CVE List for August 2016 (409 vulnerabilities)

Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment...

Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read ...

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote at...

vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary comm...

Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenti...

Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows re...

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users t...

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through...

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3...

The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a cra...

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users t...

SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified...

Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attacke...

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of o...

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/s...

The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, relate...

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execut...

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultr...

Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users...

Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via ...

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers t...

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEM...

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with so...

Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (syste...

Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (syste...

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (d...

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveragin...

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows lo...

Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web scri...

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to re...

Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to e...

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attac...

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to...

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via...

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Te...

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes i...

Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow re...

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated ...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory ...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to c...

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 ...

Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remo...

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with l...

Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously ret...

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.

Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote a...

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-pa...

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attacke...

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbit...

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to ex...

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remot...

Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which migh...

Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attacke...

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAM...

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which...

Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45...

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Univer...

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote atta...

Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-le...

Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, ...

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute ...

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via...

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via...

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2...

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password informat...

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external e...

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Securi...

SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_us...

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username ...

An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified ...

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related...

SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Sec...

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended acc...

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used,...

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users ...

Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series c...

Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a ...

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuild...

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowle...

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.j...

The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to caus...

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows r...

services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befor...

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted app...

Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x be...

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code o...

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarati...

exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-...

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and...

omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-0...

mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates a...

services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does n...

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attacke...

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause ...

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cau...

codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-0...

The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to caus...

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data orig...

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_...

The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended acce...

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and...

The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive informati...

service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attack...

Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that u...

Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service...

Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, whi...

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka...

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted appli...

mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bu...

The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka inte...

The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted appli...

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bu...

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bu...

The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 2893974...

Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attacker...

The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged p...

The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted applicati...

Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and d...

The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 2852...

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain ...

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which al...

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space i...

drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices do...

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices do...

drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) device...

drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices ...

The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-s...

Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus ...

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, w...

Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attac...

Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges v...

drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via...

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain int...

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) de...

drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addre...

The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attack...

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL...

drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type...

Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers...

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attack...

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, whi...

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attacke...

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly v...

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values...

arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does...

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate ...

Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7...

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which al...

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 ...

drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size o...

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end...

drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly ...

drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters a...

sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space...

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly v...

drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copy...

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devic...

drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket proc...

The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows atta...

drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, ...

Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain ...

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices do...

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate ...

drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exist...

The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devic...

drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attacker...

drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows att...

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspeci...

The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate....

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use...

Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local use...

arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS...

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote a...

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended c...

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to caus...

net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via ce...

The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local us...

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceedi...

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, whic...

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial ...

Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (...

The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which al...

epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which all...

epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a...

epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of...

epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite ...

epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which a...

epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows rem...

Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers ...

epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large lo...

epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to ...

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attacke...

gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allow...

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without ...

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffe...

Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to ex...

The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensur...

Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to caus...

Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attacke...

Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial o...

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which...

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers t...

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x be...

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x be...

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x befor...

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers ...

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remo...

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage col...

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x bef...

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementatio...

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attacke...

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to...

epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets,...

epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, wh...

epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to ca...

epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, w...

The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of s...

wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, wh...

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, whic...

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing...

epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote att...

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a ...

Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script o...

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before ...

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (...

Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remo...

Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow...

Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an ...

The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, ...

The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase ...

The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase ...

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an Image...

Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact ...

The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innov...

Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, a...

drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributi...

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission re...

Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3...

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) A...

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) A...

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x ...

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows re...

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via craf...

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obta...

Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted...

Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz4859...

Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) ...

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbit...

Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjackin...

Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denia...

HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) atta...

SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtai...

Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Busin...

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a...

IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Li...

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows...

IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vecto...

Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote auth...

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authen...

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30,...

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Libe...

Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users ...

Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by up...

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4...

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation...

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct ...

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites ...

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTM...

Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script o...

The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors...

Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8...

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln...

Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corrupt...

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln...

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memo...

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory ...

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Wind...

The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channe...

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and ...

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Vie...

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Vie...

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R...

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R...

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R...

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R...

ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain...

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary c...

Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a craft...

Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Offic...

Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbit...

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Comp...

The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to exe...

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protect...

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local...

Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corrupt...

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browse...

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browse...

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Expl...

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive informat...

Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux...

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass ...

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hi...

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact v...

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources fro...

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-...

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) v...

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers t...

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted T...

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free atta...

SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (progr...

SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted ...

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Fir...

Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges vi...

The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users t...

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA)...

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive...

IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory ...

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary co...

The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, ...

Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call t...

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) ref...

Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script o...

Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x be...

Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer...

Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before ...

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filt...

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass o...

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated ...

Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive...

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x...

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a ...

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugin...

Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users ...

Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigat...

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users ...

Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web s...

Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, ...

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML v...

HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, ...

SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via ...

Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows...

The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x be...

Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to g...

The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x be...

Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative page...

Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspec...

Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a d...

The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restric...

Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers ...

ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET sessio...

Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded S...

ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbit...

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which m...

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for...

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 a...

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOW...

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for re...

Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensit...

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruptio...

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web ...

UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionalit...

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3....

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges ...

The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2,...

Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, whe...

The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous befor...

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous befor...

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous befor...

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous befor...

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous befor...

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous befor...

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous befor...

The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) compon...

SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name fi...

Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the S...

Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and reque...

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspe...

Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers...

Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcode...

Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment...

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML...

WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by ...

WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniff...

Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux k...

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM dev...

Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arb...

SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remot...

Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecif...

VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access...

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls...

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to i...

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 throu...

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR Ready...

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows r...

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe236222...

NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain admin...

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary ...

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authentica...