBM Domino 8.5.x and 9.x Arbitrary Web Script Injection Vulnerability in IBM Tivoli Integrated Portal Incomplete Fix for UNC Share Pathname Authentication Bypass in IBM Domino 8.5.x and 9.x Cross-Site Scripting (XSS) Vulnerability in IBM Connections Allows for Cookie Theft Misconfigured TLS in IBM WebSphere Application Server (WAS) 7.0, 8.0, and 8.5 with FIPS 140-2 enabled allows for sensitive information disclosure Information Disclosure via Stack Traces in IBM Connections 5.5 and Earlier Link Manipulation Vulnerability in IBM Connections 5.5 and Earlier: Display of Inappropriate Background Images Host Header Injection Vulnerability in IBM Connections 5.5 and Earlier Arbitrary Web Script Injection Vulnerability in IBM Tivoli Business Service Manager Unauthenticated Access to Document Manager in IBM TRIRIGA Application Platform before 3.3.2 Arbitrary Script Injection in IBM Jazz Reporting Service (JRS) Clickjacking Vulnerability in IBM Jazz Reporting Service (JRS) Session Hijacking Vulnerability in IBM Jazz Reporting Service (JRS) Arbitrary Web Script Injection in IBM Jazz Reporting Service 6.0 and 6.0.1 Clickjacking Vulnerability in IBM Jazz Reporting Service 6.0 and 6.0.1 Session ID Persistence in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 XML External Entity (XXE) Vulnerability in IBM Jazz Reporting Service 6.0 and 6.0.1 Unauthorized Modification of UCD Objects in IBM UrbanCode Deploy Credential Extraction Vulnerability in IBM Personal Communications (PCOMM) 6.x and 12.x Arbitrary Web Script Injection Vulnerability in IBM Connections X.509 Certificate Validation Bypass in Auto-Scaling Agent in IBM Bluemix Arbitrary Code Execution Vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 Arbitrary OS Command Execution Vulnerability in IBM Rational Products Arbitrary OS Command Execution in IBM Rational Quality Manager and Rational Collaborative Lifecycle Management Unspecified Local Privilege Escalation Vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 Privilege Escalation Vulnerability in IBM Security Guardium Database Activity Monitor Open Redirect Vulnerability in IBM Emptoris Sourcing Versions 10.0.0.x to 10.1.0.0_iFix3 Password Creation Vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 Arbitrary Web Script Injection Vulnerability in IBM Rational Team Concert and Rational Collaborative Lifecycle Management Improper Restriction of Failed Login Attempts in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 CSRF Vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 Arbitrary Web Script Injection Vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 Cleartext Password Disclosure in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 Session Identifier Spoofing Vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 Session Hijacking Vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 Lack of HTTPS Encryption in IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications Arbitrary Report Access Vulnerability in IBM TRIRIGA Application Platform Sensitive Information Disclosure in IBM TRIRIGA Application Platform Arbitrary Web Script Injection Vulnerability in IBM TRIRIGA Application Platform Information Disclosure Vulnerability in IBM TRIRIGA Application Platform Arbitrary Web Script Injection in IBM Cognos Business Intelligence IBM TRIRIGA Application Platform 3.3 - 3.4 Cross-Site Request Forgery (CSRF) Vulnerability Remote authenticated users can bypass access restrictions and update process-instance variables in IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606. Arbitrary Script Injection in IBM Jazz Reporting Service (JRS) Insecure Session Cookie Handling in IBM Security Identity Manager Virtual Appliance 7.0.x Insecure Session Cookie Transmission in IBM Security Privileged Identity Manager 2.0 File Upload Vulnerability in IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 Cross-Site Request Forgery Vulnerability in IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 Cross-Site Request Forgery Vulnerability in IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 Clickjacking Vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 Unauthorized User Enumeration and Meeting Joining Vulnerability in IBM Sametime 8.5.2 and 9.0 CRLF Injection Vulnerability in IBM WebSphere Application Server (WAS) Arbitrary Code Execution Vulnerability in IBM Websphere MQ JMS Client Information Disclosure Vulnerability in IBM General Parallel File System (GPFS) Spectrum Scale GUI Server-side Request Forgery (SSRF) Vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 Incomplete fix for CVE-2013-3009 allows bypassing of sandbox protection mechanism Information Disclosure Vulnerability in IBM UrbanCode Deploy Authentication Bypass Vulnerability in IBM UrbanCode Deploy Weak Encryption Vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.x Information Disclosure Vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.x IBM Forms Experience Builder XXE Vulnerability Arbitrary Script Injection Vulnerability in IBM Forms Experience Builder Tivoli Storage Manager (TSM) Password Disclosure Vulnerability Insecure Session Cookie Handling in IBM Rational Products Unauthorized Access to Sensitive Information in IBM UrbanCode Deploy Privilege Escalation in IBM TRIRIGA Application Platform Builder Tools Arbitrary Command Execution Vulnerability in IBM MessageSight Incomplete fix for deserialization vulnerability in IBM SDK, Java Technology Edition CSRFtoken Cookie Mishandling Vulnerability in IBM WebSphere Application Server Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) Liberty Denial of Service Vulnerability in IBM WebSphere MQ 7.5 and 8.0 Default File Permissions Vulnerability in IBM Sterling Connect:Direct for Unix Denial of Service Vulnerability in IBM Cognos TM1 10.2.2 Exposure of Operational State in IBM Tealeaf Consumer Experience Portal Buffer Overflow Vulnerability in IBM WebSphere Application Server (WAS) Allows Information Disclosure CSRF Vulnerability in IBM TRIRIGA Application Platform Allows Authentication Hijacking IBM TRIRIGA Application Platform 3.3 - 3.5 Cross-Site Scripting (XSS) Vulnerability Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 Arbitrary Web Script Injection Vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 Insecure Random Number Generation in IBM Watson Developer Cloud Services on Bluemix Platforms Privilege Escalation Vulnerability in IBM General Parallel File System (GPFS) Sensitive URL Information Disclosure in IBM Maximo Asset Management Insecure File Permissions Vulnerability in IBM Integration Bus and WebSphere Message Broker Privilege Escalation Vulnerability in IBM Tivoli Endpoint Manager Information Disclosure Vulnerability in WebReports of IBM BigFix Platform Content Spoofing Vulnerability in IBM Cognos Analytics (CA) 11.0 before 11.0.2 Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management CRLF Injection Vulnerability in IBM WebSphere eXtreme Scale Unspecified Integrity Vulnerability in Oracle BI Publisher Component Unspecified Networking Vulnerability in Oracle Java SE and Java SE Embedded Components Remote Denial of Service Vulnerability in Oracle Sun Solaris 11 via SMB Utilities Unspecified Integrity Vulnerability in Oracle Identity Federation Component in Oracle Fusion Middleware 11.1.2.2 Unspecified Local Confidentiality Vulnerability in Solaris Cluster Component Local Privilege Escalation Vulnerability in Oracle Sun Solaris 11 Confidentiality vulnerability in PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to compromise confidentiality and integrity via Activity Guide sub-component. Confidentiality vulnerability in PeopleSoft Enterprise HCM Global Payroll Switzerland component in Oracle PeopleSoft Products 9.1 and 9.2 Unspecified vulnerability in Oracle Enterprise Manager Grid Control 11.1.0.1 and 11.2.0.4 Unspecified Integrity Vulnerability in PeopleSoft Enterprise SCM eProcurement Component Unspecified Integrity Vulnerability in Oracle Identity Federation Component in Oracle Fusion Middleware 11.1.1.7 Unspecified vulnerability in Oracle Sun Solaris 11 affecting Solaris Kernel Zones Unspecified vulnerability in Oracle Enterprise Manager Grid Control: Confidentiality, Integrity, and Availability Impact via UI Framework Remote Integrity Affecting Vulnerability in Oracle Sun Solaris 11 Unspecified vulnerability in Solaris Cluster component allows local users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Sun Solaris 11 affecting Solaris Kernel Zones Unspecified vulnerability in Oracle Sun Solaris 11 related to Solaris Kernel Zones Unspecified Remote Availability Vulnerability in JD Edwards EnterpriseOne Tools Unspecified Remote Availability Vulnerability in JD Edwards EnterpriseOne Tools Unspecified Remote Code Execution Vulnerability in JD Edwards EnterpriseOne Tools Unspecified vulnerability in JD Edwards EnterpriseOne Tools component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in JD Edwards EnterpriseOne Tools Unspecified vulnerability in JD Edwards EnterpriseOne Tools component allows remote authenticated users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Sun Solaris 11 affecting Solaris Kernel Zones Unspecified Confidentiality Vulnerability in Oracle Enterprise Manager Grid Control Unspecified Verified Boot Vulnerability in Oracle Sun Solaris 11 Unspecified Integrity Vulnerability in Oracle BI Publisher Component Unspecified SSL-related vulnerability in Oracle Fusion Middleware Web Cache component Unspecified vulnerability in Oracle Sun Solaris 11 related to Solaris Kernel Zones Unspecified Local Availability Vulnerability in Oracle Outside In Technology Component Unspecified SSL-related vulnerability in Oracle Fusion Middleware Web Cache component (11.1.1.9.0) Unspecified Local Confidentiality Vulnerability in Oracle Retail Point-of-Service Component Unspecified Local Vulnerability in Oracle Retail Point-of-Service Component Unspecified Local Confidentiality Vulnerability in Oracle Retail Point-of-Service Component Unspecified Local Confidentiality Vulnerability in Oracle Retail Point-of-Service Component Unspecified Local Confidentiality Vulnerability in Oracle Retail Point-of-Service Component Unspecified SSL-related vulnerability in Oracle Fusion Middleware Web Cache component Remote Denial of Service Vulnerability in Oracle Sun Solaris 11 via NFSv4 Unspecified vulnerability in Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 Unspecified vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 Unspecified Confidentiality Vulnerability in Oracle Enterprise Manager Grid Control Unspecified vulnerability in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 Unspecified vulnerability in Oracle Enterprise Manager Grid Control with Agent Next Gen Unspecified vulnerability in Oracle Enterprise Manager Grid Control: Confidentiality Impact via Agent Next Gen Unspecified vulnerability in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 Confidentiality vulnerability in Oracle Java SE and Java SE Embedded components Unspecified vulnerability in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 Unspecified Remote Code Execution Vulnerability in Oracle GoldenGate Unspecified Remote Vulnerability in Oracle GoldenGate Component Unspecified Remote Vulnerability in Oracle GoldenGate Component Unspecified Remote Integrity Vulnerability in Oracle GlassFish Server Component Unspecified vulnerability in Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 Unspecified vulnerability in Oracle Enterprise Manager Grid Control with Agent Next Gen Unspecified vulnerability in Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 Unspecified vulnerability in Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 Kernel DAX Vulnerability in Oracle Sun Solaris 11 Unspecified vulnerability in Oracle Applications Framework component in Oracle E-Business Suite: Integrity Impact via Popup Windows Unspecified Remote Integrity Vulnerability in Oracle PeopleSoft Products 8.55 Unspecified Remote Code Execution Vulnerability in Oracle Database Server XDB Component Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in Oracle WebLogic Server Component Unspecified Local Availability Vulnerability in Solaris Cluster Component Unspecified vulnerability in Oracle Java SE and JRockit components allows remote attackers to affect availability via JAXP vectors Unspecified Integrity Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware Unspecified Local Confidentiality Vulnerability in Oracle Retail MICROS C2 Component Unspecified vulnerability in Oracle BI Publisher component allows remote authenticated users to affect confidentiality and integrity Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Database Server XDB component Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.54 and 8.55 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.54 and 8.55 Unspecified vulnerability in Oracle Java SE 8u66, Java SE Embedded 8u65, and JRockit R28.3.8 allows remote attackers to compromise confidentiality and integrity via unknown vectors related to Libraries. Unspecified directory traversal vulnerability in Oracle Application Testing Suite in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 Unspecified Directory Traversal Vulnerability in Oracle Application Testing Suite Unspecified vulnerability in Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 Unspecified vulnerability in Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware Unspecified Directory Traversal Vulnerability in Oracle Application Testing Suite Unspecified directory traversal vulnerability in Oracle Application Testing Suite in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 Unspecified directory traversal vulnerability in Oracle Application Testing Suite in Oracle Enterprise Manager Grid Control Unspecified vulnerability in Oracle Java SE allows remote attackers to execute arbitrary code via crafted image data Unspecified vulnerability in Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 Unspecified directory traversal vulnerability in Oracle Application Testing Suite in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 Unspecified directory traversal vulnerability in Oracle Application Testing Suite in Oracle Enterprise Manager Grid Control Unspecified Directory Traversal Vulnerability in Oracle Application Testing Suite Unspecified Directory Traversal Vulnerability in Oracle Application Testing Suite Component in Oracle Enterprise Manager Grid Control Unspecified directory traversal vulnerability in Oracle Application Testing Suite in Oracle Enterprise Manager Grid Control Unspecified directory traversal vulnerability in Oracle Application Testing Suite in Oracle Enterprise Manager Grid Control Unspecified vulnerability in Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 Unspecified Directory Traversal Vulnerability in Oracle Application Testing Suite Component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 Unspecified Local Vulnerability in Oracle Sun Solaris 11 Kernel Cryptography Unspecified 2D Vulnerability in Oracle Java SE and Java SE Embedded Components Unspecified Remote Availability Vulnerability in Oracle VM VirtualBox Unspecified Confidentiality Vulnerability in MICROS CWDirect Component in Oracle Retail Applications Unspecified Remote Integrity Vulnerability in Oracle Agile Engineering Data Management Component Unspecified Local Confidentiality Vulnerability in Oracle Agile Engineering Data Management Unspecified vulnerability in Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 Unspecified vulnerability in Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 Unspecified Remote Availability Vulnerability in Oracle Secure Global Desktop Component Unspecified Remote Availability Vulnerability in Oracle MySQL Unspecified DML-related vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 Unspecified DML-related vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 Unspecified vulnerability in Oracle MySQL and MariaDB versions allows remote authenticated users to affect availability Unspecified Remote Confidentiality Vulnerability in Oracle Retail Order Management System Cloud Service Unspecified Remote Integrity Vulnerability in Oracle iReceivables Component Unspecified Remote Integrity Vulnerability in Oracle iLearning Component Unspecified Remote Integrity Vulnerability in Oracle Internet Expenses Component Unspecified Remote Code Execution Vulnerability in Oracle E-Business Intelligence Component Unspecified vulnerability in Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Code Execution Vulnerability in Oracle Human Resources Component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Integrity Vulnerability in Oracle CRM Technical Foundation Component in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Code Execution Vulnerability in Oracle Quality Component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Code Execution Vulnerability in Oracle Human Resources Component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Code Execution Vulnerability in Oracle Human Resources Component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Integrity Vulnerability in Oracle iReceivables Component Unspecified Remote Code Execution Vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified Redirection Vulnerability in Oracle iProcurement Component Unspecified vulnerability in Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 Unspecified vulnerability in Oracle Interaction Blending component in Oracle E-Business Suite Unspecified Remote Code Execution Vulnerability in Oracle Universal Work Queue Component Unspecified Remote Code Execution Vulnerability in Oracle Universal Work Queue Component Unspecified Remote Integrity Vulnerability in Oracle CRM Technical Foundation Component Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified Remote Integrity Vulnerability in Oracle Applications Manager Unspecified vulnerability in Oracle CRM Technical Foundation component in Oracle E-Business Suite: Confidentiality and Integrity Impact via Security Assignments Unspecified Messaging Vulnerability in Oracle CRM Technical Foundation Component Unspecified Integrity Vulnerability in Oracle Project Contracts Component Remote Denial of Service Vulnerability in Oracle Sun Solaris 10 and 11 via RPC Unspecified Remote Integrity Vulnerability in Oracle Universal Work Queue Component Unspecified Remote Code Execution Vulnerability in Oracle Human Resources Component Unspecified Confidentiality Vulnerability in Oracle Financial Consolidation Hub Component Unspecified Remote Confidentiality Vulnerability in Oracle Report Manager Unspecified Confidentiality Vulnerability in Oracle Configurator Component Unspecified Confidentiality Vulnerability in Oracle Configurator Component Unspecified Remote Integrity Vulnerability in Oracle Field Service Component Unspecified Remote Code Execution Vulnerability in Oracle Marketing Component of Oracle E-Business Suite 11.5.10.2 Unspecified Remote Code Execution Vulnerability in Oracle Marketing Component Unspecified vulnerability in Oracle Customer Intelligence component in Oracle E-Business Suite Unspecified vulnerability in Oracle MySQL and MariaDB versions allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. Unspecified vulnerability in Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in Oracle CRM Technical Foundation component in Oracle E-Business Suite: Confidentiality and Integrity Impact via CRM HTML Administration Unspecified vulnerability in Oracle Customer Intelligence component in Oracle E-Business Suite Unspecified vulnerability in Oracle Customer Intelligence component in Oracle E-Business Suite Unspecified Remote Code Execution Vulnerability in Oracle E-Business Intelligence Component Unspecified vulnerability in Oracle Interaction Center Intelligence component in Oracle E-Business Suite: Confidentiality and Integrity Impact Unspecified Integrity Vulnerability in Oracle CADView-3D Component in Oracle E-Business Suite Unspecified vulnerability in Oracle Advanced Collections component in Oracle E-Business Suite Unspecified vulnerability in Oracle Advanced Collections component in Oracle E-Business Suite Unspecified Integrity Vulnerability in Oracle Service Contracts Component Unspecified vulnerability in Oracle Customer Intelligence component in Oracle E-Business Suite Unspecified vulnerability in Oracle Customer Intelligence component in Oracle E-Business Suite Unspecified vulnerability in Oracle E-Business Intelligence component in Oracle E-Business Suite Unspecified Integrity Vulnerability in Oracle Common Applications Component in Oracle E-Business Suite Unspecified Remote Code Execution Vulnerability in Oracle CRM Technical Foundation Component Unspecified vulnerability in Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 Unspecified Remote Integrity Vulnerability in Oracle Marketing Component Unspecified vulnerability in Oracle Marketing component affecting confidentiality in Oracle E-Business Suite Unspecified Confidentiality Vulnerability in Oracle E-Business Intelligence Component Unspecified Confidentiality Vulnerability in Oracle Email Center Component in Oracle E-Business Suite Unspecified Remote Confidentiality Vulnerability in Oracle E-Business Intelligence Component Unspecified Confidentiality Vulnerability in Oracle HCM Configuration Workbench Unspecified Confidentiality Vulnerability in Oracle Balanced Scorecard Component Unspecified vulnerability in Oracle WebLogic Server component affecting confidentiality, integrity, and availability via Coherence Container Unspecified vulnerability in Oracle WebLogic Server component affecting confidentiality, integrity, and availability via WLS Java Messaging Service vectors Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified Remote Integrity Vulnerability in Oracle Learning Management Component Unspecified vulnerability in Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 Unspecified vulnerability in Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Integrity Vulnerability in Oracle CRM Technology Foundation Component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Code Execution Vulnerability in Oracle Report Manager Unspecified vulnerability in Oracle Approvals Management component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Integrity Vulnerability in Oracle CRM Technology Foundation Component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Integrity Vulnerability in Oracle CRM Technology Foundation Component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Integrity Vulnerability in Oracle CRM Technology Foundation Component in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Availability Vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified File Processing Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in Oracle General Ledger Component Unspecified Remote Code Execution Vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified Remote Integrity Vulnerability in PeopleSoft Enterprise SCM Order Management Component Unspecified vulnerability in PeopleSoft Enterprise SCM Purchasing component allows remote authenticated users to compromise confidentiality and integrity via Supplier Change. Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox Remote authenticated users can disrupt availability in Oracle MySQL 5.6.21 and earlier through unspecified DML-related vectors Remote authenticated users can disrupt availability in Oracle MySQL 5.6.27 and earlier through an unspecified vulnerability related to DML. Remote authenticated users can affect availability in Oracle MySQL and MariaDB through DML-related vectors Unspecified vulnerability in Oracle MySQL and MariaDB versions allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Remote authenticated users can affect availability in Oracle MySQL and MariaDB versions before specified releases through DML-related vectors Unspecified Remote Availability Vulnerability in Oracle MySQL 5.7.9 Unspecified vulnerability in Oracle MySQL and MariaDB versions allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Unspecified Remote Availability Vulnerability in Oracle MySQL 5.7.9 Related to Partition Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 Unspecified vulnerability in Java SE component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Availability Vulnerability in Oracle MySQL 5.6.26 and Earlier Unspecified Integrity Vulnerability in Oracle MySQL and MariaDB Unspecified Replication Vulnerability in Oracle MySQL 5.6.27 and Earlier and 5.7.9 Remote authenticated user availability vulnerability in Oracle MySQL and MariaDB Unspecified privilege-related vulnerability in Oracle MySQL and MariaDB Unspecified Remote Availability Vulnerability in MySQL and MariaDB Unspecified Remote Availability Vulnerability in Oracle MySQL 5.6.27 and Earlier and 5.7.9 Unspecified Confidentiality Vulnerability in Oracle BI Publisher Component Unspecified vulnerability in Oracle MySQL and MariaDB allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Unspecified Local Denial of Service Vulnerability in Oracle Linux 6 Kernel-uek Component Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to compromise confidentiality via unknown vectors in Zones. Remote Code Execution Vulnerability in Oracle Sun Solaris 11.3 Automated Installer Remote Code Execution Vulnerability in Bash 4.3 via '\h' Expansion Unspecified vulnerability in multiple Oracle components Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 affecting Hotspot sub-component Unspecified vulnerability in Oracle WebLogic Server component affecting confidentiality, integrity, and availability via Java Messaging Service vectors Pluggable Authentication Vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier Local privilege escalation vulnerability in Oracle MySQL and MariaDB Local Privilege Escalation Vulnerability in Oracle MySQL and MariaDB Local Privilege Escalation Vulnerability in Oracle MySQL Local Privilege Escalation Vulnerability in Oracle MySQL and MariaDB Local Denial of Service Vulnerability in Oracle MySQL and MariaDB Local Denial of Service Vulnerability in Oracle MySQL and MariaDB Local Denial of Service Vulnerability in Oracle MySQL and MariaDB Local Denial of Service Vulnerability in Oracle MySQL and MariaDB Local Denial of Service Vulnerability in Oracle MySQL and MariaDB Local Denial of Service Vulnerability in Oracle MySQL and MariaDB Replication Local Denial of Service Vulnerability in Oracle MySQL 5.5.46 and Earlier Unspecified DML-related vulnerability in Oracle MySQL 5.7.10 and earlier Local Denial of Service Vulnerability in Oracle MySQL 5.7.10 and earlier related to FTS Unspecified Local Availability Vulnerability in Oracle MySQL 5.7.10 and Earlier Local Denial of Service Vulnerability in Oracle MySQL and MariaDB Unspecified Local Availability Vulnerability in Oracle MySQL 5.7.10 and Earlier Confidentiality vulnerability in Oracle MySQL 5.7.11 and earlier related to JSON Local Denial of Service Vulnerability in Oracle MySQL 5.7.10 and earlier Local Denial of Service Vulnerability in Oracle MySQL 5.7.11 and earlier Local Denial of Service Vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier Local Denial of Service Vulnerability in Oracle MySQL 5.7.11 and earlier related to Partition Local Denial of Service Vulnerability in Oracle MySQL 5.7.10 and earlier Local Denial of Service Vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier Local Privilege Escalation Vulnerability in Oracle MySQL and MariaDB Local Denial of Service Vulnerability in Oracle MySQL 5.7.11 and earlier Local Denial of Service Vulnerability in Oracle MySQL and MariaDB Local Privilege Escalation Vulnerability in Oracle Sun Solaris 11.3 via Fwflash Unspecified vulnerability in Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 affecting confidentiality via OSSL Module vectors Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote attackers to compromise confidentiality and integrity via Pre-Login vectors. Unspecified vulnerability in Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Email-related vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 Unspecified Local Kernel Vulnerability in Oracle Sun Solaris 10 Unspecified Remote Code Execution Vulnerability in Oracle Database Server 12.1.0.1 and 12.1.0.2 Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to affect integrity and availability via PIA Grids. Unspecified vulnerability in PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 Unspecified vulnerability in Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 Unspecified vulnerability in Oracle Berkeley DB DataStore component Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to compromise confidentiality and integrity via Search Framework vectors Confidentiality vulnerability in Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 Unspecified File Processing Vulnerability in Oracle PeopleSoft Products Unspecified Serialization Vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Integrity Vulnerability in Oracle WebLogic Server Component Unspecified vulnerability in Oracle Berkeley DB DataStore component Unspecified Local Integrity Vulnerability in Oracle Database Server Unspecified Local Integrity Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Berkeley DB DataStore component PAM LDAP Module Vulnerability in Oracle Sun Solaris 10 and 11.3 Unspecified vulnerability in Oracle Berkeley DB DataStore component Confidentiality vulnerability in Oracle Java SE and JRockit R28.3.9 Unspecified Remote Code Execution Vulnerability in Oracle WebLogic Server Component Unspecified vulnerability in Oracle Application Object Library component in Oracle E-Business Suite Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote attackers to compromise confidentiality and integrity via Login sub-component. Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 Insecure Prime Number Selection in OpenSSL 1.0.2 CacheBleed: Exploiting Cache-Bank Access Times in OpenSSL OpenSSL SSLv2 Implementation CLIENT-MASTER-KEY Vulnerability Bleichenbacher RSA Padding Oracle Vulnerability in OpenSSL Double Free Vulnerability in OpenSSL's dsa_priv_decode Function Apache Tomcat Security Bypass Vulnerability Weak Permissions in Apache Ambari Agent Directory Allows Information Disclosure Remote Disclosure of Information Vulnerability in Cloud Foundry Applications Arbitrary Code Execution via Directory Traversal in Apache Jetspeed SQL Injection Vulnerabilities in Apache Jetspeed User Manager Service Arbitrary Web Script Injection via Title Parameter in Apache Jetspeed Apache Jetspeed 2.3.1 Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Gorouter of Cloud Foundry cf-release v141-v228 Arbitrary Code Execution via Session Persistence in Apache Tomcat Remote Information Disclosure Vulnerability in Pivotal Cloud Foundry Elastic Runtime Buffer Overflow Vulnerability in Expat XML Parser CSRF Vulnerability in pcsd Web UI in pcs before 0.9.149 Session Fixation Vulnerability in pcsd Race condition vulnerability in Linux kernel's tty_ioctl function allows local users to obtain sensitive information or cause a denial of service. Information Disclosure Vulnerability in Moodle Web Services Arbitrary web script injection vulnerability in Moodle search_pagination function Default Password Vulnerability in Fedora Nagios Package Privilege escalation vulnerability in ntp crontab script Integer Overflow and Use-After-Free Vulnerability in Linux Kernel's join_session_keyring Function Multiple Buffer Overflows in Apache Xerces-C XML Parser Library Arbitrary File Read Vulnerability in Apache Ambari File Browser View Privilege Escalation in Pivotal Cloud Foundry and UAA Authentication Bypass in Apache Ranger Admin UI Missing X-Frame-Options Header in Apache ActiveMQ Web-based Administration Console Apache Ranger 0.5.x Resource-Level Access Bypass Vulnerability Vulnerability: Padding Oracle Attack in Apache HTTP Server's mod_session_crypto Denial of Service Vulnerability in OpenStack Object Storage (Swift) Denial of Service Vulnerability in OpenStack Object Storage (Swift) Ephemeral Secrets Truncation Vulnerability in libssh Buffer Overflow in ImagingLibTiffDecode Function in Pillow Library Denial of Service Vulnerability in 389 Directory Server 1.3.4.x Denial of Service Vulnerability in Nginx Resolver Use-after-free vulnerability in nginx resolver allows remote attackers to cause denial of service or other impact via crafted DNS response Denial of Service Vulnerability in Nginx Resolver Heap-based Buffer Overflow in SPICE Smartcard Interaction Deserialization Vulnerability in HotRod Java Client of Infinispan Denial of Service vulnerability in Action Pack in Ruby on Rails Directory Traversal Vulnerability in Ruby on Rails Remote Code Execution Vulnerability in Active Model in Ruby on Rails Arbitrary File Write Vulnerability in cURL on Windows Improper Re-use of NTLM-authenticated Proxy Connections in libcurl Improper Field Separation in generate_dialback Function in Prosody Allows for XMPP Network Domain Spoofing Remote authenticated users can manipulate image status and upload new image data in OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty) by exploiting the removal of the last location of an image. Integer Overflow in Linux Kernel ASN.1 Decoder Allows Privilege Escalation Incomplete Blacklist Vulnerabilities in Apache Sentry: Remote Code Execution Container File Management Vulnerability in Cloud Foundry Garden-Linux and Elastic Runtime Timing Attack Vulnerability in Apache Tomcat Realms Arbitrary Application Data Access and Denial of Service Vulnerability in Apache Tomcat Race condition vulnerability in Network Manager before 1.0.12 allows local users to obtain sensitive connection information Arbitrary Web Script Injection in eShop Plugin for WordPress Unrestricted Access to Custom Configuration Settings in PostgreSQL Remote Code Execution in PostgreSQL PL/Java via Altered Classpath Unrestricted Access to Large Objects in PostgreSQL PL/Java after 9.0 Multiple SQL Injection Vulnerabilities in eShop Plugin 6.3.14 for WordPress Arbitrary Web Script Injection in Connections Business Directory Plugin for WordPress Samba DNS Server Denial of Service and Information Disclosure Vulnerability StartTLS Stripping Vulnerability in smtplib Library Denial of Service Vulnerability in PostgreSQL I/O Vector Array Overrun Vulnerability in Linux Kernel Buffer Overflow in ImagingFliDecode Function in Pillow Library Sensitive Information Disclosure in OpenSSH Client Heap-based Buffer Overflow in OpenSSH Roaming Functions Arbitrary Code Execution Vulnerability in Apache TomEE Improper Disk Quota Enforcement Vulnerability in cf-release and Pivotal Cloud Foundry Cross-Site Scripting (XSS) Vulnerability in UAA OAuth Approval Pages Cross-Site Scripting (XSS) Vulnerability in Apache ActiveMQ Administration Web Console Predictable Password Reset Tokens in Apache OpenMeetings Arbitrary File Write Vulnerability in Apache OpenMeetings Import/Export System Backups Forced Double OGNL Evaluation in Apache Struts 2.x before 2.3.28 Bits/Bytes Confusion Bug in libssh2's diffie_hellman_sha256 Function Jenkins Remoting Module Arbitrary Code Execution Vulnerability CRLF Injection Vulnerability in Jenkins CLI Command Documentation Insecure API Token Verification in Jenkins CSRF Token Verification Vulnerability in Jenkins Arbitrary Code Execution via Serialized Data in Jenkins API Endpoints Vulnerability: Incomplete Blacklist Filtering in WildFly Servlet Filter Memory Corruption Vulnerability in LibreOffice's lwp Filter Memory Corruption Vulnerability in LibreOffice Multiple Vulnerabilities in WordPress Plugin mb.miniAudioPlayer-an HTML5 Audio Player Integer Overflow Vulnerabilities in OpenSSL 1.0.1 and 1.0.2 Memory Leak Vulnerability in OpenSSL SRP_VBASE_get_by_user Implementation Improper String Length Calculation Vulnerability in OpenSSL 1.0.1 and 1.0.2 DROWN: Decrypting RSA with Obsolete and Weakened eNcryption Broadcom Wi-Fi Driver Remote Code Execution Vulnerability Broadcom Wi-Fi Driver Remote Code Execution Vulnerability Stagefright Media Server Remote Code Execution Vulnerability Memory Corruption Vulnerability in Android's NuPlayer::GenericSource::notifyPreparedAndCleanup Function Privilege Escalation Vulnerability in Qualcomm ARM Processors on Android Privilege Escalation Vulnerability in Qualcomm Wi-Fi Driver Privilege Escalation Vulnerability in Android Debuggerd Denial of Service via Crafted TTF Font in Minikin Library Use-after-free vulnerability in Wi-Fi cleanup function in Android 6.x before 2016-02-01 Privilege escalation vulnerability in Android SoundPool Integer Overflow in BnCrypto::onTransact Function in Android 6.x Bypassing Factory Reset Protection in Android Setup Wizard Bypassing Factory Reset Protection in Android Setup Wizard Memory Corruption Vulnerability in Android's MPEG4Extractor Remote Code Execution and Denial of Service Vulnerability in Android Mediaserver Improper Caching of Intermediate CA Certificates in Conscrypt Privilege Escalation Vulnerability in Qualcomm Performance Component Privilege Escalation Vulnerability in MediaTek Wi-Fi Kernel Driver Uninitialized List Entry Vulnerability in Linux Kernel Privilege Escalation Vulnerability in MediaTek Connectivity Kernel Driver Information Disclosure Vulnerability in Linux Kernel libmpeg2 vulnerability in libstagefright allows information disclosure and bypass of protection mechanism Widevine Trusted Application Vulnerability: Information Disclosure via Kernel Access Privilege Escalation via Unrestricted Camera Service Dump in Android Integer overflows in libeffects leading to privilege escalation in Android Uninitialized Variable Vulnerability in BnGraphicBufferConsumer::onTransact Function Uninitialized Data Structure Vulnerability in BnGraphicBufferProducer::onTransact Function Denial of Service Vulnerability in Bluetooth Configuration File Handling Unauthenticated Access to Sensitive Information in Android Telephony Bypassing Factory Reset Protection in Android Setup Wizard Android Denial of Service Vulnerability Unspecified Media Codec Vulnerability in Android 6.x Memory Corruption Vulnerability in Android 6.x Mediaserver (CVE-2016-xxxx) Stack-based Buffer Overflow in Android Mediaserver Arbitrary Code Execution and Denial of Service Vulnerability in Android's libstagefright Sonivox in mediaserver in Android: Arbitrary Code Execution and Denial of Service Vulnerability Memory Corruption Vulnerability in Android 6.x Mediaserver Stack-based buffer underflows in Android 6.x mediaserver (internal bug 26399350) Memory corruption vulnerability in Android mediaserver H.264 Decoder Memory Corruption Vulnerability in Android 6.x Privilege Escalation Vulnerability in Qualcomm ARM Processor Performance-Event Manager Privilege Escalation Vulnerability in Qualcomm RF Driver on Android 6.x Privilege escalation vulnerability in IMemory Native Interface in Android 4.x to 6.x Telecom Component Call Spoofing Vulnerability Race condition vulnerability in Android Download Manager allows bypassing of private-storage file-access restrictions Integer Overflow Vulnerabilities in Android Recovery Procedure Bluetooth Pairing Conflict Vulnerability Out-of-Bounds Memory Access Vulnerability in Advantech WebAccess Bypassing Administrative Requirement in Advantech WebAccess Before 8.1 Information Disclosure Vulnerability in Advantech WebAccess Unrestricted File Upload Vulnerability in Advantech WebAccess Dashboard Viewer Advantech WebAccess Directory Traversal Vulnerability Stack-based Buffer Overflow Vulnerabilities in Advantech WebAccess Heap-based Buffer Overflow Vulnerabilities in Advantech WebAccess 8.1 Race condition vulnerability in Advantech WebAccess before 8.1 allows remote code execution or denial of service Integer Overflow in Advantech WebAccess Kernel Service Allows Remote Code Execution Buffer Overflow Vulnerability in Advantech WebAccess BwpAlarm Subsystem Arbitrary Command Execution in GE Industrial Solutions UPS SNMP/Web Adapter Devices Information Disclosure Vulnerability in GE Industrial Solutions UPS SNMP/Web Adapter Devices Tollgrade SmartGrid LightHouse SMS Software EMS CSRF Vulnerability Sensitive Information Disclosure in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS Arbitrary Password Change Vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS Arbitrary Web Script Injection in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS Remote File Access Vulnerability in CAREL PlantVisorEnhanced Remote Code Execution Vulnerability in Rockwell Automation Allen-Bradley MicroLogix 1100 Devices Heap-based Buffer Overflow in MICROSYS PROMOTIC Allows Remote Authenticated Users to Cause Denial of Service Sensitive Configuration File Disclosure in Trane Tracer SC 4.2.1134 and Earlier Eaton Lighting EG2 Web Control Information Disclosure Vulnerability Plaintext Storage of Passwords in Kabona AB WebDatorCentral (WDC) Versions Prior to 3.4.0 Information Disclosure Vulnerability in Moxa Secure Router EDR-G903 Devices Cleartext Password Disclosure in Moxa Secure Router EDR-G903 Devices Memory Leak Vulnerability in Moxa Secure Router EDR-G903 Devices: Remote Denial of Service via Ping Function Denial of Service Vulnerability in Moxa Secure Router EDR-G903 Devices Information Disclosure Vulnerability in Moxa Secure Router EDR-G903 Devices DQL Injection Vulnerability in EMC Documentum xCP XML External Entity (XXE) vulnerability in EMC Documentum xCP 2.1 and 2.2 before patch 23 and 11 respectively Cookie-Encryption Key Reuse Vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager Sensitive User-Account Metadata Disclosure in EMC Documentum xCP Lenstra Side-Channel Attack in EMC RSA BSAFE Suite and Crypto Libraries Unintended ACL Vulnerability in EMC Documentum D2 before 4.6 Arbitrary File Write Vulnerability in EMC Unisphere for VMAX Virtual Appliance Sensitive Information Disclosure Vulnerability in EMC PowerPath Virtual (Management) Appliance 2.0 and 2.0 SP1 CSRF Vulnerabilities in EMC ViPR SRM Administrative Pages Allow Authentication Hijacking Arbitrary Web Script Injection Vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 Information Disclosure Vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 Bypassing Object Access Restrictions in EMC RSA Data Loss Prevention 9.6 before SP2 P5 Clickjacking Vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 Insecure Network Connectivity Restriction Bypass in Pivotal Cloud Foundry (PCF) Elastic Runtime Unspecified SSH Access Vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager Plaintext Logging of AWS Access Key in MySQL for PCF Tiles 1.7.x before 1.7.10 Sensitive Credential Information Disclosure in EMC RSA Archer GRC 5.5.x Unspecified Cross-Site Scripting (XSS) Vulnerability in EMC RSA Authentication Manager Unspecified Cross-Site Scripting (XSS) Vulnerability in EMC RSA Authentication Manager CRLF Injection Vulnerability in EMC RSA Authentication Manager Client-side authentication vulnerability in EMC Avamar Server before 7.3.0-233 allows remote attackers to spoof clients and read backup data. Shared Encryption Key Vulnerability in EMC Avamar Server Privilege Escalation Vulnerability in EMC Avamar Server Remote Directory Read and Delete Vulnerability in EMC Avamar EMC Isilon OneFS and IsilonSD Edge Multiple Vulnerabilities Root Shell Access Vulnerability in EMC Isilon OneFS 7.1.x and 7.2.x Critical Vulnerability in EMC Avamar Data Store and Avamar Virtual Edition: Potential Compromise of Avamar Servers Session Hijacking Vulnerability in EMC Data Domain OS Default no_root_squash Option in EMC Data Domain OS NFS Exports Vulnerability Bypassing Password-Change Restrictions in EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 Arbitrary Command Execution Vulnerability in EMC Replication Manager, EMC Network Module, and EMC Networker Module Arbitrary Command Execution Vulnerability in EMC Documentum WebTop, Documentum Administrator, Documentum Capital Projects, and Documentum TaskSpace RSA Authentication Manager Prime Self-Service 3.0 and 3.1 PIN Change Denial of Service Vulnerability Authentication Bypass Vulnerability in EMC NetWorker Duplicate NTLM Challenge-Response Nonce Vulnerability in EMC VNXe, VNX1, VNX2, and Celerra Information Disclosure Vulnerability in EMC RSA Identity Management and Governance Cross Site Scripting Vulnerability in EMC RSA Web Threat Detection Versions 5.0-5.1.2 Root Access Vulnerability in EMC Avamar Server Weak Permissions in EMC Avamar Server Allow Local Users to Obtain Root Access Unrestricted Password Authentication Attempts in EMC ViPR SRM before 3.7.2 Weak Algorithm Placement in EMC RSA BSAFE Micro Edition Suite (MES) Allows for Cryptographic Protection Bypass Arbitrary Web Script Injection Vulnerability in EMC RSA Adaptive Authentication Arbitrary Web Script Injection in Pivotal Cloud Foundry Elastic Runtime Arbitrary Web Script Injection Vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager Open Redirect Vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 Sensitive Information Disclosure in RabbitMQ for PCF 1.6.x Default Password Vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Adobe Reader and Acrobat Use-After-Free Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat AGM.dll Use-After-Free Vulnerability in Adobe Reader and Acrobat Double Free Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat OCG Object Use-After-Free Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Uninitialized Pointer Dereference and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Adobe Reader and Acrobat Use-After-Free Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Global Object Mishandling Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Untrusted Search Path Vulnerability in Adobe Download Manager CSRF Vulnerability in Adobe Connect before 9.5.2 Allows Remote Authentication Hijacking Unspecified Impact Vulnerability in Adobe Connect before 9.5.2 User Interface Spoofing Vulnerability in Adobe Connect Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Photoshop CC and Bridge CC Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Photoshop CC and Bridge CC Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Photoshop CC and Bridge CC Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions Arbitrary Code Injection through Mishandled Folder Title Field in Adobe Experience Manager (AEM) 6.1.0 Unspecified Information Disclosure Vulnerability in Apache Sling Servlets Post Component Bypassing Dispatcher Rules in Adobe Experience Manager Unspecified Impact Vulnerability in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 Use After Free Vulnerability in Multiple Versions of Adobe Flash Player and AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary code execution via integer overflow in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in URLRequest object implementation in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 Use-after-free vulnerability in instanceof function in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows arbitrary code execution via unspecified vectors Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows arbitrary code execution via unspecified vectors Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary code execution via integer overflow in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176: Arbitrary Code Execution via actionCallMethod Opcode with Crafted Arguments Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Use-after-free vulnerability in Adobe Flash Player setInterval method Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 Blind SQL Injection Vulnerability in Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Open Redirect Vulnerability in flask-oidc version 0.1.2 and earlier GDM3 3.14.2 and Later: Information Leak Vulnerability Before Screen Lock Remote Code Execution Vulnerability in Mirror Manager Version 0.7.2 and Older Type Casting Vulnerability in SimpleXMLElement_exportNode and simplexml_import_dom Type Confusion Vulnerability in mcrypt_get_block_size Use-After-Free Vulnerability in HHVM before 3.12.11 Pagure 2.2.1 Raw File Endpoint XSS Vulnerability TP-LINK Domain Hijacking Vulnerability Remote Code Execution Vulnerability in Pivotal Spring Framework Stored XSS Vulnerability in Tenable Nessus Before 6.8 (Tenable ID 5198) Stored XSS Vulnerability in Tenable Nessus Before 6.8 Vulnerability in X.509 Certificate Imports in Pidgin Versions <2.11.0 Apache Commons FileUpload Remote Code Execution Vulnerability Replay Attack Vulnerability in TGCaptcha2 Version 0.3.0 TLS/SSL Certification Validation Flaw in Shotwell 0.22.0 and Possibly Other Versions Potential Cross-Site Scripting (XSS) Vulnerability in Pagure's File Attachment Endpoint FcgidPassHeader Proxy Security Bypass Vulnerability HTTPoxy Vulnerability in inets Erlang Library Yaws before 2.0.4 Vulnerability: HTTP_PROXY Environment Variable Manipulation (httpoxy) HHVM httpoxy Vulnerability: Remote Proxy Server Redirection HTTP_PROXY Variable Name Clash Vulnerability Twisted before 16.3.1 Vulnerability: HTTP_PROXY Environment Variable Allows Remote Redirection Unauthenticated Remote File Upload Vulnerability in Contus Video Comments v1.0 WordPress Plugin Critical XSS and SQLi Vulnerabilities Found in Huge IT Gallery v1.1.5 for Joomla Critical XSS Vulnerability Discovered in Huge IT Gallery v1.1.5 for Joomla Critical Vulnerabilities in Huge-IT Portfolio Gallery Manager v1.1.0: SQL Injection and XSS Critical Vulnerabilities in Huge-IT Portfolio Gallery Manager v1.1.0: SQL Injection and XSS Critical Security Vulnerabilities Found in HugeIT Slideshow v1.0.4: XSS & SQL Injection Critical Security Vulnerabilities Found in HugeIT Slideshow v1.0.4: XSS & SQL Injection Critical Security Vulnerabilities Found in Huge IT Catalog Extension v1.0.4 for Joomla: SQLi and XSS Critical Security Vulnerabilities Found in Huge IT Catalog Extension v1.0.4 for Joomla: SQLi and XSS Critical XSS and SQLi Vulnerabilities Found in Huge IT Joomla Slider v1.0.9 Extension Critical XSS and SQLi Vulnerabilities in Huge IT Joomla Slider v1.0.9 Extension Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Critical Unauthenticated SQL Injection Vulnerability in Huge-IT Portfolio Gallery Plugin v1.0.6 Unauthenticated SQL Injection Vulnerability in Huge-IT Catalog v1.0.7 for Joomla Critical Reflected XSS Vulnerability in WordPress Plugin Admin-Font-Editor v1.8 Critical Reflected XSS Vulnerability in WordPress Plugin ajax-random-post v2.00 Critical Reflected XSS Vulnerability in WordPress Plugin Anti-Plagiarism v3.60 Critical Reflected XSS Vulnerability in defa-online-image-protector v3.3 WordPress Plugin Critical Reflected XSS Vulnerability in WordPress Plugin e-search v1.0 Critical Reflected XSS Vulnerability in WordPress Plugin e-search v1.0 Critical Reflected XSS Vulnerability in Enhanced-TooltipGlossary WordPress Plugin v3.2.8 Critical Reflected XSS Vulnerability in Forget-About-Shortcode-Buttons WordPress Plugin v1.1.1 Critical Reflected XSS Vulnerability in HDW-Tube WordPress Plugin v1.2 Critical Reflected XSS Vulnerability in HDW-Tube WordPress Plugin v1.2 Critical Reflected XSS Vulnerability in Heat-Trackr v1.0 WordPress Plugin Critical Reflected XSS Vulnerability in Hero Maps Pro WordPress Plugin v2.1.0 Critical Reflected XSS Vulnerability in Indexisto WordPress Plugin v1.0.5 Critical Reflected XSS Vulnerability in Infusionsoft WordPress Plugin v1.5.11 New-Year-Firework WordPress Plugin v1.1.9 Reflected XSS Vulnerability Critical Reflected XSS Vulnerability in WordPress Plugin Page Layout Builder v1.9.3 Critical Reflected XSS Vulnerability in Parsi-Font WordPress Plugin v4.2.5 Critical Reflected XSS Vulnerability in Photoxhibit v2.1.8 WordPress Plugin Critical Reflected XSS Vulnerability in Photoxhibit v2.1.8 WordPress Plugin Critical Reflected XSS Vulnerability in Pondol-Carousel WordPress Plugin v1.0 Critical Reflected XSS Vulnerability in Pondol-Formmail WordPress Plugin v1.1 Critical Reflected XSS Vulnerability in Recipes-Writer WordPress Plugin v1.0.4 Critical Reflected XSS Vulnerability in WordPress Plugin s3-video v0.983 Critical Reflected XSS Vulnerability in simpel-reserveren WordPress Plugin v3.5.2 Critical Reflected XSS Vulnerability in Simplified-Content WordPress Plugin v1.0.0 Critical Reflected XSS Vulnerability in Tera-Charts WordPress Plugin v1.0 Critical Reflected XSS Vulnerability in Tidio-Form WordPress Plugin v1.0 Critical Reflected XSS Vulnerability in Tidio-Gallery WordPress Plugin v1.1 Critical Reflected XSS Vulnerability in Whizz v1.0.7 WordPress Plugin Critical Reflected XSS Vulnerability in wpsolr-search-engine v7.6 WordPress Plugin Incomplete Fix for Mailcwp Remote File Upload Vulnerability in Version 1.100 Client-Specific Cookie Data Leakage in Squid HTTP Proxy H500 Web Management Interface CSRF Vulnerability H500 Web Management Interface Authentication Bypass Vulnerability H500 Web Management Interface Denial of Service Vulnerability H500 Web Management Interface Authenticated Command Injection Vulnerability Zotpress WordPress Plugin SQL Injection in zp_get_account() CSRF Vulnerability in Kibana Reporting Plugin Version 2.4.0 Session Hijacking Vulnerability in Kibana Kibana XSS Vulnerability: Arbitrary JavaScript Execution in Browsers Sensitive Information Leakage in Logstash Elasticsearch Output Plugin CSV Formula Injection Vulnerability in Logstash XSS Vulnerability in Swagger-UI Key Names Regular Expression Parsing Vulnerability in NodeJS Tough-Cookie 2.2.2: Denial of Service via Custom HTTP Header Timing Attack Vulnerability in Node-cookie-signature XSS Vulnerability in sanitize-html before 1.4.3 SQL Injection Vulnerability in DT Register Joomla Extension Command Injection Vulnerability in Haraka Attachment Processing Plugin Collapsed Forwarding Vulnerability in Squid HTTP Proxy Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and prior versions DSA Signature ASN.1 Encoding Vulnerability Information Leakage Vulnerability in Bouncy Castle JCE Provider AESFastEngine Carry Propagation Bug in Bouncy Castle JCE Provider: Vulnerability in Elliptic Curve Scalar Multiplications Timing Attack Vulnerability in Bouncy Castle JCE Provider 1.55 and Earlier: Exposing DSA Signature Generation ECDSA Signature ASN.1 Encoding Vulnerability Weak Private Key Generation in Bouncy Castle JCE Provider 1.55 and Earlier Vulnerability: Unsafe Use of ECB Mode in Bouncy Castle JCE Provider Padding Oracle Vulnerability in Bouncy Castle JCE Provider (Versions 1.55 and Earlier) Improper Validation of Other Party's DH Public Key in Bouncy Castle JCE Provider (CVE-2016-1000342) Vulnerability: Unsafe ECB Mode in Bouncy Castle JCE Provider Sensitive Information Disclosure in SAP Solman 7.1 through 7.31 via Webdynpro XSS Vulnerability in OWASP AntiSamy before 1.5.5 Arbitrary SQL Command Execution in dotCMS Marketing Forms Screen Arbitrary SQL Command Execution in dotCMS Content Types Screen Untrusted Search Path Vulnerability in OpenSSH's ssh-agent Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176: Arbitrary Code Execution Vulnerability Privilege Escalation via Unprivileged Unix-Domain Socket Forwarding in OpenSSH Improper Buffer Handling in OpenSSH Allows Privilege Escalation Privilege Escalation via Bounds Check Bypass in OpenSSH Privilege Escalation Vulnerability in Xen through 4.8.x via Mishandling of SYSCALL Singlestep Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Denial of Service Vulnerability in Xen through 4.8.x NULL pointer dereference vulnerability in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (SVM) allows for denial of service. Access Control Bypass in ikiwiki 3.20161219 with Git and Recentchanges Plugins Race condition vulnerability in Smack XMPP library allows man-in-the-middle attackers to bypass TLS protections Denial of Service via Out-of-Bounds Read in QEMU Virtio GPU Device Emulator Denial of Service Vulnerability in QEMU's virtio_gpu_set_scanout Function Arbitrary File Control Vulnerability in Slurm's _prolog_error Function Privilege Escalation Vulnerability in WampServer 3.0.6 Arbitrary Code Execution via Crafted Sender Property in PHPMailer Arbitrary Code Execution via Crafted E-mail Address in Zend Framework Unrestricted File Upload Vulnerability in JFrog Artifactory Directory Traversal Vulnerability in MODX Revolution before 2.5.2-pl Directory Traversal Vulnerability in MODX Revolution before 2.5.2-pl Directory Traversal Vulnerability in MODX Revolution 2.5.2-pl and Earlier Stack-based Buffer Overflow in QXmlSimpleReader in Qt 4.8.5 Privilege Escalation through Incorrect Caching in SPRECON-E Service Program Authorization Bypass and Unauthorized Static Routing Configuration in Arcadyan SLT-00 Star* Devices OS Command Injection Vulnerability in Radisys MRF Web Panel (SWMS) 9.0.1 Privilege Escalation via aio_mount Function in Linux Kernel Arbitrary Code Execution Vulnerability in PHPMailer (CVE-2017-5223) Heap-based Buffer Overflow in DrawImage Function in ImageMagick Memory Leak in NewXMLTree Function in ImageMagick Arbitrary Module Loading Vulnerability in ImageMagick 6.9.4-7 Buffer Overflow in ReadRLEImage Function in ImageMagick Uninitialized Pointer Dereference and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based Buffer Overflow in ReadRLEImage Function in ImageMagick 6.9.4-8 Use-after-free vulnerability in ReadPWPImage function in ImageMagick 6.9.5-5 Buffer Overflow in WriteProfile Function in ImageMagick Denial of Service Vulnerability in ImageMagick's WriteTIFFImage Function Buffer Overflow in WriteMAPImage Function in ImageMagick Buffer Overflow in WritePDBImage Function in ImageMagick Buffer Overflow in ImageMagick's sixel_decode Function Buffer Overflow in WriteGROUP4Image Function in ImageMagick Memory Leak in ReadPSDLayers Function in ImageMagick Buffer Overflow Vulnerability in ImageMagick's TIFF Decoder Bypassing ASLR Protection in Adobe Flash Player Denial of Service Vulnerability in ImageMagick's ConcatenateImages Function Denial of Service Vulnerability in ImageMagick's ReadGROUP4Image Function Unchecked Return Value in ReadGROUP4Image Function in ImageMagick Buffer Overflow Vulnerability in ImageMagick's coders/tiff.c Buffer Overflow Vulnerability in ImageMagick's tiff.c Denial of Service Vulnerability in ImageMagick's ReadVIFFImage Function Buffer Overflow in ReadVIFFImage Function in ImageMagick Buffer Overflow Vulnerability in ImageMagick's memory.c Denial of Service Vulnerability in ImageMagick MSL Interpreter Denial of Service in ImageMagick due to Invalid Number of Frames in mat.c Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in CalcMinMax Function in ImageMagick Out-of-Bounds Read and Application Crash in ImageMagick's mat.c Weak ACL for Modify in WampServer 3.0.6 Allows Arbitrary Code Execution with Elevated Privileges Email Spoofing Vulnerability in Vanilla Forums Arbitrary Code Execution via Crafted Email Address in Swift Mailer Arbitrary Code Execution Vulnerability in tqdm._version Module Denial of Service Vulnerability in SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows Untrusted Search Path Vulnerability in Adobe Reader and Acrobat Arbitrary Command Execution in Shutter through 0.93.1 via Crafted Image Name File Inclusion and Code Execution Vulnerability in Serendipity 2.0.5 Installer Arbitrary Web Script Injection in Piwigo Plugin.php File Inclusion Vulnerability in admin/batch_manager.php in Piwigo through 2.8.3 File Inclusion Vulnerability in Piwigo through 2.8.3 via admin/languages.php Improper Permissions in RESTful Requests in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 NULL Pointer Dereference Vulnerability in libpng's png_set_text_2 Function Kernel Memory Write Vulnerability via /dev/sg Device Privilege Escalation via Hard Link Attack in Nagios 4.3.2 and Earlier (CVE-2016-8641) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Stack-based buffer overflow vulnerabilities in unrtf 0.21.9: Denial-of-Service via Negative Integer Write Heap-based buffer overflow in readContigStripsIntoBuffer function in LibTIFF Heap-based buffer overflow vulnerability in LibTIFF's tools/tiffcp.c (versions 4.0.7 to 4.0.6) due to integer overflow Off-by-one Error in LibTIFF 4.0.7 Allows Remote Attackers to Cause Unspecified Impact Stack-based buffer overflow in LibTIFF _TIFFVGetField function SQL Injection Vulnerability in GeniXCMS Register.php XML External Entity (XXE) Vulnerability in OpenAM SSOPOST Endpoint Multiple Command Injection Vulnerabilities in SendQuick Entera and Avera Devices Authentication Protocol Vulnerability in BorgBackup Arbitrary code execution via integer overflow in Adobe Flash Player Archive Overwrite Vulnerability in BorgBackup Information Disclosure Vulnerability in Hitek Software's Automize 10.x and 11.x passManager.jsd Weak Encryption Vulnerability in Hitek.jar Allows Retrieval of Cleartext Passwords Information Disclosure in Hitek Software's Automize: Recovery of Encrypted Passwords for GPG Encryption Profiles Information Disclosure in Hitek Software's Automize SSH/SFTP Profiles Unvalidated Input in admin/plugin.php Allows for Information Disclosure and Code Execution Directory Traversal Vulnerability in NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 Devices Unauthenticated Remote Command Injection Vulnerability in Western Digital MyCloud NAS 2.11.142 index.php Unauthenticated Remote Command Injection Vulnerability in Western Digital MyCloud NAS 2.11.142 PCSC-Lite Use-After-Free Vulnerability in SCardReleaseContext Function Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Arbitrary Script Injection in WooCommerce Plugin for WordPress SQL Injection Vulnerability in aWeb Cart Watching System for Virtuemart Extension Default Password Vulnerability in NETGEAR Arlo Base Stations and Devices Weak Password Pattern in NETGEAR Arlo Devices Privilege Escalation via Unrestricted Access to Firejail's --tmpfs Local Privilege Escalation: Truncation of /etc/resolv.conf via Firejail's chroot command Privilege Escalation Vulnerability in Firejail's /tmp Mounting Permissions Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Insecure Permissions in Firejail Mounting Vulnerability Weak Permissions in Firejail's /dev/shm/firejail File Allows Local Privilege Escalation Privilege Escalation via Uncleaned Environment Variables in Firejail Privilege Escalation Vulnerability in Firejail's --chroot Option Escape from Linux Container (LXC) via TIOCSTI ioctl vulnerability Hardcoded SSL Private Key Vulnerability in D-Link DGS-1100 Devices with Rev.B Firmware 1.01.018 HTTP Request Injection Vulnerability in Splunk Web XML External Entity (XXE) Vulnerability in PySAML2 Buffer Overflow in Git Smart Protocol Support in libgit2 Denial of Service Vulnerability in Git Smart Protocol Support in libgit2 Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability HTTP Connect Function Vulnerability Arbitrary Code Execution via Email From Field in CodeIgniter Denial of Service Vulnerability in Artifex Software, Inc. MuJS via Regular Expression Compilation Heap-based buffer overflow in js_stackoverflow function in MuJS allows for unspecified impact through an error when dropping extra arguments to lightweight functions Arbitrary SQL Command Execution in Zabbix before 2.2.14 and 3.0 before 3.0.4 Vulnerability: Unprotected Access to MTKLogger App Components on LG and Other Devices Vulnerability: Privilege Escalation and Data Leakage on BLU R1 HD Devices with Shanghai Adups Software Vulnerability: Privilege Escalation and Unauthorized Access to User Data on BLU R1 HD Devices Vulnerability: Privilege Escalation and Command Execution via Adups Software Vulnerability: Privileged Exfiltration on BLU R1 HD Devices with Shanghai Adups Software Untrusted Search Path Vulnerability in Adobe Flash Player Apache HTTP Server Configuration Information Disclosure and Authentication Bypass Vulnerability in ZoneMinder v1.30 and v1.29 Integer Overflow Vulnerability in regemit Function in Artifex Software, Inc. MuJS Vulnerability: IPv6 Atomic Fragmentation DoS Attack Arbitrary File Read Vulnerability in Tiki Wiki CMS 15.2 Unspecified Impact Remote Code Execution Vulnerability in ImageMagick Off-by-one Error in ImageMagick's coders/wpg.c Allows Remote Attackers to Cause Unspecified Impact Memory Leaks in ImageMagick Caption and Label Handling Code Denial of Service Vulnerability in Linux Kernel's crypto/mcryptd.c WordPress Plugin Update Vulnerability XXE vulnerability in PySAML2 4.4.0 and earlier: Arbitrary File Read via Crafted SAML XML Arbitrary Code Execution Vulnerability in Adobe Flash Player Use-after-free vulnerability in kvm_ioctl_create_device function in Linux kernel before 4.8.13 Privilege Escalation via Hesiod Library's EUID/UID Comparison Vulnerability Remote Code Execution via DNS Cache Poisoning Vulnerability in Linux Kernel 4.9.x: Denial of Service and Memory Corruption via Crypto Scatterlist API Denial of Service and Memory Corruption Vulnerability in Linux Kernel 4.9.x Denial of Service Vulnerability in QEMU due to Memory Leak in wdt_i6300esb.c Privilege Escalation Vulnerability in systemd v228 DLL Hijacking Vulnerability in Akamai NetSession 1.9.3.1 Denial of Service Vulnerability in PHP's exif_convert_any_to_int Function Integer Overflow in phar_parse_pharfile Function in PHP Adobe Flash Player Transform Object Use-After-Free Vulnerability Off-by-one Error in phar_parse_pharfile Function in PHP Allows Remote Code Execution Buffer over-read vulnerability in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 in ext/standard/var_unserializer.c NULL Pointer Dereference and Application Crash in PHP's php_wddx_pop_element Function Memory Leak in vrend_renderer_context_create_internal Function in virglrenderer Integer overflows leading to heap-based buffer overflow in libXpm before 3.5.12 Out-of-Bounds Heap Read Vulnerability in Little CMS (lcms2) Integer Underflow in _gdContributionsAlloc Function in libgd Denial of Service Vulnerability in gdImageCreateFromGd2Ctx Function Integer Overflow in GD Graphics Library Allows Remote Attackers to Cause Unspecified Impact Out-of-Bounds Read Vulnerability in Wavpack's read_code Function Use-after-free vulnerability in Adobe Flash Player's LoadVars.decode function Out-of-Bounds Read Vulnerability in Wavpack's WriteCaffHeader Function Out-of-Bounds Read Vulnerability in Wavpack's unreorder_channels Function Out-of-Bounds Read Vulnerability in Wavpack's read_new_config_info Function Directory Traversal Vulnerability in Minitar and Archive-Tar-Minitar Gems for Ruby Remote Code Execution Vulnerability in NETGEAR WNR2000v5 Router NETGEAR WNR2000v5 Router Serial Number Leakage and Password Recovery Vulnerability Unauthenticated Remote Code Execution in NETGEAR WNR2000v5 Router Undocumented TELNET and SSH Services with Default Credentials on D-Link DWR-932B Router D-Link DWR-932B Router Remote Command Execution Vulnerability Hardcoded WPS PIN Vulnerability on D-Link DWR-932B Router Arbitrary Code Execution via Crafted JPEG-XR Data in Adobe Flash Player Insecure WPS PIN Generation on D-Link DWR-932B Router Sensitive Information Disclosure in D-Link DWR-932B Router via qmiweb CfgType=get_homeCfg Requests Command Injection Vulnerability in D-Link DWR-932B Router's qmiweb Directory Traversal Vulnerability in D-Link DWR-932B Router's qmiweb D-Link DWR-932B Router: qmiweb File Reading Vulnerability with Traversal Insecure Configuration: D-Link DWR-932B Router Allows Unauthorized Access Missing Deny Rules in D-Link DWR-932B Router's miniupnpd.conf Configuration File Arbitrary File Reading Vulnerability in calibre E-book Viewer Bitlbee-libpurple Use-After-Free Vulnerability Remote Code Execution and Denial of Service Vulnerability in BitlBee Adobe Flash Player Remote Code Execution Vulnerability Remote Code Execution Vulnerability in FFmpeg's libavformat/http.c Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg: Remote Code Execution Vulnerability Heap-based buffer overflow in ffserver.c in FFmpeg: Remote Code Execution Vulnerability Arbitrary Command Execution in espeak-ruby Gem (CVE-2021-12345) Arbitrary Command Execution in festivaltts4r Gem for Ruby Out-of-Bounds Stack Read Vulnerability in libevent's name_parse Function Stack-based Buffer Overflow in evutil_parse_sockaddr_port Function in libevent Denial of Service Vulnerability in libevent's search_make_new Function Denial of Service Vulnerability in gst_aac_parse_sink_setcaps Function Denial of Service Vulnerability in GStreamer qtdemux_tag_add_str_full Function Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Race condition vulnerability in L2TPv3 IP Encapsulation feature in Linux kernel before 4.8.14 Arbitrary Web Script Injection in Zoneminder 1.30 and Earlier Zoneminder 1.30 XSS Vulnerability in index.php Arbitrary Web Script Injection Vulnerability in Zoneminder 1.30 and Earlier SQL Injection Vulnerability in Zoneminder 1.30 and Earlier: Remote Code Execution via Log Query Session Fixation Vulnerability in Zoneminder 1.30 and Earlier: Hijacking Web Sessions via ZMSESSID Cookie CSRF Vulnerability in Zoneminder 1.30 and Earlier Allows Remote Authentication Hijacking Denial of Service Vulnerability in TigerVNC Xvnc Server Out-of-Bounds Read and System Crash Vulnerability in ext4_fill_super Function NULL Pointer Dereference and Application Crash in libarchive 3.2.2 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Denial of Service Vulnerability in YARA 3.5.0 via Crafted Rule Handling in lexer.l Use-after-free vulnerability in YARA 3.5.0 allows remote attackers to cause denial of service Vulnerability: Authentication Key Spoofing in Radware Devices Insecure GCM Nonce Generation in A10 AX1030 and Other Devices Memory Leak in virgl_resource_attach_backing Function in virglrenderer Arbitrary Code Execution in Fastspot BigTree bigtree-form-builder Cross-Site Scripting (XSS) Vulnerability in ITDB 1.23 Use-after-free vulnerability in Ghostscript 9.20 allows remote attackers to cause denial of service NULL Pointer Dereference and Application Crash Vulnerability in Artifex Software Ghostscript 9.20 Denial of Service Vulnerability in Ghostscript 9.20 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Denial of Service Vulnerability in Ghostscript 9.20 via Crafted PDF Transparency Module Denial of Service Vulnerability in MuPDF 1.10a Type Confusion Vulnerability in JSON.stringify Function in WebKit Cross-Site Scripting (XSS) Vulnerability in BigTree CMS Cookie Validation Bypass Vulnerability in Sauter NovaWeb Web HMI Root Privilege Escalation in Allwinner 3.4 Legacy Kernel for H3, A83T, and H8 Devices via sunxi-debug Driver Denial of Service Vulnerability in JavaScriptCore of Safari Technology Preview Release 18 Denial of Service Vulnerability in Zyxel USG50 Security Appliance and NWA3560-N Access Point Infinite Loop Denial of Service Vulnerability in GNU C Library's iconv Program Arbitrary Code Execution via Unsafe Second Checksum Calculation in Linux Kernel's UDP Handling Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Critical Remote Code Execution Vulnerability in Qualcomm Crypto Driver for Android Elevation of Privilege Vulnerability in Qualcomm Sound Codec Driver for Android Elevation of Privilege Vulnerability in Qualcomm Video Driver for Android Elevation of Privilege Vulnerability in Qualcomm Video Driver for Android Information Disclosure Vulnerability in Qualcomm IPA Driver Critical Denial of Service Vulnerability in Qualcomm WiFi Driver for Android Qualcomm USB Driver Information Disclosure Vulnerability in Android Kernel Vulnerability: Insecure Treatment of Shared Content Protection Memory in Android Releases Page Alignment Issue in QSEE: Potential Bypass of Linux Kernel Access Control in Android TrustZone Access Control Bypass Vulnerability in Android CAF Releases Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Time-of-Check Time-of-Use Race Condition in Android Secure File System Arbitrary Command Execution in TeX Live via mpost in texmf.cnf Font Parsing Vulnerability in FreeType 2 Reflected Cross-Site Scripting and Iframe Injection Vulnerability in templates/html/search_opensearch.php Buffer Overflow Vulnerability in Mujstest in MuPDF 1.10 Buffer Overflow Vulnerability in Mujstest Allows Remote Denial of Service NULL Pointer Dereference Vulnerability in jpc_tsfb_synthesize Function Heap-based Buffer Overflow in JasPer's jpc_dec_tiledecode Function Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Incomplete Fix for jp2_colr_destroy Function in JasPer Allows Denial of Service Integer Overflow in JasPer's jpc_pi_nextcprl Function Memory Leak in IsOptionMember Function in ImageMagick Heap Overflow Vulnerability in Erlang/OTP 18.x Memory Allocation Failure Denial of Service Vulnerability in elfutils Memory Allocation Failure in __libelf_set_rawdata_wrlock Function Reflected XSS Vulnerability in Symantec ProxySG Management Console Reflected XSS Vulnerability in Symantec Advanced Secure Gateway and ProxySG Management Console Arbitrary File Upload Vulnerability in Symantec Advanced Secure Gateway (ASG) and ProxySG Management Consoles Denial-of-Service Vulnerability in Symantec SSL Visibility Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Divide-by-zero Denial of Service Vulnerability in LibTIFF 4.0.7 Divide-by-Zero Denial of Service Vulnerability in LibTIFF 4.0.7 Integer Underflow and Heap-Based Buffer Under-read Vulnerability in LibTIFF 4.0.7 Heap-based buffer over-read vulnerability in LibTIFF 4.0.0alpha4-4.0.7 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Heap-based Buffer Over-read Vulnerability in LibTIFF 4.0.7 Heap-based buffer over-read and overflow vulnerability in LibTIFF 4.0.7 Heap-based Buffer Overflow in LibTIFF 4.0.7 via Crafted TIFF Image Multiple Stack Buffer Overflow Vulnerabilities in Jensen of Scandinavia AS Air:Link Devices Critical Elevation of Privilege Vulnerability in MediaTek Touchscreen Driver Critical Elevation of Privilege Vulnerability in Qualcomm Bootloader Critical Elevation of Privilege Vulnerability in Qualcomm Bootloader Critical Elevation of Privilege Vulnerability in Motorola Bootloader Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Elevation of Privilege Vulnerability in MediaTek Thermal Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in MediaTek Thermal Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in MediaTek Thermal Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in Qualcomm Video Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in Qualcomm Video Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in Qualcomm Video Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in Qualcomm Sound Driver Elevation of Privilege Vulnerability in Qualcomm LED Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in Qualcomm Crypto Driver Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Elevation of Privilege Vulnerability in Qualcomm Shared Memory Driver Elevation of Privilege Vulnerability in Qualcomm Slimbus Driver High-Risk Denial of Service Vulnerability in Qualcomm Wi-Fi Driver for Android Information Disclosure Vulnerability in Qualcomm Video Driver Qualcomm Power Driver Information Disclosure Vulnerability Information Disclosure Vulnerability in Qualcomm LED Driver Information Disclosure Vulnerability in Qualcomm Shared Memory Driver Time-of-Check Time-of-Use Race Condition Vulnerability in TrustZone on Android CAF with Linux Kernel Elevation of Privilege Vulnerability in Qualcomm Closed Source Components for Android Kernel (A-36393252) Qualcomm Closed Source Components Elevation of Privilege Vulnerability in Android Kernel (Android ID: A-32577244) Bypassing Access Restrictions in Adobe Flash Player Denial of Service Vulnerability in SAP NetWeaver AS JAVA 7.5 Hidden Root Account Vulnerability in Trango and Giga Devices Trango Altum AC600 Devices: Hidden Root Account with Default Password Vulnerability Hidden Root Account Vulnerability in Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 Devices Hidden Root Account with Unchangeable Password in Siklu EtherHaul Radios Ceragon FibeAir IP-10 GUI Authentication Bypass Vulnerability Adobe Flash Player Use-After-Free Arbitrary Code Execution Vulnerability Buffer Overflow in SAP SQL Anywhere 17 MobiLink Synchronization Server Component SAP NetWeaver Stack-based Buffer Overflow Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in Jensen of Scandinavia AS Air:Link Devices CSRF Vulnerability in Jensen of Scandinavia AS Air:Link Devices Password Disclosure Vulnerability in Jensen of Scandinavia AS Air:Link Devices Open Redirect Vulnerability in Jensen of Scandinavia AS Air:Link Devices Open Redirect Vulnerability in Jensen of Scandinavia AS Air:Link Devices Heap-based Buffer Overflow in Artifex Software Ghostscript 9.20 Missing Authorization Check in Linux Kernel Encryption Support Integer Overflow Vulnerability in ARM Trusted Firmware Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player OS Command Injection via Filename in Textract before 1.5.0 Unauthenticated Brute-Force Password Attack in web2py before 2.14.6 Arbitrary Command Execution in Synology Photo Station via X-Forwarded-For Header Local Privilege Escalation in Synology Photo Station Heap Buffer Overflow in osip_clrncpy() Function in libosip2 Remote DoS Vulnerability in libosip2 in GNU oSIP 4.1.0 Remote DoS Vulnerability in libosip2 in GNU oSIP 4.1.0 Heap-based Buffer Overflow in LibreOffice EnhWMFReader::ReadEnhWMF Function Heap-based Buffer Overflow in FreeType 2's cff_parser_run Function Command Injection Vulnerability in Synology Photo Station Login Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary File Write Vulnerability in Synology Photo Station Arbitrary File Read Vulnerability in Synology Photo Station Critical Vulnerability: Lack of Stack Protection in Android Releases from CAF with Linux Kernel Critical Vulnerability: Unauthorized Access to Sensitive System Call in Android Releases from CAF Dynamically-Protected DDR Region Overwrite Vulnerability in Android Releases from CAF Vulnerability in libtomcrypt Update in Android CAF Releases Memory Vulnerability in Android Releases from CAF with Unprotected Regions during Boot Lack of Secure Application Validation in Android Releases from CAF Using Linux Kernel RPMB Processing Vulnerability in Android Releases from CAF with Linux Kernel Vulnerability: HLOS Privilege Escalation and Keystore Data Exposure in Android CAF Releases Arbitrary File Read/Write Vulnerability in Adobe Creative Cloud Desktop Application Integer Underflow Exploit: Buffer Overflow Vulnerability in Android CAF Releases Privilege Escalation Vulnerability in Android Releases with CAF and Linux Kernel Buffer Overflow Vulnerability in Android CAF Releases with Linux Kernel Syscall Handler Memory Leak Vulnerability in Qualcomm Android Products with CAF and Linux Kernel Out-of-Range Pointer Offset Vulnerability in Qualcomm Android Releases with CAF and Linux Kernel Privilege Escalation via Known /tmp Filename in Phusion Passenger Integer Overflow Vulnerability in Qualcomm Android Products with CAF and Linux Kernel Unvalidated Argument Vulnerability in Qualcomm Android Releases with CAF and Linux Kernel Heap-based Buffer Over-read Vulnerability in libarchive 3.2.2 SQL Injection Vulnerability in Adobe RoboHelp Server 9 before 9.0.1 Heap-based Buffer Over-read Vulnerability in libarchive 3.2.2 Insecure Permissions in Telegram Desktop 0.10.19 Expose Sensitive Authentication Information Arbitrary Script Injection in Adobe Analytics AppMeasurement for Flash Library Logstash Elasticsearch Output Plugin Information Disclosure Vulnerability Denial of Service Vulnerability in Logstash Netflow Codec Plugin Authentication Bypass Vulnerability in Kibana 5.0.0 and 5.0.1 with X-Pack Open Redirect Vulnerability in Kibana Versions Before 4.6.3 and 5.0.1 Cross-Site Scripting (XSS) Vulnerability in Kibana Versions 4.3 - 4.6.2 Unauthenticated Directory Traversal Vulnerability in Opsview Monitor Pro Open Redirect Vulnerability in Opsview Monitor Pro: Remote Phishing Attack via /login URI Insecure Use of /tmp for Socket File in lxterminal Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Insecure OTA Update Mechanism on OnePlus Devices Increases Attack Surface Denial of Service Vulnerability in LibTIFF 4.0.6 Remote Command Execution Vulnerability in Eir D1000 Modem via TR-064 Protocol Vulnerability: Arbitrary File Overwrite via Symlink Attack in perltidy Buffer Over-read Vulnerability in Yodl before 3.07.01 Unconditional Implementation of XEP-0146 in Gajim Allows Extraction of Plaintext from OTR Encrypted Sessions Unsigned Integer Underflow Vulnerability in Open vSwitch (OvS) 2.5.0 SQL Injection Vulnerability in e107 2.1.1 via pagelist parameter in e107_admin/menus.php SQL Injection Vulnerability in VirtueMart Component for Joomla! Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Unprotected MeasurementReports Vulnerability in Qualcomm Android Releases Unprotected MeasurementReports Vulnerability in Qualcomm Android Releases Insufficient Access Control to I2C Bus in Qualcomm Android Releases from CAF TOCTOU Race Condition Vulnerability in Qualcomm Secure UI Potential Assertion Reachability in Qualcomm WLAN Driver Ioctl Use-After-Free Vulnerability in Qualcomm Android Products with CAF and Linux Kernel Array Index Out of Bounds Vulnerability in LPP on Qualcomm Android Devices Potential Assertion Reachability Vulnerability in Qualcomm Android Products with CAF and Linux Kernel Configuration Vulnerability in Qualcomm Android Releases with Linux Kernel when Loading 3rd-Party QTEE Applications NAND Memory Partition Overflow Vulnerability in Qualcomm Android Devices Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Excessive Memory Consumption Vulnerability in Qualcomm Android Releases with CAF and Linux Kernel HCI Command Length Validation Vulnerability Kernel Memory Leakage Vulnerability in Qualcomm Android Products Integer Arithmetic Overflow Vulnerability in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android Releases Arbitrary Code Execution Vulnerability in FlexNet Publisher Licensing Service Remote Computational-Complexity Attack in IPsec-Tools 0.8.2's Racoon Daemon URL Parser Vulnerability in PHP Authentication Bypass Vulnerability in Android 6.0 with Root and Physical Access Local File Inclusion Vulnerability in Sendio Versions Before 8.2.1 Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Arbitrary File Read Vulnerability in ATutor before 2.2.2 Default su Password Vulnerability in ZyXEL PK5001Z Devices Vulnerability: Remote Code Execution in Avira Antivirus Engine Out of Bounds Memory Read Vulnerability in PDFium in Google Chrome Cross-Site Scripting (XSS) Vulnerability in Liferay Portal before 7.0 CE GA4 via Crafted Redirect Field Session Fixation Vulnerability in D-Link DIR-600L Routers (rev. Ax) with Firmware before FW1.17.B01 Kernel Address Disclosure Vulnerability in Qualcomm Snapdragon Mobile Devices Integer Overflow Leading to Buffer Overflow in Android VT Call Vulnerability TOCTOU Vulnerability in Qualcomm Snapdragon Automobile and Snapdragon Mobile SD Processors Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in RTP during VoLTE Call on Qualcomm Snapdragon Mobile and Snapdragon Wear Devices RTP Daemon Crash and VT Call Termination Vulnerability Integer Overflow Leading to Buffer Overflow in Android Qualcomm Small Cell SoC and Snapdragon Devices Zero Data Length Hash Vulnerability in Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear Devices Invalid Input Parameter Dereference Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices UE Crash Due to IPCMem Exhaustion in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices TOCTOU Vulnerability in Qualcomm Snapdragon Devices Improper Access Control in Qualcomm Snapdragon Devices Allows PMIC Debug via HLOS Uninitialized Object Number Vulnerability in Qualcomm Snapdragon Mobile Devices Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Out-of-bounds Crash Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Improper Key Material Clearance Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Improper Access Control in System Call on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear SoCs Non-Exclusive Access Vulnerability in Qualcomm Snapdragon Devices LibPNG Multiple Vulnerabilities in Qualcomm Snapdragon Devices Buffer Overflow Vulnerability in Qualcomm Snapdragon Processors Buffer Overflow Vulnerability in SafeSwitch on Qualcomm Snapdragon Automobile and Snapdragon Mobile Processors Improper Boundary Check in RLC AM Module on Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Leads to Denial of Service Timing Attack Vulnerability in HMAC Verification on Qualcomm Snapdragon Automobile and Snapdragon Mobile Processors Unauthenticated Image Loading Vulnerability in Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear Devices Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Privilege Escalation Vulnerability in Qualcomm Snapdragon Automobile and Snapdragon Mobile Processors Unvalidated TZ Applications Vulnerability in Qualcomm Snapdragon Devices TOCTOU Vulnerabilities in Qualcomm Snapdragon Automobile and Snapdragon Mobile SD Processors TOCTOU vulnerability during SSD image decryption on Qualcomm Snapdragon devices Buffer Authentication Bypass Vulnerability in Qualcomm Snapdragon Devices TOCTOU Vulnerability in Qualcomm Snapdragon Devices Memory Corruption Vulnerability in Android Qualcomm Small Cell SoC and Snapdragon Devices Information Exposure in Android Qualcomm Small Cell SoC and Snapdragon Devices Information Exposure Vulnerability in Android Devices with Qualcomm Small Cell SoC and Snapdragon Processors TOCTOU Vulnerability in Input Validation for bulletin_board_read Syscall on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD Processors Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Improper Access Control to Bus on Qualcomm Snapdragon Mobile Processors Buffer Overflow Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Arbitrary Memory Write Vulnerability in Qualcomm Snapdragon Mobile Devices Packet Replay Vulnerability in Qualcomm Snapdragon Devices SMMU Access Control Policy Vulnerability on Qualcomm Snapdragon Devices Improper Input Validation in QTEE API Function on Qualcomm Snapdragon Devices Incorrect Configuration of OCIMEM MPU Allows NonSecure Software Access to TZ Memory in Qualcomm Snapdragon Devices Uninitialized Link List Entry Vulnerability in Android's Dynamic Font Module Memory Corruption Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Null Pointer Dereference Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Stack-based Buffer Overflow Vulnerability in Android Thermal Service on Qualcomm Small Cell SoC and Snapdragon Devices Insecure Local File Treatment Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Out-of-Order Memory Protection Assertion Vulnerability in Qualcomm Snapdragon Processors Array Out-of-Bounds Index Vulnerability in Qualcomm Snapdragon Mobile SD Processors Improper Initialization of ike_sa_handle_ptr in IPSEC Leads to System Denial of Service Arbitrary Command Execution Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Excessive Permissions Vulnerability in Android on Qualcomm Snapdragon Devices Linux Kernel Memory Corruption Vulnerability on Qualcomm Snapdragon Mobile Devices Memory Exhaustion Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vendor Specific Opcodes Buffer Over-read Vulnerability in Qualcomm Snapdragon Mobile SD 835, SD 845, and SD 850 Buffer Overread Vulnerability in Qualcomm Snapdragon Mobile Processors Access Control Policy Vulnerability in Qualcomm Snapdragon Automobile and Snapdragon Mobile Processors HCI H4 UART Packet ID Input Validation Vulnerability Insecure Random Number Generation in Android SSL Handshake Vulnerability: Insecure Assumption in ce_pkcs1_pss_padding_verify_auto_recover_saltlen Function Incorrect RSA Padding Implementation in Qualcomm Snapdragon Devices Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Unsigned RTIC Health Report Vulnerability Unchecked Address and Size Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Buffer Overflow Vulnerability in Android on Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Buffer Overflow Vulnerability in Qualcomm Snapdragon Processors Integer Overflow Vulnerability in Qualcomm Snapdragon Mobile Processors Array Index Out of Bounds Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Buffer Overflow Vulnerability in Qualcomm Snapdragon Mobile Processors Integer Overflow and Buffer Overflow Vulnerability in Qualcomm Snapdragon Mobile SD 617 Out-of-bounds Write Vulnerability in Qualcomm Snapdragon Mobile Devices Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Exif Parsing Integer Overflow Vulnerability Unauthenticated Assert Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Assert Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Unauthenticated Memory Access Vulnerability in Qualcomm Snapdragon Mobile Processors Buffer Overflow Vulnerability in Qualcomm Snapdragon Devices Buffer Overflow Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Buffer Overread Vulnerability in Qualcomm Snapdragon Devices Untrusted Pointer Dereference Vulnerability in Qualcomm Snapdragon Devices Untrusted Pointer Dereference Vulnerability in Qualcomm Snapdragon Mobile SD 400 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Buffer Overflow Vulnerability in Qualcomm Snapdragon Devices Integer Overflow Leading to Buffer Overflow in QuRT API Function Improper Ciphersuite Validation Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Memory Corruption Vulnerability in Qualcomm Snapdragon Devices Integer Overflow Vulnerability in Qualcomm Snapdragon Devices Vulnerability: Scan Type Mapping Vulnerability in Qualcomm Snapdragon Mobile MDM9635M NULL Pointer Dereference Vulnerability in Qualcomm Snapdragon Mobile Devices Heap Leak Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Timing Change Injection Vulnerability in Qualcomm Snapdragon Mobile Devices Memory Leak Vulnerability in Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Improper Input Validation in Image Parsing on Qualcomm Snapdragon Mobile Devices Integer Overflow Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices Spoofing Votes in IBM Sametime Meeting Server 8.5.2 and 9.0 Heap-based Buffer Overflow in opj_mqc_byteout Function in OpenJPEG Multiple NULL Pointer Dereference Vulnerabilities in OpenJPEG Division-by-zero vulnerabilities in opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl functions in pi.c in OpenJPEG before 2.2.0 Integer Overflow Vulnerability in OpenJPEG's bmp24toimage Function Arbitrary Web Script Injection in phpThumb() 1.7.14 Arbitrary SQL Command Execution in OpenCart's Amazon Order Tracking Function Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Cross-site scripting (XSS) vulnerability in Kohana Security Component before 3.3.6 Insecure Certificate Validation in Twitter iOS Client Allows Unauthorized Access Unencrypted Storage of LDAP Credentials in MultiTech FaxFinder Cross Site Scripting (XSS) Vulnerability in Piwigo before 2.8.3 via Crafted Search Expression Improper URL Format Validation in Piwigo before 2.8.3 Stored XSS Vulnerabilities in Redmine Text Formatting and Project Homepages Arbitrary Web Script Injection in Pallets Werkzeug Debugger Cross Protocol Scripting Vulnerability in Redis Memory Allocation Vulnerability in ws Module's Ping Functionality Bittorrent-DHT Memory Disclosure Vulnerability Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X ReDoS Vulnerability in Jadedown Vulnerability: ReDoS in jshamcrest's emailAddress Validator CSRF Vulnerability in Rails_Admin Ruby Gem <v1.1.1 MQTT Denial of Service Vulnerability Unprotected REST API Endpoint in i18n-node-angular Allows DoS and Content Injection Authentication Bypass Vulnerability in hapi-auth-jwt2 v5.1.1 Exposing GitHub Token in Publicly Accessible Logs Catastrophic Backtracking Vulnerability in riot-compiler Version 2.3.21 Root Path Bypass Vulnerability in Restafary API Cross-Domain WebSocket Request Vulnerability in Droppy Versions <3.5.0 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Insecure Transmission of Environment Variables in Airbrake Module Content Injection Vulnerability in marked 0.3.5 and Earlier Unauthenticated Command Execution in console-io Application Sensitive Data Exposure in express-restify-mongoose Insecure Default Configuration in electron-packager Allows Man-in-the-Middle Attack CSRF-Lite Vulnerability: Weak Secret Guessing with Fail First String Comparison Vulnerability: Insecure Certificate Verification in engine.io-client Cross Site Scripting (XSS) Vulnerability in Backbone.js Model#Escape Function Insecure File Overwrite Vulnerability in node-cli Package Regular Expression Denial of Service Vulnerability in negotiator 0.6.0 and earlier Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Regular Expression Denial of Service (ReDoS) Vulnerability in Minimatch 3.0.1 and Earlier Code Injection Vulnerability in npm module shell-quote 1.6.0 and earlier Denial of Service (DoS) vulnerability in ws 1.1.0 and earlier Bypassing Route Validation Rules in call Versions 2.0.1-3.0.1 WebSocket Payload Compression Vulnerability in uws Server (Versions 0.10.0 to 0.10.8) Arbitrary Code Injection Vulnerability in PouchDB 6.0.4 and Earlier Cross Site Scripting (XSS) Vulnerability in Nunjucks Autoescape Mode Vulnerability: Arbitrary Code Execution in reduce-css-calc Node Module CORS Misconfiguration Allows Cross-Site Scripting and Same Origin Policy Bypass Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X SQL Injection Vulnerability in Sequelize 3.16.0 and Earlier SQL Injection Vulnerability in waterline-sequel 0.50 Insecure Protocol Download Vulnerability in igniteui 0.0.5 and Earlier SQL Injection Vulnerability in Sequelize 2.1.3 and Earlier Inconsistent Escaping Vulnerability in Sequelize Vulnerability: Algorithm Confusion in jwt-simple 0.3.0 and Earlier SQL Injection Vulnerability in Sequelize 3.19.3 and Earlier Vulnerability: Insecure Binary Download in appium-chromedriver Vulnerability: Remote Code Execution (RCE) via MITM Attack in Aerospike Node.js Module Vulnerability: Insecure Binary Download in selenium-download Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Insecure Binary Download in galenframework-cli Directory Traversal Vulnerability in Bitty Web Server Tool (Version 0.2.10) iedriver: Remote Code Execution Vulnerability via Insecure Binary Download Insecure Resource Download Vulnerability in go-ipfs-deps Module apk-parser versions below 0.1.6 vulnerable to Remote Code Execution (RCE) via MITM attack Vulnerability: Remote Code Execution (RCE) via MITM Attack in operadriver versions below 0.2.3 Vulnerability: Remote Code Execution (RCE) via MITM Attack in install-nw Insecure Resource Download in product-monitor Template Vulnerability: Insecure Data Resource Download in geoip-lite-country Vulnerability: Insecure JavaScript Resource Download in embedza Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Insecure Binary Download in pngcrush-installer Vulnerability in bkjs-wand: Remote Code Execution via MITM Attack Remote Code Execution (RCE) Vulnerability in mongodb-instance before 0.0.3 Vulnerability: Remote Code Execution (RCE) via MITM Attack in baryton-saxophone Vulnerability: Remote Code Execution (RCE) via Binary Resource Download in apk-parser3 Kindlegen 1.1.0 and Earlier: Remote Code Execution via MITM Attack Vulnerability: Insecure Binary Resource Download in Fuseki Server Wrapper and Management API Vulnerability: MITM Attack and Remote Code Execution in ibm_db Vulnerability: Insecure Binary Resource Downloads in Unicode before 9.0.0 Chromedriver 2.26.1 and Earlier: Remote Code Execution via Binary Resource Download Vulnerability Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Remote Code Execution (RCE) via MITM Attack in nodewebkit Installer Vulnerability: Man-in-the-Middle (MITM) Attack on Steroids Downloads Vulnerability: Closure Compiler for Node.js Binary Resource Download MITM Attack Vulnerability: Remote Code Execution (RCE) via MITM Attack in closure-utils Vulnerability: Remote Code Execution (RCE) via MITM Attack in dalek-browser-chrome-canary Vulnerability: Remote Code Execution (RCE) via MITM Attack in libxl Vulnerability: Remote Code Execution (RCE) via MITM Attack in macaca-chromedriver Vulnerability: Remote Code Execution (RCE) via MITM Attack in wasdk Remote Code Execution (RCE) via Zip File Swap in nw.js Installer Vulnerability: Remote Code Execution (RCE) via MITM Attack in selenium-binaries Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Remote Code Execution (RCE) via MITM Attack in cue-sdk-node Vulnerability: Remote Code Execution (RCE) via MITM Attack in Prince Node API Vulnerability: MITM Attack Vulnerability in jser-stat Library Vulnerability: Remote Code Execution (RCE) via MITM Attack in ibapi Vulnerability: Man-in-the-Middle (MITM) Attack on ipip Node.js Module Vulnerability: Remote Code Execution (RCE) via MITM Attack in jdf-sass Vulnerability: Remote Code Execution (RCE) via MITM Attack in imageoptim Cobalt-CLI: Vulnerability in Resource Download via HTTP Vulnerability: Remote Code Execution (RCE) via MITM Attack in arrayfire-js Vulnerability: Remote Code Execution (RCE) via MITM Attack in sauce-connect Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Remote Code Execution (RCE) via MITM Attack in WebRTC-Native Vulnerability: Remote Code Execution (RCE) via MITM Attack in webdrvr Haxe Cross-Platform Toolkit: Remote Code Execution via MITM Attack on Zipped Resource Downloads Vulnerability: Remote Code Execution (RCE) via MITM Attack in air-sdk Vulnerability: Remote Code Execution (RCE) via MITM Attack in dalek-browser-chrome Vulnerability: Remote Code Execution (RCE) via MITM Attack in dalek-browser-ie Vulnerability: Remote Code Execution (RCE) via MITM Attack in grunt-webdriver-qunit Vulnerability: Remote Code Execution (RCE) via MITM Attack in openframe-glsviewer Vulnerability: Remote Code Execution (RCE) via MITM Attack in robot-js Vulnerability: Insecure Binary Resource Download in chromedriver126 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Insecure Data Resource Download in unicode-json Vulnerability: Remote Code Execution via MITM Attack in strider-sauce Vulnerability: Remote Code Execution (RCE) via MITM Attack in dalek-browser-ie-canary Vulnerability: Man-in-the-Middle (MITM) Attack in bionode-sra Vulnerability: MITM Attack and Remote Code Execution in httpsync Vulnerability: Remote Code Execution (RCE) via MITM Attack in curses Library Vulnerability: MITM Attack Vulnerability in openframe-image Extension Vulnerability: Box2D-Native Binary Resource Download Over HTTP Allows for MITM Attacks and RCE Vulnerability: MITM Attack Vulnerability in node-browser Pennyworth: Vulnerability to Man-in-the-Middle Attacks during Data Resource Downloads Unspecified Vector Bypass Vulnerability in Adobe Reader and Acrobat Vulnerability: Remote Code Execution (RCE) via MITM Attack in atom-node-module-installer Vulnerability: MITM Attack and Remote Code Execution in fibjs Vulnerability: Remote Code Execution (RCE) via MITM Attack in nodeschnaps Vulnerability: Remote Code Execution (RCE) via MITM Attack in macaca-chromedriver-zxa Vulnerability: Remote Code Execution (RCE) via MITM Attack in selenium-chromedriver Vulnerability: Remote Code Execution (RCE) via MITM Attack in headless-browser-lite Vulnerability: Remote Code Execution (RCE) via MITM Attack in mystem3 Vulnerability: Remote Code Execution (RCE) via MITM Attack in scala-bin Vulnerability: Remote Code Execution (RCE) via MITM Attack in selenium-wrapper Vulnerability: Remote Code Execution (RCE) via MITM Attack in nw-with-arm Installer Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Insecure Resource Download in install-g-test: Vulnerability to MITM Attacks Vulnerability: MITM Attack and Remote Code Execution in jvminstall Vulnerability: Remote Code Execution (RCE) via MITM Attack in apk-parser2 Vulnerability: Remote Code Execution (RCE) via MITM Attack in dwebp-bin Vulnerability: Remote Code Execution (RCE) via MITM Attack in scala-standalone-bin Vulnerability: Remote Code Execution (RCE) via Broccoli-Closure Plugin Vulnerability: Remote Code Execution (RCE) via MITM Attack in grunt-ccompiler Vulnerability: Remote Code Execution (RCE) via MITM Attack in haxe-dev Vulnerability: Remote Code Execution (RCE) via MITM Attack in js-given Vulnerability: Remote Code Execution (RCE) via MITM Attack in redis-srvr Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Vulnerability: Remote Code Execution (RCE) via MITM Attack in node-thulac Insecure Resource Download Vulnerability in node-bsdiff-android Vulnerability: Insecure Binary Download in CMake Vulnerability: Remote Code Execution (RCE) via MITM Attack in jstestdriver Vulnerability: Remote Code Execution (RCE) via MITM Attack in slimerjs-edge Vulnerability: Remote Code Execution (RCE) via MITM Attack in grunt-images Vulnerability: Remote Code Execution (RCE) via MITM Attack in resourcehacker Vulnerability: Remote Code Execution (RCE) via MITM Attack in node-air-sdk Vulnerability: Remote Code Execution (RCE) via MITM Attack in marionette-socket-host Vulnerability: Frames-Compiler Binary Resource Download Over HTTP Allows for MITM Attacks and RCE Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Remote Code Execution (RCE) via MITM Attack in ntfserver Vulnerability: Remote Code Execution (RCE) via MITM Attack in webdriver-launcher Vulnerability: MITM Attack Vulnerability in prebuild-lwip Vulnerability: MITM Attack and Remote Code Execution in xd-testing Library Vulnerability: SFML Downloads Resources Over HTTP, Exposing to MITM Attacks Vulnerability: Remote Code Execution (RCE) via MITM Attack in clang-extra Module qbs Build Tool Vulnerable to Remote Code Execution via MITM Attack Vulnerability: Insecure Download of co-cli Module in co-cli-installer Vulnerability: Insecure Resource Download in native-opencv POCO Libraries: Remote Code Execution via MITM Attack Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Remote Code Execution (RCE) via MITM Attack in fis-parser-sass-bin Vulnerability: Remote Code Execution (RCE) via MITM Attack in phantomjs-cheniu Vulnerability: MITM Attack and Remote Code Execution in Tomita Parser Vulnerability: Remote Code Execution (RCE) via MITM Attack in wixtoolset Vulnerability: Remote Code Execution (RCE) via MITM Attack in mystem Vulnerability: Remote Code Execution (RCE) via MITM Attack in herbivore 0.0.3 and below Vulnerability: Remote Code Execution (RCE) via MITM Attack in tomita-parser Vulnerability: Remote Code Execution (RCE) via MITM Attack in selenium-portal Vulnerability: Remote Code Execution (RCE) via MITM Attack in libsbml Vulnerability: Insecure Binary Resource Downloads in soci Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Windows Selenium Jar Mirror Downloads Over HTTP, Allowing MITM Attacks and RCE Vulnerability: Remote Code Execution (RCE) via MITM Attack in mystem-wrapper Vulnerability: Remote Code Execution (RCE) via MITM Attack in cloudpub-redis Vulnerability: Insecure HTTP Downloads in ipip-coffee Vulnerability: Remote Code Execution (RCE) via MITM Attack in limbus-buildgen Vulnerability: Remote Code Execution (RCE) via MITM Attack in libsbmlsim Vulnerability: Remote Code Execution (RCE) via MITM Attack in rs-brightcove Vulnerability: Man-in-the-Middle (MITM) Attack in google-closure-tools-latest Vulnerability: Remote Code Execution (RCE) via MITM Attack in serc.js Vulnerability: Insecure Resource Download in selenium-standalone-painful Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Insecure Download of GeoIP Resources in adamvr-geoip-lite Vulnerability: Remote Code Execution (RCE) via MITM Attack in roslib-socketio Vulnerability: Massif Phantomjs Fork HTTP Resource Download MITM Attack and Remote Code Execution (RCE) Vulnerability: Insecure Resource Downloads in Arcanist Vulnerability: HealthCenter Agent Downloads Binary Resources Over HTTP, Allowing MITM Attacks Vulnerability: Remote Code Execution (RCE) via MITM Attack in pk-app-wonderbox Vulnerability: Remote Code Execution (RCE) via MITM Attack in fis-sass-all Vulnerability: MITM Attack and Remote Code Execution in windows-selenium-chromedriver Haxe 3: Remote Code Execution via HTTP Resource Download Vulnerability Vulnerability: Remote Code Execution (RCE) via MITM Attack in windows-iedriver module Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Vulnerability: Remote Code Execution (RCE) via MITM Attack in openframe-ascii-image Vulnerability: MITM Attack and Remote Code Execution in windows-seleniumjar Vulnerability: Remote Code Execution (RCE) via MITM Attack in Haxeshim Vulnerability: Remote Code Execution (RCE) via MITM Attack in pm2-kafka Vulnerability: Insecure Binary Download in alto-saxophone Vulnerability: MITM Attack and Remote Code Execution in npm-test-sqlite3-trunk Vulnerability: Insecure Resource Download in windows-latestchromedriver Vulnerability: Insecure Resource Download in react-native-baidu-voice-synthesizer Vulnerability: Remote Code Execution (RCE) via MITM Attack in mystem-fix Persistent XSS Vulnerability in D-Link DSL-2740E 1.00_BG_20150720: Remote Unauthenticated User Exploitation through Username and Password Fields Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Incomplete Fix for CVE-2016-2313 Allows Bypass of Access Restrictions in Cacti before 1.0.0 CSRF Vulnerability in Hitachi Vantara Pentaho BA Platform through 8.0 UUID Manipulation Vulnerability in Pebble Smartwatch Devices Regular Expression Denial of Service (ReDoS) Vulnerability in ecstatic npm Package XSS Vulnerability in Magento Email Templates (APPSEC-1503) XSS Vulnerability in Jetpack Plugin's Likes Module XSS Vulnerability in Jetpack Plugin for WordPress via Crafted Vimeo Link Vulnerability: Denial of Service (DoS) in jQuery 3.0.0-rc.1 OpenSSH Denial of Service Vulnerability via Out-of-Sequence NEWKEYS Message Arbitrary OS Command Execution in pfSense before 2.3 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 Sequential DataFieldId Vulnerability Apsis Pound before 2.8a Request Smuggling Vulnerability Arbitrary Metadata Manipulation in PHP Stream Handling Out-of-Bounds Access in GNU Patch's pch_write_line() Function Leading to DoS Off-by-one Error in zsh Before 5.3 Leads to Undersized Buffer Vulnerability Artezio Kanban Board Plugin 1.4 Revision 1914 for Atlassian Jira XSS Vulnerability XSS Vulnerability in Mail.ru Calendar Plugin for Atlassian Jira Vulnerability in Malwarebytes Anti-Malware Allows Unauthorized Execution and Access Denial of Service Vulnerability in Brave Browser before 0.13.0 XSS Vulnerability in TP-Link Archer CR-700 1.0.6 Allows Cookie Information Theft Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow Vulnerability in partclone.restore in Partclone 0.2.87 Heap-based Buffer Overflow in Partclone FAT Superblock Validation Linux Kernel Local Denial of Service Vulnerability Denial of Service Vulnerability in Bitcoin Core and Bitcoin Knots Vulnerability: Non-Final Alert Blocking Final Alert in Bitcoin Core Directory Traversal Vulnerability in DSpace XMLUI Feature Improper Handling of Cleartext Passwords in GNOME evolution-data-server ICMPv4 Error Packet Confusion in Suricata Command Injection Vulnerability in Amanda 3.3.1 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Privilege Escalation Vulnerability in Amanda 3.3.1 SQL Injection Vulnerability in ProjectSend (formerly cFTP) r582 Authentication Bypass Vulnerability in ProjectSend (formerly cFTP) r582 Directory Traversal Vulnerability in ProjectSend (formerly cFTP) r582 Insecure Direct Object Reference in ProjectSend (formerly cFTP) r582 via includes/actions.log.export.php XSS Vulnerability in Bootstrap's data-target Attribute Cross-Site Scripting (XSS) Vulnerability in Social Pug - Easy Social Share Buttons Plugin for WordPress XSS Vulnerability in Serendipity 2.0.4 via serendipity_admin.php serendipity[body] Parameter CSRF Vulnerability in Zenbership v107 via admin/cp-functions/event-add.php Vulnerability: Misleading Parsing of IPv4 Address in getaddrinfo Function Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat LDAP Password Disclosure Vulnerability in Atlassian Crowd Race condition in Linux kernel before 4.9.3 leads to denial of service through I/O race in XFS file system Open Redirect Vulnerability in Zabbix Insecure PRNG Usage in hostapd Before 2.6 XSS Vulnerability in Select2 through 4.0.5 with Ajax Remote Data Loading and HTML Templates Sandbox Escape Vulnerability in Pallets Jinja before 2.8.1 libvirt before 1.3.1 Vulnerability: Improper Access Control in virDomainGetTime API Calls Buffer Over-read Vulnerability in cJSON's parse_string Function Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Remote Code Execution via Java Deserialization in Hazelcast Cluster Join Procedure Directory Traversal Vulnerability in osClass 3.6.1 Allows Remote PHP Code Execution Arbitrary PHP Code Execution in Serendipity 2.0.3 via serendipity_moveMediaDirectory Vulnerability Unsecured unserialize in e107 2.1.2 leads to PHP Object Injection and SQL Injection SQL Injection in Vtiger CRM 6.5.0 via contactidlist parameter in modules/Calendar/Activity.php SQL Injection Vulnerability in AbanteCart 1.2.8 Arbitrary File Upload Vulnerability in Kliqqi 3.0.0.5 Arbitrary Remote Code Execution via CSRF in Redaxo 5.2.0 Cron Management Arbitrary File Upload Vulnerability in PHPKIT 1.6.6 Arbitrary Code Execution Vulnerability in Precurio 2.1 Xinha Plugin Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Command Injection Vulnerability in Seowon Intech Routers' diagnostic.cgi MouseJack: Keystroke Injection Vulnerability in Logitech Unifying Devices CSV Injection Vulnerability in CampTix Event Ticketing Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in CampTix Event Ticketing Plugin for WordPress Off-by-one vulnerability in cqspi_setup_flash() function in Linux kernel before 4.9.6 Account Activation Spoofing Vulnerability in edx-platform CSRF Vulnerability in edx-platform before 2016-06-06 Stored XSS Vulnerability in cPanel's WHM Repair Mailbox Permissions Interface (SEC-159) Insecure File-Overwrite Operations in cPanel (SEC-161) Open Redirect Vulnerability in cPanel FormMail-clone.cgi (SEC-162) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary File-Overwrite Vulnerability in cPanel (SEC-164) Insecure File Operations in cPanel (SEC-165) Insecure Feature-List Enforcement in cPanel (SEC-168) Format-String Injection Vulnerability in cPanel Exception-Message Handling (SEC-171) Self XSS vulnerability in cPanel's tail_ea4_migration.cgi interface (SEC-172) Arbitrary File-Chown Vulnerability in cPanel (SEC-173) Stored XSS Vulnerability in cPanel during WHM Account Termination (SEC-174) Self XSS vulnerability in cPanel's WHM Tweak Settings for autodiscover_host (SEC-177) Self-stored XSS vulnerability in cPanel listftpstable API (SEC-178) Stored XSS Vulnerability in cPanel's api1_listautoresponders (SEC-179) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Stored XSS Vulnerability in cPanel FTP Sessions API (SEC-180) Self XSS vulnerability in cPanel UI_confirm API (SEC-180) Self-stored XSS vulnerability in cPanel before 60.0.25 via postgres API1 listdbs (SEC-181) Self-stored XSS vulnerability in cPanel SSL_listkeys (SEC-182) Self XSS vulnerability in cPanel alias upload interface (SEC-184) File Content Disclosure Vulnerability in cPanel (SEC-185) Insecure File Permissions in cPanel Allow Unauthorized Access to SSL Keys (SEC-186) Insecure Host Access Control in cPanel before 60.0.25 (SEC-187) Arbitrary Code Execution Vulnerability in cPanel (SEC-188) Remote Code Execution Vulnerability in cPanel (SEC-191) Unspecified Memory Disclosure Vulnerability in Adobe Reader and Acrobat Insecure Transmission of Data in cPanel's listinput.cpanel.net (SEC-192) Insecure System Account Passwords in cPanel (CPANEL-9559) Code Execution via Mailman List Archives in cPanel (SEC-141) Arbitrary Code Execution Vulnerability in cPanel Mail::SPF Scripts (SEC-152) Arbitrary File-Read Vulnerability in cPanel (SEC-154) Stored XSS Vulnerability in cPanel WHM tail_upcp2.cgi Interface (SEC-156) Weak Permissions for Apache HTTP Server Log Files in cPanel (SEC-130) Server Domain Enumeration Vulnerability in cPanel WHM Purchase and Install an SSL Certificate Page (SEC-133) File-Ownership Change Vulnerability in cPanel (SEC-134) Insecure Temporary Directory Configuration in cPanel (SEC-137) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Demo-mode escape vulnerability in cPanel before 58.0.4 via Site Templates and Boxtrapper API calls (SEC-138) Improper Session Handling in cPanel (SEC-139) Code Execution Vulnerability in cPanel PHP CGI Handler (SEC-142) Newline Injection Vulnerability in cPanel (CPANEL-6923) Arbitrary File-Overwrite Vulnerability in cPanel's SQLite Journal Feature during Horde Restore (SEC-58) Arbitrary Code Execution Vulnerability in cPanel (SEC-109) Self XSS vulnerability on cPanel Paper Lantern Landing Page (SEC-110) Denial-of-Service Vulnerability in cPanel (SEC-112) Exposure of TTYs in cPanel before version 57.9999.54 (SEC-113) TTY Exposure Vulnerability in cPanel's /scripts/checkinfopages (SEC-114) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat TTY Exposure Vulnerability in cPanel's /scripts/maildir_converter (SEC-115) Exposure of TTYs in cPanel's /scripts/unsuspendacct (SEC-116) vulnerability TTY Exposure in cPanel's /scripts/enablefileprotect (SEC-117) Self XSS vulnerability during FTP account creation under addon domains in cPanel (SEC-118) Demo-mode escape vulnerability in cPanel before 57.9999.54 via show_template.stor (SEC-119) Arbitrary File-Read Vulnerability in cPanel Branding APIs (SEC-120) Arbitrary Code Execution Vulnerability in cPanel Webmail Forwarders (SEC-121) SQL Injection Vulnerability in cPanel's ModSecurity TailWatch Log File (SEC-123) Improper Log File Permissions in cPanel (SEC-124) World-readable log files vulnerability in cPanel before version 57.9999.54 (SEC-125) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Insecure TTY Access in cPanel (SEC-31) Command-Line Password Exposure in cPanel Scripts/Addpop (SEC-75) Self XSS vulnerability in cPanel's X3 Reseller Branding Images (SEC-88) Arbitrary Code Execution Vulnerability in cPanel (SEC-89) Unauthenticated Arbitrary Code Execution via DNS NS Entry Poisoning in cPanel (SEC-90) Bypassing Security Policy by Faking Static Documents in cPanel (SEC-92) Bypassing Two Factor Authentication via DNS Clustering Requests in cPanel (SEC-93) Self-stored XSS vulnerability in cPanel's WHM Edit System Mail Preferences (SEC-96) Unsafe @INC Path Vulnerability in cPanel (SEC-97) Arbitrary File-Read Vulnerability in cPanel (SEC-99) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat ACL Bypass Vulnerability in cPanel (SEC-100) Inadequate Two-Factor Authentication Check in cPanel (SEC-101) FTP cPHulk Bypass via Account Name Munging in cPanel (SEC-102) Username-based blocking vulnerability in cPanel's cPHulkd (SEC-104) FTP Account Suspension Bypass Vulnerability in cPanel (SEC-105) cPanel Vulnerability: POP/IMAP cPHulk Bypass via Account Name Munging (SEC-107) Arbitrary File-Read Vulnerability in cPanel Authentication with Caldav (SEC-108) Unsafe @INC Path Vulnerability in cPanel (SEC-46) Arbitrary File-Read Vulnerability in cPanel (SEC-70) SQL Injection Vulnerability in cPanel's bin/horde_update_usernames (SEC-71) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in cPanel Locale Duplication (SEC-72) cPanel Vulnerability: Password Hash Disclosure in bin/mkvhostspasswd Script (SEC-73) File Read Vulnerability in cPanel bin/setup_global_spam_filter.pl (SEC-74) Code Execution Vulnerability in cPanel JSON-API (SEC-76) Password Hash Disclosure Vulnerability in cPanel (SEC-77) Arbitrary File-Overwrite Vulnerability in cPanel (SEC-78) Arbitrary File-Chown and File-Chmod Vulnerability in cPanel (SEC-79) Arbitrary File-Read and File-Write Vulnerability in cPanel (SEC-80) Arbitrary File-Overwrite Vulnerability in cPanel (SEC-81) Insecure File Permissions in cPanel's secureit Script (SEC-82) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in cPanel (SEC-83) Self XSS vulnerability in cPanel's WHM PHP Configuration editor interface (SEC-84) ACL Enforcement Vulnerability in cPanel AppConfig Subsystem (SEC-85) Stored XSS Vulnerability in cPanel WHM Feature Manager Interface (SEC-86) Self XSS vulnerability in cPanel X3 Entropy Banner interface (SEC-87) Unauthenticated Arbitrary Code Execution in cPanel (SEC-91) Sensitive Data Exposure in cPanel Subaccounts through Comet Feeds (SEC-29) Bypassing Email Sending Limit in cPanel (SEC-60) Unauthenticated Arbitrary Code Execution via DNS NS Entry Poisoning in cPanel (SEC-64) Unauthorized Password Changes via cPanel Webmail API Commands (SEC-65) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unauthorized Zone Modification Vulnerability in cPanel (SEC-66) CSRF Vulnerability in Neet AirStream NAS1.1 Devices Allows Unauthorized AP Name and Password Modification Insecure Default Root Password on Neet AirStream NAS1.1 Devices Edimax Wi-Fi Extender Devices Vulnerability: CSRF Exploit and PSK Key Disclosure Cross-Site Scripting (XSS) Vulnerability in NETGEAR EX7000 V1.0.0.42_1.0.94 Devices via SSID Cross-Site Request Forgery (CSRF) Vulnerability in Lightbox Plus Colorbox Plugin for WordPress Multiple XSS Vulnerabilities in all-in-one-wp-security-and-firewall Plugin for WordPress (before 4.2.0) XSS Vulnerability in all-in-one-wp-security-and-firewall Plugin for WordPress XSS Vulnerability in all-in-one-wp-security-and-firewall Plugin for WordPress XSS Vulnerability in contact-form-plugin Plugin for WordPress (<= 4.0.2) Untrusted Search Path Privilege Escalation Vulnerability in Adobe Reader and Acrobat XSS Vulnerability in Google Language Translator Plugin for WordPress XSS Vulnerability in Mailchimp for WP Plugin Integration Settings Page XSS Vulnerability in Ultimate Member Plugin for WordPress Login Form XSS Vulnerability in wp-database-backup Plugin for WordPress CSRF Vulnerability in wp-database-backup Plugin for WordPress XSS Vulnerability in wp-database-backup Plugin for WordPress CSRF Vulnerability in wp-database-backup Plugin for WordPress Multiple XSS Vulnerabilities in wp-editor Plugin for WordPress (Version 1.2.6.3 and Earlier) XSS Vulnerability in wp-google-map-plugin Plugin for WordPress XSS Vulnerability in wp-live-chat-support Plugin for WordPress Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat XSS Vulnerability in Google Document Embedder Plugin for WordPress XSS Vulnerability in Google Document Embedder Plugin for WordPress CSRF Vulnerability in Google Document Embedder Plugin for WordPress CSRF Vulnerability in Simple-Add-Pages-or-Posts Plugin for WordPress Multiple CSRF Issues in Simple-Membership Plugin for WordPress (<=3.3.3) CSRF Vulnerability in wp-editor Plugin for WordPress Incorrect Permissions in wp-editor Plugin for WordPress (Version 1.2.6 and earlier) Multiple SQL Injection Vulnerabilities in all-in-one-wp-security-and-firewall Plugin for WordPress Multiple SQL Injection Vulnerabilities in all-in-one-wp-security-and-firewall Plugin for WordPress SQL Injection Vulnerability in NextGen Gallery Plugin for WordPress Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X XSS Vulnerability in Aryo Activity Log Plugin for WordPress XSS Vulnerability in aryo-activity-log WordPress Plugin (<=2.3.3) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Chained-Quiz Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Crayon Syntax Highlighter Plugin for WordPress Vulnerability: xtrlock Allows Unauthorized Input via Multitouch Events XSS Vulnerability in Option-Tree Plugin for WordPress (CVE-XXXX-XXXX) Stored XSS Vulnerability in SEO-Redirection Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sermon-Browser Plugin for WordPress XSS Vulnerability in Total-Security Plugin for WordPress (Before 3.4.1) Total-Security Plugin Settings Change Vulnerability in WordPress Untrusted Search Path Privilege Escalation Vulnerability in Adobe Reader and Acrobat XSS Vulnerability in uji-countdown Plugin for WordPress XSS Vulnerability in wp-customer-reviews Plugin Admin Tools CSRF Vulnerability in wp-customer-reviews Plugin for WordPress CSRF Vulnerability in GoDaddy Email Marketing Sign-Up Forms Plugin for WordPress Critical SQL Injection Vulnerability in Olimometer Plugin for WordPress Use-after-free vulnerability in gfs2_clear_rgrpd and read_rindex_entry functions in Linux kernel before 4.8 Race Condition Leading to Use-After-Free in arc_emac_tx and arc_emac_tx_clean Functions Out of Bounds Write Vulnerability in ad5755_parse_dt Function XSS Vulnerability in Booking-Calendar-Contact-Form Plugin for WordPress SQL Injection Vulnerability in Booking-Calendar-Contact-Form Plugin for WordPress Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Multiple XSS Vulnerabilities in Formbuilder Plugin for WordPress (Version 1.06 and Earlier) Multiple XSS Vulnerabilities in Profile-Builder Plugin for WordPress (<=2.4.2) XSS Vulnerability in universal-analytics Plugin for WordPress (Version < 1.3.1) XSS Vulnerability in wp-latest-posts Plugin for WordPress (Version 3.7.5 and earlier) CSRF Vulnerability in Add-From-Server Plugin for WordPress CSRF Vulnerability in Popup-by-Supsystic Plugin for WordPress SQL Injection Vulnerability in Appointment-Booking-Calendar Plugin for WordPress SQL Injection Vulnerability in Search-Everything Plugin for WordPress (Versions prior to 8.1.6) CSRF Vulnerability in Gallery by Supsystic Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Wassup Plugin for WordPress (Versions prior to 1.9.1) Unspecified Memory Disclosure Vulnerability in Adobe Reader and Acrobat XSS Vulnerability in gnucommerce Plugin for WordPress (Version 0.5.7-BETA and earlier) SQL Injection Vulnerability in Gallery-Photo-Gallery Plugin for WordPress Privilege Escalation Vulnerability in WooCommerce Store Toolkit Plugin Privilege Escalation Vulnerability in WooCommerce Store Toolkit Plugin Directory Traversal Vulnerability in WordPress Ebook-Download Plugin XSS Vulnerability in peters-login-redirect Plugin for WordPress SSRF Vulnerability in nelio-ab-testing Plugin for WordPress SSRF Vulnerability in nelio-ab-testing Plugin for WordPress Hardcoded Password Vulnerability in onelogin-saml-sso Plugin for WordPress Unauthenticated File Reading Vulnerability in Advanced AJAX Page Loader Plugin for WordPress Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Insecure Direct Object Reference in wp-support-plus-responsive-ticket-system Plugin SSL/TLS Man-in-the-Middle Vulnerability in Rust OpenSSL Crate HTTPS Man-in-the-Middle Vulnerability in hyper Crate for Rust on Windows Man-in-the-Middle Vulnerability in PortAudio Crate XSS Vulnerability in Check-Email Plugin for WordPress (Version < 0.5.2) Privilege Escalation Vulnerability in WooCommerce Exporter Plugin for WordPress XSS Vulnerability in wp-polls Plugin for WordPress (Version < 2.73.1) via Poll Bar Option SSL Certificate Hostname Validation Bypass in IMAPFilter 2.6.12 CSRF Vulnerability in Copy-Me Plugin 1.0.0 for WordPress Allows Unauthorized Copying of Non-Public Posts SQL Injection Vulnerability in xtremelocator Plugin 1.5 for WordPress Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X SQL Injection Vulnerability in zm-gallery Plugin 1.0 for WordPress XSS Vulnerability in Podlove Podcasting Plugin for WordPress SQL Injection Vulnerability in Podlove Podcasting Plugin for WordPress SQL Injection Vulnerability in zx-csv-upload Plugin for WordPress CSRF Vulnerability in Multisite Post Duplicator Plugin for WordPress CSRF Vulnerability in PageLines Theme 1.1.4 for WordPress CSRF Vulnerability in wp-d3 Plugin for WordPress SQL Injection Vulnerability in Post Indexer Plugin for WordPress Unserialize Function Vulnerability in Post Indexer Plugin for WordPress SQL Injection and Unsafe Unserialization in Relevanssi Premium Plugin for WordPress Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat SQL Injection Vulnerability in Sirv Plugin for WordPress (<=1.3.2) via id Parameter SQL Injection Vulnerability in fs-shopping-cart Plugin 2.07.02 for WordPress XSS Vulnerability in Quotes-Collection Plugin for WordPress XSS Vulnerability in Headway Theme License Key Field Unrestricted File Upload Vulnerability in Neosense Theme for WordPress Unrestricted File Upload Vulnerability in cysteme-finder Plugin for WordPress Local File Inclusion Vulnerability in Mail-Masta Plugin 1.0 for WordPress XSS Vulnerability in Akal WordPress Theme's preview.php sc Parameter Unauthenticated Arbitrary File Upload Vulnerability in Estatik Plugin for WordPress Authenticated Arbitrary File Upload Vulnerability in Estatik Plugin for WordPress Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Remote Code Execution Vulnerability in wsecure Plugin for WordPress XSS Vulnerability in Colorway Theme for WordPress (Version < 3.4.2) via contactName Parameter CSRF Vulnerability in Icegram Plugin for WordPress (Version < 1.9.19) XSS Vulnerability in Icegram Plugin for WordPress (Version 1.9.19 and earlier) XSS Vulnerability in dwnldr Plugin for WordPress via User-Agent Header Directory Traversal Vulnerability in real3d-flipbook-lite Plugin 1.0 for WordPress Directory Traversal Vulnerability in real3d-flipbook-lite Plugin 1.0 for WordPress XSS Vulnerability in real3d-flipbook-lite Plugin 1.0 for WordPress PeepSo-Core Plugin Privilege Escalation Vulnerability XSS Vulnerability in Supportflow Plugin for WordPress via Discussion Ticket Title Unspecified Vulnerability in Adobe Flash Player 21.0.0.213 and Earlier with Unknown Impact and Attack Vectors XSS Vulnerability in Supportflow Plugin for WordPress (Version < 0.7) via Ticket Excerpt Incorrect Login Access Control in MemberSonic Lite Plugin for WordPress Critical Security Vulnerability in Newspaper Theme for WordPress: Lack of Options Access Control via td_ajax_update_panel Cross-Site Scripting (XSS) Vulnerability in Brafton WordPress Plugin Fluid-Responsive-Slideshow Plugin for WordPress: CSRF and Stored XSS Vulnerability Reflected XSS Vulnerability in Fluid-Responsive-Slideshow Plugin for WordPress Unauthenticated XSS Vulnerability in Safe-Editor Plugin for WordPress Directory Traversal Vulnerability in nelio-ab-testing Plugin for WordPress CSRF Vulnerability in fossura-tag-miner Plugin for WordPress XSS Vulnerability in fossura-tag-miner Plugin for WordPress Unspecified Vulnerability in Adobe Flash Player 21.0.0.213 and Earlier with Unknown Impact and Attack Vectors XSS Vulnerability in Kento Post View Counter Plugin for WordPress Stored XSS Vulnerability in kento-post-view-counter Plugin for WordPress CSRF Vulnerability in kento-post-view-counter Plugin for WordPress Unrestricted Data Export Vulnerability in Ghost Plugin for WordPress XSS Vulnerability in Echosign Plugin for WordPress (Version 1.2 and earlier) XSS Vulnerability in Echosign Plugin for WordPress (Version 1.2 and earlier) via templates/add_templates.php XSS Vulnerability in Tweet-Wheel Plugin for WordPress Persian-WooCommerce-SMS Plugin XSS Vulnerability Stored XSS Vulnerability in leenkme Plugin for WordPress Critical CSRF Vulnerability in leenkme WordPress Plugin Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge XSS Vulnerability in wp-cerber Plugin: Exploiting X-Forwarded-For HTTP Header Local File Inclusion Vulnerability in imdb-widget Plugin for WordPress XSS Vulnerability in Music-Store Plugin for WordPress (Version 1.0.43 and below) XSS Vulnerability in ScoreMe WordPress Theme via s Parameter XSS Vulnerability in Truemag Theme 2016 Q2 for WordPress via s Parameter Arbitrary File Upload Vulnerability in Tevolution Plugin for WordPress Incorrect Access Control for Shortcodes in OptinMonster Plugin for WordPress (Version 1.1.4.6) Due to Nonce Leak CSRF Vulnerability in Beauty-Premium Theme 1.0.8 for WordPress Allows Arbitrary File Upload Cross-Site Scripting (XSS) Vulnerability in ocim-mp3 Plugin for WordPress XSS Vulnerability in Goodnews WordPress Theme (s parameter) Unspecified Vulnerability in Adobe Flash Player 21.0.0.213 and Earlier with Unknown Impact and Attack Vectors SQL Injection Vulnerability in wp-ultimate-exporter Plugin for WordPress XSS Vulnerability in User-Submitted-Posts Plugin for WordPress Privilege Escalation Vulnerability in Elegant Themes Extra Theme for WordPress Privilege Escalation Vulnerability in Elegant Themes Bloom Plugin for WordPress Privilege Escalation Vulnerability in Elegant Themes Monarch Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Instalinker Plugin for WordPress Incorrect Access Control in wp-invoice Plugin for WordPress (before 4.1.1) Incorrect Access Control in wp-invoice Plugin Allows Unauthorized Invoice Retrieval Incorrect Access Control in wp-invoice Plugin Allows Unauthorized Payer Metadata Updates Incorrect Access Control in wp-invoice Plugin for WordPress Allows Unauthorized Payer Metadata Updates Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Incorrect Access Control in wp-invoice Plugin Allows Unauthorized Payer Metadata Updates Privilege Escalation in wp-invoice Plugin for WordPress (before 4.1.1) Incorrect Access Control in sola-support-tickets Plugin Leads to XSS Vulnerability XSS Vulnerability in wp-listings Plugin for WordPress (before 2.0.2) in includes/views/single-listing.php Incorrect Access Control in NETGEAR JNR1010 Devices: Exploiting Special Case in Auth Cookie CSRF Vulnerability in NETGEAR JNR1010 Devices Cross-Site Scripting (XSS) Vulnerability in NETGEAR JNR1010 Devices Command Injection Vulnerability in AKIPS Network Monitor 15.37 through 16.5 Unauthenticated SQL Injection in Huge-IT Gallery-Images Plugin Unspecified Vulnerability in Adobe Flash Player 21.0.0.213 and Earlier with Unknown Impact and Attack Vectors Unrestricted Avatar File Extensions in Kunena before 5.0.4: XSS and Remote Code Execution Vulnerability Remote Code Execution Vulnerability in D-Link DCS-930L Devices Remote Code Execution Vulnerability in NETGEAR Prosafe WC9500, WC7600, and WC7520 Devices SQL Injection in ExecuteCountQueryCommand.java in odata4j 0.7.0 SQL Injection in ExecuteJPQLQueryCommand.java in odata4j 0.7.0 Exynos AP Chipsets: Heap-Based Buffer Overflow in OTP Service (SVE-2016-7114) Samsung Mobile Devices BootReceiver System Crash Vulnerability Lock Screen Notification Disclosure Vulnerability Stack-based buffer overflow in OTP TrustZone trustlet on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets) Unprotected Intent Vulnerability in Samsung Mobile Devices (SVE-2016-7301) Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Race condition and heap-based buffer overflow in Samsung mobile devices with MAX86902 sensor driver AntService Vulnerability: System Server Crash and Reboot on Samsung Mobile Devices Sound Functionality Disabling Vulnerability on Samsung Mobile Devices with M(6.0) Software Heap-based Buffer Overflow in tlc_server on Samsung Mobile Devices with M(6.0) Software Samsung Mobile Devices: System Crash Vulnerability via Malformed Image (SVE-2016-6560) Samsung Exynos AP Chipsets: Kernel Crash Vulnerability via fb0(DECON) Frame Buffer Interface (SVE-2016-7011) Samsung Mobile Devices with M(6.0) Software Factory Reset Protection (FRP) Bypass Vulnerability Samsung Mobile Devices: Arbitrary Code Execution and Privilege Escalation via Jack Audio Service (SVE-2016-5953) NULL Pointer Dereference Vulnerability in Samsung Mobile Devices Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Factory Reset Protection (FRP) Bypass Vulnerability on Samsung Mobile Devices with L(5.0/5.1) Software Lockscreen Bypass Vulnerability on Samsung Mobile Devices with KK(4.4) Software Samsung Mobile Devices SIM Lock Bypass Vulnerability S/MIME Implementation Vulnerability on Samsung Mobile Devices with M(6.0) Software Bypassing Application Signature Check on Samsung Mobile Devices Memory Corruption Vulnerability in Samsung Gallery Library (SVE-2016-5317) Samsung Mobile Devices Vulnerability: Unauthorized Access to Radio Layer for Call and SMS Manipulation (SVE-2016-5733) Samsung Mobile Devices Local Privilege Escalation Vulnerability Factory Reset Protection (FRP) Bypass Vulnerability on Samsung Mobile Devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) Software IMEI Retrieval and Modification Vulnerability on Samsung Mobile Devices Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge IMEI Rewrite Vulnerability on Samsung Mobile Devices Memory Corruption Vulnerability in Samsung Mobile Devices with L(5.0/5.1) Software Samsung Mobile Devices Factory Reset Protection (FRP) Bypass Vulnerability Vulnerability: Command Execution and Insecure FTP Root Directory in NETGEAR DGN2200v4 Devices CSRF Vulnerability in Multiple NETGEAR Devices Vulnerability: Anonymous Root Access in NETGEAR Devices Repeated URL Calls Vulnerability in Certain NETGEAR Devices NETGEAR Genie Android App Vulnerability: Hard-coded API Keys and Session ID Mishandling Password Exposure Vulnerability in Multiple NETGEAR Devices Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Insecure Renegotiation Vulnerability in NETGEAR Devices Unauthenticated OS Command Execution in Xerox WorkCentre Devices Email Address Verification Bypass Vulnerability in Mattermost Server Cross-Site Scripting (XSS) Vulnerability in Mattermost Server before 3.5.1 via File Preview Code Injection Vulnerability in Mattermost Desktop App WebSocket Vulnerability in Mattermost Server Unnecessary Personal Information Disclosure in Mattermost Server Denial of Service Vulnerability in Mattermost Server LDAP Injection Vulnerability in Mattermost Server Brute-Force Password Change Vulnerability in Mattermost Server Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Cross-Site Scripting (XSS) Vulnerability in Mattermost Server before 3.1.0 via Theme Color-Code Values Cross-Site Scripting (XSS) Vulnerability in Mattermost Server before 3.1.0 Session ID and Session Token Mishandling Vulnerability Cross-Site Scripting (XSS) Vulnerability in Mattermost Server before 3.0.0 via Legal or Support Setting Password-Reset Link Reuse Vulnerability in Mattermost Server Sensitive Information Disclosure in Mattermost Server API Insecure Cookie Handling in Mattermost Server LDAP Account Name and Email Address Manipulation Vulnerability Sensitive Information Disclosure via System Console UI Cross-Site Scripting (XSS) Vulnerability in Mattermost Server before 3.0.0 via Redirect URL Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Excessive Account Details Exposure in Mattermost Server Unintended Information Disclosure Vulnerability in Mattermost Server Cross-Site Scripting (XSS) Vulnerability in Mattermost Server before 2.2.0 Cross-Site Scripting (XSS) Vulnerability in Mattermost Server Cross-Site Scripting (XSS) Vulnerability via CSRF in Mattermost Server CSRF and Stored XSS Vulnerability in quiz-master-next Plugin for WordPress Unverified Server X.509 Certificate Vulnerability in oauth-ruby Gem Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Double Free Vulnerability in Adobe Reader and Acrobat Unspecified Vector Information Disclosure Vulnerability in Adobe Reader and Acrobat Unspecified Cross-Site Scripting (XSS) Vulnerability in Adobe ColdFusion Arbitrary Command Execution Vulnerability in Adobe ColdFusion X.509 Certificate Wildcard Mishandling Vulnerability in Adobe ColdFusion Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows bypass of JavaScript API execution restrictions Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Buffer Overflow in CL_vsprintf Function in Takumi Yamada DX Library 3.16: Remote Code Execution Vulnerability Insecure SSL Certificate Verification in Shoplat App for iOS 1.10.00 through 1.18.00 CRLF Injection Vulnerability in H2O's on_req Function Arbitrary User Authentication Hijacking Vulnerability on BUFFALO Devices Arbitrary web script injection vulnerability in BUFFALO BHR-4GRV2, WEX-300, WHR-1166DHP, WHR-300HP2, WHR-600D, WMR-300, WMR-433, and WSR-1166DHP devices with outdated firmware Arbitrary Code Injection Vulnerability in KDDI HOME SPOT CUBE Devices Open Redirect Vulnerability on KDDI HOME SPOT CUBE Devices before 2 CRLF Injection Vulnerability in KDDI HOME SPOT CUBE Devices CSRF Vulnerability in KDDI HOME SPOT CUBE Devices Clickjacking Vulnerability in KDDI HOME SPOT CUBE Devices Remote Command Execution Vulnerability in KDDI HOME SPOT CUBE Devices Arbitrary OS Command Execution in Seeds acmailer Unspecified Cross-Site Scripting (XSS) Vulnerability in Vine MV before 2015-11-08 Arbitrary Web Script Injection Vulnerability in JOB-CUBE -JOB WEB SYSTEM WebManager Directory Traversal Vulnerability in NEC EXPRESSCLUSTER X SSL Certificate Verification Bypass in Akerun - Smart Lock Robot App for iOS Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Office 9.0.0 through 10.3.0 Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Office 9.0.0 through 10.3.0 Cross-Site Request Forgery (CSRF) Vulnerabilities in Cybozu Office 9.9.0 through 10.3.0: Remote Authentication Hijacking Unspecified Access Restriction Bypass Vulnerability in Cybozu Office 9.9.0 through 10.3.0 Denial of Service Vulnerability in Cybozu Office 9.9.0 through 10.3.0 SQL Injection Vulnerability in Cuore EC-CUBE Help Plug-in 1.3.5 and Earlier HTTP Header Injection Vulnerability in URLConnection Class in Android OS 2.2 through 6.0 Timeline Display Vulnerability in LINE Messaging App Arbitrary Web Script Injection in Script* Log-Chat before 2.0 CSRF Vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL Devices Allows Remote Authentication Hijacking Sensitive Information Disclosure in ZOHO Password Manager Pro (PMP) 8.3.0 and 8.4.0 Arbitrary Script Injection in WP Favorite Posts Plugin for WordPress CSRF Vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500) CSRF Vulnerability on NEC Aterm WG300HP Devices: Remote Authentication Hijacking CSRF Vulnerability in NEC Aterm WF800HP Devices: Remote Authentication Hijacking Arbitrary Code Injection through Cross-Site Scripting (XSS) in Casebook Plugin for baserCMS CSRF Vulnerability in Casebook Plugin for baserCMS Allows Remote Authentication Hijacking Arbitrary Code Injection through Cross-Site Scripting (XSS) in Recruit Plugin for baserCMS CSRF Vulnerability in Recruit Plugin for baserCMS Allows Remote Authentication Hijacking Arbitrary Code Injection through Menubook Plugin in baserCMS CSRF Vulnerability in Menubook Plugin for baserCMS Allows Remote Authentication Hijacking CSRF Vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 Remote Code Execution Vulnerability in Sharp EVA Animeter ActiveX Control Clickjacking Vulnerability in Falcon WisePoint and WisePoint Authenticator Session Management Vulnerability in a-blog cms 2.6.0.1 and Earlier Arbitrary Web Script Injection in Appleple A-Blog CMS Comment Functionality Arbitrary Code Injection through Cyber-Will Social-button Premium Plugin in EC-CUBE 2.13.x Remote Code Execution Vulnerability in Apache Struts 1.x through 1.3.10 Cross-Site Scripting (XSS) and Denial of Service (DoS) Vulnerability in Apache Struts 1 ActionServlet Arbitrary File Read Vulnerability in NTT Data TERASOLUNA Server Framework for Java SSL Certificate Validation Bypass in Tokyo Star Bank Mobile Apps Authentication Token Exposure in Cybozu Kintone Mobile Application for Android SSL Certificate Verification Bypass in Kintone Mobile for Android 1.0.0 - 1.0.5 SSL Certificate Verification Bypass in Cybozu KUNAI for iPhone and Android Email Spoofing Vulnerability in Cybozu Garoon 3.x and 4.x Bypassing Portlet Restrictions in Cybozu Garoon 3.x and 4.x Bypassing MultiReport Reading Restrictions in Cybozu Garoon 3.1 through 4.2 Directory Traversal Vulnerability in Cybozu Garoon Allows Remote Settings Modification Directory Traversal Vulnerability in Cybozu Garoon 3.7 through 4.2 Allows Unauthorized Log File Access Unspecified Remote Information Disclosure Vulnerability in Cybozu Garoon 3.7 through 4.2 Denial of Service Vulnerability in Cybozu Garoon before 4.2.1 Open Redirect Vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 Information Disclosure Vulnerability in Cybozu Garoon 3.x and 4.x Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Garoon 4.x before 4.2.1 SSL Certificate Verification Bypass in Photopt for Android before 2.0.1 Bypassing IP Address Restrictions in LOCKON EC-CUBE 3.0.0 through 3.0.9 Unspecified Access Restriction Bypass Vulnerability in LOCKON EC-CUBE 3.0.7 through 3.0.9 CSRF Vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 Allows Remote Administrator Authentication Hijacking Untrusted Search Path Vulnerability in Atom Electron: Privilege Escalation via Trojan Horse Node.js Module Man-in-the-Middle File Execution Vulnerability in SaAT Netizen Installer and SaAT Netizen Arbitrary Web Script Injection in EC-CUBE Shiro8 and Itemdetail_freearea_addition_plugin Plugins Unrestricted PIN Guessing Vulnerability in I-O DATA DEVICE WN-GDN/R3 Series Arbitrary Web Script Injection Vulnerability in I-O DATA DEVICE WN-G300R Series Remote Code Disclosure Vulnerability in Apple FileMaker Server Remote PHP Object Injection Vulnerability in Ninja Forms Plugin for WordPress Unverified X.509 Certificates in 105 BANK App for Android and iOS: A Man-in-the-Middle Vulnerability Arbitrary Web Script Injection Vulnerability in Epoch Web Mailing List 0.31 and Earlier Arbitrary File Read Vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and Earlier Arbitrary Website Redirection Vulnerability in Cybozu Garoon Scheduler Function Cross-Site Scripting (XSS) Vulnerability in Cybozu Garoon 4.2.2 and Earlier User Details Cross-Site Scripting (XSS) Vulnerability in Cybozu Garoon XSS Vulnerability in Cybozu Garoon's New Appointment Function XSS Vulnerability in Cybozu Garoon's Check Available Times Function Critical SQL Injection Vulnerability in Cybozu Garoon before 4.2.2 Authentication Bypass Vulnerability in Cybozu Garoon before 4.2.2 Improper Access Restriction in Cybozu Garoon before 4.2.2 Unverified X.509 Certificates Vulnerability in Jetstar App for iOS Arbitrary Web Script Injection in Kobe Beauty php-contact-form Arbitrary File Read Vulnerability in Trend Micro Office Scan, Worry-Free Business Security Service, and Worry-Free Business Security CRLF Injection and XSS Vulnerability in Trend Micro Worry-Free Business Security Service and Worry-Free Business Security Arbitrary File Read Vulnerability in Trend Micro Internet Security 8 and 10 Arbitrary Web Script Injection Vulnerability in Trend Micro Internet Security 8 and 10 Remote Code Execution Vulnerability in NTT Hikari Denwa Routers CSRF Vulnerability in NTT EAST and NTT WEST Hikari Denwa Routers HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection in NTT PC Communications WebARENA Service formmail before 2.2.1 Prosody 0.9.x Directory Traversal Vulnerability Insecure Random Token Generation in mod_dialback Module World-writable permissions on /dev/cuse character device in Debian fuse package Stack-based Buffer Overflow in GNU C Library (glibc) Allows Denial of Service via Long Name OpenSSH Options Vulnerability in OAR before 2.5.7 Cross-Site Scripting (XSS) Vulnerabilities in WebSVN Allow Arbitrary Code Injection via File and Directory Names Bypassing File-Permission Restrictions in Linux Kernel's nfsd Vulnerability: Privilege Escalation via Trojan Horse Module Untrusted Code Loading Vulnerability in Duck before 0.10 Local Privilege Escalation via Symlink Attack on Tomcat Catalina Log File User Password Hash Disclosure Vulnerability in Tryton Arbitrary File Read Vulnerability in Tryton Remote Code Execution Vulnerability in unADF's extractTree Function Remote Code Execution Vulnerability in unADF's extractTree Function Stack-based Buffer Overflow in Quagga's Zebra Daemon Buffer Overflow in DBD::mysql Module Allows Denial of Service Privilege escalation vulnerability via symlink attack on nginx error log Arbitrary Code Execution via Modeline in Vim (CVE-2016-1248) Denial of Service Vulnerability in DBD::mysql Perl Module Use-after-free vulnerability in DBD::mysql Insecure Repository-Signing Protection Bypass Vulnerability Arbitrary Command Execution Vulnerability in The Most Package Denial of Service Vulnerability in Tor 0.2.8.12 Privilege escalation vulnerability in pg_ctlcluster script allows local users to gain root privileges Juniper Junos OS Multiple Versions IGMPv3 Malformed Packet Denial of Service Vulnerability Denial of Service Vulnerability in Juniper Junos OS with LDP Denial of Service vulnerability in Embedthis Appweb in Juniper Junos OS Denial of Service Vulnerability in Juniper Junos OS on EX4300 Series Switches J-Web Vulnerability: Cross-Site Request Forgery (CSRF) and Denial of Service (DoS) Denial of Service Vulnerability in Juniper Junos OS with RTSP ALG Enabled Denial of Service Vulnerability in Juniper Junos OS Race condition vulnerability in Op command in Juniper Junos OS Remote Code Execution and Unauthorized Access Vulnerability in Junos Space Race condition vulnerability in Juniper Junos OS before 16.1R1 allows local users to read, delete, or modify arbitrary files Denial of Service Vulnerability in Juniper ScreenOS Administrative Web Services Interface Denial of Service Vulnerability in Juniper Junos OS Denial of Service Vulnerability in Juniper Junos OS Privilege Escalation Vulnerability in Juniper Junos OS Insufficient Entropy Vulnerability in Juniper Junos OS on QFX5100 and QFX10002 Switches Denial of Service Vulnerability in Juniper Junos OS 14.1X53 Vulnerability: Information Disclosure in Juniper Junos OS with VPLS Routing-Instances Denial of Service Vulnerability in Juniper Junos OS with Enabled ALGs Denial of Service Vulnerability in Juniper Junos OS with GRE or IPIP Tunnel Authentication Bypass Vulnerability in Juniper Junos OS Unspecified Remote Code Execution Vulnerability in J-Web Interface of Juniper Junos OS Certificate Validation Bypass Vulnerability in Juniper Junos OS Untrusted Search Path Vulnerability in TrueCrypt and VeraCrypt Installers PCRE 8.38 Remote Code Execution Vulnerability Denial of Service Vulnerability in ISC BIND 9 Supported Preview Edition 9.9.8-S Denial of Service Vulnerability in ISC BIND 9.x Denial of Service Vulnerability in ISC BIND 9.x Buffer Overflow Vulnerability in Cisco ASA Software Denial of Service Vulnerability in Cisco AsyncOS on Web Security Appliance (WSA) Devices (CSCuu24840) Arbitrary Code Execution and Information Disclosure Vulnerability in Cisco Prime Infrastructure and EPNM (CSCuy10231) RBAC Bypass Vulnerability in Cisco Prime Infrastructure and Cisco EPNM (Bug ID CSCuy10227) Arbitrary Code Execution Vulnerability in Cisco Prime Infrastructure and Cisco EPNM (CSCuw03192) Cross-Site Scripting (XSS) Vulnerabilities in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 Arbitrary Web Script Injection Vulnerability in Cisco FireSIGHT System Software 6.0.1 Information Disclosure Vulnerability in Cisco ASA Software 8.4 (Bug ID CSCuo65775) Bypassing Proxy Restrictions in Cisco Web Security Appliance (WSA) Devices (Bug ID CSCux00848) Remote Code Execution Vulnerability in Cisco ACE 4710 A5 Device Manager GUI Cisco Unified Contact Center Express Multiple Cross-Site Scripting Vulnerabilities (CSCux92033) Denial of Service Vulnerability in Cisco Small Business SG300 Devices (Bug ID CSCuw87174) Cisco Unity Connection (UC) 10.5(2.3009) Cross-Site Scripting (XSS) Vulnerability (CSCux82582) Password Change Vulnerability in Cisco ASA-CX and PRSM Software Bypassing RBAC Restrictions in Cisco APIC and Nexus 9000 ACI Mode Switches (CSCut12998) Denial of Service Vulnerability in Cisco Small Business 500 Devices (Bug ID CSCul65330) Cisco Unity Connection 10.5(2.3009) Cross-Site Scripting (XSS) Vulnerability (Bug ID CSCux82596) Cisco APIC-EM 1.1 Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco Fog Director 1.0(0) (Bug ID CSCux80466) Hardcoded Account Vulnerability in Cisco Finesse Desktop and Unified Contact Center Express SQL Injection Vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) Cisco WebEx Meetings Server 2.5.1.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities (CSCuy01843) Cisco Unity Connection 11.5(0.199) Cross-Site Scripting (XSS) Vulnerability (CSCuy09033) Arbitrary Code Injection through Host Tag Parameter in Cisco Jabber Guest Server 10.6(8) Denial of Service Vulnerability in Cisco ASA 5500 Devices (Bug ID CSCue76147) Default SSH Private Key Storage Vulnerability in Cisco UCS Invicta C3124SA Appliance and Whiptail Racerunner Cisco Unified Communications Domain Manager (CDM) 8.1(1) Cross-Site Scripting (XSS) Vulnerability (CSCux80760) Bypassing Content Restrictions in Cisco Advanced Malware Protection (AMP) Proxy Engine Information Disclosure Vulnerability in Cisco TelePresence Video Communication Server (VCS) Information Disclosure Vulnerability in Cisco Unified Communications Manager 11.5(0.98000.480) Cisco APIC-EM 1.1 Cross-Site Scripting (XSS) Vulnerability (CSCux15489) Cleartext Encryption Key Storage Vulnerability in Cisco Unified Communications Manager and Related Services (Bug ID CSCuv85958) Arbitrary OS Command Execution Vulnerability in Cisco Prime Collaboration CLI (Bug ID CSCux69286) Vulnerability: Image-Decryption Key Exposure in Cisco Universal Small Cell Devices Arbitrary User Account Creation Vulnerability in Cisco Spark 2015-07-04 REST Interface Information Disclosure Vulnerability in Cisco Spark 2015-06 REST Interface (Bug ID CSCuv84048) Denial of Service Vulnerability in Cisco Spark 2015-06 REST Interface (Bug ID CSCuv84125) Remote Information Disclosure Vulnerability in Cisco DPC3939B and DPC3941 Administration Interface (Bug ID CSCus49506) Denial of Service Vulnerability in Cisco DPQ3925 Devices (Bug ID CSCup48105) Remote Code Execution Vulnerability in Cisco DPC2203 and EPC2203 Web Server (CSCuv05935) Cisco EPC3928 Devices: Gateway Client List Denial of Service Vulnerability (CSCux24948) Hardcoded Credentials Vulnerability in Cisco NX-OS on Nexus 3000 and 3500 Devices Denial of Service Vulnerability in Cisco IOS 15.2(4)E on Industrial Ethernet 2000 Devices via Crafted CDP Packets (CSCuy27746) Cisco Emergency Responder 11.5(0.99833.5) Multiple Cross-Site Scripting (XSS) Vulnerabilities (Bug ID CSCuy10766) Denial of Service Vulnerability in Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid Routers (Bug ID CSCux89878) Remote Time Setting Vulnerability in Cisco Small Business 500 Wireless Access Point Devices Privilege Escalation via Multi-User Public-Key Authentication in Cisco StarOS on ASR 5000 Devices (Bug ID CSCux22492) Cisco EPC3928 Devices: Remote Denial of Service via goform/Docsis_system LanguageSelect Parameter (Bug ID CSCuy28100) Cisco EPC3928 Boot Information Disclosure Vulnerability Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 (Bug ID CSCuu43026) Privilege Escalation Vulnerability in Cisco UCS Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 Cisco UCS Platform Emulator Heap-Based Buffer Overflow Vulnerability Blank Root Password Vulnerability in Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender Devices (CSCur22079) Information Disclosure Vulnerability in Cisco FirePOWER Management Center XML External Entity (XXE) Vulnerability in Cisco Information Server (CIS) 6.2 IKEv2 Denial of Service Vulnerability in Cisco IOS and IOS XE Bypassing Malware Protection in Cisco FireSIGHT System Software and ASA with FirePOWER Services Denial of Service Vulnerability in Cisco TelePresence Server on Mobility Services Engine (MSE) 8710 Devices (Bug ID CSCuu46673) Denial of Service Vulnerability in Cisco IOS 15.1 through 15.5 (Bug ID CSCuq59708) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCus55821) Denial of Service Vulnerability in Cisco Smart Install Client (CSCuv45410) Denial of Service Vulnerability in Cisco IOS and Cisco Unified Communications Manager (Bug ID CSCuj23293) Denial of Service Vulnerability in Cisco IOS and NX-OS (CSCuu64279) Arbitrary OS Command Execution in Cisco UCS Central Software (CSCuv33856) TCP Outage Vulnerability in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) Arbitrary Script Injection in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 6.1.0 Timing-based User Enumeration Vulnerability in Cisco FireSIGHT System Software 6.1.0 Bypassing RBAC Restrictions in Cisco Policy Suite (CPS) 7.x XML External Entity (XXE) Vulnerability in Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) Arbitrary Code Execution Vulnerability in Cisco Prime Infrastructure 3.0 (Bug ID CSCuw81494) Insecure Database Decryption Key Sharing in Cisco Prime LMS (Bug ID CSCuw85390) Denial of Service Vulnerability in Cisco IOS XR on GSR 12000 Devices (Bug ID CSCuw56900) Denial of Service Vulnerability in Cisco AireOS Wireless LAN Controller Devices (Bug ID CSCun86747) Buffer Overflow Vulnerability in Cisco Wireless LAN Controller (WLC) Software (CSCus25617) Denial of Service Vulnerability in Cisco Wireless LAN Controller Software (CSCur66908) Arbitrary Command Execution Vulnerability in Cisco APIC-EM 1.0 (Bug ID CSCux15507) Weak Permissions in Cisco IOS XR on Network Convergence System 6000 Devices (CSCuw75848) Denial of Service Vulnerability in Cisco ASA Software 9.4.1 Denial of Service Vulnerability in Cisco FirePOWER System Software Misconfigured Kernel Logging in Cisco ASA 5585-X FirePOWER SSP Module: Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Prime Network Analysis Module (NAM) Denial of Service Vulnerability in ClamAV 0.99.2 and Earlier Denial of Service Vulnerability in ClamAV 0.99.2 and Earlier Versions Server-side Request Forgery (SSRF) vulnerability in Cisco Finesse API (Bug ID CSCuw86623) Arbitrary Command Execution Vulnerability in Cisco UCS Performance Manager 2.0.0 and Earlier (CSCuy07827) Cisco IP Interoperability and Collaboration System 4.10(1) Cross-Site Scripting (XSS) Vulnerability (CSCuy12339) Denial of Service Vulnerability in Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 Devices (Bug ID CSCuv78548) Cisco Unity Connection Cross-Site Scripting (XSS) Vulnerability (Bug ID CSCus21776) Information Disclosure Vulnerability in Cisco IOS on Catalyst Switches (Bug ID CSCum62591) Cisco ASA Software Denial of Service Vulnerability Denial of Service Vulnerability in Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) Devices (Bug ID CSCuo12171) Memory Leak Vulnerability in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) Devices Memory Allocation Vulnerability in Cisco AsyncOS on Web Security Appliance (WSA) Devices (Bug ID CSCuu02529) Memory Leak Vulnerability in Cisco AsyncOS on Web Security Appliance (WSA) Devices (CSCur28305) Remote Time Modification Vulnerability in Cisco IOS and IOS XE (Bug ID CSCux46898) Denial of Service Vulnerability in Cisco ASA Software (Bug ID CSCut14209) Spoofing of Administrative Notifications in Cisco APIC-EM 1.0(1) (CSCux15521) Authentication Bypass Vulnerability in Cisco TelePresence Software Arbitrary OS Command Execution Vulnerability in Cisco Prime NAM and vNAM Open Redirect Vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 (Bug ID CSCuy44695) Root Access Vulnerability in Cisco Prime Network Analysis Module (NAM) and Prime Virtual Network Analysis Module (vNAM) Arbitrary OS Command Execution Vulnerability in Cisco Prime Network Analysis Module (NAM) and Prime Virtual Network Analysis Module (vNAM) Open Redirect Vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 (Bug ID CSCuu34121) SQL Injection Vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 (Bug ID CSCuy72175) Hardcoded Account Vulnerability in Cisco Firepower System Software 6.0.0 through 6.1.0 Arbitrary Code Execution Vulnerability in Cisco RV Series Devices (CSCux82428) Cisco RV Series Routers XSS Vulnerability Buffer Overflow Vulnerability in Cisco RV110W, RV130W, and RV215W Devices Buffer Overflow Vulnerability in Cisco RV110W, RV130W, and RV215W Devices Denial of Service Vulnerability in Cisco IOS on Industrial Ethernet Devices (Bug ID CSCuy13431) Denial of Service Vulnerability in Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 Cisco UCS Central Software 1.4(1a) Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in Cisco Identity Service Engine (ISE) AD Integration (CSCun25815) Privilege Escalation Vulnerability in CISCO IP 8800 Phones (Bug ID CSCuz03005) Hardcoded GnuPG Encryption Key Vulnerability in Cisco UCS Invicta Appliances Denial of Service Vulnerability in ClamAV Library (CSCuv78533, CSCuw60503) RBAC Bypass and Privilege Escalation via Crafted JSON Data in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (Bug ID CSCuy12409) Denial of Service Vulnerability in Cisco IOS XR through 5.3.2 (Bug ID CSCux95576) Arbitrary Command Execution and File Upload Vulnerability in Cisco Prime Infrastructure and EPNM (CSCuz01488) Neighbor Discovery Protocol Denial of Service Vulnerability Username Validity Disclosure in Cisco WebEx Meeting Center Impersonation Vulnerability in Cisco AsyncOS Software for Email Security, Web Security, and Content Management Appliances Remote Code Execution Vulnerability in Cisco Firepower Management Center Denial of Service Vulnerability in Cisco WebEx Meetings Player T29.10 (Bug ID CSCuz80455) LDAP Authentication Bypass Vulnerability in Cisco Prime Collaboration Provisioning 10.6 SP2 Remote Code Execution and DLL Hijacking Vulnerability in Snort 2.9.7.0-WIN32 Local Privilege Escalation Vulnerability in Cisco Aironet Access Point Software 8.2(100.0) Denial of Service Vulnerability in Cisco Access Point Devices (Bug ID CSCuy55803) Root Access Vulnerability in Cisco APIC Devices (Bug ID CSCuz72347) Remote Code Execution and Denial of Service Vulnerability in Cisco IP Phone Web Application Cross-Site Scripting (XSS) Vulnerability in Cisco AsyncOS for Cisco Email Security Appliance Denial of Service Vulnerability in Cisco IOS 15.2(1)T1.11 and 15.2(2)TST via Crafted LLDP Packet (CSCun63132) Denial of Service Vulnerability in Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S (CSCun66735) Denial of Service Vulnerability in Cisco IOS XR 5.x through 5.2.5 on NCS 6000 Devices (CSCux76819) Information Disclosure Vulnerability in Cisco Prime Network Registrar Double Free Vulnerability in Cisco IOS XE: Remote Device Restart via Crafted SNMP Read Requests (Bug ID CSCux13174) Cisco RV180 and RV180W Directory Traversal Vulnerability (Bug ID CSCuz43023) Arbitrary Command Execution Vulnerability in Cisco RV180 and RV180W Devices (CSCuz48592) Arbitrary Script Injection Vulnerability in Cisco Firepower Management Center Denial of Service Vulnerability in Cisco IOS XE on cBR-8 Converged Broadband Router Devices (CSCuu68862) Denial of Service Vulnerability in Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 Devices (Bug ID CSCuz66289) Arbitrary File Deletion Vulnerability in Cisco 8800 Phones with Software 11.0(1) (CSCuz03010) Improper Enforcement of Mounted-Filesystem Permissions in Cisco 8800 Phones with Software 11.0(1) Denial of Service Vulnerability in Cisco ASR 5000 Packet Data Network Gateway Devices (Bug ID CSCuz46198) SQL Injection Vulnerability in Cisco Prime Collaboration Deployment Bypassing Spam Filtering in Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) Devices Cisco Unified Contact Center Enterprise XSS Vulnerability Denial of Service Vulnerability in Cisco Web Security Appliance (WSA) Devices (Bug ID CSCuy43468) Bypassing Filesystem and Administrative-Endpoint Restrictions in Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) Arbitrary Command Execution Vulnerability in Cisco Prime Infrastructure (PI) Bypassing Sandbox Protection Mechanism in Cisco AMP Threat Grid Appliance Devices Certificate Mishandling Vulnerability in Cisco TelePresence Video Communication Server and Expressway Bypassing ICMP Echo Reply ACLs in Cisco ASA Software 8.2 through 9.4.3.3 SQL Injection Vulnerability in Cisco WebEx Meetings Server 2.6 (Bug ID CSCuy83200) Cisco WebEx Meetings Server 2.6 Cross-Site Scripting (XSS) Vulnerability Cisco WebEx Meetings Server 2.7 Cross-Site Request Forgery (CSRF) Vulnerability Cisco WebEx Meetings Server 2.6 Cross-Site Scripting (XSS) Vulnerability (Bug ID CSCuy92711) Command Injection Vulnerability in Cisco WebEx Meetings Server 2.6 (Bug ID CSCuy92715) Cisco Meeting Server Cross-Site Scripting (XSS) Vulnerability (CSCva19922) Remote Configuration Change Vulnerability in Cisco ASR 5000 Devices (Bug ID CSCuz29526) Buffer Overflow Vulnerability in Cisco NX-OS OTV GRE Feature (CSCuy95701) Denial of Service Vulnerability in Cisco NX-OS Devices via Crafted BGP UPDATE Message Incorrect iptables local-interface configuration vulnerability in Cisco NX-OS Arbitrary OS Command Execution Vulnerability in Cisco IOS XR 6.x through 6.0.1 Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center and ASA Software (CSCur25513) Privilege Escalation via Crafted HTTP Requests in Cisco Firepower Management Center and Cisco Adaptive Security Appliance Software BGP Message Attribute Crafted Denial of Service Vulnerability in Cisco IOS and IOS XE Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Devices (Bug ID CSCun92979) Bypassing Malware Detection in Cisco AsyncOS on Email Security Appliance (ESA) Devices Arbitrary Code Injection through Cross-Site Scripting (XSS) in Cisco Prime Service Catalog (PSC) 11.0 (CSCuz63795) Bypassing Snort Rules in Cisco FireSIGHT System Software (CSCuz20737) Arbitrary Code Execution Vulnerability in Cisco WebEx Meetings Player T29.10 (CSCva09375) Denial of Service Vulnerability in Cisco Nexus 1000v AVS Devices (CVE-2016-1429) Denial of Service Vulnerability in Cisco Unified Communications Manager IM and Presence Service (Bug ID CSCva39072) Denial of Service Vulnerability in Cisco Videoscape Session Resource Manager (VSRM) (CSCva01813) Arbitrary Command Execution Vulnerability in Cisco TelePresence Video Communication Server Expressway X8.5.2 Denial of Service Vulnerability in Cisco SPA300, SPA500, and SPA51x Devices (Bug ID CSCut67385) CSRF Vulnerability in Cisco Small Business 220 Devices (Bug ID CSCuz76230) Cisco Small Business 220 Devices XSS Vulnerability Denial of Service Vulnerability in Cisco Small Business 220 Devices Hardcoded SNMP Community Vulnerability in Cisco Small Business 220 Devices Cisco Prime Infrastructure 2.2(2) Cross-Frame Scripting Vulnerability Arbitrary Code Injection Vulnerability in Cisco IP Phone 8800 Devices (Bug ID CSCuz03024) Information Disclosure Vulnerability in Cisco Connected Streaming Analytics 1.1.1 (Bug ID CSCuz92891) Denial of Service Vulnerability in Cisco IOS NTP Packet Handling (CSCva35619) Denial of Service Vulnerability in Cisco IP Phone 8800 Devices (Bug ID CSCuz03038) Multipurpose Internet Mail Extensions (MIME) Scanner Bypass Vulnerability in Cisco AsyncOS Software for Cisco ESA and WSA Cisco AsyncOS Software for Cisco Email Security Appliances Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in Cisco WebEx Meetings Server 2.6 (Bug ID CSCuy83130) Denial of Service Vulnerability in Cisco WebEx Meetings Server 2.6 (Bug ID CSCuy92704) Bypassing Access Restrictions in Cisco WebEx Meetings Server 2.6 (Bug ID CSCuy92724) Cisco Identity Services Engine 1.3(0.876) Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliances Remote Code Execution Vulnerability in Lexmark Markvision Enterprise before 2.3.0 via Apache Commons Collections Library Misuse Siemens OZW OZW672 and OZW772 Login Form Cross-Site Scripting (XSS) Vulnerability Cleartext File Transfer Vulnerability in Lenovo SHAREit Sensitive File Name Disclosure Vulnerability in Lenovo SHAREit Hardcoded Password Vulnerability in Lenovo SHAREit for Windows Unsecured Wifi Hotspot in Lenovo SHAREit for Android Allows Unauthorized Access Cleartext Retrieval Vulnerability in Intel Driver Update Utility RSA Package in Python-RSA Vulnerability: BERserk Attack Allows Signature Spoofing Integer Overflow Vulnerability in Huawei Mate S Graphics Drivers Semaphore Deadlock Vulnerability in Huawei P8 Smartphones Unspecified Remote Access Log Disclosure Vulnerability in F5 BIG-IP Systems Arbitrary Web Script Injection Vulnerability in ownCloud Server Directory Listing and Denial of Service Vulnerability in ownCloud Server File Disclosure Vulnerability in ownCloud Server Critical Privilege Escalation Vulnerability in MONyog Ultimate 6.63 Unquoted Search Path Vulnerability in FileZilla Client 3.17.0.0 Critical Remote Code Injection Vulnerability in InfiniteWP Client Plugin 1.5.1.3/1.6.0 Insecure CSRF Token Generation Allows for Predictable Values and Bypassing Protections Predictable Seed Vulnerability in enigmaX up to 2.2 (VDB-217181) Injection Vulnerability in SObjectService.cls of Centralized-Salesforce-Dev-Framework Cross-Site Scripting (XSS) Vulnerability in oxguy3 coebot-www Cross-Site Request Forgery Vulnerability in OpenACS Bug-Tracker Information Disclosure Vulnerability in ownCloud Server Cross-Site Scripting (XSS) Vulnerability in University of Cambridge django-ucamlookup up to 1.9.1 (VDB-217441) XML External Entity (XXE) Reference Vulnerability in e-Contract dssp up to 1.3.1 Critical SQL Injection Vulnerability in SalesforceMobileSDK-Windows up to 4.x (VDB-217619) Critical SQL Injection Vulnerability in ForumHulp SearchResults Insufficient Credential Protection in CESNET theme-cesnet up to 1.x on ownCloud Timing Discrepancy Vulnerability in viafintech Barzahlen Payment Module PHP SDK (CVE-2021-217650) Critical SQL Injection Vulnerability in mrtnmtth joomla_mod_einsatz_stats up to 0.2 (CVE-2021-217653) Critical Pathname Traversal Vulnerability in fabarea media_upload on TYPO3 (VDB-217786) Critical SQL Injection Vulnerability in krail-jpa up to 0.9.1 (VDB-218373) Directory Listing Vulnerability in tombh jekbox (VDB-218375) Authentication Bypass and Backup Manipulation in NetApp SnapCenter Server 1.0 and 1.0P1 Critical SQL Injection Vulnerability in liftkit database up to 2.13.1 (VDB-218391) Critical SQL Injection Vulnerability in nickzren alsdb (VDB-218429) Cross-Site Scripting (XSS) Vulnerability in mosbth cimage up to 0.7.18 Path Traversal Vulnerability in SiteFusion Application Server up to 6.6.6 Critical Denial of Service Vulnerability in Doomsider Shadow (VDB-221478) Cross Site Scripting (XSS) Vulnerability in generator-hottowel 0.0.11 XML External Entity (XXE) Reference Vulnerability in 3breadt dd-plist 1.17 (VDB-221486) Cross-Site Scripting (XSS) Vulnerability in meta4creations Post Duplicator Plugin 2.18 on WordPress Improper Validation of Integrity Check Value in ICEPAY REST-API-NET 0.9 Cross-Site Scripting (XSS) Vulnerability in Ydalb Mapicoin up to 1.9.0 (VDB-223402) DHCP Option Length Mismanagement Vulnerability Open Redirect Vulnerability in Arno0x TwoFactorAuth Critical SQL Injection Vulnerability in PHP-Login 1.0 (VDB-228022) Cross-Site Scripting (XSS) Vulnerability in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3 Arbitrary File Upload Vulnerability in Delete All Comments Plugin for WordPress Critical SQL Injection Vulnerability in Dynacase Webdesk (VDB-233366) Cross-Site Scripting (XSS) Vulnerability in Doc2k RE-Chat 1.0 Race Condition Vulnerability in Deis Workflow Manager (Unsupported) Cross-Site Scripting (XSS) Vulnerability in go4rayyan Scumblr up to 2.0.1a Critical Path Traversal Vulnerability in NUUO NVRmini 2 (up to 3.0.8) via /deletefile.php Denial of Service Vulnerability in Dhcpcd Before 6.10.0 Arbitrary File Read/Write Vulnerability in Radicale Filesystem Storage Backend Remote Code Execution Vulnerability in Apache OpenOffice's Impress Tool Double Free Vulnerability in OpenCV 3.0.0 Allows Arbitrary Code Execution Denial of Service Vulnerability in OpenCV 3.0.0 via Corrupt Chunks Insecure Auto-Provisioning Mechanism in Grandstream Wave App and Video IP Phones Improper SSL Certificate Validation in Grandstream Wave App for Android Insecure Update Retrieval in Grandstream Wave App for Android Out-of-bounds read and application crash vulnerability in Libgraphite in Graphite 2 1.2.4 Heap-based Buffer Overflow in Libgraphite in Graphite 2 1.2.4 Denial of Service Vulnerability in Libgraphite's SillMap::readFace Function Arbitrary Code Execution via Unrestricted File Upload in NETGEAR Management System NMS300 Arbitrary File Read Vulnerability in NETGEAR Management System NMS300 Out-of-bounds Read and Application Crash in Graphite Smart Font Parsing Privilege Escalation via perl_startup Argument in Exim Heap-based Buffer Overflow in libarchive's zip_read_mac_metadata Function BMC BladeLogic Server Automation RPC API Authorization Bypass Vulnerability BMC BladeLogic Server Automation RPC API Authorization Bypass Vulnerability Memory Exhaustion Vulnerability in nghttp2 Unlimited Stream Workers Vulnerability in Apache HTTP Server 2.4.17 and 2.4.18 Preemptible Client Association Demobilization Vulnerability in NTP 4.2.8p4 and Earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 NTP Server Spoofing Vulnerability Clock Manipulation Vulnerability in NTP 4.2.8p4 and Earlier and NTPsec Vulnerability in Message Authentication Functionality of libntp in NTP 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 Vulnerability: Impersonation of Reference Clocks in ntpd Arbitrary Command Execution in Netgear WN604 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 Netgear Wireless WPS PIN and Passphrase Disclosure Vulnerability SNMP Information Disclosure Vulnerability in Netgear WNAP320, WNDAP350, and WNDAP360 Remote Code Execution Vulnerability in D-Link DAP Series Access Points SNMP Vulnerability Exposes Wireless Passwords and Admin Credentials in D-Link DAP Series Default Password Vulnerability in ExaGrid Appliances Default SSH Public Key Vulnerability in ExaGrid Appliances Unspecified Customer Information Disclosure in DTE Energy Insight Android App X.509 Certificate Verification Vulnerability in NetApp Clustered Data ONTAP 8.3.1 Cross-Site Scripting (XSS) Vulnerabilities in WordPress 4.4.1 and Earlier Arbitrary Script Injection in Field Group Module for Drupal Cross-site scripting (XSS) vulnerability in Guacamole file browser with shared file transfer Unverified Peer Associations in Chrony Authentication: Skeleton Key Vulnerability QEMU IDE AHCI Emulation Use-After-Free Vulnerability Denial of Service Vulnerability in FireBird 2.5.5 Vulnerability: PV Superpage Functionality in Xen Denial of Service Vulnerability in Xen Hypervisor via INVVPID Instruction Privilege Escalation via Insecure Validation in mount.ecryptfs_private.c Code Execution Vulnerability in Unity8's CardCreator.js Plugin Privilege Escalation via Group-Writable Setgid Directory in Linux Kernel Privilege Escalation via OverlayFS and FUSE Mounting Double Free Vulnerability in JasPer JPEG 2000 Image Processing Library Oxide Use-After-Free Vulnerability Allows Remote Code Execution Unrestricted Command Execution Vulnerability in UDM Improper Mount Point Determination in ubuntu-core-launcher Package World-readable permissions on /var/lib/lxd/zfs.img allow unauthorized access to container data in LXD before 2.0.2 Improper Permissions Setting in LXD Allows Unauthorized Access to Container Paths Privilege Escalation and Denial of Service Vulnerability in Linux Kernel's ecryptfs_privileged_open Function Keyboard Input Vulnerability in Unity8 on Large-Screen Devices AppArmor Mount Rules Vulnerability: Accidental Widening in All Versions Vulnerability: Malicious Webview Exploiting Incognito BrowserContext Destruction Queue in Oxide Unauthenticated Remote Snap Package Installation Vulnerability Arbitrary HTML Injection in NetIQ Designer for Identity Manager before 4.5.3 Arbitrary JSP File Execution via Directory Traversal in Micro Focus Novell Service Desk Arbitrary Attachment Read Vulnerability in Micro Focus Novell Service Desk HQL Injection Vulnerability in Micro Focus Novell Service Desk Multiple Cross-Site Scripting (XSS) Vulnerabilities in Micro Focus Novell Service Desk before 7.2 Privilege Escalation Vulnerability in NetIQ Access Governance Suite 6.0 through 6.4 Cross-Site Scripting (XSS) Vulnerability in NetIQ IDM 4.5 Identity Applications Arbitrary Script Injection in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x Information Disclosure Vulnerability in NetIQ Identity Manager's ServiceNow Driver Improper Handling of Empty Password Fields in yast2-users Code Injection Vulnerability in SUSE Linux Enterprise Server and Desktop Supportconfig Tool Information Leakage in NetIQ IDM ServiceNow Driver NetIQ Sentinel 7.4.x Directory Traversal Vulnerability Multiple Stack-Based Buffer Overflows in Micro Focus Rumba 9.4.x Cross-Site Request Forgery (CSRF) Vulnerabilities in Novell Filr Administrative Interface Arbitrary Command Execution Vulnerability in Novell Filr Cross-Site Scripting (XSS) Vulnerabilities in Novell Filr Directory Traversal Vulnerability in Novell Filr Email-Template Feature World-writable permissions in Novell Filr allow privilege escalation through arbitrary shell commands Unspecified Variable Cast Vulnerability in Google V8 Use-after-free vulnerabilities in PDFium's formfiller implementation UnacceleratedImageBufferSurface Initialization Mode Vulnerability Omnibox Origin Spoofing Vulnerability in Google Chrome URL Spoofing Vulnerability in Google Chrome CustomButton::AcceleratorPressed Function CSPSource::schemeMatches Function in Blink Allows CSP Bypass Insecure Random Number Generation in Blink Integer overflows in sycc422_to_rgb and sycc444_to_rgb functions in PDFium Unspecified Vulnerabilities in Google Chrome before 48.0.2564.82 Remote Code Execution and Denial of Service Vulnerability in libvpx in Android 4.x, 5.x, and 6.0 Bypassing Same Origin Policy in Google Chrome Extensions Same Origin Policy Bypass in Google Chrome DOM Implementation Integer Underflow Vulnerability in Brotli Compression Algorithm Bypassing Intended Restrictions in Chrome Instant Feature Out-of-Bounds Read Vulnerability in OpenJPEG's opj_pi_update_decode_poc Function URL Validation Bypass in Google Chrome Developer Tools Arbitrary Code Execution and Denial of Service Vulnerability in OpenJPEG Bypassing Blink Same Origin Policy and Sandbox Protection in Google Chrome Bypassing Same Origin Policy via ContainerNode::parserRemoveChild Vulnerability Bypassing Same Origin Policy via Nested Message Loops in Google Chrome Improper Property Maintenance in Google Chrome Extensions Subsystem Blink Use-After-Free Vulnerability in Google Chrome Use-after-free vulnerability in StyleResolver::appendCSSStyleSheet function in Blink Use-after-free vulnerability in Google Chrome before 49.0.2623.75 in extensions/renderer/render_frame_observer_natives.cc Bypassing Subresource Integrity Protection in Google Chrome Arctangent Calculation Mishandling in Skia Allows Information Disclosure Improper Restriction of Web APIs in Google Chrome Extensions Subsystem Use-after-free vulnerability in WebRTC Audio Private API in Google Chrome before 49.0.2623.75 Insecure Inline-Installer Implementation in Google Chrome Use-after-free vulnerability in Google Chrome allows remote attackers to cause denial of service or other impact Unspecified Vulnerabilities in Google Chrome before 49.0.2623.75 Type Confusion Vulnerability in WebKit's ImageInputType::ensurePrimaryContent Function Use-after-free vulnerability in WebKit allows for denial of service or other impact via crafted HTML document Integer Signedness Errors in OpenJPEG's opj_j2k_update_image_data Function Out-of-bounds read vulnerability in Array.prototype.concat implementation in Google V8 Use-after-free vulnerability in Google Chrome Navigation Implementation Use-after-free vulnerability in GetLoadTimes function in Google Chrome before 49.0.2623.108 Buffer Overflow Vulnerability in libANGLE's Program::getUniformInternal Function Denial of Service Vulnerability in PageCaptureSaveAsMHTMLFunction Out-of-bounds read vulnerability in PDFium's sycc420_to_rgb and sycc422_to_rgb functions Universal XSS (UXSS) vulnerability in Google Chrome before version 50.0.2661.75 Out-of-bounds Write Vulnerability in Google V8's LoadBuffer Implementation Uninitialized Data Structure Vulnerability in Google Chrome Media Subsystem Use-after-free vulnerability in Google Chrome before 50.0.2661.75 allows remote attackers to cause denial of service or execute arbitrary code via a crafted extension. Bypassing Pathname Restrictions in Google Chrome for Android Address bar spoofing vulnerability in Google Chrome before version 50.0.2661.75 Bypassing Same Origin Policy in Google Chrome Extensions Unspecified Vulnerabilities in Google Chrome Before 50.0.2661.75 Out-of-bounds Write Vulnerability in Blink Memory Corruption Vulnerability in Blink Engine Use-after-free vulnerability in Google Chrome before 50.0.2661.94 in extensions/renderer/gc_callback.cc Use-after-free vulnerability in SerializedScriptValue::transferArrayBuffers in Blink Address Bar Spoofing Vulnerability in Google Chrome Vulnerability in JSGenericLowering Class in Google V8 Allows Information Disclosure Unspecified Vulnerabilities in Google Chrome Before 50.0.2661.94 Bypassing Same Origin Policy via Script Execution during Node-Adoption Operations in Blink Improper Creation Context in V8 Bindings Allows Same Origin Policy Bypass Buffer Overflow Vulnerability in Google V8 Engine Race condition vulnerability in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests Directory Traversal Vulnerability in Google Chrome for Android Vulnerability: ModuleSystem::RequireForJsInner Function in Google Chrome Allows Same Origin Policy Bypass Same Origin Policy Bypass in Blink Bypassing Same Origin Policy in Google Chrome Extensions Subsystem Same Origin Policy Bypass in Blink's Document Reattachment Handling Improper Prototype Usage in Google Chrome Extension Bindings Allows Same Origin Policy Bypass Type Confusion Vulnerability in Google V8 and Chrome Allows Information Disclosure Heap-based Buffer Overflow in Google V8 Use-after-free vulnerability in V8 bindings in Google Chrome before 51.0.2704.63 Skia Use-After-Free Vulnerability in SkFontHost_FreeType.cpp Heap-based Buffer Overflow in OpenJPEG's j2k.c Allows Remote Code Execution via Crafted PDF Document Bypassing Content Security Policy (CSP) protection via ServiceWorker registration in Blink Out-of-Bounds Heap Memory Access Vulnerability in libxslt Integer Overflow Vulnerability in libxslt Allows for Denial of Service or Other Impact Out-of-bounds read vulnerability in PDFium allows denial of service Out-of-bounds read vulnerability in CPDF_DIBSource::CreateDecoder function in PDFium Information Exposure through Extension Vulnerability in Google Chrome Out-of-bounds read vulnerability in Google V8's regexp implementation Heap-based Buffer Overflow in Google Chrome Use-after-free vulnerability in Google Chrome's Autofill implementation Skia Coincidence Run Vulnerability Cross-Origin Loading of CSS Stylesheets by ServiceWorker in Blink Insecure Download of Software Removal Tool in Google Chrome HPKP Pin Deletion Vulnerability in Google Chrome Unspecified Vulnerabilities in Google Chrome before 51.0.2704.63 Bypassing Same Origin Policy in Google Chrome Extensions Subsystem Bypassing Same Origin Policy via FrameLoader::startLoad Vulnerability Arbitrary Module Loading and Sensitive Information Disclosure Vulnerability in Google Chrome Extension Bindings Bypass of Access Restrictions in WebKit DevTools Use-after-free vulnerability in Google Chrome before 51.0.2704.79 in runtime_custom_bindings.cc Use-after-free vulnerability in Google Chrome's Autofill implementation Out-of-Bounds Read Vulnerability in Skia's SkRegion::readFromMemory Function Unspecified Vulnerabilities in Google Chrome before 51.0.2704.79 Unspecified Vulnerabilities in Google Chrome before 51.0.2704.103 Unspecified Vulnerabilities in Google Chrome before 52.0.2743.82 Origin Validation Bypass in Google Chrome's PPAPI Implementation URL Spoofing Vulnerability in Google Chrome on iOS Use-after-free vulnerability in Chrome Web Store inline-installation implementation Heap-based Buffer Overflow in Google sfntly Allows Remote Code Execution via Crafted SFNT Font Bypassing Same Origin Policy via ChromeClientImpl::createWindow Vulnerability Bypassing Same Origin Policy in Blink's FrameLoader.cpp Improper Sanitization of Root_Reboot Local Invocation Vulnerability Arbitrary Code Execution via Unrestricted File Upload in Vtiger CRM 6.4.0 Denial of Service and Arbitrary Code Execution Vulnerability in QEMU Firmware Configuration Device Emulation Memory Corruption and Privilege Escalation Vulnerability in McAfee Application Control AppleGraphicsPowerManagement Privilege Escalation and Memory Corruption Vulnerability Privilege Escalation and Memory Corruption Vulnerability in Apple iOS, OS X, and tvOS Disk Images Component Unspecified Memory Corruption Vulnerability in IOAcceleratorFamily2 Interface Privilege Escalation and Memory Corruption Vulnerability in Apple IOHIDFamily API Memory Corruption Vulnerability in IOKit Unspecified Memory Corruption Vulnerability in Apple iOS, OS X, and tvOS Memory Corruption Vulnerability in Apple iOS, OS X, and tvOS Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit CSS Vulnerability: Information Disclosure via a:visited button Selector Untrusted Search Path Vulnerability in OSA Scripts in Apple OS X Captive Portal Cookie Manipulation Vulnerability in Apple iOS Insecure Communication in Apple Software Update on Windows AppleRAID Information Disclosure and Denial of Service Vulnerability AppleRAID Privilege Escalation and Memory Corruption Vulnerability Arbitrary Code Execution and Memory Corruption via Crafted USB Device in Apple iOS and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X Bluetooth (CVE-2016-1737) Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X Bluetooth (CVE-2016-1734) Memory Corruption Vulnerability in Apple OS X Allows Remote Code Execution via Crafted .dfont File Code-signing bypass vulnerability in dyld on Apple OS X before 10.11.4 FontParser Memory Corruption Vulnerability NVIDIA Driver Privilege Escalation and Memory Corruption Vulnerability in Apple OS X Untrusted Search Path Vulnerability in Apple iTunes Installer Arbitrary Code Execution Vulnerability in Intel Graphics Drivers in Apple OS X Arbitrary Code Execution Vulnerability in Intel Graphics Driver on Apple OS X Denial of Service Vulnerability in IOFireWireFamily in Apple OS X before 10.11.4 Arbitrary Code Execution and Memory Corruption Vulnerability in IOGraphics Arbitrary Code Execution and Memory Corruption Vulnerability in IOGraphics Information Disclosure Vulnerability in IOHIDFamily Arbitrary Code Execution and Memory Corruption Vulnerability in IOUSBFamily Kernel Use-After-Free Vulnerability in Apple iOS, OS X, tvOS, and watchOS Code-Signing Bypass Vulnerability in Apple iOS, tvOS, and watchOS Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Integer Overflow Vulnerabilities in Apple Operating Systems Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Denial of Service Vulnerability in Apple iOS and OS X Privilege Escalation via Race Condition in Apple iOS and OS X Memory-layout information disclosure and denial of service vulnerability in Apple iOS and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X XPC Services API Vulnerability in LaunchServices in Apple iOS Remote Code Execution and Memory Corruption Vulnerability in libxml2 Heap-based Buffer Over-read in xmlNextChar Function Auto-fill vulnerability in Apple iOS before 9.3 allows unauthorized access to sensitive information Information Disclosure Vulnerability in Apple OS X Messages Memory Corruption and Privilege Escalation Vulnerability in Apple Xcode Spoofing MDM Profile Trust Relationship Vulnerability in Apple iOS Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime for Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime for Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in QuickTime for Apple OS X Bypassing User Confirmation in Apple OS X Reminders Component Denial of Service Vulnerability in Apple Safari Downloads Feature Cookie Storage Vulnerability in Apple Safari File Ownership Verification Vulnerability in Apple OS X Ignored Permissions Vulnerability in Apple OS X Server's Time Machine Server Arbitrary Code Execution and Memory Corruption Vulnerability in TrueTypeScaler Improper Access Restriction in Apple OS X Server Allows Disclosure of Sensitive Configuration Information RC4 Vulnerability in Apple OS X Server Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Same Origin Policy Bypass Vulnerability in WebKit and Safari Information Disclosure Vulnerability in WebKit on Apple iOS before 9.3 Unspecified URL Mishandling Vulnerability in WebKit and Safari Port Bypass Vulnerability in WebKit and Safari Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, Safari, and tvOS Denial of Service Vulnerability in WebKit Same Origin Policy Bypass in WebKit and Safari URL Spoofing and Same Origin Policy Bypass Vulnerability in WebKit Information Disclosure Vulnerability in Apple OS X Server Wiki Server Cryptographic Protection Bypass Vulnerability in Apple iOS, OS X, and watchOS XML External Entity (XXE) Vulnerability in Apple iBooks Author Buffer Overflow Vulnerability in Apple iOS Accessibility Component Information Disclosure Vulnerability in AMD Subsystem of Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X AMD Subsystem Arbitrary Code Execution and Denial of Service Vulnerability in AppleGraphicsDeviceControlClient Arbitrary Code Execution and Denial of Service Vulnerability in AppleGraphicsControlClient::checkArguments Method Arbitrary Code Execution and Memory Corruption Vulnerability in AppleGraphicsPowerManagement Apple Type Services (ATS) Vulnerability in Apple OS X before 10.11.5 Arbitrary Code Execution Vulnerability in Apple Type Services (ATS) NULL Pointer Dereference Vulnerability in Apple OS X Audio Privilege Escalation and Memory Corruption Vulnerability in Apple OS X Arbitrary Code Execution via Captive Network Assistant in Apple OS X CFNetwork Proxies subsystem URL Mishandling Vulnerability Return value mishandling in CCCrypt in CommonCrypto in Apple iOS, OS X, tvOS, and watchOS CoreCapture Privilege Escalation and Denial of Service Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X Multi-Touch Subsystem Arbitrary Code Execution Vulnerability in CoreStorage on Apple OS X Arbitrary Code Execution via Crafted App in Apple OS X Crash Reporter Race condition vulnerability in Disk Images subsystem in Apple iOS, OS X, tvOS, and watchOS allows local users to access sensitive information from kernel memory. Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Operating Systems Incorrect Encryption Key Vulnerability in Disk Utility for Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X Graphics Drivers NULL pointer dereference vulnerability in ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 Buffer Overflow Vulnerability in Intel Graphics Driver in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in IOAccelSharedUserClient2::page_off_resource Method Denial of Service Vulnerability in IOAcceleratorFamily Arbitrary Code Execution and Memory Corruption Vulnerability in IOAcceleratorFamily in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in IOAcceleratorFamily in Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in IOAcceleratorFamily Arbitrary Code Execution and Memory Corruption Vulnerability in IOAcceleratorFamily IOAccelContext2::clientMemoryForType Use-After-Free Vulnerability Buffer Overflow Vulnerability in IOAudioFamily in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in IOAudioFamily Arbitrary Code Execution and Denial of Service Vulnerability in IOFireWireFamily in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in IOHIDDevice::handleReportWithTime Function Arbitrary Code Execution and Memory Corruption Vulnerability in IOHIDFamily Arbitrary Code Execution and Memory Corruption Vulnerability in IOHIDFamily in Apple OS X Integer Overflow in Apple OS X DTrace Implementation Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS and OS X Privilege Escalation and Memory Corruption Vulnerability in Apple's libc Library Heap-based Buffer Over-read Vulnerability in libxml2 Heap-based Buffer Overflow in libxml2's xmlStrncat Function Use-after-free vulnerability in xmlSAX2AttributeNs function in libxml2 before 2.9.4 Use-after-free vulnerability in xmlDictComputeFastKey function in libxml2 before 2.9.4 Use-after-free vulnerabilities in libxml2: Denial of Service via Crafted XML Document Heap-based Buffer Over-read in libxml2 XML Parser Heap-based Buffer Over-read in xmlDictAddString Function Heap-based Buffer Overflow in libxml2 XML Parsing Function Arbitrary Code Execution and Memory Corruption Vulnerability in libxslt Insecure HTTP Traffic in MapKit Shared Links Filename Encoding Vulnerability in Apple OS X Roster Modification Vulnerability in Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in NVIDIA Graphics Drivers on Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in OpenGL Arbitrary Code Execution and Memory Corruption Vulnerability in QuickTime for Apple OS X Safari Clear History and Website Data Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in SceneKit Screen Lock Password Reset Vulnerability in Apple OS X Data Leakage Vulnerability in Siri on Apple iOS SSLv2 Support Vulnerability in Tcl on Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Improper Taint Attribute Tracking in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Canvas Implementation Information Disclosure Vulnerability in Intel Graphics Driver for Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in NVIDIA Graphics Drivers for Apple OS X Information Disclosure Vulnerability in Intel Graphics Driver for Apple OS X Unspecified Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS XSS Auditor Bypass Vulnerability in WebKit NULL Pointer Dereference Vulnerability in Apple Operating Systems Arbitrary Code Execution via Man-in-the-Middle Attack in Salt 2015.8.x before 2015.8.4 Denial of Service Vulnerability in JasPer 1.900.1 Privilege Escalation Vulnerability in Lenovo Solution Center Denial of Service Vulnerability in FreeBSD SCTP Module with IPv6 Support Linux Compatibility Layer Privilege Escalation Vulnerability Denial of Service and Privilege Escalation Vulnerability in FreeBSD Kernel's Linux Compatibility Layer Denial of Service Vulnerability in FreeBSD TCP Connection Handling Privilege Escalation Vulnerability in FreeBSD's Linux Compatibility Layer Heap-based Buffer Overflow in FreeBSD Kernel Integer Signedness Error in genkbd_commonioctl Function in FreeBSD Integer Signedness Error in sockargs Function in FreeBSD 10.x Remote Code Execution via Memory Allocation Failures in FreeBSD Telnetd Service Integer Overflow Vulnerability in bhyve Hypervisor in FreeBSD Authentication Bypass Vulnerability in NetApp OnCommand Workflow Automation Denial of Service Vulnerability in NetApp Data ONTAP Authentication Bypass Vulnerability in Lexmark Printers with Firmware ATL, CB, PP, and YK FFmpeg 2.x Cross-Origin File Reading Vulnerability Arbitrary File Read Vulnerability in FFmpeg 2.x via Cross-Origin Attacks CRLF Injection Vulnerability in CGit Allows HTTP Response Splitting and XSS Attacks CRLF Injection Vulnerability in CGit Allows HTTP Response Splitting and XSS Attacks Buffer overflow vulnerability in CGit before 0.12 via Content-Length HTTP header Insecure Random Number Generation in Symfony's SecureRandom Class Out-of-bounds read and application crash vulnerability in PHP's gdImageRotateInterpolated function Heap-based Buffer Overflow in PHP 7.x before 7.0.2 Kubernetes API Server Vulnerability: Unauthorized Access to Resources via Crafted Patched Object Privilege Escalation via Build Configuration Type Update in Openshift Denial of Service Vulnerability in OpenSSH 7.1p2 Insecure X11 Forwarding in OpenSSH: Exploiting Configuration Issues for Privilege Escalation Hardcoded passphrase vulnerability in Fortinet products allows remote administrative access Unspecified Data Decryption Vulnerability in SAP NetWeaver 7.4 Cross-Site Scripting (XSS) Vulnerabilities in SAP NetWeaver 7.4: Remote Code Injection via Runtime Workbench and Pmitest Servlet Multiple Cross-Site Scripting (XSS) Vulnerabilities in Dolibarr ERP/CRM 3.8.3 Cross-Site Scripting (XSS) Vulnerabilities in Redhen Module for Drupal SQL Injection Vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service Arbitrary Web Script Injection in BlackBerry Enterprise Server 12 (BES12) Self-Service Arbitrary Script Injection in BlackBerry Enterprise Server (BES) 12 Management Console Arbitrary Script Injection in BlackBerry Enterprise Server (BES) 12 Management Console Arbitrary Script Injection in BlackBerry Enterprise Server (BES) 12 Management Console Weak eCryptFS Key Generation Algorithm in Samsung KNOX 1.0: Exploiting TIMA Key for Sensitive Information Retrieval Man-in-the-Middle Attack Vulnerability in Samsung KNOX 1.0.0 Null Pointer Dereference Vulnerability in QEMU's TPR Optimization for 32-bit Windows Guests Support Heap-based Buffer Overflow in OpenJpeg's opj_j2k_update_image_data Function Denial of Service Vulnerability in OpenJpeg 2016.1.18 Integer Underflow Vulnerability in LHA Allows Remote Code Execution via Large Header Size Value Cross-site scripting (XSS) vulnerability in Greenbone Security Assistant (GSA) charts module in versions before 6.0.8 Weak Password Generation Vulnerability in phpMyAdmin Buffer Overflow Vulnerability in SAP HANA XS Engine (hdbxsengine) Allows Remote Code Execution SAP HANA XS Engine Remote Log Spoofing Vulnerability Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Memory Corruption Vulnerabilities in Mozilla Firefox Integer Overflow in Image-Deinterlacing Functionality in Mozilla Firefox Buffer overflow vulnerability in Mozilla Firefox allows remote code execution via crafted WebGL content Clickjacking Vulnerability in Mozilla Firefox Protocol-Handler Dialog Improper Division in NSS Library Allows Cryptographic Protection Bypass Incomplete Fix for Vertical Tab Cookie Vulnerability in Mozilla Firefox Address Bar Spoofing Vulnerability in Mozilla Firefox for Android Clickjacking Vulnerability in Mozilla Firefox on OS X Address Bar Spoofing Vulnerability in Mozilla Firefox Address Bar Spoofing Vulnerability in Mozilla Firefox for Android Memory Corruption Vulnerability in ANGLE's Buffer11::NativeBuffer11::map Function Denial of Service Vulnerability in Mozilla Firefox's nsZipArchive Function Integer Overflow and Buffer Overflow Vulnerability in MoofParser::Metadata Function Unintended Download Vulnerability in Mozilla Firefox 43.x Insecure Lightweight-Theme Installation in Mozilla Firefox for Android Same Origin Policy Bypass in Mozilla Firefox via Service Workers and Plugins Remote Code Execution Vulnerability in Mozilla Network Security Services (NSS) Integer overflows in NSPR's io/prprf.c leading to buffer overflow Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox CSP Violation Report Denial of Service and Privilege Escalation Vulnerability Same Origin Policy Bypass in Mozilla Firefox via CSP Violation Report Denial of Service Vulnerability in Mozilla Firefox on Linux with Intel Video Driver Memory Leak Vulnerability in Mozilla Firefox and Firefox ESR Address Bar Spoofing Vulnerability in Mozilla Firefox Remote Code Execution and Denial of Service Vulnerability in Mozilla Firefox ServiceWorkerManager Class Integer Underflow in nsHtml5TreeBuilder Class in Mozilla Firefox Mozilla Firefox Use-After-Free Vulnerability in nsHTMLDocument::SetBody Function Mozilla Firefox Use-After-Free Vulnerability in DataChannelConnection::Close Function FileReader API Read Operation Vulnerability AtomicBaseIncDec Use-After-Free Vulnerability in Mozilla Firefox Address bar spoofing vulnerability in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox Same Origin Policy Bypass in Mozilla Firefox before 45.0 Brotli Integer Underflow Vulnerability Out-of-bounds Write Vulnerability in Graphite 2 Integer Underflow Vulnerability in Mozilla Firefox WebRTC Implementation Unspecified Memory Corruption Vulnerability in Mozilla Firefox on Windows Race condition vulnerability in libvpx in Mozilla Firefox before 45.0 on Windows Race condition vulnerability in GetStaticInstance function in Mozilla Firefox before 45.0 Memory Allocation Vulnerability in Mozilla Firefox Race conditions in WebRTC implementation in Mozilla Firefox DesktopDisplayDevice Use-After-Free Vulnerability in Mozilla Firefox Arbitrary Code Execution and Denial of Service Vulnerability in Graphite 2 SSL3_HandleECDHServerKeyExchange Use-After-Free Vulnerability in Mozilla Network Security Services (NSS) Use-after-free vulnerability in PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla NSS before 3.21.1 QEMU e1000 NIC Emulation Infinite Loop Vulnerability Denial of Service Vulnerability in Privoxy's remove_chunked_transfer_coding Function Denial of Service Vulnerability in Privoxy 3.0.24 Hardcoded Password Vulnerability in setUpSubtleUserAccount on Harman AMX Devices Arbitrary Command Execution Vulnerability in HPE Operations Manager 8.x and 9.0 on Windows Arbitrary Command Execution Vulnerability in HP Continuous Delivery Automation (CDA) 1.30 Denial of Service Vulnerability in HPE IPFilter A.11.31.18.21 on HP-UX Arbitrary Code Execution and Information Disclosure Vulnerability in HPE Network Automation Arbitrary Code Execution and Information Disclosure Vulnerability in HPE Network Automation Privilege Escalation Vulnerability in HPE ArcSight ESM Unspecified File Download Vulnerability in HPE ArcSight ESM Information Disclosure Vulnerability in HPE ArcSight ESM Unspecified Vector Vulnerability in HPE System Management Homepage before 7.5.4 Information Disclosure Vulnerability in HPE System Management Homepage (before 7.5.4) Arbitrary Code Execution Vulnerability in HPE System Management Homepage before 7.5.4 Unspecified Vector Vulnerability in HPE System Management Homepage before 7.5.4 Arbitrary Command Execution in HPE Operations Orchestration 10.x Arbitrary Command Execution Vulnerability in HPE Service Manager (SM) 9.3x and 9.4x Arbitrary Command Execution Vulnerability in HP Release Control 9.13, 9.20, and 9.21 Remote Code Execution Vulnerability in HPE Asset Manager and Asset Manager CloudSystem Chargeback Node Access Bypass Vulnerability in REST/JSON Project for Drupal (SA-CONTRIB-2016-033) Comment Access Bypass Vulnerability in REST/JSON Project 7.x-1.x for Drupal User Enumeration Vulnerability in REST/JSON Project for Drupal 7.x-1.x (SA-CONTRIB-2016-033) Field Access Bypass Vulnerability in REST/JSON Project for Drupal 7.x-1.x (SA-CONTRIB-2016-033) User Registration Bypass Vulnerability in REST/JSON Project for Drupal 7.x-1.x (SA-CONTRIB-2016-033) User login blockage vulnerability in REST/JSON project for Drupal 7.x-1.x (SA-CONTRIB-2016-033) Session Name Guessing Vulnerability in REST/JSON Project for Drupal 7.x-1.x (SA-CONTRIB-2016-033) Session Enumeration Vulnerability in REST/JSON Project for Drupal 7.x-1.x (SA-CONTRIB-2016-033) VxWorks DNS Client Stack-Based Buffer Overflow Vulnerability (Unsupported Versions) Unspecified Remote Information Disclosure and URL Redirection Vulnerability in HPE Universal CMDB Foundation 10.x Remote Command Execution in EWWW Image Optimizer Plugin TLS Certificate Verification Bypass in libgrss 0.7.0 OpenSSH User Enumeration Vulnerability Denial of Service Vulnerability in sha256crypt and sha512crypt Algorithms Uninitialized Data Structure Vulnerability in pam_tacplus.c Race Condition Vulnerability in SmokePing's Initscript Allows Privilege Escalation MVPower CCTV DVR Models Remote Command Execution (RCE) via Web Shell Remote Unauthenticated Command Injection in D-Link DSL-2750B Devices (CVE-2016-2022) SQL Injection Vulnerability in Knex.js through 2.3.0 Allows Bypassing WHERE Clause Arbitrary Command Execution in HPE Vertica Analytics Management Console (ZDI-CAN-3417) Missing PGP Validation in Gentoo Portage Standalone emerge-webrsync Arbitrary Command Execution via Serialized Java Object in HPE P9000 Command View Advanced Edition Software and XP7 CVAE Remote Code Execution in HPE Data Protector due to Lack of Authentication Arbitrary Code Execution Vulnerability in HPE Data Protector (ZDI-CAN-3352) Arbitrary Code Execution Vulnerability in HPE Data Protector (ZDI-CAN-3353) Arbitrary Code Execution Vulnerability in HPE Data Protector (ZDI-CAN-3354) Arbitrary Code Execution Vulnerability in HPE Data Protector Arbitrary Command Execution in HPE Network Node Manager i (NNMi) via Serialized Java Object Arbitrary Web Script Injection Vulnerability in HPE Network Node Manager i (NNMi) Arbitrary Web Script Injection Vulnerability in HPE Network Node Manager i (NNMi) Authentication Bypass Vulnerability in HPE Network Node Manager i (NNMi) Unspecified Information Disclosure Vulnerability in HPE Network Node Manager i (NNMi) Remote Code Execution and Denial of Service Vulnerability in HPE Network Node Manager i (NNMi) Unspecified Vector Vulnerability in HPE System Management Homepage before 7.5.5 ACL Inheritance Vulnerability in HPE HP-UX 11iv3 with VxFS Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Systems Insight Manager (SIM) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Systems Insight Manager (SIM) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Systems Insight Manager (SIM) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Systems Insight Manager (SIM) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Systems Insight Manager (SIM) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Systems Insight Manager (SIM) Information Disclosure Vulnerability in HPE RESTful Interface Tool 1.40 Unspecified Remote Code Execution Vulnerability in HPE Insight Control Unspecified Remote Information Disclosure Vulnerability in HPE Service Manager Unspecified Information Disclosure Vulnerability in HPE Matrix Operating Environment Unspecified Information Disclosure Vulnerability in HPE Matrix Operating Environment Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Matrix Operating Environment Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Matrix Operating Environment Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Systems Insight Manager (SIM) Aruba Instate Multiple Vulnerabilities: Bypassing Security Restrictions, Information Disclosure, Unauthorized Actions, and Arbitrary Code Execution Aruba AirWave Management Platform 8.x Prior to 8.2 RabbitMQ Management Interface Information Disclosure Vulnerability ClearPass Policy Manager SQL Injection Vulnerability NULL Pointer Dereference Vulnerability in Samsung Android Kernel (SVE-2016-5036) Out-of-Bounds Write Vulnerability in cpio_safer_name_suffix Function Sensitive Information Disclosure in phpMyAdmin CSRF Token Generation Vulnerability in phpMyAdmin Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin CSRF Token Comparison Vulnerability in phpMyAdmin Sensitive Information Disclosure in phpMyAdmin 4.4.x and 4.5.x Arbitrary Script Injection in phpMyAdmin's goToFinish1NF Function Sensitive Information Disclosure in phpMyAdmin SQL Parser Arbitrary Script Injection in phpMyAdmin SQL Editor Arbitrary Script Injection Vulnerability in SOPHOS UTM UserPortal Improper Verification of SSL Server Hostname Bypassing Access Restrictions in Django ModelAdmin Save as New Vulnerability Improper Validation of openid.realm Parameter in JanRain PHP OpenID Library Out-of-Bounds Write Vulnerability in libdwarf-20151114 Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Unspecified Denial of Service Vulnerabilities in HarfBuzz Denial of Service Vulnerability in Linux Kernel's ASN.1 BER Decoder Multiple Buffer Overflows in Xymon Daemon (xymond.c) Allow Remote Code Execution or DoS Arbitrary File Read Vulnerability in Xymon Configuration Directory Arbitrary Command Execution in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 Weak Permissions on IPC Message Queue in Xymon 4.1.x, 4.2.x, and 4.3.x Cross-Site Scripting (XSS) Vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x Race condition and list corruption vulnerability in msm_ipc_router_bind_control_port function in Linux kernel 3.x Improper Validation of Upstream Interface Names in Tethering Controller in netd Integer Signedness Error in MSM V4L2 Video Driver: Privilege Escalation and Denial of Service Vulnerability Integer Overflow and Heap-based Buffer Overflow in Adreno GPU Driver Stack-based Buffer Overflow in MSM Thermal Driver for Linux Kernel 3.x Denial of Service and Buffer Over-read Vulnerability in MSM QDSP6 Audio Driver Out-of-bounds write and memory corruption vulnerability in MSM QDSP6 audio driver Integer Signedness Error in MSM QDSP6 Audio Driver: Privilege Escalation and Denial of Service Vulnerability Privilege Escalation via KGSL_MEMFLAGS_GPUREADONLY Flag Mishandling in Qualcomm MSM Graphics Driver Vulnerability in MSM QDSP6 Audio Driver Allows Privilege Escalation and Denial of Service Privilege Escalation via Race Condition in Linux Kernel's TLB Handling Denial of Service Vulnerability in Linux Kernel TCP Handling Privilege Escalation Vulnerability in Citrix NetScaler ADC and Gateway Clickjacking Vulnerability in Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read Vulnerability in libxml2's htmlParseNameComplex Function Buffer Overflow Vulnerability in ovs-vswitchd Allows Remote Code Execution Arbitrary Web Script Injection Vulnerability in VMware vRealize Business Advanced and Enterprise 8.x Session Hijacking Vulnerability in VMware vCenter Server, vCloud Director, and vRealize Automation Identity Appliance Privilege Escalation Vulnerability in VMware Workstation and Player on Windows Arbitrary Web Script Injection Vulnerability in VMware vCenter Server Information Disclosure Vulnerability in VMware NSX Edge and vCNS Edge Arbitrary Web Script Injection Vulnerability in VMware vRealize Log Insight CSRF Vulnerability in VMware vRealize Log Insight 2.x and 3.x Vulnerability: Improper Certificate Regeneration in F5 BIG-IP and BIG-IQ Products Timing Side-Channel Attack Vulnerability in Linux Kernel's evm_verify_hmac Function HTTP Request Smuggling Vulnerability in Node.js Directory Traversal Vulnerability in HexChat 2.11.0 Client Denial of Service Vulnerability in ISC BIND 9.10.x Denial of Service Vulnerability in JasPer 1.900.1 Heap-based buffer overflow in libbsd fgetwln function before 0.8.2 Out-of-Bounds Read Vulnerability in libdwarf's dwarf_read_cie_fde_prefix Function Denial of Service Vulnerability in HTTPS NIO Connector: Read-timeout Exploit Incomplete fix for directory traversal vulnerability in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 Arbitrary Ruby Code Execution in Action Pack Apache Xerces C++ Use-After-Free Vulnerability in DTDScanner.cpp Privilege Escalation in Foreman: Unauthorized Access to Private Bookmarks Unauthenticated Network Access to HAProxy Statistics in openstack-tripleo-image-elements Cross-Site Scripting (XSS) Vulnerabilities in Red Hat Satellite 5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Red Hat Satellite 5 Integer Overflow in OpenSSL EVP_EncodeUpdate Function Integer Overflow in OpenSSL EVP_EncryptUpdate Function Padding Oracle Attack Vulnerability in OpenSSL Arbitrary Code Execution and Denial of Service Vulnerability in OpenSSL's ASN.1 Implementation Denial of Service Vulnerability in OpenSSL ASN.1 BIO Implementation NTLMSSP Authentication Protocol-Downgrade Vulnerability Remote Spoofing Vulnerability in Samba's NETLOGON Service LDAP Protocol-Downgrade Vulnerability in Samba 3.x and 4.x Unverified X.509 Certificate Vulnerability in Samba SMB1 Protocol Implementation Vulnerability in Samba 4.x Samba Vulnerability: Man-in-the-Middle Attack via Spoofed SMB Clients Memory Leak in jas_iccprof_createfrombuf Function in JasPer 1.900.1 and Earlier Improper Scatter/Gather I/O Configuration in Linux Kernel Allows Remote Information Disclosure BADLOCK: Protocol-Downgrade Vulnerability in Samba 3.x and 4.x Samba Vulnerability: Man-in-the-Middle Attack Bypasses Client-Signing Protection PowerDNS Authoritative Server Integer Overflow Vulnerability Weak Permissions Vulnerability in Redis Remote Privilege Escalation Vulnerability in Samba Versions 4.0.0 to 4.5.2 Samba Vulnerability: Password Retrieval via SMB1 Authentication Flaw Kerberos Authentication Vulnerability in Samba Samba Privilege Elevation Vulnerability Cross-Site Scripting (XSS) Vulnerability in Kippo-Graph Cross-Site Scripting Vulnerability in Kippo-Graph 1.5.1 and Earlier Arbitrary File Read Vulnerability in OpenStack Compute (Nova) JGroups Vulnerability: Unauthorized Message Access and Spoofing World-readable permissions on /etc/origin/master/master-config.yaml expose Active Directory credentials in Red Hat OpenShift Enterprise 3.1 Vulnerability: Denial of Service in Linux Kernel on s390 Platforms Denial of Service Vulnerability in mod_auth_mellon before 0.11.1 Denial of Service Vulnerability in mod_auth_mellon Allows Remote Attackers to Crash Worker Process or Web Server Denial of Service Vulnerability in BusyBox DHCP Client (udhcpc) via Malformed Domain Name Heap-based Buffer Overflow in BusyBox DHCP Client (udhcpc) Allows Remote Code Execution via OPTION_6RD Parsing Log File Disclosure Vulnerability in Red Hat OpenShift Enterprise 3.2 Arbitrary Host Memory Access Vulnerability in SPICE Excessive Authorization Vulnerability in Moodle Allows Disclosure of Student E-mail Addresses Cross-Site Scripting (XSS) Vulnerabilities in Moodle's auth.php Cross-site scripting (XSS) vulnerability in Moodle's advanced-search feature in mod_data Hidden Course Name Disclosure Vulnerability in Moodle Event Monitor Insecure Grade-Reporting Feature in Singleview in Moodle Information Disclosure in Moodle Calendar CSRF vulnerability in Moodle's Assignment Plugin Management Information Disclosure Vulnerability in Moodle Bypassing Due-Date Restrictions in Moodle's save_submission Function Root Privilege Escalation via STI Builder Image in Red Hat OpenShift Apache HTTP Server mod_auth_digest Vulnerability Cross-Site Scripting (XSS) Vulnerability in Apache Struts 2.x before 2.3.25 Arbitrary Script Injection in Apache OpenMeetings Event Description Arbitrary File Read Vulnerability in Apache OpenMeetings SOAP API Improper URL Path Cleansing in Loggregator Traffic Controller Endpoints Unencrypted Connection Vulnerability in Apache Qpid Proton Authentication Bypass Vulnerability in Apache Subversion NULL pointer dereference vulnerability in mod_authz_svn in Apache Subversion Business Logic Flaw in Cloud Foundry Cloud Controller Allows Route Conflicts and Traffic Interception Arbitrary Command Execution Vulnerability in Apache OFBiz User Manager Service Access Control Bypass Vulnerability Arbitrary Code Execution in Spring AMQP DefaultDeserializer SQL Injection Vulnerability in Apache Ranger Policy Admin Tool XML External Entity (XXE) Vulnerability in Apache PDFBox Remote Information Disclosure and Denial of Service Vulnerability in OpenSSL Heap-buffer boundary check vulnerability in OpenSSL through 1.0.2h Timing Side-Channel Attack Vulnerability in OpenSSL's dsa_sign_setup Function DTLS Implementation in OpenSSL before 1.1.0: Denial of Service via Memory Consumption Denial of Service Vulnerability in OpenSSL's TSP Implementation DTLS Anti-Replay Vulnerability in OpenSSL Out-of-Bounds Write Vulnerability in OpenSSL's BN_bn2dec Function Sweet32: Exploiting the Birthday Bound in DES and Triple DES Ciphers Denial of Service Vulnerability in Linux Kernel's snd-usb-audio Driver NULL Pointer Dereference and System Crash Vulnerability in Linux Kernel's ati_remote2_probe Function USB PowerMate NULL Pointer Dereference Vulnerability NULL Pointer Dereference and System Crash Vulnerability in Linux Kernel's gtco_probe Function NULL pointer dereference vulnerability in iowarrior_probe function in Linux kernel before 4.5.1 Information Disclosure Vulnerability in Moodle Denial of Service Vulnerability in OptiPNG's bmp_read_rows Function Remote authenticated users can modify type mappings for non-owned types in PostgreSQL PL/Java before version 1.5.0 Vulnerability: Row-Security Bypass in PostgreSQL Denial of Service Vulnerability in Botan's ressol Function Integer Overflow in PointGFp Constructor Allows Remote Code Execution Heap-based Buffer Overflow in P-521 Reduction Function in Botan 1.11.x QEMU IDE AHCI Emulation Null Pointer Dereference Vulnerability QEMU USB EHCI Emulation Null Pointer Dereference Vulnerability CSRF Vulnerabilities in McAfee Vulnerability Manager Denial of Service Vulnerability in Siemens SIMATIC S7-1500 CPU Devices Replay Protection Bypass Vulnerability in Siemens SIMATIC S7-1500 CPU Devices Bypassing Application-Blacklist Restrictions in Symantec Altiris IT Management Suite Local Privilege Escalation Vulnerability in Symantec Messaging Gateway (SMG) Appliance Devices Root-Shell Access Vulnerability in Symantec Messaging Gateway (SMG) Appliance Devices Directory Traversal Vulnerability in Symantec Workspace Streaming and Workspace Virtualization Arbitrary File Read Vulnerability in Symantec Workspace Streaming and Virtualization Remote Code Execution Vulnerability in Symantec Products via Crafted RAR File Remote Code Execution and Denial of Service Vulnerability in Symantec Anti-Virus Engine Buffer Overflow Vulnerability in Symantec Products Buffer Overflow Vulnerability in Symantec Products Remote Code Execution and Denial of Service Vulnerability in Symantec Products Sensitive Order Information Disclosure in Magento RSS Feed Out-of-Bounds Array Read Access Vulnerability in FFmpeg's jpeg2000_decode_tile Function Unspecified Cross-Site Scripting (XSS) Vulnerability in Huawei Agile Controller-Campus HTTP Header Parsing Code Vulnerability Insecure DH Implementation in Socat 1.7.3.0 and 2.0.0-b8 Arbitrary Code Injection through Cross-Site Scripting (XSS) in Palo Alto Networks PAN-OS 7.x Open Redirect Vulnerability in WordPress before 4.4.2 Server-side Request Forgery (SSRF) Vulnerability in WordPress before 4.4.2 Denial of Service Vulnerability in uClibc-ng's __decode_dotted Function Denial of Service Vulnerability in uClibc-ng's __read_etc_hosts_r Function Arbitrary Code Execution via Integer Overflow in libiberty's string_appends Function Arbitrary Web Script Injection in Horde Groupware Hardcoded Root Password Vulnerability in OpenELEC and RasPlex Devices Denial of Service Vulnerability in Huawei SmartAX MT882 Devices Denial of Service Vulnerability in Asterisk Open Source and Certified Asterisk HexChat 2.10.2 Stack-Based Buffer Overflow in inbound_cap_ls Function Arbitrary Code Execution in Exponent CMS 2.x before 2.3.7 Patch 3 via sc Parameter Denial of Service Vulnerability in Sure Start on HP Commercial PCs 2015 Information Disclosure Vulnerability in HP LaserJet and OfficeJet Enterprise Printers Authentication Bypass Vulnerability in HP Support Assistant Privilege Escalation via Keyboard Layout Control Panel in HP ThinPro 4.4-6.1 Insecure SSL Certificate Validation in Dell SecureWorks iOS App Denial of Service Vulnerability in Xen 4.6.x and Earlier via MMIO Page Mapping Denial of Service Vulnerability in Xen 4.6.x and Earlier with Intel or Cyrix CPU Remote Code Execution Vulnerability in Eaton Lighting EG2 Web Control 4.04P and Earlier Cross-Site Scripting Vulnerability in Adcon Telemetry A850 Telemetry Gateway Base Station Insecure Access Control in Advantech/B+B SmartWorx VESP211-EU and VESP211-232 Devices Arbitrary Code Execution in Rockwell Automation Integrated Architecture Builder (IAB) Arbitrary OS Command Execution Vulnerability in Schneider Electric Struxureware Building Operations Automation Server Arbitrary Web Script Injection Vulnerability in Rockwell Automation Allen-Bradley CompactLogix 1769-L* Buffer Overflow Vulnerability in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 Untrusted Search Path Vulnerability in ABB Panel Builder 800 5.1: Local Privilege Escalation via Trojan Horse DLL Insecure Credential Encryption in Moxa ioLogik E2200 Devices and ioAdmin Configuration Utility Insecure Data Encryption in Moxa ioLogik E2200 Devices and ioAdmin Configuration Utility Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort devices with firmware 1.1.10 Build 09120714, 1.1 Build 10080614, and 1.0 Build 11071409 allows remote authentication hijacking. Blank Default Password Vulnerability in Moxa MiiNePort Devices XSS Vulnerability in XZERES 442SR OS on 442SR Wind Turbines Privilege Escalation via File Modification in Cogent DataHub ICONICS WebHMI 9 Directory Traversal Vulnerability Heap-based Buffer Overflow in Pro-face GP-Pro EX EX-ED before 4.05.000: Remote Code Execution Vulnerability Remote Code Execution and Denial of Service Vulnerability in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 Remote Code Execution Vulnerability in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 Information Disclosure Vulnerability in Accuenergy Acuvim II NET and Acuvim IIR NET Firmware 3.08 Cleartext Mail-Server Password Disclosure Vulnerability in Accuenergy Acuvim II NET and Acuvim IIR NET Cleartext Information Disclosure in Moxa MiiNePort Devices Unauthenticated Access to Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited Login Pages Remote Command Execution in Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited Unspecified Remote Information Disclosure in Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited SQL Injection Vulnerability in Ecava IntegraXor before 5.0 Build 4522 Authentication Bypass Vulnerability in Ecava IntegraXor before 5.0 build 4522 SQL Injection Vulnerability in Ecava IntegraXor before 5.0 Build 4522 Information Disclosure Vulnerability in Ecava IntegraXor before 5.0 build 4522 CRLF Injection Vulnerability in Ecava IntegraXor before 5.0 Build 4522 Missing HTTPOnly Flag in Set-Cookie Header in Ecava IntegraXor before 5.0 Build 4522 Arbitrary Script Injection Vulnerability in Ecava IntegraXor before 5.0 build 4522 Sensitive Information Disclosure in Ecava IntegraXor HMI Web Server Arbitrary File Read Vulnerability in American Auto-Matrix Aspect-Nexus and Aspect-Matrix Building Automation Front-End Solutions Cleartext Password Storage Vulnerability in American Auto-Matrix Aspect-Nexus and Aspect-Matrix Building Automation Front-End Solutions Firmware Patch Validation Vulnerability in iRZ RUH2 before 2b Hardcoded Credentials Vulnerability in General Electric (GE) Multilink Switches Password Disclosure Vulnerability in AlertWerks ServSensor Devices Screen Unlock Vulnerability Authentication Bypass Vulnerability in Cacti before 0.8.8g Denial of Service Vulnerability in GlobespanVirata ftpd 1.0 on Huawei SmartAX MT882 Devices Heap-based Buffer Overflow in Git before 2.7.4 via Incorrect Integer Data Type Denial of Service via Large Retransmit Timeout Values in Asterisk Open Source and Certified Asterisk Buffer overflow vulnerabilities in GraphicsMagick 1.3.23 via crafted SVG files NULL Pointer Dereference Vulnerability in GraphicsMagick 1.3.23 via Crafted SVG File Git Integer Overflow Vulnerability Integer Overflow in asf_write_packet Function in FFmpeg Allows Denial of Service or Other Impact via Crafted PTS Value in .mov File Out-of-bounds array access vulnerability in FFmpeg's pngenc.c Out-of-Bounds Array Read Access Vulnerability in libswscale/swscale_unscaled.c Out-of-bounds Array Access Vulnerability in FFmpeg TIFF Decoder Buffer Overflow Vulnerability in FFmpeg's GIF Decoder Default Password Vulnerability in SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway Devices Arbitrary Command Execution Vulnerability in SysLINK SL-1000 M2M Modular Gateway Devices Hardcoded Encryption Key Vulnerability in SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway Devices Remote Code Execution Vulnerability in 7zip and p7zip via Crafted HFS+ Image Out-of-bounds read and code execution vulnerability in CInArchive::ReadFileItem method in 7zip Type Confusion Vulnerability in Ruby's WIN32OLE Class Methods: ole_invoke and ole_query_interface Type Confusion Vulnerability in _cancel_eval Ruby's TclTkIp Class Method Heap Overflow Vulnerability in Ruby's Psych::Emitter start_document Function Heap Overflow Vulnerability in Fiddle::Function.new initialize Function of Ruby XML External Entity (XXE) Vulnerability in Granite Data Services 3.1.1-SNAPSHOT Stack-based Buffer Overflow in Quagga's BGP NLRI Parser Hardcoded Password Vulnerability in Patterson Dental Eaglesoft 17 Stack-based Buffer Overflow in Autodesk Backburner Manager Arbitrary Code Execution Vulnerability in SolarWinds DameWare Mini Remote Control 12.0 Unverified HTTP Data Vulnerability in Allround Automations PL/SQL Developer 11 Arbitrary Code Execution via Integer Underflow in Lhasa's decode_level3_header Function Password Reset Vulnerability in Remedy AR System Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in Accellion File Transfer Appliance (FTA) SQL Injection Vulnerability in Accellion File Transfer Appliance (FTA) Allows Remote Code Execution Remote Code Execution Vulnerability in Accellion File Transfer Appliance (FTA) Privilege Escalation via Arbitrary SSH Key Addition in Accellion File Transfer Appliance (FTA) Unrestricted Pairing Vulnerability in Lemur Vehicle Monitors BlueDriver SQL Injection Vulnerability in dotCMS REST API Buffer Overflow Vulnerability in Milesight IP Security Cameras Hardcoded SSL Private Key Vulnerability in Milesight IP Security Cameras Default Privileged Accounts with Hardcoded Credentials in Milesight IP Security Cameras Authentication Bypass Vulnerability in Milesight IP Security Cameras Default Root Password Vulnerability in Milesight IP Security Cameras Hardcoded FTP and SSH Password Vulnerability in Fonality (previously trixbox Pro) 12.6 through 14.1i Weak Permissions in Fonality (previously trixbox Pro) Allow Local Users to Obtain Root Access Hardcoded Private Key Vulnerability in Chrome HUDweb Plugin for Fonality Denial of Service Vulnerability in Pidgin's MXIT Protocol Handling Denial of Service Vulnerability in Pidgin's MXIT Protocol Handling MXIT Protocol Out-of-Bounds Read Vulnerability MXIT Protocol Buffer Overflow Vulnerabilities in Pidgin NULL Pointer Dereference Vulnerability in Pidgin's MXIT Protocol Handling Denial of Service Vulnerability in Pidgin's MXIT Protocol Handling MXIT Protocol Out-of-Bounds Write Vulnerability in Pidgin Out-of-Bounds Read Vulnerability in Pidgin's MXIT Protocol Handling Denial of Service Vulnerability in Pidgin's MXIT Protocol Handling Out-of-Bounds Write Vulnerability in Pidgin's MXIT Protocol Handling MXIT Protocol Out-of-Bounds Read Vulnerability in Pidgin Buffer Overflow Vulnerability in Pidgin's MXIT Protocol Handling Buffer Overflow Vulnerability in Pidgin's MXIT Protocol Handling Buffer Overflow Vulnerability in Pidgin's MXIT Protocol Handling Weak Encryption in Mxit Protocol: Vulnerability in Password Protection MXIT Protocol Information Leak Vulnerability in Pidgin Taint Protection Bypass Vulnerability in Perl via Duplicate Environment Variables Information Disclosure Vulnerability in Linux Kernel's adjust_branches Function Double Free Vulnerability in Linux Kernel's snd_usbmidi_create Function Heap-based Buffer Overflow in Kamailio's SEAS Module Allows Remote Code Execution SQL Injection Vulnerability in SAP NetWeaver J2EE Engine 7.40 UDDI Server Cross-Site Scripting (XSS) Vulnerabilities in SAP NetWeaver 7.4 ProxyServer Servlet Remote Information Disclosure Vulnerability in SAP NetWeaver AS JAVA 7.4 SAP Manufacturing Integration and Intelligence (xMII) Directory Traversal Vulnerability Denial of Service Vulnerability in Squid Proxy Server Denial of Service Vulnerability in QEMU's USB OHCI Emulation Support NULL pointer dereference vulnerability in QEMU USB Net Device Emulator Weak Access Control in Lenovo Fingerprint Manager and Touch Fingerprint Software Allows Privilege Escalation Arbitrary Command Execution Vulnerability in Dell SonicWALL GMS ViewPoint (GMSVP) Web Application Arbitrary Code Execution via Deserialization in Dell SonicWALL GMS, Analyzer, and UMA EM5000 Base-Station Communication Vulnerability in Comcast XFINITY Home Security System Integer Overflow in libquicktime's quicktime_read_pascal Function Allows for Denial of Service and Possible Remote Code Execution Certificate Pinning Bypass Vulnerability in OkHttp Authentication Bypass Vulnerability in Symfony Permission Control Vulnerability in Huawei Switches S5700, S6700, S7700, S9700, S12700, and ACU2 Remote Code Execution and Denial of Service Vulnerability in Huawei Policy Center Incorrect Permission Control in Huawei DSM Allows Unauthorized Access to Encrypted Documents Privilege Escalation Vulnerability in Pulse Secure Desktop and Installer Service for Windows Privilege Escalation Vulnerability in Texas Instruments Haptic Kernel Driver Privilege Escalation Vulnerability in Qualcomm Video Kernel Driver Privilege Escalation Vulnerability in Qualcomm Power Management Kernel Driver Privilege Escalation Vulnerability in Skia Library in Android Uninitialized Handle Pointer Vulnerability in Android Media Server Denial of Service Vulnerability in Minikin Library Information Disclosure Vulnerability in Exchange ActiveSync Autodiscover Implementation Unauthenticated Information Disclosure in Android mediaserver Uninitialized Parameter Vulnerability in Android Media Server Uninitialized Metadata Buffer Pointers Vulnerability in Android 6.x Uninitialized Data Structure Vulnerability in Android 6.x Privilege Escalation via Debuggerd Component in Android 4.x before 4.4.4 Factory Reset Protection Bypass Vulnerability in Android Setup Wizard Wi-Fi CA Certificate Privilege Escalation Vulnerability Bypassing Factory Reset Protection in Android Telephony Denial of Service Vulnerability in Android SyncStorageEngine Sensitive Information Disclosure via File Attachment in AOSP Mail Lack of GET_ACCOUNTS Permission Check in Android Framework Component Insecure Default Authentication Tag Size in AES-GCM Specification Thread Limitation Vulnerability in Android's libAACdec Heap memory corruption vulnerability in libFLAC/stream_decoder.c in Android mediaserver Privilege escalation vulnerability in libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 Privilege Escalation Vulnerability in Qualcomm TrustZone Component on Nexus and Android One Devices Privilege Escalation Vulnerability in Qualcomm TrustZone Component on Nexus 6 and Android One Devices Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver for Android Privilege Escalation Vulnerability in NVIDIA Video Driver on Nexus 9 Devices Privilege Escalation Vulnerability in NVIDIA Video Driver on Nexus 9 Devices Privilege Escalation Vulnerability in NVIDIA Video Driver on Nexus 9 Devices Privilege Escalation Vulnerability in NVIDIA Video Driver on Nexus 9 Devices Buffer Overflow Vulnerability in Bluetooth in Android 4.x, 5.x, and 6.x Privilege Escalation via Object Reference Mishandling in Android Binder Privilege Escalation Vulnerability in Qualcomm Buspm Driver on Nexus 5X, 6, and 6P Devices Privilege Escalation Vulnerability in Qualcomm Buspm Driver on Nexus 5X, 6, and 6P Devices Privilege Escalation Vulnerability in Qualcomm MDP Driver on Nexus 5 and Nexus 7 (2013) Devices Privilege Escalation Vulnerability in NVIDIA Media Driver on Nexus 9 Devices Privilege Escalation Vulnerability in NVIDIA Media Driver on Nexus 9 Devices Privilege Escalation Vulnerability in NVIDIA Media Driver on Nexus 9 Devices Privilege escalation vulnerability in Android mediaserver Privilege escalation vulnerability in Android Camera3Device.cpp Buffer Size Validation Vulnerability in Android's libstagefright Buffer Size Validation Vulnerability in libstagefright in Android Buffer Overflow Vulnerability in libstagefright in Android Privilege Escalation Vulnerability in MediaTek Wi-Fi Driver on Android One Devices Denial of Service Vulnerability in Qualcomm Hardware Video Codec on Nexus 5 Devices Privilege Escalation Vulnerability in MediaTek Wi-Fi Driver on Android One Devices Bypassing Wi-Fi Configuration Restrictions via Guest Access in Android Improper Attachment Restriction in AOSP Mail Allows Information Disclosure Uninitialized Data Structures Vulnerability in Android Mediaserver Uninitialized Data Structures Vulnerability in Android Mediaserver Spoofing Message Authentication in OpenSSLCipher.java in Conscrypt Spoofing Message Authentication in OpenSSLCipher.java in Conscrypt Integer Overflow Vulnerabilities in libstagefright in Android Memory corruption vulnerability in libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 Privilege Escalation Vulnerability in Qualcomm Video Driver on Nexus Devices Privilege Escalation Vulnerability in Qualcomm Sound Driver on Nexus 6 Devices Privilege Escalation Vulnerability in Qualcomm Sound Driver on Nexus 5 Devices Privilege Escalation Vulnerability in Qualcomm GPU Driver on Nexus Devices Privilege Escalation Vulnerability in Qualcomm Sound Driver on Nexus 5, 6, and 6P Devices Privilege Escalation Vulnerability in Qualcomm Wi-Fi Driver on Nexus 7 (2013) Devices Privilege Escalation Vulnerability in Qualcomm Wi-Fi Driver on Nexus 7 (2013) Devices Privilege Escalation Vulnerability in Qualcomm Wi-Fi Driver on Nexus 7 (2013) Devices Privilege Escalation Vulnerability in Qualcomm Wi-Fi Driver on Nexus 7 (2013) Devices Privilege Escalation Vulnerability in Qualcomm Wi-Fi Driver on Nexus 5X Devices Privilege Escalation Vulnerability in Broadcom Wi-Fi Driver on Android Devices Unvalidated OMX Buffer Sizes Vulnerability in Android Mediaserver Pointer mishandling vulnerability in Android mediaserver (CVE-2016-2725) Pointer mishandling vulnerability in Android mediaserver (CVE-2016-xxxx) Buffer Count Mishandling Vulnerability in Android Mediaserver Privilege escalation vulnerability in Android mediaserver (CVE-2016-2753) Buffer Count Mishandling Vulnerability in Android's mm-video-v4l2 venc Component Buffer Count Mishandling Vulnerability in Android Mediaserver Buffer Count Mishandling Vulnerability in Android's mm-video-v4l2 venc Component Stagefright Media Server Buffer Overflow Vulnerability Stagefright Media Server Buffer Overflow Vulnerability Memory Allocation Validation Vulnerability in libstagefright in Android Stagefright Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Qualcomm Camera Driver on Nexus Devices Privilege Escalation Vulnerability in Qualcomm Video Driver on Nexus Devices Privilege Escalation Vulnerability in NVIDIA Camera Driver on Nexus 9 Devices Privilege Escalation Vulnerability in NVIDIA Camera Driver on Nexus 9 Devices Privilege Escalation Vulnerability in MediaTek Power-Management Driver on Android One Devices Privilege Escalation Vulnerability in Broadcom Wi-Fi Driver on Android Devices Off-by-one error privilege escalation vulnerability in Android 4.x, 5.x, and 6.x Denial of Service Vulnerability in Android's libstagefright (CVE-2016-xxxx) Tapjacking and Arbitrary File Access Vulnerability in Android 6.x Intent-filter priority manipulation vulnerability in PackageManagerService Bypassing Data-Access Restrictions in Qualcomm Wi-Fi Driver on Nexus 7 (2013) Devices Uninitialized Data Vulnerability in libstagefright in Android Improper Process Group Termination in Android Activity Manager Privilege Escalation Vulnerability in Qualcomm Camera Driver on Nexus Devices Privilege Escalation via Large Size in Qualcomm USB Driver Privilege Escalation Vulnerability in Qualcomm GPU Driver on Nexus 5X and 6P Devices Privilege Escalation Vulnerability in Qualcomm GPU Driver on Nexus Devices Memory Corruption Vulnerability in Android's libstagefright Memory corruption vulnerability in DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 Integer Overflow Vulnerability in libstagefright in Android Memory corruption vulnerability in Android media server Vulnerability: Password-Sync Feature Sets SNMP Community to Administrator Password Arbitrary Code Execution via Serialized Data in BeanShell (bsh) Arbitrary Script Injection in WebSVN 2.3.3 and Earlier via log.php Path Parameter Arbitrary URL Redirection and Possible XSS in Django's utils.http.is_safe_url Function Timing Attack Vulnerability in Django Password Hasher Denial of Service Vulnerability in Hawk before 3.1.3 and 4.x before 4.1.1 Denial of Service Vulnerability in NTP Server NTP Denial of Service Vulnerability Out-of-Bounds Reference Vulnerability in NTP's MATCH_ASSOC Function Denial of Service Vulnerability in ntpd Untrusted Search Path Vulnerability in WiresharkApplication Class Denial of Service Vulnerability in Wireshark 2.0.x ASN.1 BER Dissector Denial of Service Vulnerability in Wireshark DNP3 Dissector Denial of Service in X.509AF Dissector in Wireshark 2.0.x before 2.0.2 Unbounded Header Data Consumption in Wireshark HTTP/2 Dissector Out-of-bounds read vulnerability in HiQnet dissector in Wireshark 2.0.x before 2.0.2 Denial of Service Vulnerability in Wireshark 2.0.x Trace File Parser Stack-based Buffer Overflow in LBMC Dissector in Wireshark 2.0.x Denial of Service Vulnerability in Wireshark iSeries File Parser Out-of-bounds read and application crash vulnerability in Wireshark RSL dissector (CVE-2016-2532) Denial of Service Vulnerability in Wireshark RSL Dissector (CVE-2016-2531) Unbounded Recursion in LLRP Dissector in Wireshark Buffer Overflow in ImagingPcdDecode Function in Pillow and PIL Use-after-free vulnerability in SAP 3D Visual Enterprise Viewer allows remote code execution via crafted SketchUp document Denial of Service Vulnerability in is-my-json-valid Package Integer overflows in USB Net device emulator in QEMU before 2.5.1 Arbitrary File Upload and Code Execution via CSRF in ATutor before 2.2.2 Denial of Service Vulnerability in Audacity 2.1.2 and earlier Denial of Service Vulnerability in Audacity 2.1.2 and Earlier Versions Untrusted Search Path Vulnerability in Flexera InstallShield through 2015 SP1 Linux Kernel snd_seq_ioctl_remove_events Function Denial of Service Vulnerability Race condition in queue_delete function in Linux kernel before 4.4.1 allows local users to cause denial of service Race condition vulnerability in Linux kernel allows denial of service via crafted ioctl call Race Condition and Use-After-Free Vulnerability in Linux Kernel's sound/core/timer.c Race condition and use-after-free vulnerability in Linux kernel timer locking mechanism Denial of Service Vulnerability in Linux Kernel's sound/core/timer.c Denial of Service Vulnerability in Linux Kernel's hrtimer.c Linux Kernel Local Denial of Service Vulnerability Stack-based buffer overflow in PHP TAR Archive Handling SQL Injection Vulnerability in ATutor 2.2.1: Remote Code Execution via searchFriends Function Privilege Escalation Vulnerability in NVIDIA GPU Graphics Driver Uninitialized Memory Access Vulnerability in NVIDIA GPU Graphics Driver Untrusted Pointer Vulnerability in NVIDIA GPU Graphics Driver XSS vulnerability in phpMyAdmin 4.5.x before 4.5.5.1 in libraries/sql-parser/src/Utils/Error.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.4.x and 4.5.x Unverified SSL Certificates in phpMyAdmin 4.5.x Stack-based Buffer Overflow in PuTTY and KiTTY SCP Command-Line Utility Session Hijacking Vulnerability in Invision Power Services (IPS) Community Suite SVE-2015-5081: Samsung SecEmailSync Vulnerability Allows Unauthorized Access to Sent Emails SQL Injection Vulnerability in Samsung SecEmailSync on Galaxy S6 (SM-G920F) Bypassing URL Filtering in Samsung Kernel on Note 3 and Galaxy S6 Devices Escape to Parent Session Vulnerability in pkexec with --user nonpriv Denial of Service Vulnerability in Squid Proxy Server XML Parsing Denial of Service Vulnerability in Squid Proxy Server Denial of Service Vulnerability in Squid HTTP Proxy Server HTTP Response Parsing Denial of Service Vulnerability in Squid 4.x Denial of Service Vulnerability in ISC DHCP 4.1.x, 4.2.x, and 4.3.x Denial of Service Vulnerability in ISC BIND 9.x Denial of Service Vulnerability in ISC BIND 9 Escape to Parent Session Vulnerability in runuser Untrusted Search Path Vulnerability in Huawei UTPS: Arbitrary Code Execution and DLL Hijacking Escape from chroot via crafted TIOCSTI ioctl call in GNU coreutils USB Device Insertion Vulnerability in Linux Kernel Vulnerability in Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software Allows Unauthorized Access via Crafted Ethernet Frames Cache Poisoning and XSS Vulnerability in CMS Made Simple Vulnerability: Auth.conf Access Restriction Bypass via Incorrect URL Decoding Certificate Validation Vulnerability in Puppet Enterprise and Puppet Agent Certificate Validation Vulnerability in Puppet Enterprise 2015.3.x Arbitrary Code Execution in MCollective 2.7.0 and 2.8.x Citrix XenMobile Server Cross-Site Scripting (XSS) Vulnerability Uninitialized Memory Vulnerability in Graphite 2 Buffer Over-read Vulnerability in Graphite 2 GlyphCache::glyph Function Buffer Over-read Vulnerability in Graphite2::Slot::getAttr Function Buffer Over-read Vulnerability in Graphite 2 Library Buffer Over-read Vulnerability in Graphite 2 Uninitialized Memory Vulnerability in Graphite 2 Heap-based Buffer Overflow in Graphite2::vm::Machine::Code::Code Function Buffer Over-read Vulnerability in Graphite 2 Buffer Over-read Vulnerability in Graphite2::GlyphCache::Loader::Loader Function Heap-based Buffer Overflow in Graphite2::Slot::setAttr Function Buffer Over-read Vulnerability in Graphite2::Slot::getAttr Function Buffer Over-read Vulnerability in Graphite 2's TtfUtil::CmapSubtable12Lookup Function Buffer Over-read Vulnerability in Graphite 2 Bugzilla Dependency Graphs Cross-Site Scripting (XSS) Vulnerability Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerability in Mozilla Firefox ESR 38.x Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Remote Code Execution and Denial of Service Vulnerability in Mozilla Firefox Arbitrary File Deletion Vulnerability in Mozilla Maintenance Service Updater Bypassing Signature Access Requirements in Mozilla Firefox on Android Mozilla Firefox ServiceWorkerInfo Class Use-After-Free Vulnerability Race condition vulnerability in ServiceWorkerManager class in Mozilla Firefox before 46.0 allows remote code execution or denial of service Unrestricted JavaScript Access to Orientation and Motion Data in Mozilla Firefox for Android Heap-based Buffer Overflow in libstagefright: Remote Code Execution Vulnerability Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Bypassing Content Security Policy (CSP) Protection in Mozilla Firefox Universal XSS (UXSS) vulnerability in Mozilla Firefox before 46.0 Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Arbitrary Code Execution via HTML5 Fragments in Mozilla Firefox Improper Origin Restriction in Firefox Health Reports Allows for Sharing Preferences Modification Mozilla Firefox Use-After-Free Vulnerability in Element Class Address Bar Spoofing Vulnerability in Mozilla Firefox Out-of-bounds Write Vulnerability in ANGLE's TSymbolTableLevel Class Same Origin Policy Bypass in Mozilla Firefox 46.0 and earlier versions Privilege Escalation Vulnerability in Mozilla Firefox Updater Denial of Service Vulnerability in Mozilla Firefox 49.0 Mozilla Firefox Use-After-Free Vulnerability in WebGL Texture Access Permission Spoofing Vulnerability in Mozilla Firefox Persistent Network Connection Vulnerability in Mozilla Firefox Unauthenticated Fullscreen and Pointerlock Approval Bypass in Mozilla Firefox Vulnerability: Information Disclosure of Disabled Plugins in Mozilla Firefox Cross-Domain Java Applet XSS Vulnerability in Mozilla Firefox Denial of Service and Memory Corruption Vulnerability in Mozilla Network Security Services (NSS) Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution and Denial of Service Vulnerabilities in Mozilla Firefox ClearKey CDM Heap-based Buffer Overflow in Mozilla Firefox EME API Arbitrary Code Execution via SVG Document in Mozilla Firefox Denial of Service Vulnerability in Mozilla Firefox on Linux Unauthenticated Script Injection in Open-Xchange Server 6 / OX AppSuite Denial of Service Vulnerability in QEMU NE2000 NIC Emulation Memory Allocation Vulnerability in OpenSSL 1.0.1 and 1.0.2 Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Denial of Service and Assertion Failure Vulnerability in Blink Information Disclosure via Content Security Policy (CSP) Violation Reports in Google Chrome Bypassing User Program Block Protection in Siemens SIMATIC S7-1200 CPU Devices Unbounded Memory Consumption in Linux Kernel Pipes Denial of Service Vulnerability in ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 Timing Side-Channel Attack Vulnerability in Botan TLS Downgrade Attack Vulnerability in Botan 1.11.x before 1.11.29 Integer Overflow Leading to Heap-Based Buffer Overflow in libotr Privilege Escalation via Mount Namespace Vulnerability in aufs Module Privilege Escalation via Group-Writable Setgid Directory in Linux Kernel 3.x and 4.x Weak ACL in Huawei Mobile Broadband HL Service Allows Local Privilege Escalation Local privilege escalation via pts read and write operations in glibc package QEMU net_checksum_calculate Function Denial of Service Vulnerability Denial of Service Vulnerability in QEMU's PRNG Back-End Support Arbitrary Group Creation Vulnerability in OpenAFS Insecure Data Encryption in IBM WebSphere eXtreme Scale Arbitrary Web Script Injection Vulnerability in IBM WebSphere Commerce CSRF Vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8 and 8.0.x Versions Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management and related products Information Disclosure Vulnerability in IBM Rational Team Concert and Rational Collaborative Lifecycle Management Unspecified Vulnerability in IBM Jazz Team Server Allows Disclosure of Deployment Information Privilege Escalation in IBM InfoSphere Streams and IBM Streams XML External Entity (XXE) Vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 Cross-Site Scripting (XSS) Vulnerabilities in IBM QRadar SIEM 7.1 and 7.2 Buffer Overflow Vulnerability in IBM WebSphere DataPower XC10 Appliances 2.1 and 2.5 Cleartext Storage of Unspecified Passwords in IBM QRadar SIEM Arbitrary File Read Vulnerability in IBM Security QRadar SIEM and QRadar Incident Forensics Arbitrary SQL Command Execution Vulnerability in IBM QRadar SIEM 7.1 and 7.2 Authorization Bypass Vulnerability in IBM QRadar SIEM 7.1 and 7.2 Arbitrary OS Command Execution Vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x Privilege Escalation via Command Injection in IBM QRadar SIEM Weak Permissions in IBM QRadar SIEM Web Root Directory Cross-Site Request Forgery (CSRF) Vulnerabilities in IBM QRadar SIEM 7.1 and 7.2 Outdated Hashing Algorithms in IBM QRadar 7.2: Local User Credential Decryption Vulnerability Local User Can Obtain Encryption Key for IBM QRadar 7.2 Service Account Password Bypassing Access Restrictions in IBM QRadar SIEM and QRadar Incident Forensics Sensitive Information Disclosure in IBM TRIRIGA Application Platform IBM TRIRIGA Application Platform 3.3 - 3.5 Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x Unspecified Vector Vulnerability in IBM IMS Enterprise Suite Data Provider for Microsoft .NET Arbitrary Script Injection in IBM Jazz Reporting Service (JRS) CSRF Vulnerability in IBM Jazz Reporting Service Allows Authentication Hijacking Symlink Vulnerability in IBM Spectrum Protect CSRF Vulnerability in IBM WebSphere Portal and Web Content Manager Allows Authentication Hijacking XML External Entity (XXE) Vulnerability in IBM Single Sign On for Bluemix IBM Rational Publishing Engine 2.0.1 XSS Vulnerability in Document Builder Arbitrary Code Execution via Unrestricted File Upload in IBM Rational Publishing Engine Sensitive Password Information Disclosure in IBM TRIRIGA Applications 10.4 and 10.5 SSL Certificate Validation Bypass in IBM Rational ClearQuest Missing HTTPOnly Flag in JAX-RS API Cookie in IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 Cross-Site Scripting (XSS) Vulnerability in IBM Infosphere BigInsights Arbitrary Web Script Injection Vulnerability in IBM WebSphere Portal Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management and other products before iFix11/5.0.2 iFix19/6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Insecure Encryption Algorithms in IBM BigFix Remote Control Information Disclosure Vulnerability in IBM BigFix Remote Control Weak Password Policy in IBM BigFix Remote Control IBM BigFix Remote Control 9.1.3 Authentication Bypass Vulnerability Cleartext Information Exposure in IBM BigFix Remote Control XML Injection Vulnerability in IBM BigFix Remote Control IBM BigFix Remote Control Directory Traversal Vulnerability IBM BigFix Remote Control before 9.1.3 Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in IBM BigFix Remote Control Cleartext Storage of Unspecified Passwords in IBM BigFix Remote Control Untrusted Information Vulnerability in IBM BigFix Remote Control Cross-Site Scripting (XSS) Vulnerability in IBM iNotes Allows for Credential Disclosure Cross-Site Scripting (XSS) Vulnerability in IBM iNotes Allows for Credential Disclosure Unspecified Remote Information Disclosure Vulnerabilities in IBM BigFix Remote Control Sensitive Information Exposure in IBM UrbanCode Deploy Remote Code Execution Vulnerability in IBM UrbanCode Deploy Information Disclosure Vulnerability in IBM BigFix Remote Control Unrestricted Failed Login Attempts in IBM BigFix Remote Control Privilege Escalation via Swagger Document in IBM WebSphere Application Server Privilege Escalation via Stack-based Buffer Overflow in IBM Tivoli Monitoring Agent Sensitive Information Disclosure Vulnerability in IBM Rational Collaborative Lifecycle Management and related products Hardcoded Credentials Discovery in IBM BigFix Remote Control Information Disclosure Vulnerability in IBM BigFix Remote Control Arbitrary SQL Command Execution in IBM BigFix Remote Control Insecure Default Encryption Strength in IBM BigFix Remote Control Lack of HSTS Protection in IBM BigFix Remote Control before 9.1.3 Unencrypted Communication Vulnerability in IBM Connections Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Connections Web UI Arbitrary Script Injection in IBM Connections 5.0 and 5.5 Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Connections Web UI Sensitive Information Disclosure via Stack Trace in IBM Connections Sensitive Information Disclosure in IBM Connections Privilege Escalation Vulnerability in IBM Sametime Meeting Server 8.5.2 and 9.0 Denial of Service Vulnerability in IBM WebSphere Application Server (WAS) Sensitive Information Disclosure in IBM Integration Bus and WebSphere Message Broker CSRF Vulnerability in IBM BigFix Remote Control Allows Authentication Hijacking Detailed Error Message Disclosure in IBM Sametime 8.5.2 and 9.0 Cross-Site Request Forgery Vulnerability in IBM Sametime Meeting Server 8.5.2 and 9.0 Meeting Room Enumeration Vulnerability in IBM Sametime 8.5.1 and 9.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sametime 8.5.2 and 9.0 Authentication Bypass Vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 Email Leakage Vulnerability in IBM Sametime Meeting Server 8.5.2 and 9.0 Information Disclosure Vulnerability in IBM Sametime Meetings Server Information Disclosure in IBM Sametime Media Services 8.5.2 and 9.0 Local User Credential Exposure in IBM Sametime Meeting Server 8.5.2 and 9.0 Cross-Site Scripting Vulnerability in IBM Sametime Media Services 8.5.2 and 9.0 Unintended Disclosure of Sensitive Information in IBM Sametime Connect Cross-Site Scripting (XSS) Vulnerability in IBM Sametime 8.5.2 and 9.0 IBM Sametime Meeting Server 8.5.2 and 9.0 Meeting Report History Information Disclosure Vulnerability IBM Sametime Meeting Server 8.5.2 and 9.0 Hand Lowering Vulnerability Local Information Disclosure Vulnerability in IBM Sametime 8.5.2 and 9.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sametime Meeting Server 8.5.2 and 9.0 Sametime WebPlayer 8.5.2 and 9.0 Script Injection Vulnerability Unauthorized Access to User Credentials in IBM Jazz Team Server Remote Code Execution Vulnerability in IBM Tealeaf Customer Experience Privilege Escalation Vulnerability in IBM Spectrum Scale and General Parallel File System (GPFS) Privilege Escalation via Crafted Environment Variables in IBM Spectrum Scale and GPFS Arbitrary web script injection vulnerability in IBM Rational Collaborative Lifecycle Management and related products CLM Application Vulnerability: Exposing Administrative Deployment Parameters Multiple Simultaneous Logins Vulnerability in IBM Tivoli Storage Manager for Virtual Environments Open Redirect Vulnerability in IBM WebSphere Portal Connections Portlets Component Cross-Site Scripting (XSS) Vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Infosphere BigInsights Arbitrary Code Injection through Cross-Site Scripting (XSS) in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 Cross-site scripting (XSS) vulnerability in IBM Connections Web UI Arbitrary File Append Vulnerability in IBM Security Privileged Identity Manager 2.0 Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Connections Web UI IBM Connections CSRF Vulnerability Unspecified Brute-Force Attack Vulnerability in IBM Connections Denial of Service Vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections Web UI Cached Data Disclosure Vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections Web UI IBM Connections Cross-Site Request Forgery (CSRF) Vulnerability Cross-site scripting (XSS) vulnerability in IBM Connections Web UI Cross-site scripting (XSS) vulnerability in IBM Connections Web UI CSRF Vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Connections Web UI IBM Connections Cross-Site Request Forgery (CSRF) Vulnerability Cross-site scripting (XSS) vulnerability in IBM Connections Web UI Credentials Exposure in IBM API Connect Software Package Improper Data Conversion Handling Vulnerability in IBM WebSphere MQ 8.0 Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management, Rational Quality Manager, Rational Team Concert, Rational DOORS Next Generation, Rational Engineering Lifecycle Manager, Rational Rhapsody Design Manager, and Rational Software Architect Design Manager before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 Insufficient Verification of Code Origin and Integrity in IBM Security Access Manager for Web Sensitive Information Disclosure in IBM Security Access Manager for Web Cross-Site Scripting Vulnerability in IBM Security Access Manager for Web Weak Cryptographic Algorithms in IBM Security Access Manager for Web 9.0.0: A Decryption Vulnerability Bypassing Security Restrictions in IBM Security Access Manager for Web Sensitive Information Disclosure in IBM Security Access Manager for Web Improper File Permissions in IBM Security Access Manager for Web: A Potential Breach of Highly Sensitive Information Unauthenticated User Access to Sensitive Information in IBM Security Access Manager for Web Local File Disclosure Vulnerability in IBM Security Access Manager for Web Inadequate Restriction of Failed Login Attempts in IBM Security Access Manager for Mobile and Security Access Manager IBM Security Access Manager for Web XXE Vulnerability: Denial of Service and Sensitive Information Exposure Arbitrary Command Execution Vulnerability in IBM Security Access Manager Cross-Site Request Forgery Vulnerability in IBM Security Access Manager for Web Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 XML External Entity (XXE) Vulnerability in IBM AppScan Source 8.7 through 9.0.3.3 Weak Encryption Algorithm Used in IBM AppScan Source Sensitive Information Disclosure in IBM AppScan Source through Testlink Browsing Stack-based Buffer Overflow Vulnerability in IBM Cognos TM1 10.1 and 10.2 Sensitive Information Disclosure in IBM Cognos TM1 10.1 and 10.2 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos TM1 10.1 and 10.2 XML External Entity (XXE) Vulnerability in IBM Traveler 8.x and 9.x Arbitrary Redirection and Phishing Vulnerability in IBM WebSphere Application Server (WAS) Liberty Arbitrary Script Injection in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 via OpenID Connect Clients IBM Security Access Manager for Web: Remote Information Disclosure Vulnerability Denial of Service Vulnerability in IBM PowerKVM Sensitive Information Disclosure via URL Parameters SQL Injection Vulnerability in IBM Security Access Manager for Web Open Redirect Vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 Cross-Site Scripting (XSS) Vulnerability in IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 HTML Injection Vulnerability in IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 Privilege Escalation Vulnerability in IBM Security Access Manager for Web 9.0.0 Clear Text Transmission of Passwords in IBM WebSphere MQ Unspecified Local Privilege Escalation Vulnerability in IBM AIX Arbitrary Code Injection through File Upload in IBM FileNet Workplace 4.0.2 XML External Entity (XXE) Vulnerability in IBM FileNet Workplace 4.0.2 Arbitrary Web Script Injection in IBM Business Process Manager Arbitrary Web Script Injection Vulnerability in IBM Sterling B2B Integrator 5.2 Cleartext SQL Server Password Disclosure in IBM Tivoli Storage Manager and FlashCopy Manager Clickjacking Vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 Memory Corruption and Arbitrary Code Execution Vulnerability in Libav and FFmpeg Arbitrary API Call Execution Vulnerability in NetApp OnCommand System Manager Information Disclosure Vulnerability in NetApp Clustered Data ONTAP Vulnerability: Access Restriction Bypass and Server Crash in PostgreSQL BRIN Index Page Handling Clipboard Information Disclosure Vulnerability in spice-gtk Widget Privilege Escalation Vulnerability in Cygwin before 2.5.0 Arbitrary Code Execution via Crafted git ext:: URL in Mercurial Arbitrary Code Execution Vulnerability in Mercurial Git Repository Conversion NULL pointer dereference vulnerability in trace_writeback_dirty_page implementation in Linux kernel before 4.4 Libreswan 3.16 Vulnerability: Remote Denial of Service via IKEv2 aes_xcbc Transform SQL Injection Vulnerabilities in Katello's Scoped_Search Function Heap-based Buffer Overflow in GD Graphics Library 2.1.1 Stack-based Buffer Overflow in getnetbyname function in glibc Heap-based Buffer Overflow in j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 Denial of Service Vulnerability in oVirt Engine's VersionMapper.fromKernelVersionString Method Integer overflows in PHP Zip Extension leading to heap-based buffer overflow and application crash Cross-Site Scripting (XSS) Vulnerabilities in Spacewalk and Red Hat Satellite 5.7 Arbitrary Web Script Injection Vulnerability in Red Hat Satellite 5.7 Arbitrary Code Execution Vulnerability in Apache Struts 2 with Dynamic Method Invocation Arbitrary Code Execution via XSLTResult in Apache Struts 2.x Insecure Certificate Validation in Apache Hive (JDBC + HiveServer2) Brute Force Attack Vulnerability in UAA Reset Password Flow Authentication Bypass Vulnerability in Apache CloudStack SAML Plugin Password Leakage in YARN NodeManager Credential Store Provider Arbitrary Code Execution Vulnerability in Apache Struts 2 REST Plugin Arbitrary File Upload and Execution Vulnerability in Apache ActiveMQ 5.x Apache OpenMeetings SWF Panel XSS Vulnerability Remote Code Execution Vulnerability in Apache Struts 2.x before 2.3.20 Denial of Service Vulnerability in Cloud Foundry Diego 0.1468.0 - 0.1470.0 Denial of Service Vulnerability in Apache Commons Fileupload Apache Struts 2.0.0 through 2.3.24.1 OGNL Method Reference Caching Denial of Service Vulnerability Denial of Service via Crafted Authentication Attempt in Apache Qpid Java Local Privilege Escalation: Reading Private Key in Pulp Server Privilege Escalation via Symlink Attack in Ansible's lxc_container Module Arbitrary Web Script Injection Vulnerability in Red Hat Satellite 5.7 CSRF Vulnerability in Administrate 0.1.4 and Earlier Allows Remote Hijacking of OAuth Authorization Code Cipher Forcing Vulnerability in mod_ns in Red Hat Enterprise Linux 7 Weak Permissions in kinit in KDE Frameworks before 5.23.0 Allows Unauthorized Access to X11 Cookies Arbitrary Script Injection in Extra Columns Plugin in Jenkins Bypassing Groovy Sandbox Protection in Jenkins Script Security Plugin Denial of Service Vulnerability in MongoDB 2.6 Arbitrary Code Execution Vulnerability in Mercurial Convert Extension Insecure Temporary Directory Creation in Pulp before 2.8.3 Insecure Storage of Private Key in Pulp Node Certificate Local Privilege Escalation via Symlink Attack in Pulp's pulp-gen-nodes-certificate Script Arbitrary Code Execution Vulnerability in Shopware Backend Login Script Denial of Service Vulnerability in mod_cluster World-readable RSA key files generated during Pulp 2.8.3 installation process World-readable consumer private keys in Pulp before 2.8.3 allow privilege escalation ovirt-engine Cross-Site Scripting (XSS) Vulnerability Vulnerability: Unauthorized Modification and Deletion of Pull Requests and Comments in Kallithea CRLF Injection Vulnerabilities in OpenSSH Allow Shell-Command Bypass CRLF Injection Vulnerability in Dropbear SSH Allows Bypass of Shell-Command Restrictions CRLF Injection Vulnerability in CA API Gateway Denial of Service Vulnerability in MIT Kerberos 5 LDAP KDB Module NULL pointer dereference vulnerability in validate_as_request function in MIT Kerberos 5 (krb5) before 1.13.6 and 1.4.x before 1.14.3 allows remote authenticated users to cause denial of service Information Disclosure: PHP Version Disclosure in SimpleSAMLphp Weak Diffie-Hellman Key Vulnerability in ProFTPD Arbitrary Script Injection in BlackBerry Enterprise Server (BES) 12 Management Console Information Disclosure Vulnerability in BlackBerry Good Control Server Remote Device Spoofing Vulnerability in BlackBerry Enterprise Server (BES) 12 through 12.5.2 Remote Shell Execution Vulnerability in BlackBerry Good Enterprise Mobility Server (GEMS) Allows Remote Code Execution Information Disclosure Vulnerability in BlackBerry Enterprise Server (BES) 12 through 12.5.2 Allows Remote Credential Sniffing Authorization Bypass in Cloudera CDH before 5.6.1 via Direct Internal API Calls Double Free Vulnerability in PHP 7.x SplDoublyLinkedList::offsetSet Function Linux Kernel Netfilter Subsystem Privilege Escalation and Denial of Service Vulnerability Integer Overflow in xt_alloc_table_info Function in Linux Kernel NULL pointer dereference vulnerability in mct_u232_msr_to_state function in Linux kernel before 4.5.1 NULL pointer dereference vulnerability in cypress_m8 USB serial driver in Linux kernel before 4.5.1 NULL pointer dereference vulnerability in Linux kernel before 4.5.1 allows denial of service via USB device USB Device Descriptor Vulnerability in Linux Kernel USB Device Descriptor Vulnerability in Linux Kernel Use-after-free vulnerability in PHP WDDX Extension Out-of-bounds read and application crash vulnerability in PHAR extension in PHP Arbitrary Script Injection Vulnerability in Block Class Module for Drupal Vulnerability: Information Disclosure via Direct Read Operations on Lexmark Printers Buffer Overflow Vulnerability in Landesk Management Suite 10.0.0.271 and Earlier Remote Code Execution Vulnerability in Barco ClickShare and CSM Devices Arbitrary Web Script Injection Vulnerability in Barco ClickShare Devices Directory Traversal Vulnerability in Barco ClickShare CSC-1, CSM-1, and CSE-200 Devices Root Password Disclosure in Barco ClickShare CSC-1 Devices Arbitrary PHP Code Execution in SPIP Versions 2.x, 3.0.x, and 3.1.x PHP Object Injection Vulnerability in SPIP Weak Permissions in Siemens APOGEE Insight Application Folder Allows Unauthorized Access and Data Modification IPv4 Implementation Vulnerability in Linux Kernel Privilege Escalation and Denial of Service Vulnerability in Linux Kernel for 64-bit PV Xen Guests Vulnerability: Information Leakage via Improper Handling of FSW.ES Bit in Xen 4.x on AMD64 Processors Improper Handling of FSW.ES Bit Write Vulnerability in Xen 4.x Unquoted Service Path Vulnerability in NVIDIA Quadro, NVS, and GeForce Products: Exploiting GFE GameStream and NVTray Plugin File Access Bypass Vulnerability in Drupal 7.x and 8.x XML-RPC Brute-Force Vulnerability in Drupal 6.x and 7.x Open Redirect Vulnerability in Drupal Versions 6.x, 7.x, and 8.x Access Restriction Bypass in Drupal 6.x Form API CRLF Injection Vulnerability in Drupal 6.x before 6.38 Open Redirect Vulnerability in Drupal 6.x before 6.38 Allows Remote Attackers to Conduct Phishing Attacks Reflected File Download Vulnerability in Drupal 6.x and 7.x Privilege Escalation in Drupal User Module Sensitive Username Information Disclosure in Drupal User Module Arbitrary Code Execution via Session Data Truncation in Drupal 6.x SQL Injection Vulnerability in Cacti 0.8.8g and Earlier: Remote Code Execution via tree.php Arbitrary Code Execution via Aria-Label Parameter Injection in Open-Xchange OX AppSuite Arbitrary URL Redirection Vulnerability in Open-Xchange OX AppSuite Authentication Bypass Vulnerability in Salt with PAM External Authentication Multiple Use-After-Free and Double-Free Vulnerabilities in GIFLIB 5.1.2 Denial of Service Vulnerability in MiniSSDPd 1.2.20130907-3 Denial of Service Vulnerability in MiniSSDPd 1.2.20130907-3 Tor Browser Launcher Initial Run PGP Signature Bypass Vulnerability Memory Corruption Vulnerability in OpenJPEG's color_esycc_to_rgb Function Out-of-Bounds Read Vulnerability in OpenJPEG's sycc422_t_rgb Function Type Confusion and Application Crash in PHP SoapClient::__call Method Buffer Overflow in LibTIFF 4.0.6's readextension Function in gif2tiff.c Remote Code Execution Vulnerability in Prepopulate Module for Drupal Unspecified Impact Vulnerability in Prepopulate Module for Drupal Remote Denial of Service Vulnerability in bzip2recover in bzip2 1.0.6 Out-of-Bounds Read Vulnerability in Cairo's fill_xrgb32_lerp_opaque_spans Function Stack-based Buffer Overflow in PCRE's compile_branch Function Sensitive Data Exposure in Cloudera Manager 5.x before 5.7.1 Arbitrary web script injection vulnerability in Fortinet FortiManager and FortiAnalyzer web-application Arbitrary Web Script Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer Arbitrary Web Script Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer Arbitrary Web Script Injection in Fortinet FortiAnalyzer and FortiManager Crafted Document Exploitation: Bypassing Content Security Policy in Microsoft Edge Chakra JavaScript Engine Memory Corruption Vulnerability Windows PDF Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Internet Explorer and Microsoft Edge Windows PDF Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability True Type Font Parsing Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Internet Explorer 11 Internet Explorer Memory Corruption Vulnerability Internet Explorer XSS Filter Bypass Vulnerability WPAD Elevation of Privilege Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Windows PDF Information Disclosure Vulnerability Windows Graphics Component ASLR Bypass Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability in Windows 10 Gold and 1511 ATMFD.dll Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Critical Memory Corruption Vulnerability in Microsoft Edge Group Policy Elevation of Privilege Vulnerability Windows SMB Server Elevation of Privilege Vulnerability Active Directory Denial of Service Vulnerability Windows DNS Server Use After Free Vulnerability Windows Netlogon Memory Corruption Remote Code Execution Vulnerability Windows Search Component Denial of Service Vulnerability Windows Diagnostics Hub Elevation of Privilege Vulnerability Windows Virtual PCI Information Disclosure Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Information Disclosure Vulnerability Microsoft Office OLE DLL Side Loading Vulnerability Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability Kerberos Security Feature Bypass Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability ASLR Bypass Vulnerability in Microsoft Edge Internet Explorer TCP Connection Security Bypass Vulnerability Critical Memory Corruption Vulnerability in Microsoft Edge Microsoft Browser Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Information Disclosure Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability .NET Information Disclosure Vulnerability Windows Secure Kernel Mode Information Disclosure Vulnerability Windows File System Security Feature Bypass Vulnerability Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Internet Explorer 11 Information Disclosure Vulnerability GDI+ Information Disclosure Vulnerability GDI+ Information Disclosure Vulnerability Microsoft Browser Memory Corruption Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability Microsoft Browser Information Disclosure Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability VBScript Engine Information Disclosure Vulnerability in Microsoft Edge Windows Kernel Information Disclosure Vulnerability Microsoft Browser XSS Filter Bypass Vulnerability Microsoft Browser Spoofing Vulnerability Microsoft Browser Spoofing Vulnerability Microsoft Browser Information Disclosure Vulnerability Microsoft Office Memory Corruption Vulnerability in Outlook 2010, 2013, and 2016 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Word Viewer Remote Code Execution Vulnerability Microsoft Office Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability Secure Boot Security Feature Bypass Vulnerability Internet Explorer Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Cross-Origin Request Mishandling in Microsoft Internet Explorer 11 and Microsoft Edge: Information Disclosure Vulnerability Internet Explorer Elevation of Privilege Vulnerability Microsoft Browser Memory Corruption Vulnerability Microsoft Edge Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Chakra JavaScript Engine Remote Code Execution Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer File Existence Disclosure Vulnerability NetBIOS Spoofing Vulnerability in Microsoft Windows Netlogon Elevation of Privilege Vulnerability Windows Graphics Component RCE Vulnerability Windows Lock Screen Elevation of Privilege Vulnerability Windows Graphics Component RCE Vulnerability Windows Graphics Component RCE Vulnerability Windows Session Object Elevation of Privilege Vulnerability Windows Session Object Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability ActiveSyncProvider Credential Exposure Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft OneNote Information Disclosure Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Graphics Component Memory Corruption Vulnerability in Microsoft Office Microsoft PDF Remote Code Execution Vulnerability Secure Boot Security Feature Bypass Vulnerability Internet Explorer File Enumeration Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Internet Explorer and Edge File Existence Disclosure Vulnerability Microsoft Edge Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Transaction Manager Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Secure Kernel Mode Information Disclosure Vulnerability Windows SMBv1 Remote Code Execution Vulnerability Windows Permissions Enforcement Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Microsoft Browser Information Disclosure Vulnerability NTLM SSO Brute-Force Attack Vulnerability in Microsoft Windows Internet Explorer Security Feature Bypass via Crafted .url Files GDI Information Disclosure Vulnerability GDI Elevation of Privilege Vulnerability GDI Remote Code Execution Vulnerability in Windows 10 1607 Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Excel 2010 SP2 Remote Code Execution Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability Remote Code Execution Vulnerability in Microsoft Visio 2016 Microsoft Office Memory Corruption Vulnerability Microsoft Office Spoofing Vulnerability Microsoft Silverlight Memory Corruption Vulnerability Windows Remote Code Execution Vulnerability Windows Denial of Service Vulnerability PDF Library Information Disclosure Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Registry Access Control Vulnerability PDF Library Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability Win32k Elevation of Privilege Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Microsoft Exchange Open Redirect Vulnerability Microsoft Exchange Server 2016 Cumulative Update 1 and 2 Cross-Site Scripting (XSS) Vulnerability Microsoft Office Memory Corruption Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Internet Explorer 9-11 Chakra JavaScript Engine Memory Corruption Vulnerability Microsoft Browser Elevation of Privilege Vulnerability Microsoft Browser Elevation of Privilege Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability Chakra JavaScript Engine Memory Corruption Vulnerability in Microsoft Internet Explorer 11 and Microsoft Edge Memory Dump Exploit: Uncovering Credentials in Microsoft Browsers Microsoft Edge Content Security Policy Bypass Vulnerability Windows Graphics Component Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability SMB Protocol Vulnerability in NetApp Data ONTAP 8.1 and 8.2 Unspecified Integrity Vulnerability in Zimbra Collaboration before 8.7.0 (Bug 99810) Unspecified Confidentiality Vulnerability in Zimbra Collaboration (Bug 99167) CSRF Vulnerabilities in Zimbra Collaboration Admin Console Unspecified Remote Integrity Vulnerability in Zimbra Collaboration (CVE-2016-9922) Unspecified Remote Code Execution Vulnerabilities in Zimbra Collaboration before 8.7.0 Zimbra Collaboration Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zimbra Collaboration before 8.7.0 Zimbra Collaboration XSS Vulnerability (Bug 101813) Zimbra Collaboration XSS Vulnerability (Bug 102637) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zimbra Collaboration before 8.7.0 Zimbra Collaboration XSS Vulnerability (Bug 103609) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zimbra Collaboration before 8.7.0 Unspecified Remote Integrity Vulnerability in Zimbra Collaboration (CVE-2016-9926) Unspecified Remote Availability Vulnerability in Zimbra Collaboration Deserialization Vulnerability in Zimbra Collaboration before 8.7.0 (Bug 102276) Unspecified vulnerability in Oracle WebLogic Server component affecting confidentiality and integrity via Console vectors Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to compromise confidentiality and integrity via PIA Search Functionality. Unspecified vulnerability in Oracle Berkeley DB DataStore component Unspecified Filesystem Vulnerability in Oracle Sun Solaris 10 and 11.3 Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to affect confidentiality, integrity, and availability via Activity Guide vectors. Unspecified 2D Vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 Remote Denial of Service Vulnerability in Oracle MySQL 5.7.12 and earlier Unspecified vulnerability in Oracle Java SE and JRockit allows remote attackers to affect availability via JAXP vectors Confidentiality vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 related to JCE Unspecified JMX-related vulnerability in Oracle Java SE and JRockit Unspecified Remote Code Execution Vulnerability in Oracle Agile Engineering Data Management Component Unspecified vulnerability in Oracle Retail Xstore Point of Service component allows remote authenticated users to affect confidentiality and integrity Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 Unspecified vulnerability in Oracle BI Publisher component allows remote authenticated users to affect confidentiality and integrity via Web Server vectors Unspecified vulnerability in Oracle Business Intelligence Enterprise Edition allows remote authenticated users to affect confidentiality and integrity via Analytics Web Administration vectors Unspecified Integrity Vulnerability in Oracle E-Business Suite Unspecified Remote Code Execution Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3: Confidentiality and Integrity Impact via Tasks Unspecified vulnerability in Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 Unspecified vulnerability in Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 Unspecified vulnerability in Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 affecting confidentiality and integrity via Call Phone Number Page vectors. Remote authenticated users can disrupt availability in Oracle MySQL 5.7.11 and earlier through an unspecified vulnerability related to Server: Optimizer. Unspecified Local Filesystem Vulnerability in Oracle Sun Solaris 10 and 11.3 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to compromise confidentiality and integrity via Portal vectors Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 affecting confidentiality, integrity, and availability via 2D vectors Unspecified vulnerability in Oracle Retail Integration Bus component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Oracle WebLogic Server Unspecified vulnerability in Oracle Business Intelligence Enterprise Edition allows remote attackers to affect confidentiality, integrity, and availability via Analytics Web Administration vectors Unspecified vulnerability in Oracle Applications Framework component in Oracle E-Business Suite: Confidentiality and Integrity Impact via OAF Core Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Deployment vectors Unspecified confidentiality vulnerability in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 Unspecified Remote Integrity Vulnerability in Oracle Sun Systems Products Suite ILOM Component Remote Confidentiality Vulnerability in Oracle MySQL and MariaDB Unspecified Kernel Vulnerability in Oracle Sun Solaris 10 Unspecified vulnerability in Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware: Confidentiality, Integrity, and Availability Impact via Outside In Filters Unspecified Dialog Box Vulnerability in Oracle Complex Maintenance, Repair, and Overhaul Component Unspecified Security Vulnerability in PeopleSoft Enterprise HCM ePerformance Component CORBA-related Integrity Vulnerability in Oracle Java SE Remote Denial of Service Vulnerability in Oracle MySQL and MariaDB Unspecified vulnerability in PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 affecting ePerformance module Unspecified vulnerability in MySQL Enterprise Monitor component allows remote administrators to affect confidentiality, integrity, and availability Local users can disrupt availability in Oracle Sun Solaris 11.3 through an unspecified vulnerability in the Network Configuration Service. Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote attackers to compromise confidentiality and integrity via Pre-Login vectors. Confidentiality vulnerability in Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 ZFS-related Local Availability Vulnerability in Oracle Sun Solaris 10 and 11.3 Unspecified Wireless Vulnerability in Oracle Field Service Component in Oracle E-Business Suite Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM Unspecified vulnerability in Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 Unspecified Local Privilege Escalation Vulnerability in Oracle MySQL Unspecified Confidentiality Vulnerability in Oracle Siebel CRM Unspecified Confidentiality Vulnerability in Oracle BI Publisher Unspecified Confidentiality Vulnerability in Oracle BI Publisher Component Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.5.x Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM 8.5.x Local Privilege Escalation Vulnerability in Oracle MySQL and MariaDB Unspecified File Processing Vulnerability in Oracle PeopleSoft Products Unspecified Remote Availability Vulnerability in Oracle Database Server Unspecified Local Confidentiality Vulnerability in Solaris Cluster Component Unspecified Remote Availability Vulnerability in Oracle Sun Systems Products Suite ILOM Component Unspecified SSL/TLS Module Vulnerability in Oracle HTTP Server Unspecified File Processing Vulnerability in Oracle PeopleSoft Products Unspecified Local Vulnerability in Oracle Database Vault Component Local Integrity Vulnerability in Oracle Java SE and JRockit R28.3.10 Remote authenticated users can disrupt availability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier through Server: FTS vectors. Unspecified vulnerability in Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 Unspecified Local Integrity Vulnerability in Oracle Database Server 12.1.0.2 Unspecified vulnerability in Oracle Database Server Data Pump Import component Unspecified vulnerability in Oracle Transportation Management component affecting confidentiality via Database vectors Unspecified vulnerability in Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 affecting confidentiality and integrity via Wireless Framework vectors Remote authenticated users can affect availability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier through Server: Optimizer vectors. Unspecified vulnerability in Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 Unspecified vulnerability in Oracle Enterprise Manager Ops Center component allows remote attackers to affect availability via OS Provisioning vectors Remote Denial of Service Vulnerability in Oracle MySQL 5.7.13 and earlier Confidentiality vulnerability in Oracle Enterprise Manager Grid Control 11.1.1.7 and 11.1.1.9 Unspecified Local Availability Vulnerability in Oracle Sun Solaris 11.3 Java SE Vulnerability: Remote Attackers Exploit Availability via JavaFX Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 Unspecified Remote Availability Vulnerability in Oracle Java SE and JRockit Remote authenticated users can disrupt availability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier through an unspecified vulnerability related to Server: Optimizer. Unspecified vulnerability in Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 affecting confidentiality, integrity, and availability via Install vectors Unspecified vulnerability in Oracle JDeveloper component in Oracle Fusion Middleware: ADF Faces Unspecified vulnerability in Oracle WebLogic Server component affecting confidentiality, integrity, and availability via JavaServer Faces vectors Unspecified vulnerability in Oracle Database Server and Oracle Retail Applications Unspecified Remote Integrity Vulnerability in Oracle Agile PLM Component Unspecified Remote Availability Vulnerability in Oracle Java SE and JRockit Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 affecting confidentiality, integrity, and availability via Deployment vectors Unspecified Function Security Vulnerability in Oracle Customer Interaction History Component in Oracle E-Business Suite Unspecified Confidentiality Vulnerability in Oracle Communications Operations Monitor Unspecified Confidentiality Vulnerability in Oracle Enterprise Communications Broker Unspecified Confidentiality Vulnerability in Oracle Enterprise Communications Broker Unspecified Confidentiality Vulnerability in Oracle Enterprise Communications Broker Unspecified Remote Code Execution Vulnerability in Oracle Agile PLM Component Remote authenticated users can disrupt availability in Oracle MySQL 5.7.12 and earlier through an unspecified vulnerability related to Server: Optimizer. Unspecified Remote Code Execution Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Oracle Application Object Library component in Oracle E-Business Suite: Confidentiality Impact via AOL Diagnostic Tests Remote authenticated users can affect availability in Oracle MySQL and MariaDB through Server: Types vulnerability Unspecified vulnerability in Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite Unspecified Remote Integrity Vulnerability in Oracle Web Applications Desktop Integrator Unspecified vulnerability in Oracle E-Business Suite allows remote attackers to compromise confidentiality and integrity via Configuration vectors Unspecified vulnerability in Oracle Applications Manager in Oracle E-Business Suite 12.1.3 affecting confidentiality via Cookie Management vectors Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified Remote Code Execution Vulnerability in Oracle Demand Planning Component Unspecified vulnerability in Oracle Internet Expenses component in Oracle E-Business Suite: Remote Availability Impact via Expenses Admin Utilities Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified Remote Code Execution Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified vulnerability in Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 Unspecified vulnerability in Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 Unspecified vulnerability in Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 Unspecified vulnerability in Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 Unspecified vulnerability in Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 affecting confidentiality and integrity via Deliverables Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Confidentiality vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 Unspecified vulnerability in Oracle Common Applications Calendar component in Oracle E-Business Suite: Confidentiality and Integrity Impact via Notes Unspecified Remote Code Execution Vulnerability in Oracle Knowledge Management Component Unspecified vulnerability in Oracle Common Applications Calendar component in Oracle E-Business Suite: Confidentiality and Integrity Impact via Tasks Unspecified vulnerability in Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Application Object Library component in Oracle E-Business Suite: Confidentiality Impact via Web-Based Help Screens Unspecified vulnerability in Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3: Confidentiality and Integrity Impact via Report JSPs Unspecified Confidentiality Vulnerability in Oracle One-to-One Fulfillment Component Unspecified Confidentiality Vulnerability in Oracle Marketing Component Unspecified vulnerability in Oracle E-Business Suite Secure Enterprise Search component Confidentiality vulnerability in Oracle Java SE and Java SE Embedded Unspecified vulnerability in Oracle Web Services component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Java SE 8u92 affecting confidentiality, integrity, and availability via Install vectors Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified Remote Code Execution Vulnerability in Oracle Agile PLM Component Unspecified File Load Vulnerability in Oracle Agile PLM Component Unspecified integrity vulnerability in Oracle Email Center component in Oracle E-Business Suite Unspecified integrity vulnerability in Oracle Email Center component in Oracle E-Business Suite Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Confidentiality vulnerability in Oracle Database Server 11.2.0.4 and 12.1.0.2 Unspecified Local Vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.5 Unspecified vulnerability in Oracle TopLink component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Retail Order Broker component allows remote authenticated users to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified remote vulnerability in Primavera P6 Enterprise Project Portfolio Management component Unspecified Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified vulnerability in Primavera P6 Enterprise Project Portfolio Management component Unspecified Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Oracle Fusion Middleware Outside In Technology component Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to compromise system security via Libadimalloc. Unspecified vulnerability in ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 affecting Hotspot Remote authenticated users can compromise integrity and availability in Oracle MySQL 5.7.12 and earlier through an unspecified vulnerability related to Server: InnoDB. Unspecified Remote Code Execution Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 Unspecified vulnerability in Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Hotspot-related vectors Unspecified vulnerability in Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 Unspecified Confidentiality Vulnerability in Oracle GlassFish Server Component Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 Unspecified vulnerability in Oracle Retail Order Broker component allows remote attackers to compromise confidentiality and integrity Unspecified Confidentiality Vulnerability in Oracle VM VirtualBox Unspecified OpenSSL-related vulnerability in Oracle Secure Global Desktop component in Oracle Virtualization Unspecified vulnerability in Oracle MySQL: Remote authenticated users can affect availability via Server: Security: Encryption vectors Remote authenticated users can affect availability in Oracle MySQL and MariaDB through Server: DML vulnerability Remote Code Execution Vulnerability in cjpeg Utility of libjpeg Buffer Over-read Vulnerability in LibTIFF's bmp2tiff Tool Buffer Over-read Vulnerability in LibTIFF's ZIPEncode Function Buffer Over-read Vulnerability in LibTIFF's LZWEncode Function Denial of Service Vulnerability in LibTIFF's tiff2rgba Tool Denial of Service Vulnerability in LibTIFF's rgb2ycbcr Tool Out-of-Bounds Write Vulnerability in LibTIFF's rgb2ycbcr Tool Out-of-Bounds Read Vulnerability in LibTIFF's tiff2bw Tool Denial of Service Vulnerability in libxml2 2.9.3 and Earlier Buffer Overflow Vulnerability in TIBCO Enterprise Message Service (EMS) Arbitrary Code Execution Vulnerability in Mercurial's Binary Delta Decoder Out-of-Bounds Read Vulnerability in LibTIFF Thumbnail Tool Out-of-Bounds Write Vulnerability in LibTIFF's _TIFFVGetField Function Out-of-Bounds Read Vulnerability in LibTIFF Thumbnail Tool Out-of-Bounds Read Vulnerability in LibTIFF's tagCompare Function SAP Netweaver 7.4 UCON Access Control Bypass Vulnerability Denial of Service Vulnerability in SAP SLD Registration Program (SLDREG) (CVE-2021-XXXX) SAP HANA DB 1.00.091.00.1418659308 Information Disclosure Vulnerability Sensitive Password Information Disclosure in SAP HANA DB 1.00.091.00.1418659308 Remote Code Execution via Serialized Java Object in SolarWinds Virtualization Manager Privilege Escalation via Misconfigured Sudo in SolarWinds Virtualization Manager Arbitrary Code Execution and Denial of Service Vulnerability in Symantec Products Integer Overflow in Symantec Products TNEF Unpacker Vulnerability Remote Code Execution and Denial of Service Vulnerability in Symantec Products Server-side Request Forgery (SSRF) Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Authentication Bypass Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Remote Enumeration of Administrator Accounts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Brute-Force Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 SEPM 12.1 before RU6 MP5 PHP JSESSIONID Discovery Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Cross-Site Request Forgery (CSRF) Vulnerabilities in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Arbitrary OS Command Execution in Palo Alto Networks PAN-OS CLI Arbitrary OS Command Execution in Palo Alto Networks PAN-OS Management Web Interface Denial of Service Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Portal Buffer Overflow Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Portal Out-of-Bounds Read Vulnerability in LibTIFF's TIFFWriteDirectoryTagLongLong8Array Function SQL Injection Vulnerability in Cacti 0.8.8.g: Remote Code Execution via graph_view.php Unverified X.509 Certificate Vulnerability in Trend Micro Mobile Security for iOS Arbitrary Script Injection in Liferay Profile Search Functionality Vulnerability: Inadequate Randomization of Legacy Base Address in Linux Kernel Multiple XML External Entity (XXE) Vulnerabilities in XStream Drivers SQL Injection Vulnerability in Huawei Policy Center Vulnerability: Man-in-the-Middle Attack on Huawei E3276s USB Modems Unvalidated SSL Certificates in Huawei Wear App for Android (HWPSIRT-2016-03008) Denial of Service Vulnerability in Huawei Quidway Switches Unspecified Vulnerabilities in Google V8: Denial of Service and Potential Impact Buffer Overflow Vulnerability in Huawei Mate 8 Wi-Fi Driver Buffer Overflow Vulnerability in Huawei Mate 8 Wi-Fi Driver Hardcoded Encryption Key Vulnerability in SAP Download Manager 2.1.142 and Earlier SAP Download Manager Vulnerability: Weak Encryption Key Generation Sensitive SessionId Information Disclosure in F5 BIG-IP APM and BIG-IP Edge Gateway Open Redirect Vulnerability in F5 BIG-IP APM and Edge Gateway Arbitrary SQL Command Execution Vulnerability in dotCMS before 3.5 Denial of Service Vulnerability in Linux Kernel's ims_pcu_parse_cdc_data Function Arbitrary Code Execution Vulnerability in JBoss EAP 4.x and 5.x via PooledInvokerServlet CSRF Protection Bypass via GET Method in Kallithea Sensitive Information Disclosure in Safemode Gem for Ruby SQL Injection Vulnerabilities in Modified eCommerce Shopsoftware 2.0.0.0 Revision 9678 with easybill-module Absence Denial of Service Vulnerability in Linux Kernel's einj_error_inject Function Local Privilege Escalation: Obtaining CA Key in Pulp Privilege Escalation via Numeric Username in Docker Containers Neighbor Discovery Protocol (NDP) Origin Validation Bypass Vulnerability Bypassing Secure Boot Restrictions in Linux Kernel with ACPI Table Injection CFME 5 Padding Oracle Vulnerability Insecure Origin Validation in Red Hat OpenShift Enterprise 3.2 and 3.1 Insecure Password Generation in Pulp before 2.8.5 Denial of Service Vulnerability in libxml2 2.9.3 Incomplete fix for stack-based buffer overflow in getaddrinfo function in glibc Remote Code Execution via ICMP Echo Request in Linux Kernel Remote Access to Restricted Pods in Red Hat OpenShift Enterprise 3.2 Cross-Site Scripting Vulnerability in libxml (Commit 960f0e2) Dark Portal: Arbitrary Code Execution Vulnerability in QEMU's VGA Module Information Disclosure Vulnerability in HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin Vulnerability: Integer Overflow in QEMU VGA Module Allows Denial of Service Vulnerability: Privilege Escalation and Denial of Service in Linux Kernel's MSR 0x2f8 Handling ImageTragick: Remote Code Execution via Crafted Image Arbitrary File Deletion Vulnerability in ImageMagick Arbitrary File Movement Vulnerability in ImageMagick Arbitrary File Read Vulnerability in ImageMagick LABEL Coder Server-side Request Forgery (SSRF) Vulnerability in ImageMagick XML External Entity (XXE) Vulnerability in Jackson-Dataformat-XML Arbitrary Build Parameter Injection in Jenkins Denial of Service Vulnerability in Jenkins: Multiple Account Full Name Editing Unauthenticated Access to Sensitive Plugin Installation Information in Jenkins Sensitive Password Information Disclosure in Jenkins Missing Permissions Check in Jenkins Update Site Metadata Update Open Redirect Vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 Information Disclosure Vulnerability in Jenkins API URL Arbitrary Code Execution Vulnerability in TFTP Module of Smart-Proxy in Foreman Profile Field Editing Vulnerability in Moodle Versions 2.7 through 3.0.3 Information Disclosure Vulnerability in Moodle Vulnerability: Unauthorized Access to User Badges in Moodle Course IDnumber Overwrite Vulnerability in Moodle CSRF Vulnerability in Moodle Allows Authentication Hijacking Predictable Password Reset Tokens in Piwigo Image Gallery Software Arbitrary Code Execution Vulnerability in Red Hat JBoss Operations Network (JON) Privilege Escalation via STI Builds in Red Hat OpenShift Enterprise 3.2 Arbitrary Valid Certificate Spoofing Vulnerability in cURL and libcurl Heap-based Buffer Overflow in Foxit Reader 7.3.4.311 Allows Remote Code Execution Uninitialized Slice Data Vulnerability in Android H.264 Decoder Insecure Intra Mode Handling in Android 6.x Mediaserver (CVE-2016-xxxx) Uninitialized Data Structures Vulnerability in Android 6.x Mediaserver (CVE-2016-xxxx) Buffer overflow vulnerability in Bluetooth pairing operation in Android versions 4.x to 6.x Buffer overflow vulnerability in Android mediaserver allows privilege escalation via crafted application (CVE-2016-3820) Use-after-free vulnerability in mm-video-v4l2 vdec component in Android mediaserver Use-after-free vulnerability in mm-video-v4l2 venc component in Android mediaserver Bypassing System-Call Restrictions via Crafted Application in Android 6.x Screen-lock password or pattern modification vulnerability in LockSettingsService in Android 6.x before 2016-07-01 Bypassing Isolation Protection Mechanism in Android Parcels Framework APIs Privilege Escalation Vulnerability in libpng Privilege Escalation Vulnerability in Android 6.x ChooserTarget Service Information Disclosure Vulnerability in Android Mediaserver Denial of Service Vulnerability in Android Mediaserver Denial of Service Vulnerability in Android 6.x Media Server (CVE-2016-28470138) Denial of Service Vulnerability in Android Mediaserver (CVE-2016-xxxx) Memory-mapped File Privilege Escalation Vulnerability Buffer overflow vulnerabilities in DexClassLoader in Android 4.x, 5.x, and 6.x Privilege Escalation via Backup Data Reading in Android Framework APIs Privilege Escalation via Persistent Bluetooth Pairing in Android Information Disclosure Vulnerability in NFCService in Android Privilege Escalation via Crafted Application in Android Sockets Subsystem Improper Restriction of URL Information in Android PAC Feature Sensitive Pointer Information Disclosure in Android Media Server Out-of-Bounds Read Vulnerability in Android 6.x Mediaserver (CVE-2016-28168413) Memory Allocation Vulnerability in MPEG4Extractor.cpp in libstagefright in Android Privilege Escalation Vulnerability in MediaTek Wi-Fi Driver on Android One Devices Privilege Escalation Vulnerability in Qualcomm Performance Component on Nexus Devices Privilege Escalation Vulnerability in NVIDIA Video Driver on Nexus 9 Devices Privilege Escalation Vulnerability in MediaTek Drivers on Android One Devices Privilege Escalation Vulnerability in MediaTek Drivers on Android One Devices Privilege Escalation Vulnerability in MediaTek Drivers on Android One Devices Privilege Escalation Vulnerability in MediaTek Drivers on Android One Devices Privilege Escalation Vulnerability in MediaTek Drivers on Android One Devices Privilege Escalation Vulnerability in Android Kernel Filesystem Implementation Privilege Escalation via Crafted Application in Qualcomm Wi-Fi Driver on Nexus 7 (2013) Privilege Escalation Vulnerability in NVIDIA Camera Driver on Nexus 9 Devices Privilege Escalation Vulnerability in MediaTek Power Driver on Android One Devices Privilege Escalation Vulnerability in MediaTek Power Driver on Android One Devices Privilege Escalation Vulnerability in Qualcomm Wi-Fi Driver on Nexus 5X Devices Privilege Escalation Vulnerability in MediaTek Hardware Sensor Driver on Android One Devices Privilege Escalation Vulnerability in MediaTek Video Driver on Android One Devices Privilege Escalation Vulnerability in MediaTek Video Driver on Android One Devices Privilege Escalation Vulnerability in MediaTek GPS Driver on Android One Devices Privilege Escalation Vulnerability in Android Kernel Filesystem Implementation on Nexus 9 Devices (CVE-2016-28271368) Privilege Escalation Vulnerability in Android Kernel Filesystem Implementation on Nexus 5X and 6P Devices (CVE-2016-28588434) Privilege Escalation Vulnerability in MediaTek Power Management Driver on Android One Devices Privilege Escalation Vulnerability in MediaTek Power Management Driver on Android One Devices Privilege Escalation Vulnerability in MediaTek Display Driver on Android One Devices Privilege Escalation Vulnerability in Android SPI Driver on Nexus 5X and 6P Devices (CVE-2016-28402196) Privilege Escalation Vulnerability in Android Serial Peripheral Interface Driver on Pixel C Devices (CVE-2016-28430009) Information Disclosure Vulnerability in Android Networking Component Sensitive Information Disclosure in MediaTek Wi-Fi Driver on Android One Devices Privilege Escalation Vulnerability in Android Kernel Video Driver on Nexus 9 Devices (CVE-2016-28447556) Sensitive Information Disclosure in MediaTek Video Codec Driver on Android One Devices Vulnerability in Qualcomm USB Driver on Nexus Devices Allows Information Disclosure Nexus 9 NVIDIA Camera Driver Information Disclosure Vulnerability Nexus 9 NVIDIA Camera Driver Vulnerability Sensitive Information Disclosure in MediaTek Display Driver on Android One Devices Denial of Service Vulnerability in Android 4.x (CVE-2015-1528) Integer Overflow Vulnerability in libstagefright in Android Memory Corruption Vulnerability in Android's ih264d Decoder Remote Code Execution and Denial of Service Vulnerability in Android Mediaserver Out-of-Bounds Access Vulnerability in jhead 2.87 Heap Pointer Mishandling in mm-video-v4l2 venc Component in Android Buffer Port Validation Bypass Vulnerability in Android Mediaserver Incorrect Memory Allocation in Android mediaserver (CVE-2016-3822) AudioFlinger Effect Command Reply Size Validation Vulnerability Denial of Service Vulnerability in Android 6.0.1's libstagefright Codec Denial of Service Vulnerability in Android 6.x Mediaserver Uninitialized Structure Members Vulnerability in ih264d Decoder Denial of Service Vulnerability in Android's libstagefright Codec (CVE-2016-3861) Year 2038 Problem: Denial of Service Vulnerability in Android Telephony Component Vulnerability: Package Data Origin Validation Bypass in Android Framework APIs Vulnerability: Privilege Escalation via MANAGE_USERS and CREATE_USERS Permissions in Android Shell Component Vulnerability: Information Disclosure in Android Camera APIs Heap Pointer Information Disclosure Vulnerability in Android's mm-video-v4l2 venc Component Information Disclosure Vulnerability in Android SurfaceFlinger Service Information Disclosure Vulnerability in Wi-Fi on Android 5.x and 6.x Denial of Service Vulnerability in Android 6.x: Loss of Locked-Screen 911 Functionality Denial of Service Vulnerability in Android Bluetooth (CVE-2016-0801) Session Reuse Vulnerability in Conscrypt on Android 4.x to 6.x IPv6 Stack Vulnerability in Linux Kernel Privilege Escalation Vulnerability in Qualcomm GPU Driver on Nexus 5X, 6, and 6P Devices Android Kernel Code Execution Vulnerability Privilege Escalation Vulnerability in Mediaserver on Nexus 9 and Pixel C Devices (CVE-2016-0825) Privilege Escalation Vulnerability in Android Video Driver on Nexus 5 Devices Privilege Escalation Vulnerability in Android SPI Driver on Nexus 5X and 6P Devices Privilege Escalation Vulnerability in NVIDIA Media Driver on Nexus 9 Devices Privilege Escalation Vulnerability in NVIDIA Media Driver on Nexus 9 Devices Privilege Escalation Vulnerability in ION Driver on Pixel C Devices (CVE-2016-0815) Integer Overflow in Qualcomm Bootloader Allows Privilege Escalation Privilege Escalation Vulnerability in LG Electronics Bootloader on Nexus 5X Devices Sensitive Information Disclosure in MediaTek Wi-Fi Driver on Android One Devices Factory Reset Protection Bypass Vulnerability in Google Play Services on Nexus Devices Out-of-bounds array access vulnerability in Qualcomm Android Components Out-of-bounds array access vulnerability in Qualcomm components in Android before 2016-08-05 Denial of Service Vulnerability in Android's netd Service Privilege Escalation Vulnerability in Android Kernel on Nexus 7 (2013) Devices Buffer Overflow in Qualcomm Subsystem Driver on Nexus 5X and 6P Devices Privilege Escalation Vulnerability in Qualcomm Camera Driver on Nexus Devices Information Disclosure Vulnerability in Qualcomm Sound Driver on Android Devices Heap-based buffer overflow vulnerability in LibUtils in Android versions before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 ExifInterface.java Memory Corruption Vulnerability Stack-based buffer overflows in AVCC reassembly implementation in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 Privilege Escalation Vulnerability in Qualcomm Radio Interface Layer on Android Devices Privilege Escalation Vulnerability in Synaptics Touchscreen Driver on Nexus 5X and 9 Devices Privilege Escalation Vulnerability in Qualcomm Sound Driver on Nexus 5X, 6, and 6P Devices Privilege Escalation Vulnerability in Qualcomm IPA Driver on Nexus 5X and 6P Devices Privilege Escalation Vulnerability in Qualcomm Power Driver on Nexus 5X and 6P Devices Privilege Escalation Vulnerability in Broadcom Wi-Fi Driver on Android Devices Privilege escalation vulnerability in Android mediaserver (CVE-2016-3861) Multiple buffer overflows in libstagefright in Android mediaserver Buffer Overflow Vulnerability in libstagefright in Android Privilege Escalation Vulnerability in NVIDIA Kernel on Nexus 9 Devices Privilege Escalation via Crafted WE_UNIT_TEST_CMD Command in Qualcomm Wi-Fi Driver Bypass of DISALLOW_SAFE_BOOT Setting in Android 6.x Bypassing SAFE_BOOT_DISALLOWED Protection Mechanism via ADB Tool Unspecified Vulnerability in Android with Unknown Impact and Attack Vectors Denial of Service Vulnerability in Android 6.x Mediaserver (CVE-2016-xxxx) Denial of Service Vulnerability in Android Mediaserver (CVE-2016-3861) Buffer Overflow Vulnerabilities in libstagefright in Android Denial of Service Vulnerability in libvpx in Android Denial of Service Vulnerability in Wi-Fi VenueNameElement in Android 6.x and 7.0 Vulnerability in SMSDispatcher.java allows spoofing of premium-payment confirmation dialog Lack of UID Checks in Android Notification Manager Service Privilege Escalation via Debuggerd in Android Privilege Escalation via System UI Tuner in Android 7.0 Bypassing Always-On VPN State in Android 7.0 Bypass of Factory Reset Protection in Android Setup Wizard Bypassing Factory Reset Protection in Android 6.x and 7.0 Privilege Escalation via JDWP Socket Close Operations in Android Sensitive Information Disclosure in Qualcomm SPMI Driver on Nexus Devices Improper Firmware Data Copy Vulnerability in Qualcomm Sound Codec on Nexus 6P Devices Qualcomm DMA Component Vulnerability on Nexus 6 Devices Integer Overflow in Region::unflatten Function in Android Mediaserver Sensitive Information Disclosure in AOSP Mail on Android 4.x to 6.x Sensitive Information Disclosure in WifiEnterpriseConfig.toString() Method Denial of Service Vulnerability in Android Telephony (CVE-2016-xxxx) Denial of Service Vulnerability in Android Media Server (CVE-2016-xxxx) Improper Service Registration Vulnerability in Android ServiceManager Integer overflows in Qualcomm cryptographic engine driver on Android devices Information Disclosure Vulnerability in Qualcomm IPA Driver on Nexus 5X and 6P Devices Privilege Escalation in Qualcomm Camera Driver on Nexus and Android One Devices Elevation of Privilege Vulnerability in Qualcomm Bus Driver in Android Privilege Escalation via Crafted SENDACTIONFRAME Command in Qualcomm Wi-Fi Driver on Nexus 5X Devices Information Disclosure Vulnerability in Qualcomm Components Information Disclosure Vulnerability in Qualcomm Components Vulnerability: PIN/Password Removal in Android Lock Settings Service Privilege Escalation Vulnerability in Android's SoftMPEG4 Component Privilege Escalation Vulnerability in Android SoundTriggerHwService Privilege escalation vulnerability in Zygote process in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 Privilege Escalation Vulnerability in Android Framework APIs Privilege escalation vulnerability in Android mediaserver (CVE-2016-3861) Privilege escalation through race condition in Telephony MmsProvider Privilege escalation vulnerability in Android Camera service (CVE-2016-xxxx) Privilege escalation vulnerability in Android Camera service (CVE-2016-xxxx) Insecure Fingerprint Authentication in Android 6.0.1 and 7.0 Arbitrary Attachment Reading Vulnerability in AOSP Mail Denial of Service Vulnerability in Android Media Server Privilege Escalation in Android Framework Listener Variable-length arrays vulnerability in libril/RilSapSocket.cpp in Telephony in Android 6.x and 7.0 before 2016-10-01 Touchjacking Vulnerability in Android 7.0 Accessibility Services Unvalidated Command Vulnerability in Android Audioflinger Denial of Service Vulnerability in Android Wi-Fi ANQPFactory Unspecified Qualcomm Component Vulnerability in Android Devices Unspecified Qualcomm Component Vulnerability in Android Devices Privilege Escalation Vulnerability in MediaTek Video Driver on Android Unspecified Qualcomm Component Vulnerability in Android Devices Privilege Escalation Vulnerability in NVIDIA MMC Test Driver on Nexus 9 Devices Privilege Escalation Vulnerability in Qualcomm QSEE Communicator Driver Privilege Escalation Vulnerability in Android Mediaserver Privilege Escalation Vulnerability in Mediaserver on Nexus 9 and Pixel C Devices (CVE-2016-xxxx) Variable-length arrays in Qualcomm camera driver on Android devices allow privilege escalation via crafted applications Integer overflows in Qualcomm cryptographic engine driver on Android devices Privilege Escalation Vulnerability in MediaTek Video Driver on Android Privilege Escalation Vulnerability in MediaTek Video Driver on Android Privilege Escalation Vulnerability in Qualcomm Video Driver on Nexus and Android One Devices Privilege Escalation Vulnerability in Qualcomm Video Driver on Nexus and Android One Devices Privilege Escalation Vulnerability in Synaptics Touchscreen Driver on Nexus 6P and Android One Devices Buffer Overflow in AStreamPeekStream Function in VLC Media Player Weak ACL in Panda Endpoint Administration Agent allows local users to gain SYSTEM privileges Lenovo Accelerator Application Vulnerability: Remote Code Execution via Update Spoofing Integer overflows in cvt_by_strip and cvt_by_tile functions in LibTIFF 4.0.6 and earlier SAP Console 7.30 Local User Credential Disclosure Vulnerability Heap-based Buffer Overflow in Icmp6::Recv Function in Squid Improper Bounds Checking in Squid HTTP Proxy Allows Denial of Service Denial of Service Vulnerability in Siemens SIMATIC S7-300 Profinet-enabled and Profinet-disabled CPU Devices Denial of Service Vulnerability in Huawei AR3200 Routers Double Free Vulnerability in Linux Kernel USB Driver Remote Code Execution via Environment Variable Disclosure in web2py Arbitrary Code Execution Vulnerability in web2py before 2.14.2 Session Cookie Key Disclosure Vulnerability Out-of-Bounds Write Vulnerability in usbip_recv_xbuff Function Arbitrary Bearer Token Exposure in npm and Node.js CLI Arbitrary Code Execution via Insecure Session Deserialization in web2py Untrusted Search Path Vulnerability in Go on Windows Denial of Service Vulnerability in Go's Verify Function Xen x86 Shadow Pagetable Integer Overflow Vulnerability Denial of Service Vulnerability in Xen and Linux Kernel through 4.5.x Stack-based Buffer Overflow in Meinberg IMS-LANTIME Devices Siemens SCALANCE S613 Denial of Service Vulnerability Sophos Cyberoam UTM Appliance Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary Web Script Injection in McAfee Email Gateway (MEG) 7.6.x Arbitrary Web Script Injection in dotCMS Lucene Search DotCMS Directory Traversal Vulnerability Information Disclosure Vulnerability in SAP NetWeaver Java AS 7.1 through 7.5 SAP NetWeaver Java AS XXE Vulnerability (SAP Security Note 2235994) SAP NetWeaver AS Java Cross-Site Scripting (XSS) Vulnerability SAP NetWeaver AS Java Directory Traversal Vulnerability Heap-based Buffer Overflow in gif2rgb in giflib 5.1.2: Remote Denial of Service via Background Color Index in GIF File Arbitrary Redirect and Cross-Site Scripting (XSS) Vulnerability in FortiOS Web User Interface Denial of Service Vulnerability in SAP JAVA AS 7.2 through 7.4 Denial of Service Vulnerability in SAP Java AS 7.2 through 7.4 (SAP Security Note 2259547) Heap-based Buffer Overflow in bmp_read_rows function in OptiPNG Heap-based buffer overflow in OptiPNG before 0.7.6 allows remote attackers to execute arbitrary code or cause a denial of service Bypassing Malware Detection in McAfee Advanced Threat Defense (ATD) Vulnerability: Local Administrators Bypass Self-Protection Rules in McAfee Security Products Bypassing Access Restrictions in Pulse Connect Secure RDP Client Session Restrictions Avast Vulnerability: Remote Code Execution and Denial of Service via Crafted PE File Arbitrary Command Execution Vulnerability in Trend Micro Password Manager's HTTP Server Stack-based Buffer Overflow Vulnerabilities in Meinberg IMS-LANTIME and LANTIME Devices Privilege Escalation via NTP Time-Server Interface on Meinberg Devices Heap-based Buffer Overflow in LibTIFF's tiffcp Function Heap-based Buffer Overflow in loadImage Function in LibTIFF Local Privilege Escalation via Symlink Attack in Cronic Before 3 Denial of Service Vulnerability in imlib2's __imlib_MergeUpdate Function Out-of-Bounds Read Vulnerability in imlib2 GIF Loader Timing Attack Vulnerability in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 Insecure Caller Verification in Samsung KNOX ClipboardDataMgr Failure to Enable SMB Signing Enforcement in NetApp Clustered Data ONTAP: A Gateway for Man-in-the-Middle Attacks and Privilege Escalation SMB Protocol Vulnerability in NetApp AltaVault 4.1 and Earlier Unspecified Cross-Site Scripting (XSS) Vulnerabilities in Zimbra Collaboration before 8.7.0 Arbitrary Code Execution Vulnerability in Jython before 2.7.1rc1 Buffer Overflow in QEMU's stellaris_enet_receive Function Allows Remote DoS Buffer Overflow in QEMU's mipsnet_receive Function Allows Remote Code Execution Arbitrary Web Script Injection via URLDecoder XSS Vulnerability Arbitrary File Read Vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 Huawei Hilink App for Android SSL Certificate Validation Vulnerability Unbounded Protocol-Tree Depth Vulnerability in Wireshark Arbitrary Command Execution Vulnerabilities in obs-service-extract_file Package Denial of Service Vulnerability in GNU Libtasn1 Heap-based Buffer Overflow in Pillow's ImagingResampleHorizontal Function Arbitrary PHP Code Execution via Serialized Shopping Cart Data in Magento CE and EE before 2.0.6 SAP NetWeaver JAVA AS 7.4 UDDI Component XXE Denial of Service Vulnerability Denial of Service Vulnerability in SAP NetWeaver JAVA AS 7.1 through 7.4 (SAP Security Note 2258784) Arbitrary Web Script Injection in SAP Manufacturing Integration and Intelligence (MII) 15 SAP HANA Data Provisioning Agent Denial of Service Vulnerability SAP HANA Data Provisioning Agent Vulnerability Unspecified Remote Integrity Vulnerability in Zimbra Collaboration (Bug 104477) Uninitialized Variable in QEMU's patch_instruction Function Allows Information Disclosure Denial of Service Vulnerability in pgpdump's read_binary Function Integer Overflow in Imlib2 Allows Remote Code Execution via Large Image Dimensions Bypassing DeepScreen Feature via DeviceIoControl Call in Avast Security Products Content Sanitizer Bypass Vulnerability in Open-Xchange OX App Suite Open-Xchange OX App Suite before 7.8.1-rev10 allows unauthorized access to user accounts through cookie storage vulnerability Padding Oracle Attack in Open-Xchange OX Guard API Inadequate IP Address Validation in WordPress Allows SSRF Bypass Unintended Availability of Modem in USB Configuration Number 2 Vulnerability Vulnerability: SVE-2016-5301 - AT Command Injection via USB Connection SVE-2016-5301: Android Settings Modification via AT+USBDEBUG and AT+WIFIVALUE on Samsung Galaxy Devices Weak Permissions in Quagga Package Allows Local Information Disclosure Denial of Service Vulnerability in QEMU's ehci_advance_state Function Array Index Error in msm_sensor_config Function Allows Local Users to Have Unspecified Impact in Samsung Devices with Android KK(4.4) or L Arbitrary SQL Command Execution in dotCMS Workflow Screen (CVE-XXXX-XXXX) Unauthenticated WebDAV Access Vulnerability in Plone 4.0 through 5.1a1 Plone Content ID Information Disclosure Vulnerability Template Injection Vulnerability in Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 Cross-Site Scripting (XSS) Vulnerability in Open-Xchange OX App Suite Arbitrary Host and Port Injection Vulnerability in Open-Xchange OX App Suite External Open XML Document Type Definition (DTD) Resource Reference Vulnerability Arbitrary Text Injection in Open-Xchange OX App Suite Login Screen Denial of Service Vulnerability in Quagga's bgp_dump_routes_func Function Buffer Overflow Vulnerability in cachemgr.cgi in Squid Stack-based buffer overflows in Squid 3.x and 4.x via crafted Edge Side Includes (ESI) responses Information Disclosure Vulnerability in Squid Proxy Server Remote Code Execution Vulnerability in Squid 3.x and 4.x via Crafted ESI Responses Regular Expression Denial of Service (ReDoS) in Moment Package for Node.js Arbitrary Script Injection in TYPO3 Backend Bookmark Creation Denial of Service Vulnerability in Huawei FusionCompute Huawei Policy Center XSS Vulnerability Remote Code Execution Vulnerability in Foxit Reader and PhantomPDF Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows Denial of Service Vulnerability in Foxit Reader and PhantomPDF Denial of Service Vulnerability in Foxit Reader and PhantomPDF Remote Code Execution Vulnerability in Foxit Reader and PhantomPDF Use-after-free vulnerability in XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows Denial of Service Vulnerability in Foxit Reader and PhantomPDF CSRF Vulnerability in Fortinet FortiWeb Allows Password Hijacking Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 via crafted SVG CSRF Vulnerability in Roundcube Webmail Allows Authentication Hijacking and Denial of Service Integer Overflow in php_raw_url_encode Function in PHP Format String Vulnerability in PHP SNMP Extension Arbitrary Code Execution Vulnerability in PHP Phar Extension Integer overflows in mb_strcut function in PHP versions before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 Denial of Service Vulnerability in jq 1.5 via Crafted JSON File URL Spoofing Vulnerability in Opera Mini 13 and Opera Stable 36 Memory Initialization Vulnerability in NCP Dissector in Wireshark 2.0.x before 2.0.3 Use-after-free vulnerability in TShark in Wireshark 2.0.x before 2.0.3 Denial of Service Vulnerability in Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability in Wireshark PKTC Dissector PKTC Dissector Timestamp Field Misparse Vulnerability Denial of Service Vulnerability in IAX2 Dissector in Wireshark Out-of-bounds Access Vulnerability in Wireshark GSM CBCH Dissector Denial of Service in Wireshark MS-WSP Dissector Integer Signedness Error in MS-WSP Dissector in Wireshark 2.0.x before 2.0.3 Stack-based Buffer Overflow in Wireshark NCP Dissector Arbitrary App Installation Vulnerability in Huawei HiSuite Remote Code Execution and Denial of Service Vulnerability in Huawei S12700 and S5700 Switches Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Untrusted Search Path Privilege Escalation Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X Unspecified Vulnerability in Adobe Flash Player 21.0.0.213 and Earlier with Unknown Impact and Attack Vectors Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Remote Code Execution Vulnerability in Adobe Flash Player 21.0.0.226 and Earlier Untrusted Search Path Vulnerability in Adobe Connect Add-In Installer Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier with unknown impact and attack vectors in Microsoft Internet Explorer and Edge Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Privilege Escalation via Untrusted Search Path in Adobe Creative Cloud Desktop Application Unquoted Windows Search Path Privilege Escalation Vulnerability in Adobe Creative Cloud Desktop Application Arbitrary Web Script Injection Vulnerability in Adobe ColdFusion Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Injection through Cross-Site Scripting (XSS) in Adobe Brackets Unspecified Impact Vulnerability in Adobe Brackets Extension Manager Unspecified Vulnerability in Adobe Flash Player 21.0.0.242 and Earlier with Unknown Impact and Attack Vectors Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe DNG SDK Arbitrary Web Script Injection Vulnerability in Adobe Experience Manager Unspecified Vector Information Disclosure Vulnerability in Adobe Experience Manager 6.0, 6.1, and 6.2 Arbitrary Web Script Injection Vulnerability in Adobe Experience Manager Adobe Flash Player Remote Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Denial of Service Vulnerability in Adobe Flash Player Arbitrary Code Execution and Denial of Service Vulnerability in Adobe Flash Player Adobe Flash Player Access Restriction Bypass Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Bypassing JavaScript API Execution Restrictions in Adobe Reader and Acrobat Arbitrary File Read Vulnerability in Adobe XMP Toolkit for Java Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Arbitrary Code Execution Vulnerability in Adobe Flash Player (CVE-2016-4226) Arbitrary Code Execution Vulnerability in Adobe Flash Player (CVE-2016-4224) Arbitrary Code Execution Vulnerability in Adobe Flash Player (CVE-2016-4225) Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Information Disclosure Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Race condition vulnerability in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux Heap-based Buffer Overflow in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified Vector Information Disclosure Vulnerability in Adobe Experience Manager Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions Arbitrary Code Execution Vulnerability in Adobe Digital Editions XML External Entity (XXE) Vulnerability in Adobe ColdFusion Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Adobe Flash Player Local-with-Filesystem Flash Sandbox Bypass Vulnerability Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows, OS X, and Linux Unspecified vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows, OS X, and Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Bypassing Access Restrictions in Adobe Flash Player Arbitrary Code Execution Vulnerability in Adobe Flash Player BlueStacks App Player Local Privilege Escalation Vulnerability Stack-based Buffer Overflow Vulnerability in GMER 2.1.19357 SysTreeView32 Control Heap Buffer Overflow in Hancom Office 2014 when Processing Hangul HShow Document (.hpt) Integer Overflow Vulnerability in Hancom Office 2014 Heap Buffer Overflow in Hancom Office 2014 when Processing Hangul HShow Document (.hpt) Heap-based Buffer Overflow in Hancom Office 2014 VP Allows Remote Code Execution via Crafted .cell File Heap-based Buffer Overflow in Hancom Office 2014 Hangul Hcell Document Processing Heap Overflow Vulnerability in Hancom Office 2014 when Processing Hangul Hcell Document Heap Corruption Vulnerability in Hancom Office 2014 Hangul Hcell Document Processing Integer Overflow Vulnerability in Hancom Office 2014 Allows for Code Execution Heap-based Buffer Overflow in libarchive: Integer Overflow in read_SubStreamsInfo Function Stack-based Buffer Overflow in parse_device function in libarchive Heap-based Buffer Overflow in parse_codes function in libarchive Heap-based Buffer Overflow in cJSON Library's parse_string Function Denial of Service Vulnerability in Kaspersky Internet Security KLIF Driver Kaspersky Internet Security KLIF Driver Denial of Service Vulnerability Information Leakage in Kaspersky Internet Security KLDISK Driver's IOCTL Handlers Kaspersky Internet Security KL1 Driver Denial of Service Vulnerability Session Fixation Vulnerability in Symphony CMS 2.6.7: Remote Session Hijacking via PHPSESSID Parameter CSRF Vulnerability in WSO2 Identity Server 5.1.0's XACML Flow Feature XML External Entity (XXE) Vulnerability in WSO2 Identity Server 5.1.0 Arbitrary File Execution Vulnerability in eXtplorer 2.1.9 WSO2 Carbon 4.4.5 LogViewer Admin Service Directory Traversal Vulnerability CSRF Vulnerability in WSO2 Carbon 4.4.5 Allows Remote Server Shutdown Multiple Cross-Site Scripting (XSS) Vulnerabilities in WSO2 Carbon 4.4.5 XSS Vulnerability on Atlassian Confluence Server before 5.9.11 in viewmyprofile.action Page Cross-Site Scripting (XSS) Vulnerability in Atlassian JIRA Server before 7.1.9 CSRF Vulnerability in Atlassian JIRA Server's Auditing/Settings Directory Traversal Vulnerability in Atlassian Bitbucket Server before 4.7.1 Authentication Bypass Vulnerability in BMC BladeLogic Server Automation (BSA) Directory Traversal Vulnerability in Pidgin's MXIT Protocol Handling Remote Code Execution Vulnerability in LibreOffice via Crafted RTF File Hardcoded Credentials Vulnerability in Lantronix xPrintServer Devices Remote Code Execution Vulnerability in Chef Manage Arbitrary Web Script Injection Vulnerability in WSO2 SOA Enablement Server Hardcoded Credentials in MEDHOST Perioperative Information Management System Local Denial of Service Vulnerability in Kaspersky Anti-Virus Software's Window Broadcast Message Handling Functionality Heap-based Buffer Overflow in HDF5 1.8.16 Library Arbitrary Code Execution Vulnerability in HDF5 1.8.16 Library's H5Z_NBIT Decoding Heap Buffer Overflow Vulnerability in HDF5 1.8.16 Library HDF5 1.8.16 Library Vulnerability: Array Initialization Loop Index Out-of-Bounds Modification Open Redirect Vulnerability in Jive before 2016.3.1 Remote Code Execution via Buffer Overflow in Lexmark Perspective Document Filters XLS Parsing Bzip2 Parsing Stack-Based Buffer Overflow Vulnerability in Lexmark Perspective Document Filters SQL Injection Vulnerability in Ktools.net Photostore 4.7.5: Arbitrary SQL Command Execution via Email Parameter Arbitrary Code Execution via mysql.size Parameter in Zabbix Agent User Impersonation Vulnerability in Gitlab 8.7.0 and earlier versions Information Disclosure Vulnerability in NetApp Clustered Data ONTAP PHP Uncompressed Data Handling Vulnerability Uninitialized Pointer Dereference in phar_make_dirstream Function Heap-based buffer overflow in PHP before 7.0.4 via long argument to utf8_encode function in xml_utf8_encode function PHP Integer Overflow in php_filter_encode_url Function Integer Overflow in str_pad Function in PHP Allows Remote Code Execution Denial of Service Vulnerability in librsvg 2.40.2 via Circular Definitions in SVG Document Untrusted Search Path Vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 Multiple SQL Injection Vulnerabilities in SolarWinds Storage Resource Monitor (SRM) Profiler SQL Injection Vulnerability in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before Build 1107 Integer Overflow in Mplayer's GIF Demuxer Function Allows Remote Denial of Service Denial of Service Vulnerability in Libksba's ber-decoder.c Buffer Overflow Vulnerability in ber-decoder.c in Libksba before 1.3.3 Integer Overflow Leading to Buffer Overflow in Libksba Out-of-Bounds Read Vulnerability in Libksba's DN Decoder Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Matrix Operating Environment Unspecified Remote Information Disclosure and Data Modification Vulnerability in HPE Matrix Operating Environment Stack-based buffer overflow vulnerability in mchan.dll in HPE LoadRunner and Performance Center allows remote code execution (ZDI-CAN-3516) Arbitrary File Deletion Vulnerability in HPE LoadRunner and Performance Center Denial of Service Vulnerability in HPE LoadRunner and Performance Center Unspecified Remote Authentication Vulnerability in HPE Insight Control Server Deployment Remote Code Execution Vulnerability in HPE Insight Control Server Deployment Local Privilege Escalation in HPE Insight Control Server Deployment Unspecified Remote Information Disclosure Vulnerability in HPE Insight Control Server Deployment Unspecified Remote Vulnerability in HPE Systems Insight Manager (SIM) before 7.5.1 Sensitive Information Disclosure Vulnerability in HPE Universal CMDB Universal Discovery Component Arbitrary Command Execution via Serialized Java Object in HPE Universal CMDB and Universal Discovery Arbitrary Command Execution in HPE Discovery and Dependency Mapping Inventory (DDMi) Arbitrary Command Execution and Information Disclosure Vulnerability in HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x Unspecified SSRF and Information Disclosure Vulnerabilities in HPE Service Manager Software Remote Code Execution via Serialized Java Object in HPE iMC PLAT, EAD, APM, NTA, BIMS, and UAM_TAM Arbitrary Command Execution Vulnerability in HPE Operations Manager (OM) Server-Side Request Forgery (SSRF) Vulnerability in HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 Unspecified Vulnerabilities in HPE Integrated Lights-Out Firmware Versions before 1.88 and 2.44 Unspecified Remote Information Disclosure Vulnerability in HPE StoreFabric B Switches Arbitrary Code Execution Vulnerability in HPE Sizing Tools Information Disclosure Vulnerability in HPE XP P9000 Command View Advanced Edition Software and XP7 Command View Advanced Edition Suite Vaudenay Attack: Padding-Oracle Vulnerability in HPE iLO3 Firmware Arbitrary Web Script Injection in HPE Operations Manager AdminUI Bypassing Access Restrictions in HPE XP7 Command View Advanced Edition Suite Remote User Validation Bypass Vulnerability in HPE Performance Center 11.52-12.50 Image ID Reassignment Vulnerability in HPE Helion Openstack Glance Denial of Service Vulnerability in HPE Performance Center and LoadRunner Arbitrary Command Execution Vulnerability in HP Network Automation Software Arbitrary File Write Vulnerability in HPE Network Automation Software 10.10 Arbitrary Code Execution Vulnerability in HPE KeyView Filter SDK (CVE-2016-4391) Arbitrary Code Execution Vulnerability in HPE KeyView Filter SDK (CVE-2016-4388) Arbitrary Code Execution Vulnerability in HPE KeyView Filter SDK (CVE-2016-4391) Arbitrary Code Execution Vulnerability in HPE KeyView Filter SDK (CVE-2016-4390) Critical Remote Code Execution Vulnerability in HP ArcSight WINC Connector Critical Remote Cross Site Scripting Vulnerability in HP Business Service Management Software v9.1x - v9.25IP1 Unspecified XSS Vulnerability in HPE System Management Homepage before v7.6 HPE System Management Homepage Information Disclosure Vulnerability Unspecified Remote Buffer Overflow in HPE System Management Homepage before v7.6 Unspecified Remote Buffer Overflow in HPE System Management Homepage before v7.6 HP Network Node Manager i (NNMi) v10.00-10.20 Local Code Execution Vulnerability HP Network Node Manager i (NNMi) Software 10.00-10.10 Java Deserialization Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in HP Network Node Manager i (NNMi) Software 10.00-10.10 Cross-Site Scripting (XSS) Vulnerability in HP Network Node Manager i (NNMi) Software 10.00-10.10 Aruba ClearPass Policy Manager Database Credential Disclosure Vulnerability Remote Code Execution Vulnerability in HP KeyView Filter SDK Remote Code Execution Vulnerability in HP KeyView Filter SDK Remote Code Execution Vulnerability in HP KeyView Filter SDK Remote Code Execution Vulnerability in HP Business Service Management (BSM) with Apache Commons Collection Java Deserialization Critical Remote Cross Site Scripting Vulnerability in HPE iLO 3 and iLO 4 DSA Signature Verification Vulnerability in SAP SAPCRYPTOLIB 5.555.38 phpMyAdmin Authentication Bypass and Redirection Vulnerability NULL Pointer Dereference and Crash Vulnerability in Quassel before 0.12.4 Heap-based Buffer Overflow in Ixia IxVeriWave File Parser in Wireshark 2.x Buffer Over-read Vulnerability in Wireshark 2.x IEEE 802.11 Dissector Denial of Service Vulnerability in Wireshark GSM A-bis OML Dissector Denial of Service Vulnerability in Wireshark ASN.1 BER Dissector Denial of Service Vulnerability in SPICE Dissector in Wireshark 2.x before 2.0.2 Denial of Service Vulnerability in Wireshark NFS Dissector Denial of Service Vulnerability in Wireshark ASN.1 BER Dissector Authentication Bypass Vulnerability in libpam-sshauth's pam_sm_authenticate Function Denial of Service via Username Length in Symfony Authentication Denial of Service Vulnerability in Jansson 2.7 and Earlier Bot API Keys Exposed to Other Users in Zulip Before 1.3.12 SSO-enabled Zulip Versions Prior to 1.3.12 Allow Deactivated Users to Access Messages Arbitrary Code Injection through AngularJS Template in OpenStack Dashboard (Horizon) Stack-based Buffer Overflow in clntudp_call Function in glibc Allows Remote DoS or Other Impact Apache Struts 2 CSRF Vulnerability Apache Struts 2 Default Method Redirection Vulnerability Authentication Bypass Vulnerability in Apache Qpid Java Apache Struts 2 Remote Redirection Vulnerability XML External Entity (XXE) Vulnerability in Apache Tika before 1.13 Unauthenticated Access and Denial of Service Vulnerability in BOSH Director VM Unspecified Impact Vulnerability in Apache Struts 2 Unconfigured Cipher Key Vulnerability in Apache Shiro Arbitrary Code Execution Vulnerability in Apache Struts 2 REST Plugin Out-of-bounds Write Vulnerability in QEMU's 53C9X Fast SCSI Controller Support APICv State Mishandling Vulnerability in Linux Kernel Out-of-Bounds Write Vulnerability in QEMU's 53C9X Fast SCSI Controller Support Improper Security Checks in rack-mini-profiler Gem (CVE-2021-23456) Information Disclosure in Red Hat Enterprise Virtualization (RHEV) Manager 3.6 via engine-setup Log File Arbitrary Command Execution Vulnerability in allow_execmod Plugin for setroubleshoot Arbitrary Command Execution Vulnerability in sealert's fix_lookup_id Function Arbitrary Command Execution via allow_execstack SELinux Denial in setroubleshoot Plugin Heap-based Buffer Underread and Application Crash in xmlParseElementDecl Function Libxml2 Format String Vulnerability XML External Entity (XXE) Vulnerability in libxml2 parser.c NULL pointer dereference and worker process crash vulnerability in nginx before 1.10.1 and 1.11.x before 1.11.1 Bypassing Organization and Location Restrictions in Foreman APIs Denial of Service Vulnerability in QEMU's vmsvga_fifo_run Function Out-of-Bounds Read Vulnerability in QEMU's vmsvga_fifo_read_raw Function Weak Permissions in Subscription Manager Cache Directories Allow Information Disclosure Arbitrary File Corruption via GNUTLS_KEYLOGFILE Environment Variable Default SSL/TLS Certificate Vulnerability in CloudForms Management Engine Stack-based Buffer Overflow in mod_cluster 1.2.9's node.c Authentication Bypass Vulnerability in Apache Pony Mail 0.6c through 0.8b Apache Struts 2.x Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Apache OFBiz 16.11.00 Apache Xerces-C++ Stack-Based Buffer Overflow Vulnerability Bypassing AudienceRestriction in Apache CXF Fediz Null Value Denial of Service Vulnerability in Apache Struts 2 Improper Server Hostname Verification in Apache Qpid Proton Library on Windows Arbitrary SQL Command Execution Vulnerability in Pivotal Cloud Foundry (PCF) and UAA Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Apache Archiva 1.3.9 and Earlier Denial of Service Vulnerability in Linux Kernel's key_reject_and_link Function Arbitrary Code Execution Vulnerability in ManageIQ CloudForms Vulnerability: Compiler Optimization Settings Bypass in Expat Remote Code Execution Vulnerability in PHP 7.0.7 and 5.6.x Default Root Password Vulnerability in Red Hat OpenStack Platform 8.0 and Red Hat Enterprise Linux OpenStack Platform 7.0 Bypassing Organization and Location Restrictions in Foreman APIs and UIs Denial of Service Vulnerability in hostapd and wpa_supplicant via Crafted WPS Operation Arbitrary Library Loading Vulnerability in wpa_supplicant Buffer Overflow in xmlrpc_char_encode Function in Atheme 7.2.7 and Earlier Improper Handling of Page Size (PS) Page Table Entry Bit in Xen 4.6.x and Earlier Uninitialized Data Structure Vulnerability in Linux Kernel's proc_connectinfo Function XML Attribute Value Denial of Service Vulnerability Cryptsetup Package Vulnerability: Shell Access via Invalid Password Attempts Uninitialized Data Structure Vulnerability in llc_cmsg_rcv Function Uninitialized Data Structure Vulnerability in Linux Kernel's rtnl_fill_link_ifmap Function Remote Denial of Service Vulnerability in libiberty via Crafted Binary (btypevec) Remote Denial of Service Vulnerability in libiberty via Crafted Binary (ktypevec) Integer Overflow in libiberty's gnu_special Function Allows Remote Denial of Service Integer Overflow in cp-demangle.c in libiberty Buffer Overflow and Infinite Recursion Vulnerability in libiberty's d_print_comp Function Buffer Overflow in do_type function in libiberty Out-of-Bounds Read and Crash Vulnerability in libiberty CSRF Vulnerability in KMC Controls BAC-5051E Devices Allows Unauthorized Access to Configuration File Bypassing Access Restrictions and Reading Configuration Files in KMC Controls BAC-5051E Devices Integer Overflow Vulnerability in Panasonic FPWIN Pro 5.x through 7.x before 7.130 Type Confusion Vulnerability in Panasonic FPWIN Pro 5.x through 7.x before 7.130 Uninitialized Pointer Vulnerability in Panasonic FPWIN Pro 5.x through 7.x Heap-based Buffer Overflow in Panasonic FPWIN Pro 5.x through 7.x: Denial of Service Vulnerability Remote Authenticated Firmware Write Vulnerability in Moxa UC-7408 LX-Plus Devices Authentication Bypass Vulnerability in ESC 8832 Data Controller 3.02 and Earlier Remote Code Execution Vulnerability in ESC 8832 Data Controller 3.02 and Earlier Authentication Bypass Vulnerability in Moxa Device Server Web Console 5232-N Cross-Site Request Forgery Vulnerability in Meteocontrol WEB'log Arbitrary Password Modification Vulnerability in Resource Data Management (RDM) Intuitive 650 TDB Controller Devices CSRF Vulnerability in RDM Intuitive 650 TDB Controller Devices Allows User Hijacking Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 SQL Injection Vulnerability Arbitrary Web Script Injection Vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and Earlier Eaton ELCSoft 2.4.01 Heap-Based Buffer Overflow Vulnerability Authentication Bypass Vulnerability in Trihedral VTScada Improper Hash Algorithm in ABB PCM600 Allows Cleartext Password Retrieval Remote Code Execution Vulnerability in Eaton ELCSoft 2.4.01 and Earlier Schneider Electric PowerLogic PM8ECC Module XSS Vulnerability Remote Configuration Change Vulnerability in Moxa PT-7728 Devices Insecure Password Storage in ABB PCM600 before 2.7 Denial of Service Vulnerability in OSIsoft PI AF Server Remote Code Execution Vulnerability in Unitronics VisiLogic OPLC IDE Hardcoded Credentials Vulnerability in Schneider Electric Pelco Digital Sentry Video Management System Hardcoded Credentials Vulnerability in Sixnet BT-5xxx and BT-6xxx M2M Devices SQL Injection Vulnerability in Rockwell Automation FactoryTalk EnergyMetrix Denial of Service Vulnerability in Trihedral VTScada WAP Interface Insecure Storage of OPC Server IEC61850 Passwords in ABB PCM600 before 2.7 Unspecified ActiveX Controls Vulnerability in Advantech WebAccess Local Privilege Escalation in ABB DataManagerPro 1.x before 1.7.1 Insecure Storage of Authentication Credentials in ABB PCM600 before 2.7 Buffer Overflow Vulnerability in Advantech WebAccess Allows Denial of Service via Crafted DLL File Remote Code Execution Vulnerability in Schneider Electric SoMachine HVAC Programming Software Denial of Service and Data Loss Vulnerability in OSIsoft PI SQL Data Access Server 2016 1.5 Credential Persistence Vulnerability in Rockwell Automation FactoryTalk EnergyMetrix Arbitrary File Read Vulnerability in Trihedral VTScada WAP Interface WECON LeviStudio Heap-Based Buffer Overflow Vulnerability Bypassing Self-Protection Rules in McAfee VirusScan Console AV Engine Integer Signedness Error in McAfee LiveSafe 14.0 Improper Initialization of Structures in OpenAFS Client Allows Information Disclosure Negative Integer Scale Argument Vulnerability in PHP's bcpowmod Function Vulnerability in bcpowmod Function in PHP Allows for Denial of Service or Other Impact XML Parser Denial of Service Vulnerability Out-of-bounds read vulnerability in PHP grapheme_stripos function Negative offset vulnerability in PHP's grapheme_strpos function Out-of-bounds read vulnerability in PHP's exif_process_IFD_TAG function Out-of-bounds read vulnerability in exif_process_IFD_in_JPEG function in PHP Out-of-bounds read vulnerability in PHP's exif_process_TIFF_in_JPEG function Denial of Service Vulnerability in F5 BIG-IP 11.5.4 with SSL Profiles Denial of Service Vulnerability in Samsung Devices with Android KK(4.4) or L(5.0/5.1) Denial of Service Vulnerability in Samsung Devices with Android KK, L, and M IP Address Spoofing Vulnerability in SAP NetWeaver 2004s (SAP Security Note 2190621) Arbitrary Script Injection via Href Attribute in Roundcube Webmail Cache-Poisoning Vulnerability in Squid Proxy Server Header Smuggling Vulnerability in Squid Proxy Server Denial of Service Vulnerability in Squid Proxy Server via Crafted ESI Responses Double Free Vulnerability in Esi.cc in Squid 3.x and 4.x Allows Remote Denial of Service Use-after-free vulnerability in Linux kernel allows privilege escalation or denial of service Use-after-free vulnerability in the BPF subsystem in Linux kernel before 4.5.5 Flexera InstallAnywhere Untrusted Search Path Privilege Escalation Vulnerability Cross-site scripting (XSS) vulnerability in ikiwiki's cgierror function in CGI.pm Buffer Overflow Vulnerability in DrawDashPolygon Function in ImageMagick Buffer Overflow Vulnerability in TraceStrokePolygon Function Buffer Overflow Vulnerability in ImageMagick's DrawImage Function InfiniBand Stack Write System Call Vulnerability Plupload Flash SWF Cross-Site Scripting (XSS) Vulnerability Arbitrary Script Injection Vulnerability in MediaElement.js Denial of Service and Kernel Memory Write Vulnerability in Linux Kernel's videobuf2-v4l2.c Uninitialized Data Structure Vulnerability in Linux Kernel's ALSA Timer Interface Denial of Service Vulnerability in mxmlDelete Function Denial of Service Vulnerability in mxml_write_node Function Incomplete Revocation of Privileges in Cloudera CDH before 5.7.1 Authentication Bypass Vulnerability in Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models when in FortiLink managed mode and upgraded to 3.4.1 Denial of Service Vulnerability in Libksba's DN Decoder Cross-site scripting (XSS) vulnerability in Huawei PLK, ATH, CherryPlus, and RIO smartphones' email APP Buffer Overflow Vulnerability in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 Devices Buffer Overflow Vulnerability in Huawei NGFW Module and Secospace Firewalls Uninitialized Data Structures Vulnerability in Linux Kernel's ALSA Timer Interface Out-of-Bounds Read Denial of Service Vulnerability in Libksba before 1.3.4 Improper Initialization in x25_negotiate_facilities Function Allows Information Disclosure NULL pointer dereference and OOPS vulnerability in Linux kernel mount propagation tree traversal Unspecified Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Timing Attack Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Page Loading Implementation Arbitrary Script Injection Vulnerability in Apple iOS, Safari, and tvOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Safari and tvOS Uninitialized Memory Disclosure Vulnerability in Apple iOS and tvOS WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in Apple tvOS WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, Safari, and tvOS Same Origin Policy Bypass in WebKit and Safari Remote File Access Vulnerability in WebKit for Apple iOS, Safari, and tvOS Memory Consumption Denial of Service Vulnerability in WebKit Siri Contacts Information Disclosure Vulnerability Sandbox Profiles Component Vulnerability: Unauthorized Process List Access Safari Login AutoFill Password Disclosure Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime for Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime for Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in QuickTime for Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in QuickTime for Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime for Apple OS X Memory Corruption Vulnerability in QuickTime for Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in QuickTime for Apple OS X Safari View Controller Misbehavior Allows Bypass of Private Browsing Protection in Apple iOS URL Spoofing Vulnerability in Safari for Apple iOS Denial of Service and Device Restart Vulnerability in Apple iOS Calendar Curl Vulnerability in Apple OS X Allows Arbitrary Code Execution and Information Disclosure Memory corruption vulnerability in libxslt in Apple iOS, OS X, iTunes, iCloud, tvOS, and watchOS before respective versions 9.3.3, 10.11.6, 12.4.2, 5.2.1, 9.2.2, and 2.2.2. Memory corruption vulnerability in libxslt in Apple iOS, OS X, iTunes, iCloud, tvOS, and watchOS before respective versions 9.3.3, 10.11.6, 12.4.2, 5.2.1, 9.2.2, and 2.2.2. Memory corruption vulnerability in libxslt in Apple iOS, OS X, iTunes, iCloud, tvOS, and watchOS before respective versions 9.3.3, 10.11.6, 12.4.2, 5.2.1, 9.2.2, and 2.2.2. Memory corruption vulnerability in libxslt in Apple iOS, OS X, iTunes, iCloud, tvOS, and watchOS before respective versions 9.3.3, 10.11.6, 12.4.2, 5.2.1, 9.2.2, and 2.2.2 Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Remote Information Disclosure Vulnerability in Apple Products Memory Corruption Vulnerability in libxml2 Memory Corruption Vulnerability in libxml2 Memory Corruption Vulnerability in libxml2 Sandbox Escape Vulnerability in macOS 10.12 and Earlier Universal XSS (UXSS) vulnerability in Safari Reader in Apple iOS and Safari before version 10 SMS Draft Directory Metadata Disclosure Vulnerability in Apple iOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X libc++abi Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, Safari, and tvOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, Safari, and tvOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, Safari, and tvOS Privilege Escalation via Use-After-Free Vulnerability in IOSurface on Apple OS X Privilege Escalation and Denial of Service Vulnerability in IOHIDFamily Privilege Escalation and Denial of Service Vulnerability in IOAcceleratorFamily in Apple iOS, tvOS, and watchOS IOAcceleratorFamily Out-of-Bounds Read Vulnerability in Apple iOS and watchOS Memory Corruption Vulnerability in ImageIO on Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in ImageIO on Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in ImageIO Memory Consumption Denial of Service Vulnerability in ImageIO Arbitrary Code Execution and Memory Corruption Vulnerability in Intel Graphics Driver for Apple OS X Unspecified Vector Vulnerability in Apple OS X Graphics Drivers Subsystem Man-in-the-Middle Attack Vulnerability in FaceTime on Apple iOS and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in CoreGraphics Privilege Escalation via Type Confusion in Apple OS X Login Window Memory Initialization Vulnerability in Apple OS X Login Window Arbitrary Code Execution and Information Disclosure Vulnerability in Apple OS X Login Window Type Confusion Vulnerability in Apple OS X Login Window Improper Reporting of Secure Proxy Authentication Credentials in iOS, tvOS, and OS X El Capitan Improper Validation of 407 Responses in iOS, tvOS, and OS X El Capitan Downgrade vulnerability in Keychain HTTP Authentication Credentials Storage Weak Permissions for Web-Browser Cookies in CFNetwork on Apple OS X Out-of-Bounds Read Vulnerability in Apple OS X Audio Handling Memory Corruption Vulnerability in Apple OS X Audio (CVE-XXXX-XXXX) Kernel Memory Disclosure and Denial of Service Vulnerability in Apple OS X NULL Pointer Dereference Vulnerability in Apple OS X Audio Heap-based Buffer Overflow in IOHIDFamily in Apple iOS, OS X, and tvOS Cross-protocol cross-site scripting (XPXSS) vulnerability in WebKit JavaScript bindings in Apple iOS and Safari Kernel Memory Disclosure Vulnerability in CoreGraphics on Apple OS X Unspecified Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in IOMobileFrameBuffer in Apple iOS Memory Disclosure Vulnerability in Apple iOS Kernel Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS Kernel Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS WebKit Use-after-free and Memory Corruption Vulnerability in libxml2 FontParser Vulnerability: Remote Information Disclosure and Denial of Service Denial of Service Vulnerability in macOS ntfs Component Arbitrary Code Execution and Denial of Service Vulnerability in AppleGraphicsControl Component Denial of Service Vulnerability in NVIDIA Graphics Drivers on macOS Vulnerability: Photo-Directory Metadata Disclosure via Crafted App Vulnerability: Audio-recording Metadata Disclosure via Crafted App Remote Code Execution Vulnerability in Apple WebKit Remote Code Execution and Denial of Service Vulnerability in macOS ATS Component Privilege Escalation and Denial of Service Vulnerability in Apple Kernel Password Length Disclosure Vulnerability Remote Code Execution and Denial of Service Vulnerability in macOS ImageIO Component JPEG Remote Code Execution Vulnerability Privilege Escalation and Denial of Service Vulnerability in macOS ATS Component Arbitrary Code Execution Vulnerability in Apple Products via Crafted App Cross-origin vulnerability in WebKit allows remote information disclosure in Apple Safari Remote Code Execution Vulnerability in Apple WebKit AppleSMC Component Privilege Escalation and Denial of Service Vulnerability Arbitrary File Write Vulnerability in Apple Products Kernel Memory Information Disclosure Vulnerability Remote Code Execution Vulnerability in macOS Core Image Component Remote Code Execution Vulnerability in ImageIO Component Remote Code Execution Vulnerability in macOS ImageIO Component Improper Password Hashing in iTunes Backup Component Address Book Access Revocation Vulnerability FontParser Buffer Overflow Vulnerability S/MIME Email Signature Revocation Vulnerability in iOS Arbitrary Code Execution Vulnerability in iOS Image Capture Component via Crafted USB HID Device FontParser Remote Code Execution Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Vulnerability: Cryptographic Protection Bypass in Apple's Security Component HTTPoxy Vulnerability in Apache HTTP Server on Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in AppleEFIRuntime Apple HSSPI Support Privilege Escalation and Memory Corruption Vulnerability Privilege Escalation Vulnerability in Apple iOS and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in AppleUUC Arbitrary Code Execution and Memory Corruption Vulnerability in AppleUUC Denial of Service Vulnerability in Apple OS X Application Firewall Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Bluetooth Privilege Escalation and Memory Corruption Vulnerability in Apple OS X Unspecified Memory Corruption Vulnerability in Apple Xcode before 8 Unspecified Memory Corruption Vulnerability in Apple Xcode before 8 Denial of Service Vulnerability in Apple OS X CD9660 CFNetwork Local Storage Deletion Vulnerability Misinterpretation of Set-Cookie Header in CFNetwork in Apple iOS, OS X, tvOS, and watchOS Root Access Vulnerability in Apple OS X WindowServer Root Access Vulnerability in Apple OS X WindowServer Information Disclosure Vulnerability in CCrypt Function in Apple iOS and OS X Arbitrary Code Execution and Denial of Service Vulnerability in CoreCrypto Screen-sharing vulnerability in CoreDisplay on Apple OS X before 10.12 allows unauthorized screen viewing Location Discovery Vulnerability in Apple OS X Date & Time Pref Pane Privilege Escalation Vulnerability in DiskArbitration in Apple OS X Scoped-Bookmark File Descriptor Denial of Service Vulnerability in Apple OS X FontParser Buffer Overflow Vulnerability in Apple iOS, OS X, tvOS, and watchOS Location Information Disclosure Vulnerability in Apple iOS and watchOS Man-in-the-Middle Attack Vulnerability in Apple IDS - Connectivity Component Call Relay Spoofing Vulnerability in Apple iOS and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Intel Graphics Driver for Apple OS X Arbitrary Code Execution and Denial of Service Vulnerability in IOAcceleratorFamily Memory Corruption Vulnerability in IOAcceleratorFamily Arbitrary Code Execution and Memory Corruption Vulnerability in IOAcceleratorFamily Arbitrary Code Execution and Memory Corruption Vulnerability in Apple OS X IOThunderboltFamily Arbitrary Code Execution Vulnerability in Apple iOS, tvOS, iTunes, and Safari Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit and Safari Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit and Safari Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in WebKit Memory Corruption Vulnerability in libarchive on Apple OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, Safari, tvOS, and watchOS Memory Corruption Vulnerability in libxslt on Apple iOS, OS X, tvOS, and watchOS mDNSResponder DNS Proxy Information Disclosure Vulnerability Unauthenticated Message Display Vulnerability in Apple iOS Handoff Vulnerability: Man-in-the-Middle Attack Blocking Software Updates in Apple iOS Insecure NSSecureTextField in Apple OS X before 10.12 allows credential discovery Memory Corruption Vulnerability in Apple Products Timing Side-Channel Attack Vulnerability in Apple OS X Kerberos 5 PAM Module Unintended Correction Vulnerability in Apple iOS Keyboards Certificate Mishandling in Apple iOS Mail: Facilitating Man-in-the-Middle Attacks on Mail Credentials Taint-Mode Bypass Vulnerability in Perl on Apple OS X Cleartext AirPrint Preview Content Disclosure Vulnerability in Apple iOS S2 Camera Vulnerability in Apple iOS and OS X: Arbitrary Code Execution and Memory Corruption Address Bar Spoofing Vulnerability in Safari Tabs Lack of CF_RETURNS_RETAINED Keyword in SecKeyDeriveFromPassword Function in Apple OS X before 10.12 Allows Information Disclosure Privilege Escalation via Crafted App in Apple Operating Systems RC4 Cipher Vulnerability in ServerDocs Server in Apple OS X Server Weak Permissions for .bash_history and .bash_session Files in Apple OS X Terminal Information Disclosure Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, tvOS, iTunes, and Safari DNS Rebinding Vulnerability in Apple iOS, iTunes, and Safari Use-after-free vulnerability in WebKitGTK+ before 2.14.0 allows remote attackers to cause a DoS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, iTunes, iCloud, and Safari X.509 Certificate Verification Vulnerability in WKWebView and Safari Remote Code Execution Vulnerability in Apple Products Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, tvOS, iTunes, and Safari Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, tvOS, iTunes, and Safari Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, tvOS, iTunes, and Safari Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, tvOS, iTunes, and Safari Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes and Safari Bypassing File-Access Restrictions in Apple iOS and OS X via Crafted Directory Pathname Unspecified Vector Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Memory-layout Information Disclosure and Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Memory-layout Information Disclosure and Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Unspecified Memory Corruption Vulnerability in Apple OS X, tvOS, and watchOS Memory-layout Information Disclosure and Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Denial of Service Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple iOS, OS X, tvOS, and watchOS Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Type Services (ATS) Privilege Escalation and Denial of Service Vulnerability in macOS Thunderbolt Component Passcode Bypass Vulnerability in iOS 10.2 and Earlier Versions Lenovo SHAREit Android App Intent Scheme URL Attack Vulnerability Universal XSS (UXSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 Vulnerability in Firmware Variants of EN100 Ethernet Module and SIPROTEC Devices Allows Information Disclosure Vulnerability in EN100 Ethernet Module: Remote Memory Content Disclosure Denial of Service Vulnerability in Pulse Connect Secure (PCS) Unspecified Directory Access Vulnerability in Pulse Connect Secure (PCS) Unspecified File Reading Vulnerability in Pulse Connect Secure (PCS) Arbitrary Web Script Injection Vulnerability in Pulse Connect Secure Arbitrary Web Script Injection in Pulse Connect Secure Administrative User Interface Unspecified SSRF and File Enumeration Vulnerability in Pulse Connect Secure Unauthenticated Access to Sign-In Pages in Pulse Connect Secure (PCS) 8.2 before 8.2r1 IP Spoofing Vulnerability in CakePHP 3.2.4 and Earlier Linux Kernel Use-After-Free Vulnerability in mm/percpu.c Heap-based Buffer Overflow in OpenJPEG's color_cmyk_to_rgb Function Divide-by-zero vulnerability in OpenJPEG's opj_tcd_init_tile function allows for denial of service Path Normalization Bypass in Eclipse Jetty 9.3.x on Windows DLL Hijacking Vulnerabilities in cURL and libcurl CRLF Injection Vulnerability in dotCMS Email Functionality Heap-based buffer overflow vulnerability in read_boot function in dosfstools before 4.0 Use-after-free vulnerability in ppp_generic.c in Linux kernel before 4.5.2 Web2py Local File Inclusion Vulnerability Reflected XSS Vulnerability in Web2py Versions 2.14.5 and Below: Admin User Attack CSRF Vulnerability in Web2py Versions 2.14.5 and Below: Unauthorized Actions Exploitation Denial of Service Vulnerability in libarchive's archive_read_format_cpio_read_header Function Unspecified Vector Access Policy Rule Manipulation in Citrix Studio and XenDesktop API Access Vulnerability in NTT Broadband Platform Japan Connected-free Wi-Fi Application Arbitrary Script Injection in Markdown on Save Improved Plugin for WordPress Privilege Escalation Vulnerability in NetCommons 2.4.2.1 and Earlier Arbitrary File Read Vulnerability in GSI Old_GSI_Maps Directory Traversal Vulnerability on BUFFALO WZR-600DHP3 and WZR-S600DHP Devices with Firmware 2.16 and Earlier Unspecified Vector Information Disclosure Vulnerability in BUFFALO WZR-600DHP3 and WZR-S600DHP Devices Use-after-free and Remote Code Execution Vulnerability in H2O HTTP/2 Connection Handling SSL Certificate Verification Bypass in DMMFX and GAITAMEJAPAN FX Trade for Android Arbitrary Code Execution Vulnerability in Takumi Yamada DX Library CSRF Vulnerability in I-O DATA DEVICE ETX-R Devices: Remote Authentication Hijacking Denial of Service Vulnerability in I-O DATA DEVICE ETX-R Devices Arbitrary Command Execution Vulnerability in Corega CG-WLBARGL Devices Denial of Service Vulnerability in Corega CG-WLBARAGM Devices Unrestricted PIN Authentication Attempts in Corega CG-WLR300GNV and CG-WLR300GNV-W Devices Arbitrary PHP Code Execution Vulnerability in Collne Welcart e-Commerce Plugin for WordPress Unspecified Cross-Site Scripting (XSS) Vulnerability in Collne Welcart e-Commerce Plugin for WordPress Cross-site scripting (XSS) vulnerability in Collne Welcart e-Commerce plugin before 1.8.3 for WordPress Session Hijacking Vulnerability in Collne Welcart e-Commerce Plugin for WordPress SSL Certificate Verification Bypass in DMM Movie Player App for Android and iOS SSL Certificate Verification Bypass in Sushiro App for iOS and Android Untrusted Search Path Privilege Escalation Vulnerability in LINE and LINE Installer SSL Certificate Verification Bypass in WAON Service Application for Android 1.4.1 and earlier Arbitrary Web Script Injection in Nofollow Links Plugin for WordPress Unrestricted User Account Creation and Modification in Vtiger CRM 6.4.0 and Earlier SQL Injection Vulnerability in Seed Coupon Plugin for EC-CUBE (Version 1.6 and below) Vulnerability in Money Forward Android Apps Allows for Unintended Operations Information Disclosure Vulnerability in Money Forward Android Apps SSL Certificate Verification Bypass in Coordinate Plus App for Android and iOS Arbitrary Email Header Injection in Cybozu Mailwise before 5.4.0 Information Disclosure Vulnerability in Cybozu Mailwise before 5.4.0 Sensitive Cookie Information Disclosure in Cybozu Mailwise before 5.4.0 Clickjacking Vulnerability in Cybozu Mailwise before 5.4.0 CSRF Vulnerability in I-O DATA DEVICE HVL Series Untrusted Search Path Vulnerability in PhishWall Client Internet Explorer Installer Unanchored Regex XSS Vulnerability in OSSEC Web UI before 0.9 Arbitrary Code Injection through Cross-Site Scripting (XSS) in ClipBucket before 2.8.1 RC2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Geeklog IVYWE Edition 2.1.1 Arbitrary Code Execution Vulnerability in LINE for Windows (before 4.8.3) Let's PHP! Simple Chat Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in YoruFukurou (NightOwl) before 2.85 Remote Code Execution in AKABEi SOFT2 Games via Crafted Saved Data CSRF Vulnerability in L-04D Firmware Version V10a and V10b Cross-Site Scripting Vulnerability in ADOdb Versions Prior to 5.20.6 Arbitrary Web Script Injection Vulnerability in Splunk Enterprise and Splunk Light Open Redirect Vulnerability in Splunk Enterprise and Splunk Light Arbitrary web script injection vulnerability in Splunk Enterprise versions 5.0.x to 6.4.x Open Redirect Vulnerability in Splunk Enterprise and Splunk Light Unauthenticated Remote Control and Denial of Service Vulnerability in Yokogawa STARDOM FCN/FCJ Controller SQL Injection Vulnerability in Zend_Db_Select in Zend Framework Remote Code Execution in Twigmo bundled with CS-Cart 4.3.9 and earlier Unauthenticated Access Vulnerability in Toshiba FlashAir SD-WD/WC and SD-WE Series Denial-of-Service Vulnerability in H2O Versions 2.0.3 and Earlier and 2.1.0-beta2 and Earlier Arbitrary Web Script Injection Vulnerability in Cybozu Office Customapp Function Cross-Site Scripting Vulnerability in Cybozu Office Project Function Access Restriction Bypass in Cybozu Office 9.0.0 to 10.4.0 Cybozu Office Email Header Injection Vulnerability Information Disclosure Vulnerability in Cybozu Office 9.0.0 to 10.4.0 Cross-Site Scripting Vulnerability in Cybozu Office Schedule Function Denial of Service Vulnerability in Cybozu Office 9.0.0 through 10.4.0 Bypassing Access Restrictions in Cybozu Office 9.0.0 to 10.4.0 via Breadcrumb Trail Remote Code Execution Vulnerability in Cybozu Office 9.0.0 to 10.4.0 via Project Function Remote Code Execution Vulnerability in Cybozu Office 9.0.0 - 10.4.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in IVYWE, dataBox, and userBox Plugins for Geeklog CSRF Vulnerability in baserCMS 3.0.10 and Earlier Allows Remote Code Execution Cross-Site Scripting Vulnerability in baserCMS Plugin Mail 3.0.10 and Earlier CSRF Vulnerability in baserCMS 3.0.10 and Earlier Allows Remote Authentication Hijacking CSRF Vulnerability in baserCMS Plugin Mail 3.0.10 and Earlier Cross-Site Scripting Vulnerability in baserCMS Blog Plugin 3.0.10 and Earlier CSRF Vulnerability in baserCMS Plugin Blog 3.0.10 and Earlier CSRF Vulnerability in baserCMS 3.0.10 and Earlier Allows Remote Authentication Hijacking Arbitrary Web Script Injection Vulnerability in baserCMS Version 3.0.10 and Earlier CSRF Vulnerability in baserCMS Plugin Blog 3.0.10 and Earlier CSRF Vulnerability in baserCMS Plugin Feed 3.0.10 and Earlier CSRF Vulnerability in baserCMS Plugin Mail 3.0.10 and Earlier CSRF Vulnerability in baserCMS Plugin Uploader 3.0.10 and Earlier Arbitrary Code Injection through Cross-Site Scripting (XSS) in ZOHO ManageEngine ServiceDesk Plus before 9.2 Unrestricted Access Vulnerability in ZOHO ManageEngine ServiceDesk Plus Insecure Cookie Generation in ZOHO ManageEngine ServiceDesk Plus before 9.2 CSRF Vulnerability in SetsucoCMS Allows Unauthorized Settings Modification Cross-Site Scripting Vulnerability in SetsucoCMS All Versions SetsucoCMS SQL Injection Vulnerability Denial of Service Vulnerability in SetsucoCMS Code Injection Vulnerability in SetsucoCMS Session Management Vulnerability in SetsucoCMS Multiple Cross-Site Scripting (XSS) Vulnerabilities in Usermin before 1.690 Remote Command Execution Vulnerability in Linux version of NovaBACKUP DataCenter Remote Command Execution Vulnerability in NovaBACKUP DataCenter Untrusted Search Path Vulnerability in Evernote for Windows Untrusted Search Path Vulnerability in e-Tax Software Installer Untrusted Search Path Vulnerability in The Public Certification Service for Individuals Arbitrary Web Script Injection Vulnerability in WP-OliveCart and WP-OliveCartPro CSRF Vulnerability in WP-OliveCart and WP-OliveCartPro Arbitrary SQL Command Execution Vulnerability in WP-OliveCart and WP-OliveCartPro Cross-site scripting vulnerability in Cybozu Garoon Keitai Messages function CSRF Token Disclosure Vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 Privilege Escalation in Cybozu Garoon 3.0.0 to 4.2.2: Unauthorized Modification of User's Private RSS Settings CSRF Vulnerability in Cybozu Garoon Allows Remote Logout Access Restriction Bypass Vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 Token Rescoping Vulnerability in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) OpenSLP 2.0.0 Denial of Service Vulnerability Vulnerability: Information Disclosure in Linux Kernel's get_rock_ridge_filename Function IPv6 Traffic Flooding Vulnerability in Juniper Networks Junos OS Junos OS CLI Command Vulnerability: Unauthorized Access and Privilege Escalation Insufficient Cross-Site Scripting Protection in J-Web Component in Juniper Networks Junos OS Unauthorized Access Vulnerability in Juniper Networks Junos OS on vMX IPv6 Packet Malformation Vulnerability in Juniper E Series Routers Unauthenticated Administrative Access Vulnerability in Junos Space Insufficient Validation of SSH Keys in Junos Space: A Gateway for MITM Attacks Cross-Site Request Forgery Vulnerability in Junos Space Allows Unauthorized Administrative Actions Junos Space Command Injection Vulnerability: Arbitrary Code Execution as Root User Junos Space XSS Vulnerability: Remote Information Theft and Administrative Actions XML Entity Injection Vulnerability in Junos Space: Denial of Service (DoS) Arbitrary Web Script Injection in Citrix NetScaler Gateway 11.0 Cross-Site Scripting (XSS) Vulnerabilities in Cloudera HUE Users Page User Account Enumeration Vulnerability in Cloudera HUE 3.9.0 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cloudera Manager 5.5 and Earlier Information Disclosure Vulnerability in Cloudera Manager 5.5 and Earlier User Session Enumeration Vulnerability in Cloudera Manager 5.5 and Earlier Denial of Service and System Crash Vulnerability in Linux Kernel Denial of Service Vulnerability in QEMU with VMWARE PVSCSI Paravirtual SCSI Bus Emulation Support Denial of Service Vulnerability in ntpd Denial of Service Vulnerability in NTPd's process_packet Function Denial of Service Vulnerability in ntpd with Autokey Enabled Denial of Service Vulnerability in ntpd Denial of Service Vulnerability in ntpd via Crypto-NAK Packet Remote Desktop Denial of Service Vulnerability in NVIDIA Quadro, NVS, and GeForce Products Elevation of Privilege Vulnerability in NVIDIA NVStreamKMS.sys Service Component Denial of Service Vulnerability in NVIDIA Windows Graphics Drivers Xen 4.6.x and Earlier: Local OS Guest Administrators Can Cause Denial of Service or Gain Host OS Privileges via libxl Device-Handling Vulnerability Denial of Service Vulnerability in Xen's libxl Device-Handling Denial of Service Vulnerability in QEMU's mptsas_fetch_requests Function Arbitrary Command Execution with Root Privileges in Fortinet FortiWan (formerly AscernLink) Authenticated Remote File Download Vulnerability in Fortinet FortiWan (formerly AscernLink) Information Disclosure Vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 Remote Authentication Cookie Disclosure in Fortinet FortiWan (formerly AscernLink) before 4.2.5 Arbitrary Web Script Injection Vulnerability in Fortinet FortiWan (formerly AscernLink) Denial of Service Vulnerability in Netty's OpenSslEngine.java Arbitrary File Write Vulnerability in GNU Wget before 1.18 Arbitrary Code Execution via Extended YAML Tags in OpenStack Murano Buffer Overflow Vulnerability in GCC's libssp Library: Exploiting Object Size Checking Absence Arbitrary Code Execution via Apache Qpid AMQP JMS Client Deserialization Vulnerability CRLF Injection Vulnerability in mod_userdir Sensitive Information Exposure in Apache Ambari 2.x Remote Code Execution via Response_type Parameter in Spring Security OAuth Arbitrary Code Execution via Object Deserialization in Apache ActiveMQ Artemis HTTP/2 Request Authorization Bypass in Apache HTTP Server 2.4.18-2.4.20 Password Generation Weakness in xquest through 2016-06-13 Weak Permissions in authd Allow Local Users to Obtain /etc/ident.key via Race Condition Local Users Can Read Newly Created SSL/TLS Key Files via Dovecot RPM Postinstall Script Weak Permissions for TLS Certificate in openldap-servers' generate-server-cert.sh Script Information Disclosure Vulnerability in OpenStack Ironic API Arbitrary File Read Vulnerability in TAP Plugin in Jenkins Directory Traversal Vulnerability in Jenkins Image Gallery Plugin Arbitrary Web Script Injection in Jenkins Build Failure Analyzer Plugin Arbitrary Command Execution Vulnerability in setroubleshoot Command Execution Vulnerability in nodepdf 1.3.0 Information Disclosure Vulnerability in 389 Directory Server CRLF Injection Vulnerability in Undertow Web Server in WildFly 10.0.0 Use-after-free vulnerability in GIMP's xcf_load_image function allows remote code execution via crafted XCF file Improper Access Restriction in Foreman Allows Disclosure of Sensitive Host Configuration Information Plaintext Root Password Exposure in Foreman Discovery-Debug Vulnerability: Privilege Escalation and Denial of Service in Linux Kernel's netfilter Subsystem Out-of-Bounds Read Vulnerability in Linux Kernel's IPT_SO_SET_REPLACE Implementation SQL Injection Vulnerability in Dashbuilder Data Set Lookup Filter XML External Entity (XXE) vulnerability in Apache POI before 3.14 allows remote file read Apache Hadoop Short-Circuit Reads Information Disclosure Vulnerability Apache XML-RPC Library 3.1.3 XXE Vulnerability: Server-Side Request Forgery (SSRF) via Crafted DTD Arbitrary Code Execution Vulnerability in Apache XML-RPC Library 3.1.3 Denial of Service Vulnerability in ws-xmlrpc 3.1.3 Arbitrary Web Script Injection Vulnerability in Apache Archiva 1.3.9 and Earlier User Credential Information Leakage in Cloud Foundry Cloud Controller Inconsistent URL Pattern Matching Vulnerability in Spring Security and Spring Framework Vulnerability: Bypassing Authentication in libvirt VNC Server Remote Authenticated Denial of Service Vulnerability in Ceph Monitor Out-of-Bounds Read Vulnerability in ImageMagick's TIFF Decoder Denial of Service Vulnerability in libblkid's parse_dos_extended Function Unrestricted Glossary Search in Moodle 3.x Email Header Text Injection Vulnerability in Moodle 2.x and 3.x Vulnerability: Unenrolled Users Receiving Event Monitor Notifications in Moodle 2.x and 3.x Certificate Expiration Validation Vulnerability in Pivotal Cloud Foundry and UAA Buffer Overflow Vulnerability in Apache Zookeeper CLI Shell Bypassing SecurityManager in Apache Tomcat versions 6.0.0 to 9.0.0.M9 Deserialization Vulnerability in Apache MyFaces Trinidad Privilege Escalation via Crafted EAV Monitor Script in F5 BIG-IP Unspecified Information Disclosure Vulnerability in F5 BIG-IP and BIG-IQ Products Denial of Service Vulnerability in F5 BIG-IP and Related Products Denial of Service Vulnerability in F5 BIG-IP Systems Denial of Service Vulnerability in F5 BIG-IP Systems Denial of Service Vulnerability in NVIDIA Windows Graphics Drivers Local Privilege Escalation in OnionShare Denial of Service Vulnerability in libdwarf 20160115 via Crafted ELF File NULL Pointer Dereference Vulnerability in libdwarf's print_frame_inst_bytes Function NULL Pointer Dereference Vulnerability in libdwarf's create_fullest_file_path Function NULL Pointer Dereference Vulnerability in libdwarf Out-of-Bounds Read Vulnerability in libdwarf's print_frame_inst_bytes Function Denial of Service Vulnerability in libdwarf's dwarf_get_xu_hash_entry Function Out-of-Bounds Read Vulnerability in libdwarf's print_exprloc_content Function Out-of-Bounds Write Vulnerability in libdwarf (CVE-2016-9132) Out-of-Bounds Read Vulnerability in libdwarf's _dwarf_read_line_table_header Function Out-of-Bounds Read Vulnerability in libdwarf's dump_block Function NULL pointer dereference vulnerability in _dwarf_load_section function in libdwarf before 20160923 Out-of-Bounds Read Vulnerability in libdwarf's dwarf_get_macro_startend_file Function Out-of-Bounds Read Vulnerability in libdwarf's get_attr_value Function Out-of-Bounds Read Vulnerability in libdwarf NULL Pointer Dereference Vulnerability in libdwarf before 20160923 Denial of Service Vulnerability in libdwarf's dwarf_get_aranges_list Function Out-of-Bounds Read and Crash Vulnerability in libdwarf Out-of-Bounds Write Vulnerability in libdwarf's WRITE_UNALIGNED Function Sensitive Credential Exposure in NetApp OnCommand System Manager before 9.0 via Cluster Peering Setup Denial of Service Vulnerability in NetApp OnCommand System Manager 8.3.x before 8.3.2P5 SQL Injection Vulnerability in ReadyDesk 9.1 Chat/Staff Default.aspx ReadyDesk 9.1 Directory Traversal Vulnerability in chat/openattach.aspx Arbitrary Code Execution via Unrestricted File Upload in ReadyDesk 9.1 Cleartext Storage of Pre-Shared Key (PSK) in OSRAM Lightify Home Lack of SSL Pinning in OSRAM Lightify Home (through 2016-07-26) Arbitrary Command Execution Vulnerability in OSRAM Lightify Home (before 2016-07-26) Zigbee Replay Vulnerability in OSRAM Lightify Home XSS Vulnerability in OSRAM Lightify Pro: Username Field and Wireless Client Mode Configuration Page Insecure PSK Length in OSRAM Lightify Pro Lack of SSL Pinning in OSRAM Lightify Pro (through 2016-07-26) Zigbee Replay Vulnerability in OSRAM Lightify Pro Sensitive Information Disclosure in OSRAM Lightify Pro (before 2016-07-26) via Screenshot Reading Multiple Cross-Site Scripting (XSS) Vulnerabilities in nGrinder before 3.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Aternity Web Server Unauthenticated Remote Code Execution in Aternity Web Server BMC Server Automation RSCD Agent Authorization Bypass Vulnerability Command Injection Vulnerability in Sierra Wireless GX 440 Devices with ALEOS Firmware 4.3.2 Weak Passwords in Sierra Wireless GX 440 Devices with ALEOS Firmware 4.3.2 Hayes AT Command Injection Vulnerability in Sierra Wireless GX 440 Devices with ALEOS Firmware 4.3.2 Unauthenticated Access to Embedded_Ace_Get_Task.cgi in Sierra Wireless GX 440 Devices Guessable Session Tokens in Sierra Wireless GX 440 Devices with ALEOS Firmware 4.3.2 Clear-text Password Storage in Sierra Wireless GX 440 Devices with ALEOS Firmware 4.3.2 Root Privilege Escalation in Sierra Wireless GX 440 Devices with ALEOS Firmware 4.3.2 Arbitrary Code Execution Vulnerability in OXID eShop (CVE-2016-XXXX) XSS Vulnerability in CloudView NMS before 2.10a via SNMP Format String Vulnerability in CloudView NMS before 2.10a via SNMP XSS Vulnerability in CloudView NMS 2.10a via TELNET Login Information Disclosure Vulnerability in CloudView NMS before 2.10a Cross-Site Scripting (XSS) Vulnerability in Netikus EventSentry before 3.2.1.44 via SNMP XSS Vulnerability in Paessler PRTG before 16.2.24.4045 via SNMP Integer Overflow in rtxMemHeapAlloc Function in Objective Systems ASN1C for C/C++ Hardcoded Root Password Vulnerability in ZModo ZP-NE14-S and ZP-IBH-13W Devices Unencrypted Data Transmission Vulnerability in Johnson & Johnson Animas OneTouch Ping Devices Insecure Random Number Generation in Johnson & Johnson Animas OneTouch Ping Devices Remote Authentication Bypass Vulnerability in Johnson & Johnson Animas OneTouch Ping Devices Weak Permissions in Alertus Desktop Notification on OS X Allows Local Users to Suppress Emergency Notifications Remote Code Execution in Extbase Action in TYPO3 Fortinet FortiWeb Autolearn Directory Traversal Vulnerability Out-of-bounds Read Vulnerability in PHP's get_icu_value_internal Function Integer Overflow in php_html_entities Function in PHP Integer Overflow in php_escape_html_entities_ex Function in PHP Integer Overflow in fread Function in PHP Allows Remote Attackers to Cause Denial of Service or Other Impact Sensitive Information Disclosure in phpMyAdmin before 4.6.2 phpMyAdmin Directory Traversal Vulnerability in error_report.lib.php Arbitrary Web Script Injection in phpMyAdmin 4.4.x and 4.6.x Predictable Password Reset Token Generation in Froxlor before 0.9.35 User-assisted remote code execution vulnerability in Opera Mail before 2016-02-16 on Windows Buffer Overflow in LibTIFF's gif2tiff Tool Allows Remote Denial of Service Remote Code Execution Vulnerability in libimobiledevice and libusbmuxd Uninitialized Variable Vulnerability in QEMU's MegaRAID SAS 8708EM2 HBA Emulation Denial of Service Vulnerability in QEMU's MegaRAID SAS 8708EM2 HBA Emulation Denial of Service Vulnerability in QEMU's Megasas_lookup_frame Function with MegaRAID SAS 8708EM2 HBA Emulation Support Buffer Overflow in DecodeAdpcmImaQT Function in VLC Media Player Bypassing Apple Touch ID Authentication in Citrix Worx Home and XenMobile MDX Toolkit for iOS Buffer Overflow and Out-of-Bounds Read Vulnerability in PHP's FPM Log Out-of-Bounds Read Vulnerability in libavcodec's avcodec_decode_audio4 Function Stack-based buffer under-read vulnerability in gd_xbm.c in the GD Graphics Library (libgd) before 2.2.0 allows information disclosure or denial of service via a long name. OpenNTPD Vulnerability: Man-in-the-Middle Bypass via Crafted Timestamp Constraint Arbitrary Code Execution via OpenBlob Function in GraphicsMagick and ImageMagick Arbitrary Code Execution via Spoofed Update in KeePass 2.33 and Earlier Remote Code Execution via Drag&Drop Image Injection in Open-Xchange OX App Suite Heap-based Buffer Overflow in QEMU's iscsi_aio_ioctl Function Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink Same Origin Policy Bypass in Google V8 and Chrome Memory Corruption Vulnerability in Google V8 Engine URL Spoofing Vulnerability in Google Chrome Use-after-free vulnerability in libxml2: Remote Denial of Service and Possible Other Impact Insecure Subframe Control in Google Chrome Proxy Authentication Spoofing Vulnerability in Google Chrome Information Disclosure in Proxy Auto-Config (PAC) Feature in Google Chrome Bypassing Content Security Policy (CSP) in Blink via HTML Preload Scanner Use-after-free vulnerability in Google Chrome Extensions Subsystem CSPSource::schemeMatches Function in Blink Allows CSP Bypass Integer Overflow in kbasep_vinstr_attach_client Function in Google Chrome Integer overflows in opj_tcd_init_tile function in OpenJPEG Heap-based Buffer Overflow in OpenJPEG's j2k.c Allows Remote Code Execution Address bar spoofing vulnerability in Google Chrome before version 52.0.2743.116 Use-after-free vulnerability in WebCrypto implementation in Google Chrome Bypassing Access Restrictions in Google Chrome Developer Tools Subsystem Bypassing Access Restrictions in Google Chrome Developer Tools Subsystem Taint Property Preservation Vulnerability in Blink Unspecified Vulnerabilities in Google Chrome before 52.0.2743.116 Universal XSS (UXSS) Vulnerability in Google Chrome Universal XSS (UXSS) vulnerability in Google Chrome before version 53.0.2785.89 on Windows and OS X and before version 53.0.2785.92 on Linux Extension-Bindings Injection Vulnerability in Google Chrome Use-after-free vulnerability in IndexedDB API implementation in Blink Use-after-free vulnerability in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux Integer Overflow in OpenJPEG's opj_tcd_get_decoded_tile_size Function Use-after-destruction vulnerability in Web Animations in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux Heap-based Buffer Overflows in PDFium via Crafted JBig2 Image Address bar spoofing vulnerability in Google Chrome Use-after-free vulnerability in event_bindings.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux Heap-based Buffer Overflow in OpenJPEG Allows Remote Code Execution Integer overflows in opj_tcd_init_tile function in OpenJPEG Integer overflows in OpenJPEG leading to heap-based buffer overflow in PDFium Improper Restriction of IFRAME Elements in Google Chrome Extension Manifests Type Confusion Vulnerability in Blink's EditingStyle::mergeStyle Function Improper Restriction of IFRAME Elements in Google Chrome Extension Manifest URL Spoofing Vulnerability in Google Chrome Universal XSS (UXSS) vulnerability in Google Chrome's Developer Tools subsystem Cross-site scripting (XSS) vulnerability in Google Chrome Developer Tools subsystem Improper Restriction of File Saving in Google Chrome Allows for NetNTLM Hash Discovery and SMB Relay Attacks Unspecified Vulnerabilities in Google Chrome: Denial of Service and Potential Impact Skia Same Origin Policy Bypass Vulnerability Format String Vulnerability in Google Chrome OS Use-after-free vulnerability in Blink's V8BindingForModules.cpp in Google Chrome before 53.0.2785.113 Use-after-free vulnerability in WebKit interface.cpp in Blink Vulnerability: Scope Mishandling in Google V8 Parser Unintended Resource Loading and Same Origin Policy Bypass in Google Chrome Extensions Subsystem Denial of Service Vulnerability in Google Chrome Browser Unspecified Vulnerabilities in Google Chrome before 53.0.2785.113 Bypassing SafeBrowsing Protection in Google Chrome V8 Use-After-Free Vulnerability in Google Chrome Unspecified Remote Code Execution Vulnerabilities in Google Chrome Arbitrary Command Execution Vulnerability in Chrome OS (CVE-XXXX-XXXX) Heap-based Buffer Overflow in c-ares 1.x: Remote Code Execution Vulnerability UXSS Vulnerability in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android Heap Corruption Vulnerability in Google Chrome Heap Use After Free Vulnerability in PDFium in Google Chrome Heap Corruption Vulnerability in PDFium Out of Bounds Memory Read Vulnerability in Google Chrome Out of Bounds Memory Read Vulnerability in Google Chrome Devtools Spoofing Omnibox Content in Google Chrome for Android (CVE-2016-5199) UI Spoofing Vulnerability in Google Chrome Spoofing Omnibox Contents via Blob URL Navigation in Google Chrome Out of Bounds Memory Read Vulnerability in Google Chrome Arbitrary Script Injection Vulnerability in Google Chrome CORS Bypass Vulnerability in Google Chrome TextTrackLoader Insufficient URL Validation in Google Chrome for iOS Allows Remote Navigation Bypass Unspecified vulnerabilities in Google Chrome: Version 54.0.2840.59 and earlier Dirty COW: Privilege Escalation via Copy-on-Write Race Condition Insufficient Same Origin Policy Enforcement in Google Chrome for Android Allows Remote File Access Arbitrary Activity Execution Vulnerability in Google Chrome for Android Arbitrary Code Execution Vulnerability in V8 Engine Heap Corruption Vulnerability in FFmpeg in Google Chrome Heap Corruption Vulnerability in V8 Engine of Google Chrome Privilege Escalation Vulnerability in Google Chrome Extensions API Improper Data Handling in Google Chrome Dial Registry Use After Free Vulnerability in PDFium in Google Chrome SVG Shadow Tree Leaking Vulnerability in Google Chrome Arbitrary Script Injection Vulnerability in Google Chrome (CVE-2016-9651) Bypassing Same Origin Policy in Google Chrome PDF Plugin Arbitrary Code Execution via DOM Tree Corruption in Google Chrome UXSS Vulnerability in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android Heap Corruption Vulnerability in Blink in Google Chrome Heap Buffer Overflow in PDFium TIFF Image Parsing Use After Free Vulnerability in PDFium in Google Chrome Remote File Read Vulnerability in Google Chrome Use After Free Vulnerability in V8 Engine in Google Chrome Downloaded File Mark of the Web Bypass Vulnerability in Google Chrome for Windows Use After Free Vulnerability in WebAudio in Google Chrome Out of Bounds Memory Read Vulnerability in PDFium Privileged Plugin Access Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Heap Use After Free Vulnerability in V8 Engine in Google Chrome Remote File Read Vulnerability in PDFium Type Confusion Vulnerability in libGLESv2 in ANGLE in Google Chrome URL Spoofing Vulnerability in Google Chrome PDFium Integer Overflow Vulnerability Timing Attack Exploiting Denormalized Floating Point Arithmetic in SVG Filters in Google Chrome Content Security Policy Bypass in Google Chrome Prior to 55.0.2883.75/55.0.2883.84 XSS Vulnerability in Google Chrome: Execution of javascript: URLs via Drag and Drop Stack-based Buffer Overflow in PlayMacro Function in Micro Focus Rumba Arbitrary Code Execution via XStream Serialization in Atlassian Bamboo Vulnerability: Permission Bypass and Partial Module Control in Huawei Mate8 NXT-AL, NXT-CL, NXT-DL, and NXT-TL Vulnerability: User Data Deletion via Crafted App on Huawei Mate8 NXT-AL, NXT-CL, NXT-DL, and NXT-TL Buffer Overflow Vulnerability in Huawei Mate8 NXT-AL, NXT-CL, NXT-DL, and NXT-TL Improper Security Status Verification Vulnerability in Huawei Mate 8 Smartphones (HWPSIRT-2015-12007) Remote Code Execution Vulnerability in Huawei Multipoint Control Unit Devices and RSE6500 Videoconference Devices F5 WebSafe Dashboard XSS Vulnerability Arbitrary Code Injection in F5 WebSafe Dashboard 3.9.5 and Earlier Weak File Permissions in Valve Steam 3.42.16.13 Allows Unauthorized Modification and Privilege Escalation Out-of-Bounds Write Vulnerability in QEMU's get_cmd Function Arbitrary Command Execution Vulnerability in ImageMagick and GraphicsMagick Denial of Service Vulnerability in DrawDashPolygon Function Arithmetic Exception Denial of Service Vulnerability in GraphicsMagick VMID Exhaustion Vulnerability in Xen Hypervisor Information Disclosure Vulnerability in Linux Kernel's tipc_nl_compat_link_dump Function Uninitialized Structure Member Vulnerability in Linux Kernel's rds_inc_info_copy Function Vulnerability: Secure Boot Bypass via AMI Test Key Arbitrary Process Termination Vulnerability in Lenovo Solution Center Arbitrary Code Execution with LocalSystem Privileges in Lenovo Solution Center (LSC) Information Disclosure Vulnerability in Mozilla Firefox and Thunderbird Location Bar Spoofing Vulnerability in Mozilla Firefox Arbitrary Code Execution via Stack-based Buffer Underflow in Mozilla Firefox Arbitrary File Write Vulnerability in Mozilla Firefox Updater on Windows Use-after-free vulnerability in nsXULPopupManager::KeyDown function in Mozilla Firefox Use-after-free vulnerability in Mozilla Firefox allows remote code execution Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird WebRTC Socket Thread Use-After-Free Vulnerability in Mozilla Firefox Use-after-free vulnerability in Mozilla Firefox allows remote code execution Session Manager Vulnerability: Password Exposure through Type Change Integer Overflow in WebSocketChannel Class in Mozilla Firefox Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox Arbitrary Code Execution via Type Confusion in Mozilla Firefox Use-after-free vulnerability in Mozilla Firefox allows remote code execution Universal XSS and File Read Vulnerability in Mozilla Firefox File Access Vulnerability in Mozilla Firefox Address Bar Spoofing Vulnerability in Mozilla Firefox for Android Improper Flag Setting in Mozilla Firefox Allows for URL Spoofing Heap-based buffer overflow in nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox and Thunderbird Denial of Service Vulnerability in Mozilla Firefox 49.0 Arbitrary Code Execution Vulnerability in Mozilla Firefox and Thunderbird Arbitrary Code Execution Vulnerability in Mozilla Firefox Use-after-free vulnerability in nsFrameManager::CaptureFrameState function in Mozilla Firefox and Thunderbird Arbitrary Code Execution Vulnerability in Mozilla Firefox 49.0 Mozilla Firefox and Thunderbird Use-After-Free Vulnerability in DocAccessible::ProcessInvalidationList Function Use-after-free vulnerability in nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 Remote Code Execution Vulnerability in Mozilla Firefox and Thunderbird Sensitive Full-Pathname Information Disclosure in Mozilla Firefox Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability DOMSVGLength Use-After-Free Remote Code Execution Vulnerability Improper Scheme Restriction in Favicon Requests in Mozilla Firefox Same Origin Policy Bypass in Mozilla Firefox 49.0 Unintended Expiration Dates in Preloaded Public Key Pinning in Mozilla Firefox and Thunderbird Null Pointer Dereference Vulnerability in Mozilla Network Security Services Use-after-free vulnerability in Firefox 49.0.2 and earlier versions during actor destruction with service workers. HTTP Cache Information Disclosure Vulnerability Memory Corruption Vulnerability in Firefox 49: Potential for Arbitrary Code Execution Memory Corruption Vulnerability in Firefox 49 and Firefox ESR 45.4 Local Shortcut File Same-Origin Policy Bypass Vulnerability Firefox < 50 URL Parsing Vulnerability: Potentially Exploitable Crash Arbitrary File Modification via Hardlink in Mozilla Updater Arbitrary Target Directory Selection Vulnerability in Mozilla Updater Privilege Escalation via Mozilla Maintenance Service in Firefox < 50 Heap-buffer-overflow vulnerability in Cairo when processing SVG content caused by compiler optimization Argument Length Checking Vulnerability in JavaScript Favicon and SSL Indicator Persistence Vulnerability in Firefox for Android Vulnerability: AuthToken Interception in Firefox for Android (Versions < 50) Insufficient Entropy in Expat XML Parser Allows Denial of Service Denial of Service Vulnerability in libtorrent's parse_chunk_header Function Vulnerability: Remote Compromise of Citrix XenServer 7.0 via Active Directory Account Credentials Horde Groupware and Webmail XSS Vulnerability Open Redirect Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Cross-Site Scripting (XSS) Vulnerabilities in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Improper Implementation of HSTS Protection Mechanism in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Directory Traversal Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 Denial of Service Vulnerability in Symantec Endpoint Protection and Norton Security Denial of Service Vulnerability in Symantec Products when Handling Crafted RAR Files Memory Corruption Vulnerability in Symantec Products DLL-Preloading Privilege Escalation Vulnerability in Symantec Norton Products Directory Traversal Vulnerability in Symantec Messaging Gateway Charting Component Arbitrary OS Command Execution in Symantec Web Gateway (SWG) before 5.2.5 Buffer Overflow in LibTIFF's PixarLogDecode Function Out-of-Bounds Read Vulnerability in libtiff's setByteArray Function Remote Crash Vulnerability in libtiff's PixarLogCleanup Function Buffer Overflow Vulnerability in libtiff.so Allows Denial of Service Attack via Crafted TIFF File Remote Crash Vulnerability in libtiff's _TIFFVGetField Function Heap-based Buffer Overflow in libtiff's tif_packbits.c Allows Remote Code Execution via Crafted BMP File Denial of Service Vulnerability in libtiff's DumpModeDecode Function Out-of-Bounds Read Vulnerability in libtiff's setByteArray Function Denial of Service Vulnerability in libtiff's _TIFFFax3fillruns Function CRLF Injection Vulnerability in Node.js ServerResponse#writeHead Function Kernel Memory Address Disclosure and kASLR Bypass Vulnerability in VMware Tools on OS X Kernel Memory Address Disclosure and kASLR Bypass Vulnerability in VMware Fusion 8.x on OS X Untrusted Search Path Vulnerability in VMware Tools CRLF Injection Vulnerability in VMware vCenter Server and ESXi 6.0 Arbitrary File Read Vulnerability in VMware vRealize Log Insight Default SSH Public Key Vulnerability in VMware Photos OS OVA 1.0 Information Disclosure in VMware Identity Manager and vRealize Automation Local Privilege Escalation in VMware Identity Manager and vRealize Automation Arbitrary Code Execution Vulnerability in VMware vRealize Automation 7.0.x before 7.1 QEMU Megasas_ctrl_get_info Function Information Disclosure Vulnerability Buffer Overflow Vulnerability in QEMU's esp_reg_read and esp_reg_write Functions Pointer Validation Bypass Vulnerability in KGSL Linux Graphics Module GPS Denial of Service Vulnerability in Android Heap-based buffer overflow in wcnss_wlan_write function in Linux kernel 3.x Buffer overflow vulnerability in QDSP6v2 Voice Service driver in Linux kernel 3.x Integer overflows in MDSS driver for Linux kernel 3.x: Denial of Service and Possible Impact Buffer Overflow in Qualcomm Radio Driver on Android One Devices Google Pixel/Pixel SL Qualcomm Avtimer Driver Information Disclosure Vulnerability Kernel Stack Data Leakage Vulnerability in Qualcomm Android Devices Denial of Service Vulnerability in Android GPS Component Insufficient Memory Address Verification in Qualcomm Secure Execution Environment (QSEE) Leading to Privilege Escalation Denial of Service Vulnerability in Wireshark SPOOLS Component Denial of Service Vulnerability in Wireshark 1.12.x and 2.x Denial of Service Vulnerability in Wireshark 2.x Denial of Service Vulnerability in UMTS FP Dissector in Wireshark USB Subsystem Denial of Service Vulnerability Denial of Service Vulnerability in Toshiba File Parser in Wireshark Denial of Service Vulnerability in CoSine File Parser in Wireshark Denial of Service Vulnerability in Wireshark NetScreen File Parser Denial of Service in Wireshark Ethernet Dissector Integer Overflow and Infinite Loop Vulnerability in WBXML Dissector Denial of Service and Uninitialized Memory Access Vulnerability in HAproxy 1.6.x Denial of Service Vulnerability in libreswan's IKEv1 Implementation Bypassing DHCP-Spoofing Protection in OpenStack Neutron Firewall Bypassing MAC-Spoofing Protection in OpenStack Neutron Firewall Arbitrary Script Injection in MantisBT 1.2.19 and Earlier Huawei Honor WS851 Router Remote Command Execution Vulnerability Huawei Honor WS851 Routers Configuration Data Modification Vulnerability Information Disclosure Vulnerability in Huawei Honor WS851 Routers (HWPSIRT-2016-05053) Huawei AR3200 Memory Leak Vulnerability CSRF Vulnerability in NetApp Snap Creator Framework before 4.3.0P1 Improper Handling of Owner_Rights ACL Entry in NetApp Data ONTAP 9.0 and 9.1 Arbitrary Code Execution Vulnerability in Red Hat CloudForms 4.1 Web UI Arbitrary Code Execution via Fontconfig Cache File Vulnerability HTTPoxy Vulnerability in PHP through 7.0.8 HTTPoxy: CGI Applications Vulnerable to Proxy Header Redirection Apache HTTP Server Vulnerability: HTTP_PROXY Environment Variable Manipulation (httpoxy) Apache Tomcat HTTP_PROXY Environment Variable Redirection Vulnerability Sensitive Network Interface Information Disclosure in Foreman Libreswan before 3.18 Denial of Service Vulnerability Information Disclosure Vulnerability in Kubernetes API Server Remote Code Execution Vulnerability in Apache Hadoop 2.6.x and 2.7.x Unrestricted Script Tag Passing in XSSAPI.encodeForJSString() Method in Apache Sling Arbitrary Web Script Injection in Apache Ranger Policy Admin Tool HPACK Bomb Attack Vulnerability in Apache Traffic Server 6.0.0 to 6.2.0 Command Injection Vulnerability in Apache Thrift Go Client Library Arbitrary Code Injection through Business Process Editor in Red Hat JBoss BPM Suite Remote Code Execution via Crafted bz2 Archive in PHP Memory Leak in airspy_probe Function in Linux Kernel USB Driver CSRF Vulnerability in Red Hat JBoss BRMS and BPMS 6 Allows Remote Authentication Hijacking Arbitrary Code Execution Vulnerability in CFME Capacity and Utilization Feature Denial of Service Vulnerability in QEMU's virtqueue_pop Function Vulnerability: Lack of Permission Check in FreeIPA's cert_revoke Command User Password Disclosure Vulnerability in 389 Directory Server Privilege Escalation in Red Hat JBoss EAP 7.x Out-of-Bounds Memory Access Vulnerability in X.org libXv Arbitrary Code Execution Vulnerability in Squid Package (CVE-2016-4051) Missing HTTPOnly Flag in Set-Cookie Header for GEARID Cookie in Red Hat OpenShift Enterprise 2 Local Privilege Escalation in firewalld before 0.4.3.3 World-readable root password vulnerability in Red Hat QuickStart Cloud Installer (QCI) Denial of Service Vulnerability in PowerPC KVM Hypervisor Arbitrary SAN Name Request Vulnerability in FreeIPA 4.4.0 Default Access Control Instructions Disclosure Vulnerability Denial of Service Vulnerability in libresolv in GNU C Library (glibc) Arbitrary File Write Vulnerability in libarchive 3.2.0 and Earlier TLS Session Resumption Bypass in curl and libcurl versions prior to 7.50.1 Client Certificate Hijacking Vulnerability in curl and libcurl Libcurl Use-After-Free Vulnerability in Versions Prior to 7.50.1 Unauthorized User Addition Vulnerability in Red Hat JBoss Operations Network (JON) Arbitrary Code Execution and Denial of Service Vulnerability in PostgreSQL Privilege Escalation via Mishandled Characters in PostgreSQL Privilege Escalation Vulnerability in Tomcat Package on Linux Distributions Denial of Service Vulnerability in PowerDNS Authoritative Server Denial of Service Vulnerability in PowerDNS Authoritative Server Timing Attack Vulnerability in jose-php RSA 1.5 Algorithm Vulnerability in JOSE_JWE Class in jose-php Key Confusion/Algorithm Substitution Vulnerability in PHP JOSE Library Information Disclosure Vulnerability in ovirt-engine-provisiondb Utility TLS Certificate Validation Vulnerability in Citrix iOS Receiver Denial of Service Vulnerability in libalpm Signature File Handling Memory Leak Vulnerability in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100 Remote Denial of Service Vulnerability in Oracle MySQL 5.7.12 and earlier Remote Denial of Service Vulnerability in Oracle MySQL 5.7.12 and earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server Remote administrators can affect availability in Oracle MySQL and MariaDB through Server: RBR vulnerability Remote Denial of Service Vulnerability in Oracle MySQL 5.7.12 and earlier Unspecified Remote Availability Vulnerability in Oracle MySQL 5.7.12 and Earlier Local Denial of Service Vulnerability in Oracle MySQL 5.7.12 and earlier Remote Confidentiality Vulnerability in Oracle MySQL and MariaDB Unspecified Remote Code Execution Vulnerability in Oracle Sun Systems Products Suite ILOM Component Unspecified vulnerability in ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 Unspecified Remote Code Execution Vulnerability in Oracle Sun Systems Products Suite ILOM Component Unspecified SNMP-related vulnerability in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 Unspecified Remote Availability Vulnerability in ILOM Component of Oracle Sun Systems Products Suite Unspecified Remote Integrity Vulnerability in Oracle Siebel CRM Unspecified vulnerability in Siebel UI Framework component in Oracle Siebel CRM versions 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 Confidentiality vulnerability in Oracle Sun Solaris 11.3 via Verified Boot vectors Unspecified vulnerability in ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 Unspecified Verified Boot Vulnerability in Oracle Sun Solaris 11.3 Unspecified vulnerability in Oracle Communications Messaging Server component allows remote attackers to affect confidentiality Confidentiality vulnerability in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 Unspecified vulnerability in ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 Unspecified vulnerability in Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 Unspecified Remote Code Execution Vulnerability in Siebel Core - Common Components in Oracle Siebel CRM Unspecified confidentiality vulnerability in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM Unspecified vulnerability in Siebel Core - Server Framework component in Oracle Siebel CRM: Confidentiality Impact via Workspace-related Vectors Unspecified Integrity Vulnerability in Oracle Siebel CRM Unspecified Integrity Vulnerability in Oracle Siebel CRM Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote attackers to compromise confidentiality and integrity Unspecified Confidentiality Vulnerability in Oracle Siebel CRM Unspecified vulnerability in PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.1 and 9.2: Confidentiality and Integrity Impact via eProcurement Vectors Unspecified vulnerability in Siebel UI Framework component in Oracle Siebel CRM versions 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 Unspecified Local Availability Vulnerability in Oracle Sun Solaris 11.3 Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Local Availability Vulnerability in Oracle Sun Solaris 11.3 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows local users to compromise system security Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Oracle Retail Service Backbone component allows remote authenticated users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Retail Service Backbone component allows remote authenticated users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Retail Integration Bus component allows remote authenticated users to affect confidentiality, integrity, and availability Unspecified Confidentiality Vulnerability in Oracle GlassFish Server Component Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Universal Banking Component Bash-related Local Integrity Vulnerability in Oracle Sun Solaris 10 Unspecified Confidentiality Vulnerability in Oracle Sun ZFS Storage Appliance Kit Unspecified Remote Code Execution Vulnerability in Oracle Commerce Guided Search Unspecified Local Confidentiality Vulnerability in Sun ZFS Storage Appliance Kit Unspecified Local Vulnerability in Oracle Sun Solaris 11.3 Unspecified Remote Code Execution Vulnerability in Oracle WebLogic Server Unspecified vulnerability in Oracle iStore component in Oracle E-Business Suite: Confidentiality and Integrity Impact via Runtime Catalog Vectors Unspecified Local User Confidentiality Vulnerability in Oracle FLEXCUBE Universal Banking Component Unspecified Remote Code Execution Vulnerability in Oracle Commerce Service Center Unspecified Local Vulnerability in Sun ZFS Storage Appliance Kit (AK) Component Unspecified vulnerability in Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 Unspecified vulnerability in Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 affecting confidentiality via EUL Code & Schema vectors Unspecified Local Vulnerability in Oracle Database Server 12.1.0.2 Unspecified vulnerability in Oracle Database Server 11.2.0.4 and 12.1.0.2 Unspecified vulnerability in Oracle Database Server 11.2.0.4 and 12.1.0.2 Unspecified Remote Confidentiality Vulnerability in Oracle Discoverer Component Unspecified vulnerability in Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications Unspecified vulnerability in Sun ZFS Storage Appliance Kit (AK) component allows local users to affect confidentiality, integrity, and availability Unspecified Local User Confidentiality Vulnerability in Oracle Agile Product Lifecycle Management for Process Unspecified Local Privilege Escalation Vulnerability in Oracle Database Server Unspecified Local Vulnerability in Oracle Identity Manager Component in Oracle Fusion Middleware Remote Denial of Service Vulnerability in Oracle MySQL Server: InnoDB Unspecified Local Confidentiality Vulnerability in Solaris Cluster Component Oracle FLEXCUBE Investor Servicing Unauthorized Data Access Vulnerability Unspecified Remote Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified Remote Integrity Vulnerability in Oracle WebCenter Sites Component Unspecified Remote Code Execution Vulnerability in Oracle Agile PLM Component Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified Local Denial of Service Vulnerability in Oracle Database Server 12.1.0.2 Unspecified Local User Confidentiality Vulnerability in Oracle E-Business Suite 12.1.3 Unspecified vulnerability in Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 Unspecified vulnerability in Oracle GlassFish Server component in Oracle Fusion Middleware Unspecified Remote Code Execution Vulnerability in Oracle Agile PLM Component Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Unspecified Local Integrity Vulnerability in Solaris Cluster Component Unspecified vulnerability in Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 Unspecified Confidentiality Vulnerability in Oracle Agile PLM Component Oracle GlassFish Server Multiple Protocol Vulnerability Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 Unspecified vulnerability in Oracle WebLogic Server component affecting confidentiality, integrity, and availability via WLS-WebServices vectors Unspecified vulnerability in Oracle Shipping Execution component allows remote attackers to compromise confidentiality Unspecified Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 16.1 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 Unspecified Directory Traversal Vulnerability in NetBeans Component of Oracle Fusion Middleware 8.1 Unspecified vulnerability in Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 Unspecified Local Vulnerability in Oracle Retail Xstore Payment Component Unspecified Local Vulnerability in Oracle Retail Xstore Payment Component MySQL Cluster Component Vulnerability: Unauthorized Data Access and Partial Denial of Service Unspecified Integrity Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 Unspecified Local Privilege Escalation Vulnerability in Oracle Sun Solaris 10 and 11.3 Vulnerability in Oracle VM VirtualBox GUI component allows unauthorized access and partial denial of service Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit Libraries: Unauthorized Data Access Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit: Unauthorized Partial Denial of Service Vulnerability in Oracle Java SE Allows Unauthorized Access to Critical Data Vulnerability in Oracle Java SE Allows Unauthorized Access to Critical Data Solaris Cluster Unauthorized Data Access Vulnerability Vulnerability in Oracle Java SE Networking Component Unspecified Local Vulnerability in Oracle Sun Solaris 10 and 11.3 Remote Code Execution Vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 via JMX Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified 2D-related vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 Unspecified Remote Code Execution Vulnerability in Oracle Advanced Pricing Component Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 Local Privilege Escalation Vulnerability in Oracle Sun Solaris 10 and 11.3 Kernel Unspecified vulnerability in Siebel UI Framework component in Oracle Siebel CRM 16.1 affecting confidentiality and integrity via OpenUI vectors IKE Vulnerability in Oracle Sun Solaris 11.3 Unspecified vulnerability in Oracle iProcurement component in Oracle E-Business Suite Unspecified vulnerability in Oracle Hospitality OPERA 5 Property Services component Unspecified vulnerability in Oracle Hospitality OPERA 5 Property Services component Confidentiality vulnerability in Oracle Hospitality OPERA 5 Property Services component Unspecified Remote Confidentiality Vulnerability in Oracle Sun Solaris 11.3 Unspecified vulnerability in Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 Unspecified AWT-related vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 Unspecified vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 Unspecified vulnerability in Oracle E-Business Suite 12.2.3 through 12.2.6 in Oracle Applications DBA component Unspecified vulnerability in Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 Unspecified vulnerability in Oracle Database Server 12.1.0.2 Kernel PDB component Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 Unspecified vulnerability in Oracle Common Applications Calendar component in Oracle E-Business Suite: Confidentiality Impact via Resources Module Local Privilege Escalation Vulnerability in Oracle Sun Solaris 11.3 via Kernel Zones Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 Unspecified Remote Code Execution Vulnerability in Oracle Virtualization's Secure Global Desktop Component Unspecified Local Vulnerability in Oracle iRecruitment Component Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 Unspecified Remote Integrity Vulnerability in Oracle One-to-One Fulfillment Component Unspecified Confidentiality Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 Unspecified Remote Code Execution Vulnerability in Oracle Email Center Component Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 Unspecified Remote Code Execution Vulnerability in Oracle CRM Technical Foundation Component MySQL Enterprise Monitor Remote Code Execution Vulnerability Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified vulnerability in Oracle Customer Interaction History component in Oracle E-Business Suite Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Universal Banking Component Unspecified Remote Code Execution Vulnerability in Oracle Customer Interaction History Component Unspecified Confidentiality Vulnerability in Oracle CRM Technical Foundation Component Confidentiality vulnerability in Oracle Java SE versions 6u121, 7u111, 8u102, and Java SE Embedded 8u101 related to Networking Unspecified vulnerability in MySQL Connector allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Oracle Advanced Supply Chain Planning Component Unspecified vulnerability in PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 Unspecified vulnerability in Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1: CIE Related Components Confidentiality and Integrity Impact Unspecified vulnerability in Oracle Data Integrator component affecting confidentiality via Code Generation Engine Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications Unspecified Local Vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.5 Unspecified VRDE-related vulnerability in Oracle VM VirtualBox component before 5.1.4 Local Privilege Escalation Vulnerability in Oracle Sun Solaris 11.3 Kernel Zones Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications Unspecified vulnerability in Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 Remote authenticated users can affect availability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier through unspecified DML vectors. Unspecified vulnerability in Oracle VM VirtualBox component allowing local users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle VM VirtualBox component affecting confidentiality Unspecified DML-related vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier Unspecified vulnerability in Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 Unauthorized Read Access Vulnerability in Oracle FLEXCUBE Private Banking Lynx-related Local Availability Vulnerability in Oracle Sun Solaris 11.3 Unspecified vulnerability in Oracle Data Integrator component affecting confidentiality via Code Generation Engine Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications Vulnerability in Oracle FLEXCUBE Private Banking: Unauthorized Data Access and Manipulation Remote authenticated users can disrupt availability in Oracle MySQL 5.5.51 and earlier through DML-related vectors Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier related to Server: Packaging Remote authenticated users can affect availability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier through GIS-related vectors. Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier affecting availability via Server: InnoDB Remote Denial of Service Vulnerability in Oracle MySQL 5.7.13 and earlier Remote administrators can affect availability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier through an unspecified vulnerability related to Server: Federated. Remote Denial of Service Vulnerability in Oracle MySQL Server: InnoDB Remote Denial of Service Vulnerability in Oracle MySQL 5.7.13 and earlier via Server: Memcached Remote Denial of Service Vulnerability in Oracle MySQL 5.7.14 and earlier Unspecified Remote Availability Vulnerability in Oracle MySQL 5.7.13 and Earlier Remote Denial of Service Vulnerability in Oracle MySQL 5.7.13 and earlier Unspecified Remote Availability Vulnerability in Oracle MySQL 5.7.13 and Earlier Heap-based buffer overflow in Python's zipimport module allows remote attackers to execute arbitrary code via a negative data size value. Type Confusion Vulnerability in libbpg's restore_tqb_pixels Function Unauthenticated Remote Access to Sensitive Information in Netgear WNDR4500 Genie App Crestron AirMedia AM-100 Directory Traversal Vulnerability Arbitrary Command Execution via Directory Traversal in Crestron AirMedia AM-100 Devices XSS Vulnerability in Opmantek NMIS before 8.5.12G via SNMP Hardcoded SNMP Community in Rockwell Automation MicroLogix 1400 PLC Devices Heap Overflow Vulnerability in Lexmark Perceptive Document Filters Library CBFF Parser Denial of Service and Privilege Escalation Vulnerability in Intel Graphics Driver Insecure SSL Certificate Validation in Acer Portal App for Android Unauthenticated Access to Admin Password in Netgear DGN2200 and DGND3700 Routers Unauthenticated Association Vulnerability in ZModo ZP-NE14-S and ZP-IBH-13W Devices Heap-based Buffer Overflow in LibTIFF's TIFF2PDF Tool SQL Injection Vulnerabilities in Misys FusionCapital Opics Plus Remote Privilege Escalation via Man-in-the-Middle Attack in Misys FusionCapital Opics Plus Unverified X.509 Certificates in Misys FusionCapital Opics Plus: A Man-in-the-Middle Vulnerability Arbitrary Web Script Injection Vulnerability in Accela Civic Platform Citizen Access Portal Arbitrary Code Execution Vulnerability in Accela Civic Platform Citizen Access Portal Privilege Escalation Vulnerability in Accellion Kiteworks Appliances Cross-Site Scripting (XSS) Vulnerabilities in Accellion Kiteworks Appliances before kw2016.03.00 Accellion Kiteworks Directory Traversal Vulnerability Authentication Bypass in Crestron Electronics DM-TXRX-100-STR Devices Authentication Bypass in Crestron Electronics DM-TXRX-100-STR Devices Authentication Bypass and Settings Modification in Crestron Electronics DM-TXRX-100-STR Devices Hardcoded X.509 Certificate Vulnerability in Crestron Electronics DM-TXRX-100-STR Devices Hardcoded Password Vulnerability in Crestron Electronics DM-TXRX-100-STR Devices CSRF Vulnerabilities in Crestron Electronics DM-TXRX-100-STR Devices Vulnerability: Insecure X.509 Certificate Acceptance in Intel Crosswalk Unrestricted Destination IP Address and TCP Port Vulnerability in UltraVNC Repeater Arbitrary PHP Code Execution in NUUO NVRmini 2, NUUO NVRsolo, and NETGEAR ReadyNAS Surveillance Arbitrary PHP Code Execution via NTPServer Parameter in NUUO NVRmini, NUUO NVRsolo, NUUO Crystal, and NETGEAR ReadyNAS Surveillance Remote Password Reset Vulnerability in NUUO NVRmini 2, NUUO NVRsolo, and NETGEAR ReadyNAS Surveillance Hardcoded Password Vulnerability in NUUO NVRmini 2, NUUO NVRsolo, and NETGEAR ReadyNAS Surveillance Hardcoded Root Credentials Vulnerability in NUUO NVRmini 2 and NVRsolo Arbitrary Command Execution in NUUO NVRmini 2 and NETGEAR ReadyNAS Surveillance Arbitrary Code Execution Vulnerability in NUUO NVRmini 2 and NETGEAR ReadyNAS Surveillance Stack-based Buffer Overflow in D-Link DIR-850L B1 and Other Models XSS Vulnerability in Swagger-UI 2.2.1 and earlier versions Cleartext SQL Server Credentials Disclosure in ReadyDesk 9.1 XMP Image Handling Out-of-Bounds Write Vulnerability Authenticated Remote Command Execution in Dell iDRAC7 and iDRAC8 Devices Authentication Bypass Vulnerability in Johnson & Johnson Animas OneTouch Ping Devices Out-of-Bounds Read Vulnerability in ImageMagick's DDS Coder Heap-based buffer overflow and invalid write vulnerabilities in WPG parser of ImageMagick Unspecified Impact Vulnerability in ImageMagick DCM Reader Unspecified Impact Vulnerability in ImageMagick's DCM Reader Unvalidated Pixel Values in DCM Reader in ImageMagick Blind In-Window Attack Vulnerability in Linux Kernel XML Signature Wrapping Vulnerability in Ruby-saml before 1.3.0 CRLF Injection Vulnerability in urllib2 and urllib in Python Remote Code Execution and System Configuration Modification in F5 BIG-IP Systems BBCode Injection Vulnerability in phpMyAdmin 4.0.10.x - 4.6.x Cookie-Attribute Injection Vulnerability in phpMyAdmin 4.6.x before 4.6.3 SQL Injection Vulnerability in phpMyAdmin 4.4.x and 4.6.x Arbitrary Web Script Injection in phpMyAdmin 4.6.x before 4.6.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.4.x and 4.6.x Denial of Service Vulnerability in phpMyAdmin Weak Encryption of Passwords in SolarWinds Virtualization Manager 6.3.1 and Earlier Clickjacking Vulnerability in NetApp Snap Creator Framework Non-Unique Certificate Vulnerability in NetApp Virtual Storage Console for VMware vSphere Puppet Agent Prior to 1.6.0 Vulnerability: Unauthorized Code Execution via Environment Variables Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability Open Redirect Vulnerability in Puppet Enterprise Console Remote Code Execution Vulnerability in Puppet Enterprise Console Untrusted Search Path Vulnerabilities in Microsoft Skype Allow Arbitrary Code Execution and DLL Hijacking Unspecified Cross-Site Scripting (XSS) Vulnerabilities in Zimbra Collaboration before 8.7.0 Plaintext Session Token Exposure in Huawei OceanStor Storage Devices Local Privilege Escalation Vulnerability in Huawei FusionInsight HD Cloudera CDH 5.9 Vulnerability: Exposure of Potentially Sensitive Information in Diagnostic Support Bundles Arbitrary File Write Vulnerability in JCraft JSch Arbitrary PHP Code Execution via themechanges Array Parameter in Simple Machines Forum (SMF) 2.1 Arbitrary PHP Code Execution Vulnerability in Simple Machines Forum (SMF) 2.1 Double Fetch Vulnerability in MIC VOP Driver Allows Information Disclosure or Denial of Service Lenovo BIOS EFI Driver Local Privilege Escalation Vulnerability Sensitive Information Disclosure in phpMyAdmin versions 4.0.x, 4.4.x, and 4.6.x Arbitrary web script injection vulnerability in phpMyAdmin OpenID error message handling Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.6.x before 4.6.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 4.x.x Arbitrary PHP Code Execution in phpMyAdmin Buffer overflow vulnerability in pngquant 2.7.0 allows remote attackers to execute arbitrary code via a crafted PNG file. Default configuration vulnerability in F5 BIG-IP devices allows for anonymous IPsec IKE peer configuration and potential brute-force attacks Cross-Site Scripting (XSS) Vulnerability in Openstack Puppet Module for Gerrit CSRF Vulnerability in phpMyAdmin Transformation Implementation JavaScript Code Execution via iCal Attachments in Open-Xchange OX App Suite Arbitrary SQL Command Execution via XML-RPC Interface in Movable Type Remote Code Execution Vulnerability in Siemens SIMATIC WinCC and SIMATIC PCS 7 Arbitrary File Read Vulnerability in Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 F5 BIG-IP LTM NAT64 Configuration File Modification Vulnerability Insecure Storage of Passphrases in libstorage, libstorage-ng, and yast-storage Cookie Handling Vulnerability in Novell eDirectory XXE vulnerability in NetIQ Access Manager 4.1 and 4.2 allows disclosure of local file content to logged-in users XML External Entity (XXE) Vulnerability in NetIQ Access Manager 4.1 and 4.2 Remote Code Execution Vulnerability in iManager Certificate Upload Feature Unfiltered Finalizer Target URL Vulnerability in NetIQ Access Manager Improper Handling of Unsigned SAML Requests in NetIQ Access Manager Information Leakage Vulnerability in NetIQ Access Manager 4.1 and 4.2 Clickjacking Vulnerability in NetIQ Access Manager 4.1 and 4.2 Reflected Cross Site Scripting Vulnerability in NetIQ Access Manager Web Tools iManager Admin Console in NetIQ Access Manager: iFrame Manipulation Vulnerability Circumvention of Cross-Site Request Forgery Protection Mechanism in NetIQ Access Manager Local Privilege Escalation Vulnerability in mkdumprd Script Cross-Site Scripting (XSS) Vulnerabilities in Novell GroupWise Administrator Console Novell GroupWise XSS Vulnerability in Email Handling Integer Overflow Vulnerability in Novell GroupWise Post Office Agent Unauthorized File Access and Modification Vulnerability in Novell Open Enterprise Server (OES) Buffer Overflow Vulnerability in Micro Focus Rumba FTP 4.X Client Allows Arbitrary Code Execution Arbitrary File Read Vulnerability in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) Integer overflow vulnerability in GD Graphics Library allows remote attackers to cause denial of service or possibly have other impact via crafted chunk dimensions in an image Integer Overflow in gdImageCreate Function in libgd Double free vulnerability in PHP mbstring extension allows remote code execution or denial of service Integer overflows in mcrypt.c leading to heap-based buffer overflow and application crash in PHP Integer Overflow in SplFileObject::fread Function in PHP SPL Extension Use-after-free vulnerability in spl_array.c in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to execute arbitrary code or cause a denial of service. Double Free Vulnerability in PHP WDDX Extension Use-after-free vulnerability in PHP Zip Extension Insecure Cryptographic Parameters in Blue Coat PacketShaper S-Series 11.5.x WECON LeviStudio Remote Code Execution Vulnerability Unvalidated POST Request Vulnerability in Locus Energy LGate Insecure Transmission of Credentials in OmniMetrix OmniView GE Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 Local Service Configuration Modification Vulnerability Open Ports in GE Bently Nevada 3500/22M USB and Serial Devices Allow Remote Privileged Access JanTek JTC-200 Cross-Site Request Forgery Vulnerability Authentication Bypass Vulnerability in Tollgrade LightHouse SMS (before 5.1 patch 3) Undocumented BusyBox Linux Shell Access Vulnerability in JanTek JTC-200 SQL Injection Vulnerability in Moxa SoftCMS before 1.5 Unquoted Windows Search Path Privilege Escalation Vulnerability in Moxa Active OPC Server XML External Entity (XXE) Vulnerability in ALC Liebert SiteScan Web, ALC WebCTRL, and Carrier i-Vu Versions 6.5 and Prior Buffer Overflow Vulnerability in Fatek Automation PM Designer and Automation FV Designer Username Enumeration Vulnerability in Tollgrade LightHouse SMS Stack-based and Remote Buffer Overflow Vulnerabilities in Fatek Automation PM Designer and FV Designer Authentication Bypass Vulnerability in Moxa OnCell G3100V2 and G3111/G3151/G3211/G3251 Devices Remote Buffer Overflow Vulnerability in Fatek Automation PM Designer and Automation FV Designer Insufficient Password Requirements in OmniMetrix OmniView Web Application Out-of-Bounds Write Vulnerability in Delta Electronics Software Path Traversal Vulnerability in CA Unified Infrastructure Management Weak Encryption Vulnerability in Moxa MGate Devices Multiple Heap-Based Buffer Overflow Vulnerabilities in Delta Electronics Software Tollgrade LightHouse SMS Authentication Bypass Vulnerability CSRF Token Absence Allows Unauthorized Configuration Changes on Schneider Electric Power Meters Sensitive Password Information Disclosure in Advantech WebAccess before 8.1_20160519 CROSS-SITE SCRIPTING Vulnerability in Visonic PowerLink2 Cleartext Password Storage Vulnerability in Moxa OnCell Devices Information Exposure in Visonic PowerLink2 Web Server Remote Code Execution Vulnerability in Rockwell Automation RSLogix Software Default Lack of Authentication on Schneider Electric IONXXXX Series Power Meters Hard-Coded Cryptographic Key Vulnerability in MRD-305-DIN and MRD-315, MRD-355, MRD-455 SQL Injection Vulnerability in Cargotec Navis WebAccess Allows Remote Code Execution Undocumented Hard-Coded Credentials Vulnerability in Schneider Electric PowerLogic PM8ECC Device Reflected Cross-Site Scripting Vulnerability in Moxa G3100V2 and OnCell G3111/G3151/G3211/G3251 Series Weak ACL in Huawei HiSuite Allows Local Privilege Escalation Denial of Service Vulnerability in Huawei Oceanstor 5800 Use-after-free vulnerability in libical allows for denial of service Use-after-free vulnerability in libical 1.0 allows remote attackers to cause denial of service Out-of-Bounds Heap Read Vulnerability in libical's icalparser_parse_string Function Out-of-Bounds Heap Read Vulnerability in libical's parser_get_next_char Function Out-of-Bounds Heap Read Vulnerability in libical's icaltime_from_string Function Denial of Service and System Crash Vulnerability in Linux Kernel on PowerPC Platforms Heap-based Buffer Overflow in Linux Kernel HID Device Driver Bypassing Redirection Restrictions in WordPress Customizer (CVE-2016-6896) Arbitrary Script Injection in WordPress Media List Table Arbitrary Script Injection in WordPress Attachment Names Sensitive Revision-History Information Disclosure in WordPress oEmbed Protocol Denial of Service Vulnerability in WordPress Category Attribute Removal Vulnerability in WordPress WordPress Password Change Restriction Bypass via Cookie Bypassing sanitize_file_name Protection Mechanism in WordPress Arbitrary Code Execution in Trend Micro Deep Discovery Inspector (DDI) 3.7-3.8 SP2 via hotfix_upload.cgi Integer Overflow Vulnerability in ImageMagick's profile.c Out-of-Bounds Read Vulnerability in ImageMagick SQL Injection Vulnerabilities in OTRS FAQ Package 2.x, 4.x, and 5.x Integer Overflow in ISO Parser in libarchive: Remote Denial of Service Vulnerability SAPCAR File Extraction Denial of Service Vulnerability SAPCAR Hard Link Privilege Escalation Vulnerability Insecure Password Storage in Siemens SICAM PAS before 8.07 Information Disclosure Vulnerability in Siemens SICAM PAS 8.07 XSS Vulnerability in Huawei Public Cloud Solution Volume Backup Service Module XML External Entity (XXE) vulnerability in python-docx before 0.8.6 Unquoted Service Path Vulnerability in NVIDIA Quadro, NVS, and GeForce Products: Exploiting GFE GameStream and NVTray Plugin Vulnerability in Qualcomm Audio Driver Allows Code Execution Despite Incorrect Length Value Kernel Heap Memory Exposure Vulnerability in Qualcomm Products with Android and Firefox OS Buffer Overflow Vulnerability in Qualcomm Products with Android for MSM, Firefox OS for MSM, or QRD Android Local Privilege Escalation in Qualcomm SPCom Driver Arbitrary Code Execution Vulnerability in Qualcomm SPCom Driver Out-of-Bounds Read Vulnerability in Qualcomm Products with Android for MSM, Firefox OS for MSM, or QRD Android Integer Overflow and Buffer Overflow Vulnerability in Qualcomm Sound Driver Heap Buffer Overflow Vulnerability in Qualcomm Audio Driver for Android and Firefox OS Heap Overflow Vulnerability in Qualcomm Display Driver for Android and Firefox OS Vulnerability: Type Casting Issue in Qualcomm Products with Android for MSM, Firefox OS for MSM, or QRD Android Missing Sanity Checks in Qualcomm Products: Out-of-Bounds Access Vulnerability Vulnerability: Integer Overflow and Buffer Overflow in Qualcomm Audio Driver Stack Overflow Vulnerability in Android Sound Driver for MSM, Firefox OS for MSM, and QRD Android Arbitrary Code Execution Vulnerability in Qualcomm Networking Driver in Android Denial of Service Vulnerability in Linux Kernel's msm_ipc_router_close Function Integer Overflow to Buffer Overflow Vulnerability in Qualcomm Android Products Unvalidated Arguments in QTEE Syscalls: A Vulnerability in Qualcomm Android Products Buffer Overflow in pecl_http URL Parsing Functions Denial of Service Vulnerability in Siemens SIMATIC NET PC-Software Arbitrary Image Download Vulnerability in ownCloud Server Open Redirect Vulnerability in IBM FileNet Workplace 4.0.2: Remote Phishing Attack Vector Arbitrary Shell Command Execution Vulnerability in MQCLI on IBM MQ Appliance M2000 and M2001 Devices Cross-Site Scripting (XSS) Vulnerability in IBM iNotes Allows for Credential Disclosure Cross-Site Scripting (XSS) Vulnerability in IBM iNotes Allows for Credential Disclosure Cross-Site Scripting (XSS) Vulnerability in IBM iNotes Allows for Credential Disclosure Cross-Site Scripting (XSS) Vulnerability in IBM iNotes 8.5 and 9.0 Cross-Site Scripting (XSS) Vulnerability in IBM iNotes Allows for Credential Disclosure Cross-Site Scripting (XSS) Vulnerability in IBM Interact 8.6, 9.0, 9.1, and 10.0 Cross-Site Request Forgery Vulnerability in IBM Interact 8.6, 9.0, 9.1, and 10.0 Arbitrary Password Change Vulnerability in IBM Sterling B2B Integrator 5.2 Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM 10x Local File Disclosure Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2 Information Disclosure Vulnerability in IBM WebSphere Commerce Stack Trace Information Disclosure in IBM Maximo Asset Management HTML Injection Vulnerability in IBM Jazz Reporting Service (JRS) Information Disclosure Vulnerability in IBM Jazz Reporting Service (JRS) Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) Allows Arbitrary JavaScript Code Injection TLS Certificate Validation Failure in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management Arbitrary Web Script Injection in IBM Maximo Asset Management Vulnerability: Password Disclosure in IBM Tivoli Storage Manager HSM for Windows Weak Cryptographic Algorithms in IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 Arbitrary Web Script Injection Vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services Password Disclosure Vulnerability in IBM Tivoli Storage Manager for Space Management Cross-Site Scripting (XSS) Vulnerability in IBM Connections 4.0, 4.5, 5.0, and 5.5 Host Header Injection Vulnerability in IBM Tivoli Monitoring 6.2 and 6.3 Arbitrary Code Execution Vulnerability in IBM Tivoli Storage Manager FastBack Installer SSL Certificate Validation Failure in IBM Jazz for Service Management Allows for Sensitive Information Disclosure Cross-Site Request Forgery Vulnerability in IBM Kenexa LCMS Premier on Cloud Local File Inclusion Vulnerability in IBM Kenexa LMS on Cloud SQL Injection Vulnerability in IBM Kenexa LMS on Cloud Cross-Site Scripting (XSS) Vulnerability in IBM Kenexa LMS on Cloud Directory Traversal Vulnerability in IBM Kenexa LMS on Cloud Cross-Site Scripting (XSS) Vulnerability in IBM Kenexa LMS on Cloud Bypassing Access Restrictions in IBM Spectrum Control 5.2.x Arbitrary Web Script Injection in IBM Spectrum Control Web UI File Upload Vulnerability in IBM Spectrum Control 5.2.x before 5.2.11 IBM Spectrum Control Directory Traversal Vulnerability Clickjacking Vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 Cross-Site Scripting (XSS) Vulnerability in IBM Kenexa LCMS Premier on Cloud Sensitive User Data Exposure in IBM Kenexa LCMS Premier on Cloud Clear Text Storage of User Credentials in IBM Kenexa LCMS Premier on Cloud Cross-Site Scripting (XSS) Vulnerability in IBM Kenexa LCMS Premier on Cloud SQL Injection Vulnerability in IBM Kenexa LCMS Premier on Cloud Session Identifier Leakage via URL Encoding Denial of Service Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM Rational DOORS Next Generation 6.0.2 Weak Algorithm Vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 Insecure Session Cookie Handling in IBM Security Privileged Identity Manager Sensitive Information Disclosure in IBM Security Privileged Identity Manager Clear Text Storage of User Credentials in IBM Security Privileged Identity Manager Arbitrary Code Execution Vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 Inadequate Account Lockout Setting in IBM Security Privileged Identity Manager Virtual Appliance v2.0.2 Allows Remote Brute Force Attacks IBM Security Privileged Identity Manager Virtual Appliance HTTP Strict Transport Security Bypass Vulnerability Information Disclosure Vulnerability in IBM Rational Asset Analyzer (RAA) 6.1.0 SSRF Vulnerability in IBM Tealeaf Customer Experience IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 Directory Traversal Vulnerability XML External Entity (XXE) Vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 Weak Permissions in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 Arbitrary Code Injection through Cross-Site Scripting (XSS) in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 IBM Tealeaf Customer Experience Web UI Cross-Site Scripting (XSS) Vulnerability Unspecified Vector Password Discovery Vulnerability in IBM Tealeaf Customer Experience Open redirect vulnerability in IBM Tealeaf Customer Experience web portal IBM Tealeaf Customer Experience Web UI Cross-Site Scripting (XSS) Vulnerability Privileged User Instance Creation Vulnerability in IBM Distributed Marketing Cross-Site Scripting (XSS) Vulnerability in IBM TRIRIGA Application Platform Arbitrary Web Script Injection Vulnerability in IBM FileNet Workplace XT and FileNet Workplace Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server (WAS) Cross-Frame Scripting Vulnerability in IBM InfoSphere Information Server Buffer Overflow Vulnerability in IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX Client with Journal-Based Backup Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) Information Disclosure Vulnerability in IBM Maximo Asset Management Sensitive Information Disclosure in IBM Security Privileged Identity Manager Virtual Appliance Arbitrary File Execution Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance Privilege Escalation Vulnerability in IBM Sterling Connect:Direct Denial of Service Vulnerability in IBM Sterling Connect:Direct File Browsing Vulnerability in IBM InfoSphere Information Server Untrusted Search Path Vulnerability in IBM DB2 Password-length restriction bypass vulnerability in IBM Tealeaf Customer Experience Password Quality Rule Bypass Vulnerability in IBM Tealeaf Customer Experience Cross-Site Scripting (XSS) Vulnerability in IBM TRIRIGA Application Platform Server-Side Request Forgery (SSRF) Vulnerability in IBM Forms Experience Builder Detailed Error Message Disclosure in IBM Emptoris Contract Management 10.0 and 10.1 Cross-Site Scripting (XSS) Vulnerability in IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x Open Redirect Vulnerability in IBM Sterling B2B Integrator Standard Edition Cross-Site Scripting (XSS) Vulnerability in IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 Cross-Site Scripting (XSS) Vulnerability in IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 Arbitrary File Read Vulnerability in IBM Sterling Secure Proxy IBM Jazz Technology Products Vulnerability: Information Disclosure via Error Messages Unattended Workstation Post-Logoff Session-Reuse Vulnerability in IBM Sterling Secure Proxy Vulnerability: Information Disclosure via Unrecognized HTTP Method in IBM Sterling Secure Proxy Missing HSTS Protection in IBM Sterling Secure Proxy (SSP) Allows for Information Disclosure and Data Modification Unauthorized Access to Work Item Titles in IBM Jazz Technology-Based Products Improper HTTP Strict Transport Security Configuration in IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Foundation Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager 4.0, 5.0, and 6.0 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Team Concert 4.0, 5.0, and 6.0 Cross-Site Request Forgery Vulnerability in IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) Windows Domain Credential Disclosure in IBM Tivoli Storage Manager for Virtual Environments (VMware) Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 HTML Injection Vulnerability in IBM Rational Team Concert (RTC) Eclipse Help Directory Traversal Vulnerability in IBM Tivoli Lightweight Infrastructure Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) Allows Arbitrary JavaScript Code Injection Session Hijacking Vulnerability in IBM Jazz Foundation Arbitrary Code Execution Vulnerability in IBM AppScan Enterprise Edition Session Expiration Bypass in Tivoli Storage Manager Operations Center Vulnerability: Unauthorized Manipulation of IBM Tivoli Storage Manager Operations Center REST API Cross-Site Request Forgery Vulnerability in IBM Tivoli Storage Manager Operations Center Cross-Site Scripting (XSS) Vulnerability in IBM Tivoli Storage Manager Operations Center Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) Allows Arbitrary JavaScript Code Injection Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Foundation Cross-Site Scripting (XSS) Vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 Cross-Site Scripting (XSS) Vulnerability in IBM Call Center for Commerce 9.3 and 9.4 IBM InfoSphere Information Server XML External Entity Injection (XXE) Denial of Service Vulnerability IBM Rational DOORS Next Generation Vulnerability: Unauthorized Project Name Disclosure Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Foundation Cross-Site Scripting (XSS) Vulnerability in IBM Resilient v26.0, v26.1, and v26.2 Local Command Injection Vulnerability in IBM Security Guardium Database Activity Monitor Appliance Unauthorized Access to Secured Role Properties in IBM UrbanCode Deploy REST API and CLI Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management Command Execution Vulnerability in IBM Cognos Disclosure Management 10.2 Unspecified Privilege Escalation Vulnerability in IBM AIX 5.3, 6.1, 7.1, and 7.2 WebSphere Message Broker WebAdmin Directory Listing Vulnerability Use-After-Free Race Condition Vulnerability in IBM BigFix Platform Allows Remote Code Execution Unauthenticated Access to Sensitive SOAP Queries in IBM Tivoli Monitoring V6 IBM BigFix Platform XMLSchema Request Denial of Service Vulnerability Local Network Vulnerability: IBM BigFix Platform Crash and Relay Server Compromise IBM Domino TLS Key Exchange Validation Vulnerability Improper Access Controls in IBM WebSphere MQ 9.0.0.1 and 9.0.2 Unspecified Vulnerability in IBM WebSphere Commerce: User Data Disclosure and Unauthorized Operations Vulnerability: Plain Text Storage of User Credentials in IBM Tivoli Key Lifecycle Manager Weak Password Policy in IBM Tivoli Key Lifecycle Manager Sensitive Information Disclosure in IBM Tivoli Key Lifecycle Manager Inadequate Account Lockout Setting in IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 Allows Remote Brute Force Attack Cross-Site Scripting (XSS) Vulnerability in IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 Local File Disclosure Vulnerability in IBM Tivoli Key Lifecycle Manager Unintended Access and Modification Vulnerability in IBM Tivoli Key Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 Information Disclosure Vulnerability Cross-Site Request Forgery Vulnerability in IBM Atlas Policy Suite 6.0.3 Sensitive Information Disclosure in IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 via URL Parameters Cross-Site Request Forgery Vulnerability in IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 Arbitrary Code Execution Vulnerability in IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 Authentication Bypass Vulnerability in IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 Local User Can Obtain Unencrypted Login Credentials to VMware vCenter via IBM Tivoli Storage Manager XML External Entity Injection (XXE) Vulnerability in IBM Curam Social Program Management 6.0 and 7.0 Privilege Escalation Vulnerability in IBM Distributed Marketing and Marketing Platform Cross-Site Scripting Vulnerability in IBM Verse Allows for Credential Disclosure Cross-Site Scripting (XSS) Vulnerability in IBM Emptoris Sourcing 9.5.x through 10.1.x Buffer Overflow Vulnerability in IBM General Parallel File System IBM Tivoli Key Lifecycle Manager 2.5 and 2.6: Remote Information Disclosure Vulnerability Debugging code in IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 exposes sensitive information Cross-Site Scripting (XSS) Vulnerability in IBM Emptoris Supplier Lifecycle Management 10.1.0.x Cross-Site Scripting (XSS) Vulnerability in IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 Security Question Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 Arbitrary File Upload and Code Execution Vulnerability in IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 Cross-Site Scripting (XSS) Vulnerability in IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 Directory Traversal Vulnerability in IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 Arbitrary Web Script Injection via File Upload in Request Tracker (RT) Denial of Service Vulnerability in GD Graphics Library Vulnerability: Insecure Message Length Validation in LibTomCrypt's rsa_verify_hash_ex Function Double Fetch Vulnerability in Linux Kernel's sclp_ctl_ioctl_sccb Function Vulnerability: Denial of Service in GNU Libiberty Demangler Out-of-Bounds Read Vulnerability in gdImageCreateFromTgaCtx Function Arbitrary Script Injection in Ektron Content Management System Double Fetch Vulnerability in Linux Kernel's audit_log_single_execve_arg Function Arbitrary OS Command Execution in SAP TREX 7.10 Revision 63 (SAP Security Note 2203591) SAP TREX 7.10 Revision 63 Directory Traversal Vulnerability Arbitrary File Read Vulnerability in SAP TREX 7.10 Revision 63 (SAP Security Note 2203591) Arbitrary File Write Vulnerability in SAP TREX 7.10 Revision 63 (SAP Security Note 2203591) Arbitrary Audit Trail Injection Vulnerability in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) Arbitrary Code Execution Vulnerability in SAP HANA DB 1.00.73.00.389160 via Audit Logs (SAP Security Note 2170806) Unlimited Login Attempts Vulnerability in SAP HANA User Enumeration Vulnerability in SAP HANA DB 1.00.091.00.1418659308 SAP TREX 7.10 Revision 63 NameServer Information Disclosure Vulnerability Arbitrary OS Command Execution in SAP TREX 7.10 Revision 63 (SAP Security Note 2234226) Remote Code Execution and Denial of Service Vulnerability in SAP HANA DB 1.00.73.00.389160 SAP HANA SPS09 1.00.091.00.14186593 Local Information Disclosure Vulnerability Insecure Communication Encryption in SAP HANA Multi-Tenant Database Container Remote Code Execution Vulnerability in CA eHealth 6.2.x Remote Code Execution Vulnerability in CA eHealth 6.2.x and 6.3.x Improper Implementation of Temporary Directory Search Algorithm in SQLite Reflected XSS and Open Redirect Vulnerability in Watchguard Fireware 11.11 Operating System Authentication Applet Double Fetch Vulnerability in ec_device_ioctl_xcmd Function CSRF Vulnerabilities in Huawei WS331a Routers Allow Unauthorized Access Authentication Bypass Vulnerability in Huawei WS331a Routers Denial of Service Vulnerability in tcprewrite before 4.1.2 Denial of Service Vulnerability in GD Graphics Library's Output Function Denial of Service Vulnerability in Linux Kernel 4.7-rc6 via IPv6 Socket Operations Denial of Service Vulnerability in librsvg2 2.40.2 Integer Overflow in mov_build_index function in FFmpeg Untrusted Search Path Vulnerabilities in Putty Beta 0.67 Allow Arbitrary Code Execution and DLL Hijacking Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows Foxit Reader and PhantomPDF 7.3.4.311 Heap-Based Buffer Overflow Vulnerability Denial of Service Vulnerability in ISC BIND DNS Server Remote DNS Servers Denial of Service Vulnerability in Knot DNS before 2.3.0 Denial of Service Vulnerability in PowerDNS Authoritative Server Denial of Service and Disk Consumption Vulnerability in NSD DNS Server Arbitrary Code Execution in Invision Power Services IPS Community Suite PHP-Gettext 1.0.12 and Earlier Eval Injection Vulnerability Integer Overflow Vulnerability in Huawei OceanStor 5800 V300R003C00 Remote Code Execution and Denial of Service Vulnerability in Huawei Networking Devices WiFi Driver Vulnerability in Huawei Honor 6 Smartphones Vulnerability in Camera Driver of Huawei Honor 4C Smartphones Denial of Service and Privilege Escalation Vulnerability in Huawei Honor 4C Camera Driver Denial of Service and Privilege Escalation Vulnerability in Huawei Honor 4C Camera Driver Vulnerability in Camera Driver of Huawei Honor 4C Smartphones Denial of Service and Privilege Escalation Vulnerability in Huawei Honor 4C Camera Driver Arbitrary Code Execution Vulnerability in Perl's XSLoader::load Method Arbitrary Script Injection in Django's dismissChangeRelatedObjectPopup Function AppArmor setprocattr Buffer Overflow Vulnerability Memory Leak Vulnerability in SOGo 2.3.7: Denial of Service via Large Attachment Upload Attempts Sensitive Information Disclosure in SOGo Calendar Feeds Information Disclosure in SOGo Calendar Cross-Site Scripting (XSS) Vulnerabilities in SOGo Web Calendar's View Raw Source Page Buffer Overflow Vulnerability in Huawei P8 Wi-Fi Driver Buffer Overflow Vulnerability in Huawei P8 Wi-Fi Driver SQL Injection Vulnerability in vBulletin ForumRunner Plugin Denial of Service Vulnerability in OverlayFS Filesystem Implementation in Linux Kernel Denial of Service Vulnerability in Linux Kernel's OverlayFS Filesystem Layer Arbitrary Code Execution Vulnerability in Gradle 2.12 Arbitrary Script Injection in Ektron CMS before 9.1.0.184 SP3 Siemens SINEMA Remote Connect Server XSS Vulnerability Remote Code Execution and Denial of Service Vulnerability in Huawei AR3200 Routers Integer Overflow in _gdContributionsAlloc Function in GD Graphics Library Allows Remote Denial of Service Nagios XSS Vulnerability: Exploiting Cross-Site Scripting in the Monitoring System Timing-based User Enumeration Vulnerability in OpenSSH Privilege Escalation Vulnerability in Drupal 7.x User Module Access Restriction Bypass Vulnerability in Drupal Views Module Denial of Service Vulnerability in Linux Kernel Mount Namespace Handling Out-of-Bounds Read Vulnerability in GD Graphics Library Arbitrary Code Injection Vulnerability in Sophos PureMessage for UNIX Title: Trend Micro Control Manager SP3 6.0 Information Disclosure Vulnerability in Dashboard and Error Pages Negative Index Vulnerability in libtiff's TIFFReadRawStrip1 and TIFFReadRawTile1 Functions Incomplete Fix for eCryptfs Swap Encryption Vulnerability Incomplete Initialization Vector (IV) Setting in xbcrypt in Percona XtraBackup Unverified X.509 Certificates Vulnerability in Kaspersky Safe Browser iOS Arbitrary File Write Vulnerability in KArchive SQL Injection Vulnerability in Zend_Db_Select in Zend Framework Denial of Service Vulnerability in Dropbox Lepton 1.0 via Crafted JPEG File Denial of Service Vulnerability in Dropbox Lepton 1.0 via Crafted JPEG File Out-of-Bounds Read Vulnerability in Dropbox Lepton 1.0 Out-of-Bounds Write Vulnerability in Dropbox Lepton 1.0 Out-of-Bounds Read Vulnerability in Dropbox Lepton 1.0 Denial of Service Vulnerability in OpenBSD 5.8 and 5.9: Exploiting __MAP_NOFAULT in mmap Extension Arbitrary Code Execution via Integer Truncation in OpenBSD amap_alloc Function Integer Overflow in amap_alloc1 Function in OpenBSD 5.8 and 5.9 Allows Local Privilege Escalation Denial of Service Vulnerability in OpenBSD 5.8 and 5.9 via Large Ident Value in kevent System Call Denial of Service Vulnerability in OpenBSD 5.8 and 5.9 Denial of Service Vulnerability in OpenBSD Kernel 5.9 Kernel Panic Vulnerability in OpenBSD 5.8 and 5.9 Denial of Service Vulnerability in OpenBSD 5.8 and 5.9 Kernel Panic Vulnerability in OpenBSD 5.8 and 5.9 Sensitive Information Disclosure in F5 BIG-IP REST Requests Integer Overflow and Buffer Overflow in libarchive ISO9660 Writer Privilege Escalation via Integer Overflow in Shadow 4.2.1 Symlink Attack Vulnerability in NetBSD's mail.local Heap-based Buffer Overflow in parse_packet function in collectd Arbitrary File Write Vulnerability in Portable UPnP SDK (libupnp) XML External Entity (XXE) Vulnerability in SAP Business One for Android 1.2.3 KeyJack: Remote Injection Attack on Lenovo Ultraslim Dongles Privilege Escalation via Fast-Path Pagetable Entry Update in Xen 4.7.x and Earlier Denial of Service Vulnerability in Xen 4.5.x through 4.7.x Out-of-Bounds Read and Crash Vulnerability in libidn Out-of-Bounds Read Vulnerability in libidn before 1.33 Denial of Service Vulnerability in libidn's stringprep_utf8_nfkc_normalize Function Denial of Service Vulnerability in uClibc and uClibc-ng MuPDF Use-After-Free Vulnerability in pdf_load_xref Function Arbitrary Command Execution in Trend Micro Smart Protection Server Arbitrary Command Execution in Trend Micro Smart Protection Server 2.5, 2.6, and 3.0 Arbitrary Code Execution Vulnerability in Trend Micro Smart Protection Server Multiple Directory Traversal Vulnerabilities in Trend Micro Smart Protection Server Arbitrary Command Execution in Trend Micro Virtual Mobile Infrastructure Missing HVI Check Vulnerability in Bzrtp Library XPath Injection Vulnerability in Epic MyChart: Unauthorized Access to XML Document Contents Denial of Service Vulnerability in Flexera FlexNet Publisher Privilege Escalation Vulnerability in Citrix Linux Virtual Delivery Agent (VDA) Arbitrary Command Execution in NETGEAR Routers Arbitrary Script Injection in Atlassian Confluence before 5.10.6 Arbitrary Web Script Injection via HTTP Host Header in Atlassian JIRA HTTPoxy vulnerability in spiffy-cgi-handlers before 0.5 HTTP_PROXY Environment Variable Vulnerability in http-client Egg Buffer over-read vulnerability in php_url_parse_ex function in PHP before 5.5.38 Integer Overflow Vulnerability in PHP's virtual_file_ex Function Use-after-free vulnerability in PHP session deserialization Memory Corruption and Denial of Service Vulnerability in PHP's exif_process_IFD_in_MAKERNOTE Function NULL Pointer Dereference Vulnerability in PHP's exif_process_user_comment Function Out-of-bounds read vulnerability in uloc_acceptLanguageFromHTTP function in ICU Out-of-bounds read vulnerability in PHP's locale_accept_from_http function Use-after-free vulnerability in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 in ext/snmp/snmp.c Heap-based buffer overflow vulnerability in xmlrpc-epi through 0.54.2 allows remote attackers to cause denial of service or execute arbitrary code via a long argument to xmlrpc_encode_request function in PHP. Integer Overflow in php_stream_zip_opener Function in PHP RSA 1.5 Algorithm Implementation Vulnerability in jwcrypto Vulnerability: Root Privilege Escalation via Crafted Spec File in Mock's SCM Plug-in Denial of Service Vulnerability in recv_and_process_client_pkt Function in Busybox Denial of Service Vulnerability in OpenSSL's tls_decrypt_ticket Function Integer Overflow in OpenSSL's MDC2_Update Function Allows Remote Attackers to Cause Denial of Service or Other Impact Memory Leak Vulnerabilities in OpenSSL Denial of Service Vulnerability in OpenSSL 1.1.0 Out-of-Bounds Read Vulnerability in OpenSSL Certificate Parser Memory Consumption Vulnerability in OpenSSL 1.1.0 Memory Consumption Vulnerability in OpenSSL DTLS Implementation Use-after-free vulnerability in OpenSSL 1.1.0a allows remote attackers to cause denial of service or execute arbitrary code via crafted TLS session oVirt Engine Vulnerability: Disclosure of ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD Internal IP Address Disclosure in JBoss EAP 7 via GET Requests Denial of Service Vulnerability in mod_dontdothat Component of mod_dav_svn Apache Module Weak Mixing Functions in Libgcrypt and GnuPG Random Number Generator Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x, 4.x, and 5.x Vulnerability: Parameter Handling Issue in Action Record in Ruby on Rails 4.2.x before 4.2.7.1 Stack-based Buffer Overflow in FascistGecosUser Function in Cracklib Arbitrary Web Script Injection via label parameter in Foreman Arbitrary Script Injection in Foreman Host Interface Form POINTYFEATHER: Directory Traversal Vulnerability in GNU Tar World-readable permissions for /etc/qci/answers in Red Hat QuickStart Cloud Installer (QCI) allows unauthorized access to root password Incompatible Execution Contexts in GNU C Library on ARM EABI Platforms Weak Permissions in Tomcat Package on RHEL and JBoss Web Server: Local Privilege Escalation Vulnerability NULL pointer dereference vulnerability in Linux kernel before 4.5.1 allows local users to cause denial of service Integer Overflow Vulnerability in libexif: Potential DoS and Information Disclosure Sweet32 Vulnerability in OpenVPN Arbitrary Code Execution Vulnerability in Red Hat JBoss Operations Network (JON) Per-title read restriction bypass vulnerability in MediaWiki API Session Termination Vulnerability in MediaWiki Arbitrary Script Injection in MediaWiki CSS User Subpage Preview Feature MediaWiki Cross-Site Scripting (XSS) Vulnerability in Parser::replaceInternalLinks2 Method Information Disclosure Vulnerability in MediaWiki Arbitrary File Revision Deletion Bypass in MediaWiki Session Access Bypass Vulnerability in MediaWiki 1.27.x before 1.27.1 Session Timeout Bypass Vulnerability in ovirt-engine-webadmin Vulnerability: Weak Password Encryption in Red Hat QuickStart Cloud Installer (QCI) Insecure Logging of Passwords in oVirt Engine Remote Code Execution Vulnerability in elog 3.1.1: Unauthorized User Data Posting Reflected XSS Vulnerability in JBoss BPM Suite 6 via Dashbuilder Missing HTTPOnly Flag in JBoss BPM Suite 6.3.x Session Cookies Information Disclosure Vulnerability in RESTEasy Async Jobs Denial of Service Vulnerability in RESTEasy's GZIPInterceptor Arbitrary Script Injection Vulnerability in RESTEasy Default Exception Handler Cross-Site Script Inclusion (XSSI) Vulnerability in JacksonJsonpInterceptor in RESTEasy Local Privilege Escalation Vulnerability in machinectl Command Denial of Service Vulnerability in OpenBSD 5.8 and 5.9 via sysctl Call Out-of-bounds Write and Code Execution Vulnerability in QEMU's ESP/NCR53C9x Controller Emulation Denial of Service Vulnerability in gdk-pixbuf's OneLine32 Function Unauthorized Document Access in Cloudera Search via RealTimeGetHandler Heap-based Buffer Overflow in yy_get_next_buffer Function in Flex Cisco IOS XR Memory Leak Vulnerability (Bug ID CSCux26791) Denial of Service Vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliances Bypassing Drop Filter in Cisco Email Security Appliance Partial Denial of Service Vulnerability in Cisco Email Security Appliance (ESA) FTP Application Cisco Transport Gateway Installation Software 4.1(4.0) XSS Vulnerability Partial Denial of Service Vulnerability in Cisco AMP for Email and Web Security Appliances Denial of Service Vulnerability in Cisco Aironet 1800, 2800, and 3800 Devices Privilege Escalation Vulnerability in Cisco Aironet Devices (CSCuz24725) Denial of Service Vulnerability in Cisco Aironet 1800, 2800, and 3800 Devices Bypassing Access Restrictions in Cisco Unified Communications Manager 11.5 (Bug ID CSCux67855) Arbitrary Web Script Injection Vulnerability in Cisco Firepower Management Center Buffer Overflow Vulnerability in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3: Remote Code Execution via IPv4 SNMP Packets Privilege Escalation Vulnerability in Cisco ASA Software (Bug ID CSCtu74257 or EPICBANANA) Cisco Firepower System Software PGM Protocol Packet Parsing Denial of Service Vulnerability Privilege Escalation via Crafted INF File in Cisco AnyConnect Secure Mobility Client Cisco HCM-F Directory Traversal Vulnerability (CSCuz27255) Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Directory Traversal Vulnerability (CSCuz64717) Vulnerability: Bypass of Email Filtering in Cisco AsyncOS Software Arbitrary OS Command Execution Vulnerability in Cisco Cloud Services Platform (CSP) 2100 2.0 Arbitrary Code Execution via Crafted DNS Lookup Command in Cisco CSP 2100 2.0 (CSCuz89093) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices Authentication Bypass Vulnerability in Cisco Virtual Media Packager (VMP) Denial of Service Vulnerability in Cisco IOS XE 3.1-3.17 and 16.1-16.2 (Bug ID CSCuw85853) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCuu35089) Cisco IOS and IOS XE DNS Forwarder Vulnerability Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCuy47382) Denial of Service Vulnerability in Cisco IOS and IOS XE (CSCuy16399) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCux04257) Smart Install Client Memory Leak Vulnerability Denial of Service Vulnerability in Cisco IOS XE 3.1 through 3.17 and 16.1 Denial of Service Vulnerability in Cisco IOS 12.2 and 15.0 through 15.3 (CSCur69036) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCud36767) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCuy87667) Session Fixation Vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting (XSS) Vulnerability Bypassing Malware Detection in Cisco Firepower Management Center and FireSIGHT System Software Cisco IPICS Universal Media Services (UMS) Interdevice Communications Interface Vulnerability PPTP Server Information Disclosure Vulnerability in Cisco IOS 15.5(3)M Denial of Service Vulnerability in Cisco ACE30 and ACE 4700 Appliances (CSCvb16317) Denial of Service Vulnerability in Cisco Carrier Routing System (CRS) 5.1 and 5.1.4 Local Privilege Escalation in Cisco UCS Manager and UCS 6200 Fabric Interconnects (Bug ID CSCuz91263) Denial of Service Vulnerability in Cisco IOS and IOS XE with IOx Feature Set (Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912) Cisco IOx Local Manager Cross-Site Scripting (XSS) Vulnerability Arbitrary File Write Vulnerability in Cisco Fog Director 1.0(0) for IOx (CSCuz89368) Remote Root Access Vulnerability in Cisco IronPort AsyncOS on Email Security Appliance (ESA) Devices Denial of Service Vulnerability in Cisco AsyncOS on Web Security Appliance (WSA) Devices (CSCuz27219) XML External Entity (XXE) Vulnerability in Cisco Prime Home 5.2.0 (Bug ID CSCvb17814) Denial of Service Vulnerability in Cisco IOS and IOS XE with IOx Feature Set (CSCuy54015) Arbitrary File Read Vulnerability in Cisco IOS and IOS XE (Bug ID CSCuy19856) Bypassing Do-Not-Decrypt Settings in Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 (CSCva50585) Arbitrary Download Vulnerability in Cisco Application-hosting Framework (CAF) (CSCuz84773) Cisco APIC Devices 1.3(2f) Binary Mishandling Vulnerability Arbitrary Command Execution Vulnerability in Cisco IOS and IOS XE (Bug ID CSCuz59223) IKEv1 Vulnerability: Information Disclosure via SA Negotiation Request Denial of Service Vulnerability in Cisco AsyncOS on Email Security Appliance, Web Security Appliance, and Content Security Management Appliance Cisco FireSIGHT System Software and Firepower Management Center Cross-Site Request Forgery (CSRF) Vulnerability (CSCva21636) Arbitrary Code Injection through Crafted URLs in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0-3.4.0 (CSCva14552) Cisco Firepower Management Center SQL Injection Vulnerability Privilege Escalation Vulnerability in Cisco FireSIGHT System Software Denial of Service Vulnerability in Cisco IOS XR 5.2.2 via Crafted OSPF LSA Update (CSCvb05643) Bypass of Access Restrictions in Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 Modules for 6500 and 7600 Devices (Bug ID CSCuy64806) IKEv2 Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCux97540) Denial of Service Vulnerability in Cisco ASA DHCP Relay Implementation (CSCuy66942) Cisco Unified Intelligence Center (CUIC) Cross-Site Scripting (XSS) Vulnerability Remote User Account Creation Vulnerability in Cisco Unified Intelligence Center (CUIC) Cisco Unified Intelligence Center (CUIC) Cross-Site Request Forgery (CSRF) Vulnerability Arbitrary OS Command Execution Vulnerability in Cisco IOS XR 6.1.1 (Bug ID CSCva38349) Cross-Site Scripting (XSS) Vulnerability in Cisco IPICS Web Framework Privilege Escalation Vulnerability in Cisco IPICS Command-Line Interface Cisco ASA Software Local Certificate Authority Vulnerability Buffer Overflow Vulnerability in Cisco ASA Software Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center Hardcoded Database Credentials Vulnerability in Cisco Firepower Management Center 6.0.1 Arbitrary File Read Vulnerability in Cisco Firepower Management Center 6.0.1 Cisco HostScan Engine XSS Vulnerability (Bug ID CSCuz14682) Cisco WAAS SSL Session Cache Management Denial of Service Vulnerability Vulnerability in Cisco IOS XE Software on Cisco cBR-8 Routers: Configuration Integrity Change on vty Line Cisco Firepower System Software HTTP Packet Reassembly Denial of Service Vulnerability Cisco Unified Communications Manager (CUCM) Clickjacking Vulnerability TL1 Code Vulnerability in Cisco ASR 900 Series Routers Cisco Finesse Agent and Supervisor Desktop Software Cross-Site Request Forgery Vulnerability SQL Injection Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Meeting Server XMPP Service Authentication Bypass Vulnerability in Cisco Meeting Server and Acano Server Memory Retrieval Vulnerability in Cisco Meeting Server's Web Bridge (CSCvb03308) Arbitrary Code Execution Vulnerability in Cisco Meeting Server and Meeting App Arbitrary Code Execution Vulnerability in Cisco Meeting Server Vulnerability in Cisco FireAMP Connector Endpoint Software Allows Unauthorized Stopping of Critical Processes Vulnerability in Cisco IOS XE Software Allows Local Attacker to Gain Write Access Cross-Site Scripting (XSS) Vulnerabilities in Cisco Prime Collaboration Provisioning Vulnerability in Cisco Prime Home GUI Allows Authentication Bypass and Full Administrator Privileges Arbitrary SQL Command Execution Vulnerability in Cisco Identity Services Engine (ISE) Cisco Hosted Collaboration Mediation Fulfillment Application Cross-Site Request Forgery (CSRF) Vulnerability Vulnerability in Slowpath of StarOS for Cisco ASR 5500 Series Routers with DPC2 Denial of Service Vulnerability in Cisco Nexus 9000 Series Platform Leaf Switches for ACI Bypassing Content Filters in Cisco Email Security Appliances Local Shell Command Injection Vulnerability in Cisco TelePresence Endpoints FTP REST API Bypass Vulnerability in Cisco Firepower System Software Arbitrary XML Command Injection Vulnerability in Cisco ASA Web Management Interface Bypassing Advanced Malware Protection (AMP) Filters in Cisco Email Security Appliances Bypass of Advanced Malware Protection (AMP) Filters in Cisco Email Security Appliances Cisco Unified Communications Manager IM and Presence Service Web Management Interface Information Disclosure Vulnerability Bypassing User Filters in Cisco AsyncOS Software for Email and Web Security Appliances Denial of Service (DoS) Vulnerability in IPsec Component of StarOS for Cisco ASR 5000 Series Routers IPv6 Packet Fragment Reassembly Vulnerability in StarOS for Cisco ASR 5000 Series Switch Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Emergency Responder Web Interface Denial of Service Vulnerability in Cisco Web Security Appliance (WSA) Privilege Escalation Vulnerability in Cisco Hybrid Media Service Installation Procedure Remote Storage Password Disclosure Vulnerability in Cisco Firepower Management Center Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communication Manager (CallManager) CCMIVR Page Vulnerability in Cisco IOS on Catalyst and Nexus Switches: Layer 2 Network Storm X.509 Version 3 SSH Authentication Bypass Vulnerability in Cisco IOS and IOS XE Software Double Fetch Vulnerability in ioctl_send_fib Function in Linux Kernel SSRF vulnerability in vBulletin media-file upload feature CRLF Injection Vulnerability in Infoblox Network Automation NetMRI Insecure Initialization Vector Generation in Magento 2's Crypt.php Weak Permissions in Siemens SINEMA Server Application Folder Cache Side Channel Attack on RSA and DSA Decryption Code in Nettle Denial of Service Vulnerability in QEMU's virtqueue_map_desc Function Buffer Overflow in Get8BIMProperty Function in ImageMagick Privilege Escalation Vulnerability in MediaTek Linux Driver Memory Permission Weakening Vulnerability in Citrix XenApp and XenDesktop World-readable permissions on .dbshell history files in MongoDB client Information Disclosure Vulnerability in NetApp Data ONTAP LDAP Entry Poisoning Vulnerability in Atlassian Crowd LDAP Entry Poisoning Vulnerability in Groovy LDAP API LDAP Entry Poisoning Vulnerability in ForgeRock OpenIDM and OpenICF LDAP Entry Poisoning in JFrog Artifactory before 4.11 Denial of Service Vulnerability in Wireshark 2.x on 64-bit Windows Platforms NULL Pointer Dereference and Application Crash in NDS Dissector of Wireshark 1.12.x Denial of Service Vulnerability in Wireshark PacketBB Dissector Denial of Service Vulnerability in Wireshark WSP Dissector Denial of Service Vulnerability in Wireshark MMSE Dissector Denial of Service Vulnerability in Wireshark RLC Dissector Denial of Service Vulnerability in LDSS Dissector in Wireshark Stack-based buffer overflow vulnerability in the RLC dissector in Wireshark before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service. Denial of Service Vulnerability in Wireshark OpenFlow Dissector Denial of Service Vulnerability in Wireshark 2.x Unrestricted Recursion Depth in WBXML Dissector in Wireshark 2.x before 2.0.5 OpenSSH Denial of Service Vulnerability via Long Password Double Fetch Vulnerability in Linux Kernel's ioctl_file_dedupe_range Function Directory Traversal Vulnerability in Liferay 5.1.0 via minifierBundleDir Parameter Denial of Service Vulnerability in Huawei S-Series and S12700 Devices Arbitrary Code Injection through Metadata Field in Openstack Manila Shares Overview Buffer Overflow in ImageMagick's enhance.c in MagickCore CSRF Vulnerability in Grails Console Allows Remote Code Execution Integer Overflow in uvm_map_isavail Function in OpenBSD 5.9 Cross-Site Scripting (XSS) Vulnerabilities in Dotclear Media Manager Heap-based Buffer Overflow in pdf_load_mesh_params Function in MuPDF Vulnerability: Denial of Service and Privilege Escalation in Samsung Note's SpamCall Activity Component Vulnerability in SmartCall Activity Component on Samsung Note Devices Allows for Denial of Service and Privilege Escalation Default Password Vulnerability in Dentsply Sirona CDR Dicom 5 and Earlier Hardcoded MySQL Root Password in Open Dental 16.1 and Earlier Hardcoded Password Vulnerability in DEXIS Imaging Suite 10 Command Injection Vulnerability in Opmantek NMIS CGI Script Hardcoded Accounts in AVer Information EH6108H+ Devices Allow Remote Root Access Bypassing Page-Access Restrictions and Password Modification in AVer Information EH6108H+ Devices ClearText Password Storage and Transmission in AVer Information EH6108H+ Devices Cleartext Storage of Account Password in TrackR Bravo Mobile App (CVE-2016-6538, CVE-2016-6539, CVE-2016-6540, CVE-2016-6541) Vulnerability: Trackr Device ID Exposure Unauthenticated Access to TrackR Bravo Cloud Service Allows Unauthorized GPS Data Querying and Sending Unauthenticated Pairing Vulnerability in TrackR Bravo Device iTrack Device Vulnerability: Unauthorized Access to LosserID and BLE MAC Address Multiple User Account Registration Vulnerability in iTrack Easy Allows Unauthorized GPS Tracking Unauthenticated Modification of GPS Data in iTrack Easy Insecure Session Management and Password Transmission in iTrack Easy Insecure Storage of Passwords in iTrack Easy Mobile Application Clear-text Storage of Account Password in Zizai Tech Nut Mobile App Insecure Session Token Transmission in Zizai Tech Nut Mobile App Unauthenticated Bluetooth Pairing Vulnerability in Zizai Tech Nut Device Insecure Certificate Verification in U by BB&T App for iOS Default Credentials Vulnerability in Intellian Satellite TV Antennas Non-Random Default Credentials in Green Packet DX-350: A Gateway to Privileged Access Non-random default credentials in Nuuo NT-4040 Titan firmware NT-4040_01.07.0000.0015_1120 Default Credentials Vulnerability in Synology NAS Servers Stored XSS Vulnerability in OpenNMS 18.0.1 and Prior Versions Stored XSS Vulnerability in OpenNMS 18.0.1 and Prior Versions Unauthenticated Remote Command Execution in ASUS RP-AC52 Access Points Command Injection Vulnerability in ASUS RP-AC52 Access Point Firmware Version 1.0.1.1s Improper Bounds Checking in link_ntoa() Function in BSD Libc Library Signed Comparisons in illumos osnet-incorporation bcopy() and bzero() Implementations Can Lead to System Crash Critical Vulnerability: illumos smbsrv NULL Pointer Dereference Leading to System Crash Insecure SSL Certificate Validation in ShoreTel Mobility Client App v9.1.3.109 Buffer Overflow Vulnerability in D-Link DIR Routers via Malformed SOAP Messages Vulnerability: Privileged Binary in Ragentek Android Devices Allows Unauthorized OTA Updates Arbitrary File Read and Code Execution in Imagely NextGen Gallery Plugin SQL Injection Vulnerability in Sungard eTRAKiT3 Software Version 3.2.1.17 Firmware Update Vulnerability in SHDesigns' Resident Download Manager Global Cross-Site Request Forgery (CSRF) Vulnerability in CodeLathe FileCloud HTTP/2 Python Priority Library Vulnerability: Memory Exhaustion and High CPU Usage HPACK Bomb Denial of Service Vulnerability in Python HTTP/2 Implementation Vulnerability: Lack of OAuth 2.0 Token Revocation Implementation in Doorkeeper Gem Denial of Service Vulnerability in Symantec Norton Mobile Security for Android: Man-in-the-Middle Attack via Crafted JavaScript Man-in-the-Middle Vulnerability in Symantec Norton Mobile Security for Android Information Disclosure Vulnerability in Symantec Norton Mobile Security for Android Cross-Site Scripting (XSS) Vulnerability in Symantec IT Management Suite 8.0 ITMS Workflow Process Manager Console Denial of Service Vulnerability in Symantec IT Management Suite 8.0 Login Window DLL Loading Privilege Escalation Vulnerability Security Bypass Vulnerability in Symantec Norton App Lock 1.0.3.186 and Earlier Remote Code Execution Vulnerability in Symantec Norton Download Manager Code-execution vulnerability in Symantec VIP Access Desktop before 2.2.2 allows local malicious users to execute arbitrary code during startup Vulnerability: Remote Bypass of Blocked Requests, User Authentication, and Payload Scanning in Blue Coat Advanced Secure Gateway, CacheFlow, and ProxySG Denial of Service Vulnerability in SwarmKit Toolkit 1.12.0 for Docker Open Reverse Proxy Vulnerability in Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control Unauthenticated File Upload Vulnerability in BMC Track-It! 11.4 before Hotfix 3 Unauthenticated Retrieval of Sensitive Information in BMC Track-It! 11.4 Arbitrary JSP File Execution via Directory Traversal in ZOHO WebNMS Framework Arbitrary File Read Vulnerability in ZOHO WebNMS Framework 5.2 and 5.2 SP1 Weak Obfuscation Algorithm in ZOHO WebNMS Framework 5.2 and 5.2 SP1 Allows Password Retrieval Authentication Bypass and User Impersonation in ZOHO WebNMS Framework 5.2 and 5.2 SP1 Samsung Exynos fimg2d driver NULL pointer dereference vulnerability (SVE-2016-6382) Impala Setry Authorization Bypass Vulnerability Vulnerability: Padding Oracle Attack in phpMyAdmin Cookie Encryption Multiple XSS Vulnerabilities in phpMyAdmin XSS Vulnerabilities in phpMyAdmin's Database Privilege Check and Remove Partitioning Functionality Arbitrary PHP Command Execution via Specially Crafted Database Name in phpMyAdmin Full Path Disclosure Vulnerability in phpMyAdmin SQL Injection Vulnerability in phpMyAdmin Export Functionality Vulnerability: File Exposure via LOAD LOCAL INFILE in phpMyAdmin Symlink Vulnerability in phpMyAdmin Exposes Restricted Files File System Traversal Vulnerability in phpMyAdmin XSS Vulnerabilities in phpMyAdmin: Navigation Pane, Tracking, and GIS Visualization Features SQL Injection Vulnerability in phpMyAdmin User Group and Designer Features SQL Injection Vulnerability in phpMyAdmin Export Functionality Denial-of-Service Vulnerability in phpMyAdmin Transformation Feature SQL Injection Vulnerability in phpMyAdmin User Interface Preference Feature Unauthenticated Remote Code Execution in phpMyAdmin Server-side Request Forgery (SSRF) Vulnerability in phpMyAdmin Setup Script Denial-of-Service Vulnerability in phpMyAdmin phpMyAdmin Denial-of-Service Vulnerability IP-based Authentication Bypass Vulnerability in phpMyAdmin Session Leakage Vulnerability in phpMyAdmin Vulnerability: User Redirection to Malicious Web Page in phpMyAdmin phpMyAdmin Host Location Disclosure Vulnerability phpMyAdmin SVG File Download Vulnerability Vulnerability: Bypassing ArbitraryServerRegexp in phpMyAdmin Denial-of-Service Vulnerability in phpMyAdmin Remote Code Execution Vulnerability in phpMyAdmin phpMyAdmin File Deletion Vulnerability Remote Code Execution Vulnerability in phpMyAdmin Arbitrary Script Injection in WordPress Network Settings Page CSRF Vulnerability in WordPress wp_ajax_wp_compression_test Function Improper Handling of Redirect_URI Subdomains in Pivotal Cloud Foundry (PCF) and UAA Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Pivotal Cloud Foundry (PCF) and Related Components Sensitive Information Disclosure in Cloud Foundry PHP Buildpack Arbitrary Script Injection in EMC ViPR SRM before 3.7.2 CSRF Vulnerability in EMC ViPR SRM Allows Remote File Upload Hijacking Arbitrary Script Injection Vulnerability in EMC ViPR SRM before 3.7.2 Arbitrary Document Read Vulnerability in EMC Documentum D2 Arbitrary Code Execution Vulnerability in EMC Unisphere for VMAX Virtual Appliance 8.x Arbitrary Code Execution Vulnerability in EMC Unisphere for VMAX Virtual Appliance 8.x Arbitrary Code Injection through Unspecified Vectors in EMC ViPR SRM before 4.0.1 Sensitive Information Disclosure Vulnerability in EMC RecoverPoint Multiple Command Injection Vulnerabilities in EMC RecoverPoint SSL Stripping Vulnerability in EMC RecoverPoint and RecoverPoint for Virtual Machines Privilege Escalation via Token Possession in Pivotal Cloud Foundry (PCF) and UAA Arbitrary JPQL Command Execution via Sort Function Call in Pivotal Spring Data JPA Sensitive Information Disclosure in MariaDB Audit Plugin in PCF cf-mysql-release Command Injection Vulnerability in Cloud Foundry Components Arbitrary Command Injection in Pivotal Greenplum External Tables Open Redirect Vulnerability in Pivotal Cloud Foundry Elastic Runtime Components Insecure Storage of User Credentials in cf-release Privilege Escalation via UAA Log Access and Specially Crafted Application Arbitrary Configuration Creation and Bypass Vulnerability in MySQL, MariaDB, and Percona Server Privilege escalation vulnerability through race condition in MySQL, MariaDB, Percona Server, and Percona XtraDB Cluster Local Privilege Escalation via Symlink Attack in MySQL and Related Databases Default Privileged Account Vulnerability in NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 Information Disclosure Vulnerability in Atlassian Hipchat Integration Plugin Buffer Overflow Vulnerability in Huawei USG Unified Security Gateways Insufficient Entropy in Self-Signed Certificates on Huawei S-Series Devices Memory Corruption and Arbitrary Code Execution Vulnerability in FFmpeg's raw_decode Function Privilege Escalation Vulnerability in Synaptics Touchscreen Driver on Nexus 5X Devices Privilege Escalation Vulnerability in NVIDIA Camera Driver on Nexus 9 Devices Privilege Escalation Vulnerability in Android Nexus Devices via Crafted Application (CVE-2016-10-05) Off-by-one buffer overflow vulnerability in Qualcomm Wi-Fi driver on Nexus 5X and Android One devices Off-by-one buffer overflow vulnerability in Qualcomm Wi-Fi driver on Android devices Nexus 9 NVIDIA GPU Driver Information Disclosure Vulnerability Vulnerability in Motorola USBNet Driver on Nexus 6 Devices Allows Information Disclosure Information Disclosure Vulnerability in Qualcomm Wi-Fi Driver on Nexus 5X and Android One Devices Information Disclosure Vulnerability in Qualcomm Wi-Fi Driver on Nexus 5X and Android One Devices Uninitialized Data Structures Vulnerability in Qualcomm QDSP6v2 Driver on Android Devices Uninitialized Data Structures Vulnerability in Qualcomm QDSP6v2 Driver on Android Devices Sensitive Information Disclosure Vulnerability in Android Kernel on Nexus Devices Sensitive Information Disclosure Vulnerability in Android Kernel Information Disclosure Vulnerability in Android Kernel on Nexus 6P Devices Nexus 9 NVIDIA Profiler Information Disclosure Vulnerability Nexus 9 NVIDIA Profiler Information Disclosure Vulnerability Nexus 9 NVIDIA Profiler Information Disclosure Vulnerability Sensitive Information Disclosure in Android Binder Kernel Denial of Service Vulnerability in Android Sound Driver on Nexus Devices Denial of Service Vulnerability in Qualcomm Wi-Fi gbk2utf Module Denial of Service and Possible Other Impact in Qualcomm MDSS Driver Denial of Service Vulnerability in Qualcomm QDSP6v2 Driver Denial of Service Vulnerability in Qualcomm QDSP6v2 Driver Denial of Service Vulnerability in Qualcomm QDSP6v2 Driver Denial of Service Vulnerability in Qualcomm QDSP6v2 Driver Information Disclosure Vulnerability in Qualcomm Components Critical Remote Code Execution Vulnerability in Android Mediaserver Critical Elevation of Privilege Vulnerability in libzipfile on Android Remote Code Execution Vulnerability in libskia in Android 7.0 Remote Code Execution Vulnerability in libjpeg in Android 4.x, 5.0.x, and 5.1.x Android Runtime Remote Code Execution Vulnerability Android Mediaserver Elevation of Privilege Vulnerability Mediaserver Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in libstagefright in Android 7.0 Elevation of Privilege Vulnerability in Android System Server Elevation of Privilege Vulnerability in Android 7.0: Bypassing Work Profile Security Prompt in Multi-Window Mode Information Disclosure Vulnerability in Conscrypt and BoringSSL in Android Data Leakage Vulnerability in Android Download Manager Remote Denial of Service Vulnerability in libvpx in Mediaserver Remote Denial of Service Vulnerability in libvpx in Mediaserver Remote Denial of Service Vulnerability in Android Mediaserver Remote Denial of Service Vulnerability in Android Mediaserver Audio Recording Elevation of Privilege Vulnerability in Android Framework APIs Elevation of Privilege Vulnerability in AOSP Launcher: Unauthorized Shortcut Creation Elevation of Privilege Vulnerability in Android Mediaserver Account Manager Service Elevation of Privilege Vulnerability Bluetooth Pairing Vulnerability in Android Devices Libstagefright Information Disclosure Vulnerability Mediaserver Information Disclosure Vulnerability Libstagefright Information Disclosure Vulnerability Denial of Service Vulnerability in Android Proxy Auto Config Input Manager Service Denial of Service Vulnerability Critical Remote Code Execution Vulnerability in Qualcomm Crypto Driver Qualcomm Component Vulnerability in Nexus 6 and Android One Devices Remote Code Execution Vulnerability in Qualcomm GPS Subsystem on Android One Devices Critical Elevation of Privilege Vulnerability in Android Kernel ION Subsystem Critical Elevation of Privilege Vulnerability in Qualcomm Bootloader Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in Android Kernel ION Subsystem Elevation of Privilege Vulnerability in Qualcomm Crypto Engine Driver in Android Elevation of Privilege Vulnerability in Qualcomm Camera Driver Elevation of Privilege Vulnerability in Qualcomm Camera Driver Elevation of Privilege Vulnerability in Qualcomm Camera Driver Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver in Android Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver in Android Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver in Android Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver in Android NVIDIA GPU Driver Information Disclosure Vulnerability in Android Denial of Service Vulnerability in Android Mediaserver (CVE-2016-6747) Information Disclosure Vulnerability in Qualcomm Components Information Disclosure Vulnerability in Qualcomm Components Information Disclosure Vulnerability in Qualcomm Components Information Disclosure Vulnerability in Qualcomm Components Information Disclosure Vulnerability in Qualcomm Components Android Information Disclosure Vulnerability Remote Code Execution Vulnerability in Android WebView Elevation of Privilege Vulnerability in Qualcomm Camera Driver Allows Arbitrary Code Execution Information Disclosure Vulnerability in Qualcomm Components: Exploiting Privileged Processes in Android Information Disclosure Vulnerability in Qualcomm Components: Exploiting Privileged Processes in Android High-Risk Elevation of Privilege Vulnerability in Qualcomm Media Codecs on Android High-Risk Elevation of Privilege Vulnerability in Qualcomm Media Codecs on Android Elevation of Privilege Vulnerability in Qualcomm Media Codecs on Android High-Risk Elevation of Privilege Vulnerability in Qualcomm Media Codecs on Android Elevation of Privilege Vulnerability in libziparchive Library on Android Denial of Service Vulnerability in Telephony: Local Permanent Denial of Service in Android Remote Denial of Service Vulnerability in Android Mediaserver Denial of Service Vulnerability in libstagefright in Mediaserver Denial of Service Vulnerability in Android Mediaserver (CVE-2017-0630) High-Risk Denial of Service Vulnerability in Android Mediaserver High-Risk Remote Code Execution Vulnerability in Framesequence Library on Android Smart Lock Elevation of Privilege Vulnerability Allows Unauthorized Access to Settings Local Elevation of Privilege Vulnerability in Android Framework API Elevation of Privilege Vulnerability in Telephony on Android 6.0, 6.0.1, and 7.0 Elevation of Privilege Vulnerability in Wi-Fi on Android Moderate Information Disclosure Vulnerability in Android Mediaserver Information Disclosure Vulnerability in Android Package Manager Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Critical Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android Elevation of Privilege Vulnerability in HTC Sound Codec Driver Elevation of Privilege Vulnerability in HTC Sound Codec Driver Elevation of Privilege Vulnerability in HTC Sound Codec Driver Elevation of Privilege Vulnerability in MediaTek Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in MediaTek Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in MediaTek Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in MediaTek Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in MediaTek Driver Allows Arbitrary Code Execution Lock Mismanagement Vulnerability in Linux Kernel's Performance Subsystem Lock Mismanagement Vulnerability in Linux Kernel's Performance Subsystem Elevation of Privilege Vulnerability in MediaTek I2C Driver Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in NVIDIA libomx Library Elevation of Privilege Vulnerability in NVIDIA libomx Library Elevation of Privilege Vulnerability in Qualcomm Sound Driver Allows Arbitrary Code Execution Arbitrary Code Execution and File Manipulation Vulnerability in Apache Wicket DiskFileItem Class System Property Bypass Vulnerability in Apache Tomcat Arbitrary Code Execution via Path Traversal in Apache Struts 2.3.x and 2.5.x Apache Tomcat SecurityManager Bypass Vulnerability Unrestricted Access to Global JNDI Resources in Apache Tomcat Insecure SAX Parser in XSS.getValidXML() Method Allows for XXE Attacks in Apache Sling Insecure Log Data Storage in Apache Cordova Android 5.2.2 and earlier Arbitrary JavaScript Code Injection in Apache OFBiz Blog Functionality CSRF Content-Type Check Bypass Vulnerability in Apache Jackrabbit Bypassing Servlet Filters in Apache Shiro before 1.3.2 Unquoted Windows Search Path Vulnerability in Apache OpenOffice Installers Arbitrary Code Execution Vulnerability in Apache OpenOffice Windows Installer Apache Ignite XXE Vulnerability in Update-Notifier Documents Cross-Site Request Forgery (CSRF) Vulnerability in Apache Wicket Unauthenticated Remote Command Execution on Ambari Agent Hosts Apache Tomcat Connectors (mod_jk) before 1.2.42 Buffer Overflow Vulnerability Java Code Execution via Serialized Objects in MATLAB Files Cross-Site Scripting (XSS) Vulnerability in Apache ActiveMQ Web Administration Console Privilege Escalation Vulnerability in Apache Hadoop 2.x before 2.7.4 Cross-Site Scripting (XSS) Vulnerability in Apache CXF's HTTP Transport Module API Key Reset Vulnerability in Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 Code Execution Vulnerability in Unsupported Codehaus Versions of Groovy Vulnerability: Unauthorized Password Change for admin Role Users by keyadmin Role Users in Apache Ranger HTTP Request Line Parsing Vulnerability in Apache Tomcat Apache Tomcat HTTP/2 Header Parser Denial of Service Vulnerability SQL Injection Vulnerability in SAP Business Intelligence Platform MetroCluster Tiebreaker in clustered Data ONTAP versions before 1.2: Cleartext Disclosure of Sensitive Information Integer Overflow in BMP Coder in ImageMagick: Remote Denial of Service Vulnerability Denial of Service Vulnerability in Huawei AC6003, AC6005, AC6605, and ACU2 Access Controllers Vulnerability: Lack of Authentication Protection Mechanisms in Huawei Servers Denial of Service Vulnerability in Huawei AnyMail 2.6.0301.0060 Cleartext AES Key Storage Vulnerability in Huawei FusionCompute Use-after-free vulnerability in Linux kernel allows denial of service via crafted SACK option Default Password Vulnerability in Openstack Trove Service Buffer Overrun Vulnerability in CHICKEN Scheme's process-execute and process-spawn Procedures Memory Leak in CHICKEN's process-execute and process-spawn Procedures Heap-based Buffer Overflow in libav's ff_audio_resample function QEMU Use-After-Free Vulnerability in vmxnet3_io_bar0_write Function Denial of Service Vulnerability in QEMU's net_tx_pkt_do_sw_fragmentation Function QEMU Denial of Service Vulnerability in vmxnet_tx_pkt_parse_headers Function Information Disclosure Vulnerability in QEMU's vmxnet3_complete_packet Function Arbitrary Script Injection in MantisBT Filter API Insecure SSH Encryption Algorithm Vulnerability in Huawei Servers CRLF Injection Vulnerability in Huawei FusionAccess Huawei OceanStor ISM Cross-Site Scripting (XSS) Vulnerability Remote Code Execution via User's Name in Open-Xchange OX App Suite Script Injection Vulnerability in Open-Xchange OX App Suite SVG File Code Execution Vulnerability HTML E-Mail Hyperlink Script Injection Vulnerability Arbitrary web script injection vulnerability in Open-Xchange (OX) AppSuite and Office Web Arbitrary Code Execution via SVG Album Covers in Open-Xchange OX App Suite Reflected File Download Vulnerability in Open-Xchange OX App Suite SVG Profile Picture Vulnerability Cross-Site Scripting (XSS) Vulnerability in Open-Xchange OX Guard Open-Xchange OX App Suite Local File Path Disclosure Vulnerability Open-Xchange OX Guard before 2.4.2-rev5 allows injection of script code and phishing via PGP public key names Remote Code Execution via Inline PGP Signature in Open-Xchange OX Guard Denial of Service Vulnerability in Eye of GNOME (eog) 3.16.5 and earlier Arbitrary Script Injection in Hybris Management Console Inbox Search Feature Arbitrary web script injection vulnerability in Hybris Management Console (HMC) in SAP Hybris Cross-site scripting (XSS) vulnerability in Create Employee feature in SAP Hybris Management Console (HMC) Sensitive Information Disclosure in Hybris Management Console (HMC) in SAP Hybris before 6.0 Vulnerability in slock allows bypassing screen lock via invalid password hash Unspecified Out-of-Bounds Write Vulnerability in Facebook HHVM Buffer Overflow Vulnerability in Facebook HHVM Integer Overflow in StringUtil::implode in Facebook HHVM: Unspecified Impact via Unknown Vectors Unspecified Impact Vulnerability in Facebook HHVM before 3.15.0 Unspecified Impact Vulnerability in Facebook HHVM's array_*_recursive Functions Infinite Recursion Vulnerability in Facebook HHVM (before 3.15.0) via WDDX Denial of Service Vulnerability in F5 BIG-IP Products HTTP 302 Redirection Vulnerability in Citrix XenMobile Server Vulnerability in Curve25519 Code in Botan Before 1.11.31 on Systems without Native 128-bit Integer Type Multiple Key_Usage Enum Value Vulnerability in botan 1.11.x Infinite Loop Denial of Service Vulnerability in FFmpeg's zlib_refill Function Lenstra Side-Channel Attack on MatrixSSL Bleichenbacher Variant Attack in MatrixSSL before 3.8.3 with RSA Cipher Suites Denial of Service Vulnerability in MatrixSSL before 3.8.3 Denial of Service Vulnerability in pstm_exptmod Function in MatrixSSL Denial of Service Vulnerability in pstm_reverse Function in MatrixSSL Predictable Secret Key Vulnerability in MatrixSSL 3.8.6 and Earlier Integer Overflow in net_tx_pkt_init Function in QEMU: Denial of Service via Unchecked Multiplication and NULL Pointer Dereference Heap-based Buffer Overflow in MatrixSSL: Remote Code Execution via Crafted X.509 Certificate Denial of Service Vulnerability in MatrixSSL before 3.8.6 via Crafted ASN.1 Bit Field Primitive Denial of Service Vulnerability in MatrixSSL's x509FreeExtensions Function CSRF Vulnerability in GNU Mailman 2.1.x User Options Page Denial of Service Vulnerability in Arista EOS 4.15-4.17 on DCS-7050 Series Devices WordPress 4.5.3 Directory Traversal Vulnerability CSRF vulnerability in WordPress wp_ajax_update_plugin function Huawei E9000 Rack Servers: XML External Entity (XXE) Vulnerability in Hyper Management Module (HMM) Insecure SSL Encryption Algorithm Vulnerability in Huawei RH and XH Servers Denial of Service Vulnerability in Huawei RH1288 V3, RH2288 V3, RH2288H V3, RH5885 V3, XH620 V3, XH622 V3, and XH628 V3 Servers Format String Vulnerability in Huawei Routers: Remote Denial of Service via Partial Commands Remote Code Execution in lshell 0.9.16 Remote Code Execution in lshell 0.9.16 Unauthenticated Access to Authentication Credentials in VASA Provider for Clustered Data ONTAP Out-of-Bounds Read Vulnerability in GD Graphics Library's read_image_tga Function Out-of-Bounds Read Vulnerability in GD Graphics Library's read_image_tga Function RTL Rendering Vulnerability in Opera 37.0.2192.105088 for Android EGREGIOUSBLUNDER: Buffer Overflow in Fortinet FortiOS Cookie Parser The Non-Existent Notification Listener Vulnerability Out-of-Bounds Read Vulnerability in GD Graphics Library Double Free Vulnerability in libgd's gdImageWebPtr Function Arbitrary Web Script Injection in AlienVault OSSIM and USM Weak Permissions in Ubiquiti UniFi Video Installation Directory Allows Local Privilege Escalation Stack-based Buffer Overflow in NVIDIA Video Driver for Android Shield TV and Shield Table Integer Overflow Vulnerability in NVIDIA Video Driver for Android Devices Buffer Overflow Vulnerability in NVIDIA Video Driver for Android Shield TV, Shield Table, and Shield Table TK1 Arbitrary Command Execution via File Upload in Lexmark Markvision Enterprise (MVE) Heap-based Buffer Overflow in FFmpeg's decode_block Function in exr.c Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux Cross-Site Scripting Vulnerability in Adobe Experience Manager Forms and LiveCycle Cross-Site Scripting Vulnerability in Adobe Experience Manager Forms and LiveCycle Unquoted Windows Search Path Privilege Escalation Vulnerability in Adobe Creative Cloud Desktop Application Insecure Android Runtime-Analytics Transport in Adobe AIR SDK & Compiler Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Heap-based Buffer Overflow in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Bypassing JavaScript API Execution Restrictions in Adobe Reader and Acrobat Access Restriction Bypass Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X Use-after-free vulnerabilit