LanGuard reports



Supported OVAL/CVE Bulletins

Date Bulletin ID Title

2017-01-18  CVE-2014-9909  An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...
  CVE-2014-9910  An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...

2017-01-12  OVAL1710  oval:org.cisecurity:def:1710: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1713  oval:org.cisecurity:def:1713: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1715  oval:org.cisecurity:def:1715: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  OVAL1709  oval:org.cisecurity:def:1709: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1714  oval:org.cisecurity:def:1714: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1712  oval:org.cisecurity:def:1712: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1711  oval:org.cisecurity:def:1711: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier

2017-01-11  OVAL1707  oval:org.cisecurity:def:1707: Microsoft Office Memory Corruption Vulnerability –
  OVAL1706  oval:org.cisecurity:def:1706: Microsoft Edge Elevation of Privilege Vulnerability

2017-01-10  OVAL1705  oval:org.cisecurity:def:1705: Local Security Authority Subsystem Service Denial of Service Vulnerability

2017-01-09  OVAL1703  oval:org.cisecurity:def:1703: Vulnerability in Samsung Security Manager

2017-01-08  OVAL1704  oval:org.cisecurity:def:1704: Remove OneDrive option located in the navigation panel of File Explorer on Windows 10.

2017-01-05  OVAL1685  oval:org.cisecurity:def:1685: Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160
  OVAL1686  oval:org.cisecurity:def:1686: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228

2017-01-04  OVAL1691  oval:org.cisecurity:def:1691: Vulnerability in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18 –

2017-01-03  OVAL1684  oval:org.cisecurity:def:1684: Microsoft Office Memory Corruption Vulnerability –

2016-12-30  OVAL1653  oval:org.cisecurity:def:1653: Secure Kernel Mode Elevation of Privilege Vulnerability
  OVAL1651  oval:org.cisecurity:def:1651: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1652  oval:org.cisecurity:def:1652: .NET Information Disclosure Vulnerability
  OVAL1676  oval:org.cisecurity:def:1676: Vulnerability in NVIDIA Graphics Driver

2016-12-29  OVAL1650  oval:org.cisecurity:def:1650: Microsoft Browser Security Feature Bypass
  OVAL1648  oval:org.cisecurity:def:1648: Scripting Engine Memory Corruption Vulnerability
  OVAL1649  oval:org.cisecurity:def:1649: Microsoft Browser Information Disclosure Vulnerability
  OVAL1647  oval:org.cisecurity:def:1647: Microsoft Browser – Memory Corruption Vulnerability

2016-12-28  OVAL1689  oval:org.cisecurity:def:1689: Microsoft Office Information Disclosure Vulnerability –
  OVAL1688  oval:org.cisecurity:def:1688: Microsoft Office Security Feature Bypass Vulnerability –
  OVAL1687  oval:org.cisecurity:def:1687: Microsoft Office Information Disclosure Vulnerability –

2016-12-21  OVAL1640  oval:org.cisecurity:def:1640: Microsoft Office Information Disclosure Vulnerability –
  OVAL1639  oval:org.cisecurity:def:1639: Microsoft Office Memory Corruption Vulnerability –
  OVAL1644  oval:org.cisecurity:def:1644: Microsoft Office Security Feature Bypass Vulnerability –
  OVAL1641  oval:org.cisecurity:def:1641: Microsoft Office Information Disclosure Vulnerability –
  OVAL1643  oval:org.cisecurity:def:1643: Microsoft Office Security Feature Bypass Vulnerability –
  OVAL1637  oval:org.cisecurity:def:1637: Microsoft Office Information Disclosure Vulnerability –
  OVAL1642  oval:org.cisecurity:def:1642: Microsoft Office Information Disclosure Vulnerability –
  OVAL1638  oval:org.cisecurity:def:1638: Microsoft Office OLE DLL Side Loading Vulnerability –

2016-12-20  OVAL1626  oval:org.cisecurity:def:1626: Scripting Engine Memory Corruption Vulnerability
  OVAL1634  oval:org.cisecurity:def:1634: Internet Explorer Memory Corruption Vulnerability
  OVAL1629  oval:org.cisecurity:def:1629: Scripting Engine Memory Corruption Vulnerability
  OVAL1625  oval:org.cisecurity:def:1625: Microsoft Edge Information Disclosure Vulnerability
  OVAL1630  oval:org.cisecurity:def:1630: Microsoft Edge Memory Corruption Vulnerability
  OVAL1627  oval:org.cisecurity:def:1627: Windows Hyperlink Object Library Information Disclosure Vulnerability
  OVAL1631  oval:org.cisecurity:def:1631: Scripting Engine Memory Corruption Vulnerability
  OVAL1635  oval:org.cisecurity:def:1635: Microsoft Edge Information Disclosure Vulnerability
  OVAL1632  oval:org.cisecurity:def:1632: Internet Explorer Information Disclosure Vulnerability
  OVAL1633  oval:org.cisecurity:def:1633: Scripting Engine Memory Corruption Vulnerability
  OVAL1628  oval:org.cisecurity:def:1628: Scripting Engine Memory Corruption Vulnerability
  OVAL1636  oval:org.cisecurity:def:1636: Microsoft Office Memory Corruption Vulnerability –

2016-12-16  OVAL1608  oval:org.cisecurity:def:1608: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1606  oval:org.cisecurity:def:1606: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1611  oval:org.cisecurity:def:1611: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1607  oval:org.cisecurity:def:1607: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1614  oval:org.cisecurity:def:1614: Windows Installer Elevation of Privilege Vulnerability
  OVAL1605  oval:org.cisecurity:def:1605: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1610  oval:org.cisecurity:def:1610: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1609  oval:org.cisecurity:def:1609: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1612  oval:org.cisecurity:def:1612: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier

2016-12-15  OVAL1613  oval:org.cisecurity:def:1613: Windows Crypto Driver Information Disclosure Vulnerability
  OVAL1681  oval:org.cisecurity:def:1681: Windows Kernel Memory Address Information Disclosure Vulnerability
  OVAL1680  oval:org.cisecurity:def:1680: Windows Common Log File System Driver Information Disclosure Vulnerability
  OVAL1645  oval:org.cisecurity:def:1645: Win32k Elevation of Privilege Vulnerability –
  OVAL1646  oval:org.cisecurity:def:1646: Win32k Elevation of Privilege Vulnerability –

2016-12-14  OVAL1594  oval:org.cisecurity:def:1594: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1593  oval:org.cisecurity:def:1593: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1597  oval:org.cisecurity:def:1597: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1602  oval:org.cisecurity:def:1602: GDI Information Disclosure Vulnerability
  OVAL1601  oval:org.cisecurity:def:1601: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1596  oval:org.cisecurity:def:1596: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1603  oval:org.cisecurity:def:1603: Windows Graphics Remote Code Execution Vulnerability
  OVAL1600  oval:org.cisecurity:def:1600: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1604  oval:org.cisecurity:def:1604: Windows Graphics Remote Code Execution Vulnerability
  OVAL1598  oval:org.cisecurity:def:1598: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1595  oval:org.cisecurity:def:1595: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1599  oval:org.cisecurity:def:1599: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier

2016-12-09  OVAL1556  oval:org.cisecurity:def:1556: Local file disclosure in DevTools
  OVAL1559  oval:org.cisecurity:def:1559: CSP Referrer disclosure
  OVAL1563  oval:org.cisecurity:def:1563: Universal XSS in Blink
  OVAL1562  oval:org.cisecurity:def:1562: Private property access in V8
  OVAL1555  oval:org.cisecurity:def:1555: Use after free in PDFium
  OVAL1561  oval:org.cisecurity:def:1561: Universal XSS in Blink
  OVAL1567  oval:org.cisecurity:def:1567: Out of bounds write in Blink
  OVAL1560  oval:org.cisecurity:def:1560: Same-origin bypass in PDFium
  OVAL1565  oval:org.cisecurity:def:1565: Out of bounds write in PDFium
  OVAL1554  oval:org.cisecurity:def:1554: Universal XSS in Blink
  OVAL1558  oval:org.cisecurity:def:1558: Vulnerability in Google Chrome before 55.0.2883.75
  OVAL1566  oval:org.cisecurity:def:1566: Use after free in PDFium
  OVAL1564  oval:org.cisecurity:def:1564: Use after free in V8
  OVAL1557  oval:org.cisecurity:def:1557: Universal XSS in Blink

2016-12-08  OVAL1551  oval:org.cisecurity:def:1551: MSL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  OVAL1552  oval:org.cisecurity:def:1552: LABEL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CVE-2015-8967  arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

2016-12-07  OVAL1576  oval:org.cisecurity:def:1576: A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1514  oval:org.cisecurity:def:1514: SQL Server Agent Elevation of Privilege Vulnerability
  OVAL1580  oval:org.cisecurity:def:1580: Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1513  oval:org.cisecurity:def:1513: SQL RDBMS Engine EoP vulnerability
  OVAL1570  oval:org.cisecurity:def:1570: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1577  oval:org.cisecurity:def:1577: Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1568  oval:org.cisecurity:def:1568: Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1573  oval:org.cisecurity:def:1573: Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files
  OVAL1578  oval:org.cisecurity:def:1578: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1574  oval:org.cisecurity:def:1574: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1575  oval:org.cisecurity:def:1575: PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1569  oval:org.cisecurity:def:1569: Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1572  oval:org.cisecurity:def:1572: A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1579  oval:org.cisecurity:def:1579: A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux
  OVAL1571  oval:org.cisecurity:def:1571: Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows

2016-12-06  OVAL1553  oval:org.cisecurity:def:1553: Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service

2016-12-02  OVAL1517  oval:org.cisecurity:def:1517: Secure Boot Component Vulnerability –
  OVAL1516  oval:org.cisecurity:def:1516: Windows Kernel Elevation of Privilege Vulnerability –

2016-12-01  OVAL1499  oval:org.cisecurity:def:1499: VHD Driver Elevation of Privilege Vulnerability –
  OVAL1500  oval:org.cisecurity:def:1500: VHD Driver Elevation of Privilege Vulnerability –
  OVAL1501  oval:org.cisecurity:def:1501: VHD Driver Elevation of Privilege Vulnerability –
  OVAL1498  oval:org.cisecurity:def:1498: VHD Driver Elevation of Privilege Vulnerability –

2016-11-30  OVAL1483  oval:org.cisecurity:def:1483: Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218
  OVAL1486  oval:org.cisecurity:def:1486: Win32k Information Disclosure Vulnerability
  OVAL1487  oval:org.cisecurity:def:1487: Win32k Elevation of Privilege Vulnerability
  OVAL1484  oval:org.cisecurity:def:1484: Win32k Elevation of Privilege Vulnerability
  OVAL1485  oval:org.cisecurity:def:1485: Win32k Elevation of Privilege Vulnerability

2016-11-29  OVAL1496  oval:org.cisecurity:def:1496: Windows NTLM Elevation of Privilege Vulnerability –
  OVAL1480  oval:org.cisecurity:def:1480: Virtual Secure Mode Information Disclosure Vulnerability –
  OVAL1497  oval:org.cisecurity:def:1497: Local Security Authority Subsystem Service Denial of Service Vulnerability –
  OVAL1478  oval:org.cisecurity:def:1478: Open Type Font Remote Code Execution Vulnerability –
  OVAL1479  oval:org.cisecurity:def:1479: Open Type Font Information Disclosure Vulnerability –

2016-11-28  OVAL1477  oval:org.cisecurity:def:1477: Microsoft Video Control Remote Code Execution Vulnerability –
  OVAL1481  oval:org.cisecurity:def:1481: Media Foundation Memory Corruption Vulnerability –
  OVAL1482  oval:org.cisecurity:def:1482: Windows Animation Manager Memory Corruption Vulnerability –

2016-11-25  OVAL1452  oval:org.cisecurity:def:1452: Microsoft Office Denial of Service Vulnerability –
  OVAL1454  oval:org.cisecurity:def:1454: Microsoft Office Memory Corruption Vulnerability –
  OVAL1476  oval:org.cisecurity:def:1476: Task Scheduler Elevation of Privilege Vulnerability –
  OVAL1451  oval:org.cisecurity:def:1451: Microsoft Office Information Disclosure Vulnerability –
  OVAL1450  oval:org.cisecurity:def:1450: Microsoft Office Memory Corruption Vulnerability –
  OVAL1453  oval:org.cisecurity:def:1453: Microsoft Office Memory Corruption Vulnerability –

2016-11-24  OVAL1456  oval:org.cisecurity:def:1456: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1459  oval:org.cisecurity:def:1459: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1474  oval:org.cisecurity:def:1474: Windows Remote Code Execution Vulnerability –
  OVAL1458  oval:org.cisecurity:def:1458: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1464  oval:org.cisecurity:def:1464: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1457  oval:org.cisecurity:def:1457: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1462  oval:org.cisecurity:def:1462: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1455  oval:org.cisecurity:def:1455: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1463  oval:org.cisecurity:def:1463: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1461  oval:org.cisecurity:def:1461: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1475  oval:org.cisecurity:def:1475: Windows IME Elevation of Privilege Vulnerability –
  OVAL1460  oval:org.cisecurity:def:1460: Windows Common Log File System Driver Elevation of Privilege Vulnerability –

2016-11-22  OVAL1468  oval:org.cisecurity:def:1468: Microsoft Browser Memory Corruption Vulnerability
  OVAL1471  oval:org.cisecurity:def:1471: Scripting Engine Memory Corruption Vulnerability
  OVAL1466  oval:org.cisecurity:def:1466: Microsoft Browser Information Disclosure Vulnerability
  OVAL1470  oval:org.cisecurity:def:1470: Scripting Engine Memory Corruption Vulnerability
  OVAL1472  oval:org.cisecurity:def:1472: Scripting Engine Memory Corruption Vulnerability
  OVAL1473  oval:org.cisecurity:def:1473: Scripting Engine Memory Corruption Vulnerability
  OVAL1469  oval:org.cisecurity:def:1469: Microsoft Browser Information Disclosure Vulnerability
  OVAL1467  oval:org.cisecurity:def:1467: Microsoft Edge Information Disclosure Vulnerability
  OVAL1465  oval:org.cisecurity:def:1465: Microsoft Edge Spoofing Vulnerability

2016-11-18  OVAL1447  oval:org.cisecurity:def:1447: Microsoft Office Memory Corruption Vulnerability –
  OVAL1446  oval:org.cisecurity:def:1446: Microsoft Office Memory Corruption Vulnerability –
  OVAL1448  oval:org.cisecurity:def:1448: Microsoft Office Memory Corruption Vulnerability –
  OVAL1449  oval:org.cisecurity:def:1449: Microsoft Office Memory Corruption Vulnerability –
  OVAL1445  oval:org.cisecurity:def:1445: Microsoft Office Memory Corruption Vulnerability –

2016-11-17  OVAL1426  oval:org.cisecurity:def:1426: Microsoft Office Memory Corruption Vulnerability –

2016-11-16  OVAL1427  oval:org.cisecurity:def:1427: Scripting Engine Memory Corruption Vulnerability
  OVAL1429  oval:org.cisecurity:def:1429: Scripting Engine Memory Corruption Vulnerability
  OVAL1425  oval:org.cisecurity:def:1425: Microsoft Office Memory Corruption Vulnerability –
  OVAL1428  oval:org.cisecurity:def:1428: Scripting Engine Memory Corruption Vulnerability
  OVAL1430  oval:org.cisecurity:def:1430: Scripting Engine Memory Corruption Vulnerability

2016-11-15  OVAL1412  oval:org.cisecurity:def:1412: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1420  oval:org.cisecurity:def:1420: Microsoft Browser Memory Corruption Vulnerability
  OVAL1411  oval:org.cisecurity:def:1411: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1413  oval:org.cisecurity:def:1413: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1422  oval:org.cisecurity:def:1422: Microsoft Browser Memory Corruption Vulnerability
  OVAL1414  oval:org.cisecurity:def:1414: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1415  oval:org.cisecurity:def:1415: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1423  oval:org.cisecurity:def:1423: Microsoft Browser Memory Corruption Vulnerability
  OVAL1421  oval:org.cisecurity:def:1421: Microsoft Browser Memory Corruption Vulnerability

2016-11-14  OVAL1407  oval:org.cisecurity:def:1407: Windows Journal RCE Vulnerability
  OVAL1410  oval:org.cisecurity:def:1410: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 –
  OVAL1409  oval:org.cisecurity:def:1409: Windows Journal RCE Vulnerability
  OVAL1405  oval:org.cisecurity:def:1405: Graphics Component Buffer Overflow Vulnerability –
  OVAL1408  oval:org.cisecurity:def:1408: Windows Journal Integer Overflow RCE Vulnerability
  OVAL1418  oval:org.cisecurity:def:1418: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  OVAL1419  oval:org.cisecurity:def:1419: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  OVAL1416  oval:org.cisecurity:def:1416: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  OVAL1417  oval:org.cisecurity:def:1417: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability

2016-11-10  OVAL1382  oval:org.cisecurity:def:1382: Memory Corruption Vulnerability
  OVAL1390  oval:org.cisecurity:def:1390: Memory Corruption Vulnerability
  OVAL1391  oval:org.cisecurity:def:1391: Memory Corruption Vulnerability
  OVAL1387  oval:org.cisecurity:def:1387: Memory Corruption Vulnerability
  OVAL1404  oval:org.cisecurity:def:1404: Vulnerability in Symantec Anti-Virus Engine
  OVAL1384  oval:org.cisecurity:def:1384: Memory Corruption Vulnerability
  OVAL1389  oval:org.cisecurity:def:1389: Memory Corruption Vulnerability
  OVAL1385  oval:org.cisecurity:def:1385: Memory Corruption Vulnerability
  OVAL1386  oval:org.cisecurity:def:1386: Memory Corruption Vulnerability
  OVAL1381  oval:org.cisecurity:def:1381: Memory Corruption Vulnerability
  OVAL1380  oval:org.cisecurity:def:1380: Memory Corruption Vulnerability
  OVAL1388  oval:org.cisecurity:def:1388: Memory Corruption Vulnerability
  OVAL1383  oval:org.cisecurity:def:1383: Memory Corruption Vulnerability
  OVAL1392  oval:org.cisecurity:def:1392: Memory Corruption Vulnerability

2016-11-08  OVAL1394  oval:org.cisecurity:def:1394: Internet Explorer Information Disclosure Vulnerability

2016-11-07  OVAL1393  oval:org.cisecurity:def:1393: Windows Graphics Component RCE Vulnerability –
  OVAL1374  oval:org.cisecurity:def:1374: Microsoft Office RCE Vulnerability –
  OVAL1375  oval:org.cisecurity:def:1375: Microsoft Office Memory Corruption Vulnerability –
  OVAL1378  oval:org.cisecurity:def:1378: Scripting Engine Remote Code Execution Vulnerability

2016-11-04  OVAL1344  oval:org.cisecurity:def:1344: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1351  oval:org.cisecurity:def:1351: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1349  oval:org.cisecurity:def:1349: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1347  oval:org.cisecurity:def:1347: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1350  oval:org.cisecurity:def:1350: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1352  oval:org.cisecurity:def:1352: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241
  OVAL1354  oval:org.cisecurity:def:1354: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241
  OVAL1345  oval:org.cisecurity:def:1345: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1353  oval:org.cisecurity:def:1353: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1346  oval:org.cisecurity:def:1346: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1355  oval:org.cisecurity:def:1355: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1348  oval:org.cisecurity:def:1348: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...

2016-11-02  OVAL1369  oval:org.cisecurity:def:1369: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1366  oval:org.cisecurity:def:1366: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1332  oval:org.cisecurity:def:1332: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1367  oval:org.cisecurity:def:1367: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1371  oval:org.cisecurity:def:1371: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1363  oval:org.cisecurity:def:1363: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1359  oval:org.cisecurity:def:1359: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1358  oval:org.cisecurity:def:1358: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1370  oval:org.cisecurity:def:1370: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1364  oval:org.cisecurity:def:1364: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1372  oval:org.cisecurity:def:1372: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1365  oval:org.cisecurity:def:1365: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1368  oval:org.cisecurity:def:1368: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1357  oval:org.cisecurity:def:1357: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1331  oval:org.cisecurity:def:1331: Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows
  OVAL1356  oval:org.cisecurity:def:1356: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1360  oval:org.cisecurity:def:1360: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1373  oval:org.cisecurity:def:1373: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1362  oval:org.cisecurity:def:1362: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1361  oval:org.cisecurity:def:1361: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows

2016-10-27  OVAL1316  oval:org.cisecurity:def:1316: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –
  OVAL1315  oval:org.cisecurity:def:1315: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
  OVAL1314  oval:org.cisecurity:def:1314: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –

2016-10-26  OVAL1310  oval:org.cisecurity:def:1310: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1308  oval:org.cisecurity:def:1308: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1309  oval:org.cisecurity:def:1309: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1307  oval:org.cisecurity:def:1307: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier

2016-10-25  OVAL1312  oval:org.cisecurity:def:1312: Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier –
  OVAL1311  oval:org.cisecurity:def:1311: Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 –
  OVAL1313  oval:org.cisecurity:def:1313: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 –

2016-10-21  OVAL1304  oval:org.cisecurity:def:1304: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1306  oval:org.cisecurity:def:1306: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1302  oval:org.cisecurity:def:1302: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  OVAL1301  oval:org.cisecurity:def:1301: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1305  oval:org.cisecurity:def:1305: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  OVAL1303  oval:org.cisecurity:def:1303: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier

2016-10-19  OVAL1286  oval:org.cisecurity:def:1286: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  OVAL1284  oval:org.cisecurity:def:1284: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  OVAL1288  oval:org.cisecurity:def:1288: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  OVAL1285  oval:org.cisecurity:def:1285: Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4
  OVAL1287  oval:org.cisecurity:def:1287: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  OVAL1283  oval:org.cisecurity:def:1283: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1

2016-10-18  OVAL1294  oval:org.cisecurity:def:1294: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 –
  OVAL1290  oval:org.cisecurity:def:1290: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
  OVAL1293  oval:org.cisecurity:def:1293: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier –
  OVAL1291  oval:org.cisecurity:def:1291: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
  OVAL1292  oval:org.cisecurity:def:1292: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 –
  OVAL1289  oval:org.cisecurity:def:1289: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –
  OVAL1296  oval:org.cisecurity:def:1296: Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier –
  OVAL1295  oval:org.cisecurity:def:1295: Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier –

2016-10-17  OVAL1300  oval:org.cisecurity:def:1300: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges –
  OVAL1299  oval:org.cisecurity:def:1299: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files –
  OVAL1298  oval:org.cisecurity:def:1298: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication –
  OVAL1297  oval:org.cisecurity:def:1297: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files –

2016-10-14  OVAL1267  oval:org.cisecurity:def:1267: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4
  OVAL1266  oval:org.cisecurity:def:1266: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2
  OVAL1268  oval:org.cisecurity:def:1268: Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security

2016-10-13  OVAL1252  oval:org.cisecurity:def:1252: Vulnerability in Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239, Adobe AIR before 15.0.0.293
  OVAL1265  oval:org.cisecurity:def:1265: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products –
  OVAL1253  oval:org.cisecurity:def:1253: Vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK and Compiler before 15.0.0.356
  OVAL1254  oval:org.cisecurity:def:1254: Vulnerability in Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287
  OVAL1242  oval:org.cisecurity:def:1242: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60
  OVAL1264  oval:org.cisecurity:def:1264: Untrusted search path vulnerability in python.exe in Python through 3.5.0 –
  OVAL1251  oval:org.cisecurity:def:1251: Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK and Compiler before 15.0.0.302
  OVAL1241  oval:org.cisecurity:def:1241: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33

2016-10-12  OVAL1249  oval:org.cisecurity:def:1249: SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 –
  OVAL1256  oval:org.cisecurity:def:1256: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails –
  OVAL1250  oval:org.cisecurity:def:1250: Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 –
  OVAL1255  oval:org.cisecurity:def:1255: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3 –
  OVAL1248  oval:org.cisecurity:def:1248: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 –

2016-10-11  OVAL1246  oval:org.cisecurity:def:1246: Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows
  OVAL1245  oval:org.cisecurity:def:1245: Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows
  OVAL1247  oval:org.cisecurity:def:1247: Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1243  oval:org.cisecurity:def:1243: Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows
  OVAL1244  oval:org.cisecurity:def:1244: Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows

2016-10-10  OVAL1262  oval:org.cisecurity:def:1262: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91
  OVAL1240  oval:org.cisecurity:def:1240: Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  OVAL1239  oval:org.cisecurity:def:1239: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  OVAL1261  oval:org.cisecurity:def:1261: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91
  OVAL1259  oval:org.cisecurity:def:1259: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  OVAL1257  oval:org.cisecurity:def:1257: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92
  OVAL1260  oval:org.cisecurity:def:1260: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  OVAL1263  oval:org.cisecurity:def:1263: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  OVAL1238  oval:org.cisecurity:def:1238: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  OVAL1258  oval:org.cisecurity:def:1258: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CVE-2015-8951  Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a...
  CVE-2015-8955  arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during...
  CVE-2015-8956  The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind...

2016-10-06  CVE-2015-0721  Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access...

2016-10-05  OVAL1234  oval:org.cisecurity:def:1234: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  OVAL1232  oval:org.cisecurity:def:1232: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  OVAL1237  oval:org.cisecurity:def:1237: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  OVAL1235  oval:org.cisecurity:def:1235: Unspecified vulnerability in Oracle Java SE 8u92
  OVAL1233  oval:org.cisecurity:def:1233: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  OVAL1236  oval:org.cisecurity:def:1236: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92

2016-10-04  OVAL1218  oval:org.cisecurity:def:1218: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1219  oval:org.cisecurity:def:1219: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050

2016-09-29  OVAL1230  oval:org.cisecurity:def:1230: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65
  OVAL1229  oval:org.cisecurity:def:1229: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  OVAL1231  oval:org.cisecurity:def:1231: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65

2016-09-27  OVAL1182  oval:org.cisecurity:def:1182: Arbitrary Memory Read in v8
  OVAL1199  oval:org.cisecurity:def:1199: Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17
  OVAL1180  oval:org.cisecurity:def:1180: Use after free in Blink
  OVAL1181  oval:org.cisecurity:def:1181: Use after free in Blink

2016-09-22  OVAL1171  oval:org.cisecurity:def:1171: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1177  oval:org.cisecurity:def:1177: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1170  oval:org.cisecurity:def:1170: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1176  oval:org.cisecurity:def:1176: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1196  oval:org.cisecurity:def:1196: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests
  OVAL1168  oval:org.cisecurity:def:1168: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1172  oval:org.cisecurity:def:1172: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1198  oval:org.cisecurity:def:1198: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service
  OVAL1175  oval:org.cisecurity:def:1175: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1167  oval:org.cisecurity:def:1167: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1173  oval:org.cisecurity:def:1173: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1179  oval:org.cisecurity:def:1179: Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257
  OVAL1174  oval:org.cisecurity:def:1174: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1197  oval:org.cisecurity:def:1197: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype
  OVAL1166  oval:org.cisecurity:def:1166: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1178  oval:org.cisecurity:def:1178: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1169  oval:org.cisecurity:def:1169: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CVE-2014-2146  The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access...

2016-09-21  OVAL1165  oval:org.cisecurity:def:1165: Vulnerability in Adobe Flash Player 21.0.0.197 and earlier
  OVAL1163  oval:org.cisecurity:def:1163: Microsoft Browser Information Disclosure Vulnerability
  OVAL1164  oval:org.cisecurity:def:1164: Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182

2016-09-19  OVAL1192  oval:org.cisecurity:def:1192: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1189  oval:org.cisecurity:def:1189: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1195  oval:org.cisecurity:def:1195: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1194  oval:org.cisecurity:def:1194: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1185  oval:org.cisecurity:def:1185: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1186  oval:org.cisecurity:def:1186: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1191  oval:org.cisecurity:def:1191: Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1183  oval:org.cisecurity:def:1183: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1188  oval:org.cisecurity:def:1188: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1190  oval:org.cisecurity:def:1190: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1184  oval:org.cisecurity:def:1184: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1193  oval:org.cisecurity:def:1193: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1187  oval:org.cisecurity:def:1187: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows

2016-09-13  OVAL1129  oval:org.cisecurity:def:1129: Use after free in Blink
  OVAL1135  oval:org.cisecurity:def:1135: Heap overflow in PDFium
  OVAL1137  oval:org.cisecurity:def:1137: Script injection in extensions
  OVAL1128  oval:org.cisecurity:def:1128: Universal XSS in Blink
  OVAL1130  oval:org.cisecurity:def:1130: Universal XSS in Blink
  OVAL1132  oval:org.cisecurity:def:1132: Use after free in PDFium
  OVAL1134  oval:org.cisecurity:def:1134: Heap overflow in PDFium
  OVAL1131  oval:org.cisecurity:def:1131: Use after destruction in Blink
  OVAL1136  oval:org.cisecurity:def:1136: Address bar spoofing
  OVAL1133  oval:org.cisecurity:def:1133: Use after free in event bindings

2016-09-06  OVAL1144  oval:org.cisecurity:def:1144: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  OVAL1141  oval:org.cisecurity:def:1141: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  OVAL1143  oval:org.cisecurity:def:1143: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows
  OVAL1138  oval:org.cisecurity:def:1138: The download implementation in Google Chrome before 53.0.2785.89 on Windows
  OVAL1147  oval:org.cisecurity:def:1147: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  OVAL1139  oval:org.cisecurity:def:1139: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows
  OVAL1146  oval:org.cisecurity:def:1146: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  OVAL1142  oval:org.cisecurity:def:1142: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  OVAL1127  oval:org.cisecurity:def:1127: Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  OVAL1145  oval:org.cisecurity:def:1145: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  OVAL1140  oval:org.cisecurity:def:1140: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows

2016-08-24  OVAL1077  oval:org.cisecurity:def:1077: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1088  oval:org.cisecurity:def:1088: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1074  oval:org.cisecurity:def:1074: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1079  oval:org.cisecurity:def:1079: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1078  oval:org.cisecurity:def:1078: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1084  oval:org.cisecurity:def:1084: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1080  oval:org.cisecurity:def:1080: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1083  oval:org.cisecurity:def:1083: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1085  oval:org.cisecurity:def:1085: Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1075  oval:org.cisecurity:def:1075: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1081  oval:org.cisecurity:def:1081: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1087  oval:org.cisecurity:def:1087: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1076  oval:org.cisecurity:def:1076: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1082  oval:org.cisecurity:def:1082: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1086  oval:org.cisecurity:def:1086: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050

2016-08-23  OVAL1104  oval:org.cisecurity:def:1104: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1101  oval:org.cisecurity:def:1101: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1119  oval:org.cisecurity:def:1119: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1124  oval:org.cisecurity:def:1124: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1120  oval:org.cisecurity:def:1120: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1123  oval:org.cisecurity:def:1123: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1106  oval:org.cisecurity:def:1106: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1108  oval:org.cisecurity:def:1108: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1107  oval:org.cisecurity:def:1107: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1113  oval:org.cisecurity:def:1113: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1102  oval:org.cisecurity:def:1102: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1122  oval:org.cisecurity:def:1122: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1105  oval:org.cisecurity:def:1105: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1111  oval:org.cisecurity:def:1111: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1118  oval:org.cisecurity:def:1118: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1110  oval:org.cisecurity:def:1110: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1115  oval:org.cisecurity:def:1115: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1116  oval:org.cisecurity:def:1116: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1121  oval:org.cisecurity:def:1121: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1125  oval:org.cisecurity:def:1125: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1112  oval:org.cisecurity:def:1112: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1126  oval:org.cisecurity:def:1126: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1109  oval:org.cisecurity:def:1109: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1117  oval:org.cisecurity:def:1117: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1114  oval:org.cisecurity:def:1114: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1103  oval:org.cisecurity:def:1103: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209

2016-08-22  OVAL1066  oval:org.cisecurity:def:1066: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1093  oval:org.cisecurity:def:1093: Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82
  OVAL1061  oval:org.cisecurity:def:1061: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1064  oval:org.cisecurity:def:1064: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1067  oval:org.cisecurity:def:1067: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1070  oval:org.cisecurity:def:1070: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1090  oval:org.cisecurity:def:1090: objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82
  OVAL1065  oval:org.cisecurity:def:1065: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1059  oval:org.cisecurity:def:1059: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1094  oval:org.cisecurity:def:1094: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  OVAL1063  oval:org.cisecurity:def:1063: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1091  oval:org.cisecurity:def:1091: Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82
  OVAL1062  oval:org.cisecurity:def:1062: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1057  oval:org.cisecurity:def:1057: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1058  oval:org.cisecurity:def:1058: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1089  oval:org.cisecurity:def:1089: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process
  OVAL1096  oval:org.cisecurity:def:1096: The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  OVAL1095  oval:org.cisecurity:def:1095: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82
  OVAL1097  oval:org.cisecurity:def:1097: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  OVAL1068  oval:org.cisecurity:def:1068: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1060  oval:org.cisecurity:def:1060: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1069  oval:org.cisecurity:def:1069: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1092  oval:org.cisecurity:def:1092: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82

2016-08-19  OVAL1055  oval:org.cisecurity:def:1055: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
  OVAL1053  oval:org.cisecurity:def:1053: The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116
  OVAL1054  oval:org.cisecurity:def:1054: Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
  OVAL1056  oval:org.cisecurity:def:1056: Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar

2016-08-18  OVAL992  oval:org.cisecurity:def:992: Use after free in extensions
  OVAL1039  oval:org.cisecurity:def:1039: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1043  oval:org.cisecurity:def:1043: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1046  oval:org.cisecurity:def:1046: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1037  oval:org.cisecurity:def:1037: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1049  oval:org.cisecurity:def:1049: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1047  oval:org.cisecurity:def:1047: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL994  oval:org.cisecurity:def:994: Parameter sanitization failure in DevTools
  OVAL1035  oval:org.cisecurity:def:1035: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1040  oval:org.cisecurity:def:1040: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1033  oval:org.cisecurity:def:1033: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL996  oval:org.cisecurity:def:996: URL leakage via PAC script
  OVAL1051  oval:org.cisecurity:def:1051: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1031  oval:org.cisecurity:def:1031: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1044  oval:org.cisecurity:def:1044: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL991  oval:org.cisecurity:def:991: Content-Security-Policy bypass
  OVAL1052  oval:org.cisecurity:def:1052: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL989  oval:org.cisecurity:def:989: Parameter sanitization failure in DevTools
  OVAL1042  oval:org.cisecurity:def:1042: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL988  oval:org.cisecurity:def:988: Origin confusion in proxy authentication
  OVAL997  oval:org.cisecurity:def:997: URL spoofing
  OVAL1028  oval:org.cisecurity:def:1028: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1036  oval:org.cisecurity:def:1036: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL987  oval:org.cisecurity:def:987: Various fixes from internal audits, fuzzing and other initiatives
  OVAL1034  oval:org.cisecurity:def:1034: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1030  oval:org.cisecurity:def:1030: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL993  oval:org.cisecurity:def:993: Limited same-origin bypass in Service Workers
  OVAL1038  oval:org.cisecurity:def:1038: Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL986  oval:org.cisecurity:def:986: Same origin bypass for images in Blink
  OVAL1041  oval:org.cisecurity:def:1041: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1027  oval:org.cisecurity:def:1027: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1029  oval:org.cisecurity:def:1029: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1050  oval:org.cisecurity:def:1050: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1048  oval:org.cisecurity:def:1048: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1032  oval:org.cisecurity:def:1032: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1026  oval:org.cisecurity:def:1026: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL995  oval:org.cisecurity:def:995: Use-after-free in libxml
  OVAL1045  oval:org.cisecurity:def:1045: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL990  oval:org.cisecurity:def:990: History sniffing with HSTS and CSP

2016-08-07  CVE-2015-3854  packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug...

2016-08-06  CVE-2014-9863  Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android...
  CVE-2014-9864  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9865  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9866  drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via...
  CVE-2014-9867  drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges...
  CVE-2014-9868  drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted...
  CVE-2014-9869  drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges...
  CVE-2014-9870  The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges...
  CVE-2014-9871  Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted...
  CVE-2014-9872  The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9873  Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2014-9874  Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and...
  CVE-2014-9875  drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal...
  CVE-2014-9876  drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,...
  CVE-2014-9877  drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges...
  CVE-2014-9878  drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9879  The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221...
  CVE-2014-9880  drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a...
  CVE-2014-9881  drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer...
  CVE-2014-9882  Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546...
  CVE-2014-9883  Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2014-9884  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9885  Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string...
  CVE-2014-9886  arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted...
  CVE-2014-9887  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9889  drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted...
  CVE-2014-9890  Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that...
  CVE-2014-9891  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl...
  CVE-2014-9892  The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which...
  CVE-2014-9893  drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a...
  CVE-2014-9894  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a...
  CVE-2014-9895  drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive...
  CVE-2014-9896  drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a...
  CVE-2014-9897  sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9898  arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information...
  CVE-2014-9899  drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9900  The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to...
  CVE-2015-8937  drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2015-8938  The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug...
  CVE-2015-8939  drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted...
  CVE-2015-8940  Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and...
  CVE-2015-8941  drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges...
  CVE-2015-8942  drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted...
  CVE-2015-8943  drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain...
  CVE-2015-8944  The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain...

2016-08-05  CVE-2014-9901  The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android...
  CVE-2014-9902  Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in...

2016-08-01  OVAL983  oval:org.cisecurity:def:983: MIME message modification memory corruption –
  OVAL982  oval:org.cisecurity:def:982: ZIP decompression memory access violation –
  OVAL984  oval:org.cisecurity:def:984: TNEF integer overflow –

2016-07-26  OVAL979  oval:org.cisecurity:def:979: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
  OVAL978  oval:org.cisecurity:def:978: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
  OVAL980  oval:org.cisecurity:def:980: Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
  OVAL981  oval:org.cisecurity:def:981: Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –

2016-07-10  CVE-2013-7457  Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
  CVE-2014-9777  The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers...
  CVE-2014-9778  The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows...
  CVE-2014-9779  arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug...
  CVE-2014-9780  drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,...
  CVE-2014-9781  Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm...
  CVE-2014-9782  drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to...
  CVE-2014-9783  drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted...
  CVE-2014-9784  Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9785  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9786  Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a...
  CVE-2014-9787  Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and...
  CVE-2014-9788  Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm...
  CVE-2014-9789  The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a...
  CVE-2014-9790  drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted...
  CVE-2014-9792  arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9793  platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9795  app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size...
  CVE-2014-9796  app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a...
  CVE-2014-9798  platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service...
  CVE-2014-9799  The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that...
  CVE-2014-9800  Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm...
  CVE-2014-9801  Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm...
  CVE-2014-9802  Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965...
  CVE-2014-9803  arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a...
  CVE-2015-8888  Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka...
  CVE-2015-8889  The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm...
  CVE-2015-8890  platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended...
  CVE-2015-8891  Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal...
  CVE-2015-8892  platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug...
  CVE-2015-8893  app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal...

2016-07-08  OVAL423  oval:org.cisecurity:def:423: DLL Loading Remote Code Execution Vulnerability

2016-07-07  OVAL961  oval:org.cisecurity:def:961: Remote Desktop Protocol
  OVAL960  oval:org.cisecurity:def:960: WebDAV Elevation of Privilege Vulnerability –

2016-07-05  OVAL948  oval:org.cisecurity:def:948: Windows DLL Loading Denial of Service Vulnerability –
  OVAL959  oval:org.cisecurity:def:959: Windows Kerberos Security Feature Bypass –
  OVAL930  oval:org.cisecurity:def:930: Silverlight Runtime Remote Code Execution Vulnerability –

2016-07-04  OVAL929  oval:org.cisecurity:def:929: Windows Media Parsing Remote Code Execution Vulnerability
  OVAL947  oval:org.cisecurity:def:947: Windows OLE Memory Remote Code Execution Vulnerability
  OVAL945  oval:org.cisecurity:def:945: Windows Media Parsing Remote Code Execution Vulnerability
  OVAL946  oval:org.cisecurity:def:946: Windows OLE Memory Remote Code Execution Vulnerability

2016-07-03  OVAL963  oval:org.cisecurity:def:963: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka...

2016-06-23  OVAL887  oval:org.cisecurity:def:887: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL985  oval:org.cisecurity:def:985: Vulnerability in Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207
  OVAL921  oval:org.cisecurity:def:921: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL917  oval:org.cisecurity:def:917: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL888  oval:org.cisecurity:def:888: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL914  oval:org.cisecurity:def:914: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL896  oval:org.cisecurity:def:896: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL901  oval:org.cisecurity:def:901: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL913  oval:org.cisecurity:def:913: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL928  oval:org.cisecurity:def:928: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL920  oval:org.cisecurity:def:920: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL919  oval:org.cisecurity:def:919: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL897  oval:org.cisecurity:def:897: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL923  oval:org.cisecurity:def:923: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL927  oval:org.cisecurity:def:927: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL906  oval:org.cisecurity:def:906: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL903  oval:org.cisecurity:def:903: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL899  oval:org.cisecurity:def:899: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL916  oval:org.cisecurity:def:916: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL904  oval:org.cisecurity:def:904: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL895  oval:org.cisecurity:def:895: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL893  oval:org.cisecurity:def:893: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL908  oval:org.cisecurity:def:908: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL911  oval:org.cisecurity:def:911: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL918  oval:org.cisecurity:def:918: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL915  oval:org.cisecurity:def:915: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL902  oval:org.cisecurity:def:902: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL925  oval:org.cisecurity:def:925: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL910  oval:org.cisecurity:def:910: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL924  oval:org.cisecurity:def:924: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL922  oval:org.cisecurity:def:922: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL890  oval:org.cisecurity:def:890: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL886  oval:org.cisecurity:def:886: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL905  oval:org.cisecurity:def:905: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL912  oval:org.cisecurity:def:912: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL926  oval:org.cisecurity:def:926: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL892  oval:org.cisecurity:def:892: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier

2016-06-22  OVAL894  oval:org.cisecurity:def:894: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
  OVAL944  oval:org.cisecurity:def:944: ATMFD.DLL Elevation of Privilege Vulnerability
  OVAL940  oval:org.cisecurity:def:940: Windows Virtual PCI Information Disclosure Vulnerability
  OVAL907  oval:org.cisecurity:def:907: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
  OVAL909  oval:org.cisecurity:def:909: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
  OVAL943  oval:org.cisecurity:def:943: Win32k Elevation of Privilege Vulnerability
  OVAL884  oval:org.cisecurity:def:884: Windows Search Component Denial of Service Vulnerability
  OVAL942  oval:org.cisecurity:def:942: Windows Graphics Component Information Disclosure Vulnerability
  OVAL885  oval:org.cisecurity:def:885: Microsoft Exchange Information Disclosure Vulnerability
  CVE-2015-6289  Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.

2016-06-21  OVAL879  oval:org.cisecurity:def:879: Microsoft Office OLE DLL Side Loading Vulnerability –
  OVAL941  oval:org.cisecurity:def:941: Win32k Elevation of Privilege Vulnerability
  OVAL877  oval:org.cisecurity:def:877: Microsoft Office Information Disclosure Vulnerability –
  OVAL874  oval:org.cisecurity:def:874: Microsoft Office Memory Corruption Vulnerability –
  OVAL939  oval:org.cisecurity:def:939: Win32k Elevation of Privilege Vulnerability
  OVAL876  oval:org.cisecurity:def:876: Microsoft Office Memory Corruption Vulnerability –

2016-06-20  OVAL882  oval:org.cisecurity:def:882: Active Directory Denial of Service Vulnerability
  OVAL883  oval:org.cisecurity:def:883: Windows Netlogon Memory Corruption Remote Code Execution Vulnerability –
  OVAL880  oval:org.cisecurity:def:880: Windows Diagnostics Hub Elevation of Privilege Vulnerability –
  OVAL881  oval:org.cisecurity:def:881: Windows SMB Server Elevation of Privilege Vulnerability

2016-06-17  OVAL873  oval:org.cisecurity:def:873: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier

2016-06-16  OVAL859  oval:org.cisecurity:def:859: Group Policy Elevation of Privilege Vulnerability
  OVAL871  oval:org.cisecurity:def:871: Windows DNS Server Use After Free Vulnerability
  OVAL866  oval:org.cisecurity:def:866: Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability
  OVAL861  oval:org.cisecurity:def:861: WPAD Elevation of Privilege Vulnerability

2016-06-15  OVAL829  oval:org.cisecurity:def:829: Scripting Engine Memory Corruption Vulnerability
  OVAL828  oval:org.cisecurity:def:828: Scripting Engine Memory Corruption Vulnerability
  OVAL830  oval:org.cisecurity:def:830: Scripting Engine Memory Corruption Vulnerability
  OVAL867  oval:org.cisecurity:def:867: Internet Explorer Memory Corruption Vulnerability
  OVAL827  oval:org.cisecurity:def:827: Scripting Engine Memory Corruption Vulnerability
  OVAL872  oval:org.cisecurity:def:872: Scripting Engine Memory Corruption Vulnerability
  OVAL826  oval:org.cisecurity:def:826: Scripting Engine Memory Corruption Vulnerability
  OVAL870  oval:org.cisecurity:def:870: Windows PDF Information Disclosure Vulnerability
  OVAL864  oval:org.cisecurity:def:864: Microsoft Edge Security Feature Bypass
  OVAL862  oval:org.cisecurity:def:862: Scripting Engine Memory Corruption Vulnerability
  OVAL860  oval:org.cisecurity:def:860: Windows PDF Remote Code Execution Vulnerability
  OVAL858  oval:org.cisecurity:def:858: Internet Explorer Memory Corruption Vulnerability
  OVAL863  oval:org.cisecurity:def:863: Scripting Engine Memory Corruption Vulnerability
  OVAL868  oval:org.cisecurity:def:868: Windows PDF Information Disclosure Vulnerability
  OVAL869  oval:org.cisecurity:def:869: Internet Explorer XSS Filter Vulnerability
  OVAL865  oval:org.cisecurity:def:865: Internet Explorer Memory Corruption Vulnerability

2016-06-08  OVAL819  oval:org.cisecurity:def:819: Scripting Engine Memory Corruption Vulnerability –
  OVAL801  oval:org.cisecurity:def:801: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL795  oval:org.cisecurity:def:795: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL793  oval:org.cisecurity:def:793: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL800  oval:org.cisecurity:def:800: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL797  oval:org.cisecurity:def:797: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL818  oval:org.cisecurity:def:818: Scripting Engine Memory Corruption Vulnerability
  OVAL799  oval:org.cisecurity:def:799: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL796  oval:org.cisecurity:def:796: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL794  oval:org.cisecurity:def:794: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL817  oval:org.cisecurity:def:817: Scripting Engine Memory Corruption Vulnerability
  OVAL798  oval:org.cisecurity:def:798: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier

2016-06-07  OVAL807  oval:org.cisecurity:def:807: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL810  oval:org.cisecurity:def:810: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL815  oval:org.cisecurity:def:815: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL802  oval:org.cisecurity:def:802: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL811  oval:org.cisecurity:def:811: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL816  oval:org.cisecurity:def:816: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL805  oval:org.cisecurity:def:805: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL808  oval:org.cisecurity:def:808: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL814  oval:org.cisecurity:def:814: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL809  oval:org.cisecurity:def:809: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL803  oval:org.cisecurity:def:803: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL813  oval:org.cisecurity:def:813: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL812  oval:org.cisecurity:def:812: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL804  oval:org.cisecurity:def:804: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL806  oval:org.cisecurity:def:806: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier

2016-06-06  OVAL790  oval:org.cisecurity:def:790: Cross-origin bypass in Blink
  OVAL786  oval:org.cisecurity:def:786: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79
  OVAL785  oval:org.cisecurity:def:785: Out-of-bounds read in Skia
  OVAL824  oval:org.cisecurity:def:824: EVP_EncryptUpdate overflow
  OVAL787  oval:org.cisecurity:def:787: Use-after-free in Autofill
  OVAL821  oval:org.cisecurity:def:821: Memory corruption in the ASN.1 encoder
  OVAL788  oval:org.cisecurity:def:788: Parameter sanitization failure in DevTools
  OVAL822  oval:org.cisecurity:def:822: ASN.1 BIO excessive memory allocation
  OVAL820  oval:org.cisecurity:def:820: Padding oracle in AES-NI CBC MAC check
  OVAL792  oval:org.cisecurity:def:792: Cross-origin bypass in extension bindings
  OVAL825  oval:org.cisecurity:def:825: EVP_EncodeUpdate overflow
  OVAL789  oval:org.cisecurity:def:789: Information leak in Extension bindings
  OVAL791  oval:org.cisecurity:def:791: Use-after-free in Extensions
  OVAL823  oval:org.cisecurity:def:823: EBCDIC overread

2016-06-03  OVAL784  oval:org.cisecurity:def:784: Secondary Logon Elevation of Privilege Vulnerability

2016-06-01  OVAL774  oval:org.cisecurity:def:774: Windows DLL Loading Remote Code Execution Vulnerability
  OVAL775  oval:org.cisecurity:def:775: Windows Kernel Elevation of Privilege Vulnerability
  OVAL776  oval:org.cisecurity:def:776: Windows Media Center Remote Code Execution Vulnerability

2016-05-31  OVAL772  oval:org.cisecurity:def:772: Microsoft Office Malformed EPS File Vulnerability
  OVAL773  oval:org.cisecurity:def:773: Microsoft Office Memory Corruption Vulnerability

2016-05-30  OVAL782  oval:org.cisecurity:def:782: Microsoft Office Memory Corruption Vulnerability –
  OVAL771  oval:org.cisecurity:def:771: RPC Network Data Representation Engine Remote Code Execution Vulnerability
  OVAL783  oval:org.cisecurity:def:783: Cross-origin bypass in extension bindings

2016-05-26  OVAL769  oval:org.cisecurity:def:769: Microsoft Office Graphics RCE Vulnerability

2016-05-24  OVAL768  oval:org.cisecurity:def:768: Microsoft Office Memory Corruption Vulnerability

2016-05-23  OVAL780  oval:org.cisecurity:def:780: Windows Graphics Component Information Disclosure Vulnerability
  OVAL779  oval:org.cisecurity:def:779: Windows Graphics Component Information Disclosure Vulnerability
  OVAL781  oval:org.cisecurity:def:781: Windows Graphics Component RCE Vulnerability

2016-05-20  OVAL695  oval:org.cisecurity:def:695: Hypervisor Code Integrity Security Feature Bypass
  OVAL766  oval:org.cisecurity:def:766: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability –
  OVAL767  oval:org.cisecurity:def:767: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability –
  OVAL731  oval:org.cisecurity:def:731: Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g

2016-05-19  OVAL737  oval:org.cisecurity:def:737: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL736  oval:org.cisecurity:def:736: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL720  oval:org.cisecurity:def:720: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL718  oval:org.cisecurity:def:718: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL701  oval:org.cisecurity:def:701: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL733  oval:org.cisecurity:def:733: Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2
  OVAL727  oval:org.cisecurity:def:727: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier
  OVAL722  oval:org.cisecurity:def:722: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL715  oval:org.cisecurity:def:715: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  OVAL729  oval:org.cisecurity:def:729: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  OVAL712  oval:org.cisecurity:def:712: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL735  oval:org.cisecurity:def:735: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL723  oval:org.cisecurity:def:723: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL713  oval:org.cisecurity:def:713: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL721  oval:org.cisecurity:def:721: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL717  oval:org.cisecurity:def:717: Unspecified vulnerability in Oracle Java SE 8u77
  OVAL705  oval:org.cisecurity:def:705: Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier
  OVAL710  oval:org.cisecurity:def:710: Unspecified vulnerability in Oracle Virtualization VirtualBox before 5.0.18
  OVAL703  oval:org.cisecurity:def:703: Unspecified vulnerability in Oracle Java SE 8u77
  OVAL711  oval:org.cisecurity:def:711: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL732  oval:org.cisecurity:def:732: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL716  oval:org.cisecurity:def:716: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL709  oval:org.cisecurity:def:709: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL700  oval:org.cisecurity:def:700: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL724  oval:org.cisecurity:def:724: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  OVAL730  oval:org.cisecurity:def:730: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier

2016-05-18  OVAL745  oval:org.cisecurity:def:745: Windows Imaging Component Memory Corruption Vulnerability –

2016-05-17  OVAL631  oval:org.cisecurity:def:631: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL648  oval:org.cisecurity:def:648: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL639  oval:org.cisecurity:def:639: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL640  oval:org.cisecurity:def:640: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL744  oval:org.cisecurity:def:744: Direct3D Use After Free Vulnerability –
  OVAL664  oval:org.cisecurity:def:664: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL686  oval:org.cisecurity:def:686: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL692  oval:org.cisecurity:def:692: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL683  oval:org.cisecurity:def:683: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL608  oval:org.cisecurity:def:608: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL663  oval:org.cisecurity:def:663: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL689  oval:org.cisecurity:def:689: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL619  oval:org.cisecurity:def:619: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL613  oval:org.cisecurity:def:613: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL615  oval:org.cisecurity:def:615: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL614  oval:org.cisecurity:def:614: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL630  oval:org.cisecurity:def:630: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL741  oval:org.cisecurity:def:741: Internet Explorer Security Feature Bypass
  OVAL650  oval:org.cisecurity:def:650: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL688  oval:org.cisecurity:def:688: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL764  oval:org.cisecurity:def:764: Win32k Elevation of Privilege Vulnerability –
  OVAL761  oval:org.cisecurity:def:761: Win32k Elevation of Privilege Vulnerability –
  OVAL760  oval:org.cisecurity:def:760: Win32k Elevation of Privilege Vulnerability –
  OVAL657  oval:org.cisecurity:def:657: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL609  oval:org.cisecurity:def:609: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL763  oval:org.cisecurity:def:763: Win32k Elevation of Privilege Vulnerability –
  OVAL743  oval:org.cisecurity:def:743: Internet Explorer Information Disclosure Vulnerability
  OVAL762  oval:org.cisecurity:def:762: Win32k Information Disclosure Vulnerability –
  OVAL742  oval:org.cisecurity:def:742: Microsoft Browser Memory Corruption Vulnerability
  OVAL661  oval:org.cisecurity:def:661: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL616  oval:org.cisecurity:def:616: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039

2016-05-16  OVAL605  oval:org.cisecurity:def:605: Vulnerability in Google Chrome before 50.0.2661.102
  OVAL740  oval:org.cisecurity:def:740: Windows Journal Memory Corruption Vulnerability
  OVAL607  oval:org.cisecurity:def:607: Vulnerability in Google Chrome before 50.0.2661.102
  OVAL606  oval:org.cisecurity:def:606: Vulnerability in Google Chrome before 50.0.2661.102
  OVAL604  oval:org.cisecurity:def:604: Vulnerability in Google Chrome before 50.0.2661.102
  OVAL739  oval:org.cisecurity:def:739: TLS/SSL Information Disclosure Vulnerability

2016-05-12  OVAL638  oval:org.cisecurity:def:638: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL653  oval:org.cisecurity:def:653: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL649  oval:org.cisecurity:def:649: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL675  oval:org.cisecurity:def:675: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL655  oval:org.cisecurity:def:655: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL634  oval:org.cisecurity:def:634: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL642  oval:org.cisecurity:def:642: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL682  oval:org.cisecurity:def:682: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL656  oval:org.cisecurity:def:656: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL690  oval:org.cisecurity:def:690: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL635  oval:org.cisecurity:def:635: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL611  oval:org.cisecurity:def:611: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL646  oval:org.cisecurity:def:646: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL678  oval:org.cisecurity:def:678: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL671  oval:org.cisecurity:def:671: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL621  oval:org.cisecurity:def:621: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL647  oval:org.cisecurity:def:647: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL665  oval:org.cisecurity:def:665: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL612  oval:org.cisecurity:def:612: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL641  oval:org.cisecurity:def:641: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL636  oval:org.cisecurity:def:636: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL628  oval:org.cisecurity:def:628: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL667  oval:org.cisecurity:def:667: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL633  oval:org.cisecurity:def:633: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL662  oval:org.cisecurity:def:662: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL645  oval:org.cisecurity:def:645: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL694  oval:org.cisecurity:def:694: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL681  oval:org.cisecurity:def:681: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL624  oval:org.cisecurity:def:624: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL632  oval:org.cisecurity:def:632: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL618  oval:org.cisecurity:def:618: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL510  oval:org.cisecurity:def:510: Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
  OVAL660  oval:org.cisecurity:def:660: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL672  oval:org.cisecurity:def:672: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL652  oval:org.cisecurity:def:652: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL617  oval:org.cisecurity:def:617: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL674  oval:org.cisecurity:def:674: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL680  oval:org.cisecurity:def:680: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL625  oval:org.cisecurity:def:625: Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL658  oval:org.cisecurity:def:658: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL629  oval:org.cisecurity:def:629: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL668  oval:org.cisecurity:def:668: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL670  oval:org.cisecurity:def:670: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL637  oval:org.cisecurity:def:637: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL673  oval:org.cisecurity:def:673: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL643  oval:org.cisecurity:def:643: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL626  oval:org.cisecurity:def:626: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL623  oval:org.cisecurity:def:623: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL679  oval:org.cisecurity:def:679: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL685  oval:org.cisecurity:def:685: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL610  oval:org.cisecurity:def:610: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL644  oval:org.cisecurity:def:644: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL654  oval:org.cisecurity:def:654: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL620  oval:org.cisecurity:def:620: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL691  oval:org.cisecurity:def:691: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL651  oval:org.cisecurity:def:651: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL676  oval:org.cisecurity:def:676: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL666  oval:org.cisecurity:def:666: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL693  oval:org.cisecurity:def:693: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL659  oval:org.cisecurity:def:659: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL669  oval:org.cisecurity:def:669: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039

2016-05-11  OVAL507  oval:org.cisecurity:def:507: Scripting Engine Memory Corruption Vulnerability
  OVAL513  oval:org.cisecurity:def:513: Adobe Flash Player Remote Code Execution Vulnerability
  OVAL520  oval:org.cisecurity:def:520: Windows Shell Remote Code Execution Vulnerability
  OVAL509  oval:org.cisecurity:def:509: Scripting Engine Memory Corruption Vulnerability

2016-05-10  OVAL512  oval:org.cisecurity:def:512: Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74

2016-05-05  OVAL501  oval:org.cisecurity:def:501: Windows OLE Remote Code Execution Vulnerability

2016-05-04  OVAL497  oval:org.cisecurity:def:497: Windows CSRSS Security Feature Bypass Vulnerability

2016-05-03  OVAL498  oval:org.cisecurity:def:498: Microsoft Office Memory Corruption Vulnerability –
  OVAL499  oval:org.cisecurity:def:499: .NET Framework Remote Code Execution Vulnerability

2016-05-02  OVAL504  oval:org.cisecurity:def:504: Microsoft Office Memory Corruption Vulnerability –
  OVAL502  oval:org.cisecurity:def:502: Microsoft Office Memory Corruption Vulnerability –
  OVAL622  oval:org.cisecurity:def:622: Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056
  OVAL503  oval:org.cisecurity:def:503: Microsoft Office Memory Corruption Vulnerability –

2016-04-26  OVAL500  oval:org.cisecurity:def:500: Graphics Memory Corruption Vulnerability –

2016-04-25  OVAL475  oval:org.cisecurity:def:475: Windows SAM and LSAD Downgrade Vulnerability

2016-04-22  OVAL515  oval:org.cisecurity:def:515: Microsoft Edge Elevation of Privilege Vulnerability –
  OVAL477  oval:org.cisecurity:def:477: MSXML Remote Code Execution Vulnerability
  OVAL511  oval:org.cisecurity:def:511: Microsoft Edge Memory Corruption Vulnerability –
  OVAL505  oval:org.cisecurity:def:505: Microsoft Edge Elevation of Privilege Vulnerability –
  OVAL508  oval:org.cisecurity:def:508: Microsoft Edge Memory Corruption Vulnerability –
  OVAL519  oval:org.cisecurity:def:519: Microsoft Edge Memory Corruption Vulnerability –

2016-04-21  OVAL479  oval:org.cisecurity:def:479: Win32k Elevation of Privilege Vulnerability –
  OVAL476  oval:org.cisecurity:def:476: Win32k Elevation of Privilege Vulnerability –
  OVAL480  oval:org.cisecurity:def:480: Win32k Elevation of Privilege Vulnerability –

2016-04-20  OVAL464  oval:org.cisecurity:def:464: DLL Loading Remote Code Execution Vulnerability
  OVAL474  oval:org.cisecurity:def:474: Internet Explorer Memory Corruption Vulnerability
  OVAL472  oval:org.cisecurity:def:472: Internet Explorer Information Disclosure Vulnerability
  OVAL470  oval:org.cisecurity:def:470: Internet Explorer Memory Corruption Vulnerability
  OVAL469  oval:org.cisecurity:def:469: Microsoft Browser Memory Corruption Vulnerability
  OVAL466  oval:org.cisecurity:def:466: Internet Explorer Memory Corruption Vulnerability
  OVAL514  oval:org.cisecurity:def:514: Microsoft Browser Memory Corruption Vulnerability
  OVAL465  oval:org.cisecurity:def:465: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 and 14.x through 18.0.0.203

2016-04-19  OVAL467  oval:org.cisecurity:def:467: Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows

2016-04-18  OVAL471  oval:org.cisecurity:def:471: Use-after-free vulnerability in the ByteArray class in the ActionScript 3

2016-04-11  OVAL458  oval:org.cisecurity:def:458: Use-after-free vulnerability in the BitmapData class in the ActionScript 3

2016-04-08  OVAL454  oval:org.cisecurity:def:454: Windows Journal DoS Vulnerability –
  OVAL452  oval:org.cisecurity:def:452: Windows Journal DoS Vulnerability –

2016-04-05  OVAL473  oval:org.cisecurity:def:473: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 –

2016-03-31  OVAL463  oval:org.cisecurity:def:463: Microsoft Office Memory Corruption Vulnerability –
  OVAL450  oval:org.cisecurity:def:450: OpenType Font Parsing Vulnerability –

2016-03-30  OVAL453  oval:org.cisecurity:def:453: Memory Corruption Vulnerability –
  OVAL468  oval:org.cisecurity:def:468: Scripting Engine Memory Corruption Vulnerability
  OVAL451  oval:org.cisecurity:def:451: Memory Corruption Vulnerability –

2016-03-08  OVAL429  oval:org.cisecurity:def:429: Internet Explorer Memory Corruption Vulnerability –
  OVAL430  oval:org.cisecurity:def:430: Internet Explorer Memory Corruption Vulnerability –
  OVAL426  oval:org.cisecurity:def:426: Internet Explorer Memory Corruption Vulnerability –
  OVAL432  oval:org.cisecurity:def:432: Internet Explorer Memory Corruption Vulnerability –
  OVAL428  oval:org.cisecurity:def:428: Internet Explorer Memory Corruption Vulnerability –
  OVAL427  oval:org.cisecurity:def:427: Internet Explorer Memory Corruption Vulnerability –
  OVAL433  oval:org.cisecurity:def:433: Internet Explorer Memory Corruption Vulnerability –
  OVAL447  oval:org.cisecurity:def:447: Scripting Engine Memory Corruption Vulnerability –
  OVAL425  oval:org.cisecurity:def:425: Internet Explorer Memory Corruption Vulnerability –
  OVAL431  oval:org.cisecurity:def:431: Internet Explorer Memory Corruption Vulnerability –

2016-03-07  OVAL419  oval:org.cisecurity:def:419: Internet Explorer Elevation of Privilege Vulnerability
  OVAL417  oval:org.cisecurity:def:417: Internet Explorer Memory Corruption Vulnerability
  OVAL424  oval:org.cisecurity:def:424: Internet Explorer Information Disclosure Vulnerability
  OVAL422  oval:org.cisecurity:def:422: Microsoft Browser Memory Corruption Vulnerability
  OVAL421  oval:org.cisecurity:def:421: Internet Explorer Memory Corruption Vulnerability
  OVAL418  oval:org.cisecurity:def:418: Microsoft Browser Spoofing Vulnerability
  OVAL420  oval:org.cisecurity:def:420: Internet Explorer Memory Corruption Vulnerability
  OVAL413  oval:org.cisecurity:def:413: Microsoft Browser Memory Corruption Vulnerability
  OVAL415  oval:org.cisecurity:def:415: Internet Explorer Elevation of Privilege Vulnerability
  OVAL412  oval:org.cisecurity:def:412: Internet Explorer Memory Corruption Vulnerability
  OVAL416  oval:org.cisecurity:def:416: Internet Explorer Memory Corruption Vulnerability
  OVAL414  oval:org.cisecurity:def:414: Microsoft Browser Memory Corruption Vulnerability

2016-03-03  OVAL448  oval:org.cisecurity:def:448: Internet Explorer Elevation of Privilege Vulnerability
  OVAL411  oval:org.cisecurity:def:411: Scripting Engine Memory Corruption Vulnerability
  CVE-2015-6260  Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

2016-02-24  OVAL409  oval:org.cisecurity:def:409: Windows Kernel Memory Information Disclosure Vulnerability –

2016-02-16  OVAL410  oval:org.cisecurity:def:410: Windows Kernel Memory Information Disclosure Vulnerability –
  OVAL392  oval:org.cisecurity:def:392: Windows Kernel Memory Elevation of Privilege Vulnerability –

2016-02-11  OVAL390  oval:org.cisecurity:def:390: Windows Graphics Memory Remote Code Execution Vulnerability –
  OVAL389  oval:org.cisecurity:def:389: Windows Graphics Memory Remote Code Execution Vulnerability –

2016-02-09  OVAL386  oval:org.cisecurity:def:386: Internet Explorer Memory Corruption Vulnerability
  OVAL385  oval:org.cisecurity:def:385: Internet Explorer Memory Corruption Vulnerability
  OVAL387  oval:org.cisecurity:def:387: Internet Explorer Memory Corruption Vulnerability
  OVAL388  oval:org.cisecurity:def:388: Internet Explorer Memory Corruption Vulnerability

2016-02-03  OVAL391  oval:org.cisecurity:def:391: Windows Kernel Memory Elevation of Privilege Vulnerability –

2016-02-01  OVAL381  oval:org.cisecurity:def:381: Internet Explorer Memory Corruption Vulnerability –

2016-01-22  OVAL376  oval:org.cisecurity:def:376: Internet Explorer Memory Corruption Vulnerability –

2016-01-08  CVE-2015-7754  Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.

2016-01-06  CVE-2015-5310  Wi-Fi in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Wi-Fi information by leveraging access to the local physical environment, aka internal bug 25266660.
  CVE-2015-6645  SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
  CVE-2015-6646  The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and...
  CVE-2015-6647  The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
  CVE-2015-6636  mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
  CVE-2015-6637  The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
  CVE-2015-6638  The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
  CVE-2015-6639  The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
  CVE-2015-6640  The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or...
  CVE-2015-6641  Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.
  CVE-2015-6642  The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6643  Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
  CVE-2015-6644  Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

2015-12-28  OVAL333  oval:org.cisecurity:def:333: Internet Explorer Memory Corruption Vulnerability

2015-12-19  CVE-2015-7755  Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before...
  CVE-2015-7756  The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18...

2015-12-18  OVAL311  oval:org.cisecurity:def:311: Internet Explorer Memory Corruption Vulnerability –

2015-12-15  CVE-2015-4206  Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.

2015-12-08  CVE-2015-6616  mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and...
  CVE-2015-6617  Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740.
  CVE-2015-6618  Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992.
  CVE-2015-6619  The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.
  CVE-2015-6620  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and...
  CVE-2015-6621  SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.
  CVE-2015-6622  The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as...
  CVE-2015-6623  Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.
  CVE-2015-6624  System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740.
  CVE-2015-6625  System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.
  CVE-2015-6626  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6627  The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka...
  CVE-2015-6628  Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6629  Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.
  CVE-2015-6630  SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.
  CVE-2015-6631  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6632  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6633  The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
  CVE-2015-6634  The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
  CVE-2015-8505  mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than...
  CVE-2015-8506  mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different...
  CVE-2015-8507  mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than...

2015-12-05  CVE-2015-6783  The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows...

2015-11-03  CVE-2015-6608  mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574,...
  CVE-2015-6609  libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
  CVE-2015-6610  libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
  CVE-2015-6611  mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs...
  CVE-2015-6612  libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
  CVE-2015-6613  Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or...
  CVE-2015-6614  Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage...
  CVE-2015-8072  mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug...
  CVE-2015-8073  mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability...
  CVE-2015-8074  mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a...

2015-10-19  CVE-2015-7748  Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.
  CVE-2015-7749  The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."
  CVE-2015-7750  The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a...
  CVE-2015-7751  Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-7752  The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5,...

2015-10-16  CVE-2014-6449  Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle...
  CVE-2014-6450  Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42,...
  CVE-2014-6451  J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.

2015-10-11  CVE-2015-6263  The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.

2015-10-06  CVE-2015-3878  Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that...
  CVE-2015-3879  Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.
  CVE-2015-3823  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
  CVE-2015-3847  Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.
  CVE-2015-3862  mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.
  CVE-2015-3865  The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
  CVE-2015-3867  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
  CVE-2015-3868  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.
  CVE-2015-3869  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.
  CVE-2015-3870  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.
  CVE-2015-3871  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.
  CVE-2015-3872  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
  CVE-2015-3873  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824,...
  CVE-2015-3874  The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.
  CVE-2015-3875  libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.
  CVE-2015-3877  Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.
  CVE-2015-6596  mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
  CVE-2015-6598  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.
  CVE-2015-6599  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.
  CVE-2015-6600  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.
  CVE-2015-6601  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.
  CVE-2015-6603  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.
  CVE-2015-6604  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.
  CVE-2015-6605  mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.
  CVE-2015-6606  The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,...
  CVE-2015-7716  libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than...
  CVE-2015-7717  mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
  CVE-2015-7718  mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.

2015-10-01  CVE-2015-3876  libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
  CVE-2015-6602  libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

2015-09-30  CVE-2014-7915  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
  CVE-2014-7916  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
  CVE-2014-7917  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
  CVE-2015-1528  Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory...
  CVE-2015-1536  Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server...
  CVE-2015-1538  Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an...
  CVE-2015-1539  Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a...
  CVE-2015-1541  The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an...
  CVE-2015-3824  The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of...
  CVE-2015-3826  The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3827  The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary...
  CVE-2015-3828  The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3829  Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and...
  CVE-2015-3831  Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted...
  CVE-2015-3832  Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.
  CVE-2015-3833  The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the...
  CVE-2015-3834  Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption,...
  CVE-2015-3835  Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.
  CVE-2015-3836  The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary...
  CVE-2015-3837  The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute...
  CVE-2015-3842  Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
  CVE-2015-3843  The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to...
  CVE-2015-3844  The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted...
  CVE-2015-3845  The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a...
  CVE-2015-3849  The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via...
  CVE-2015-3858  The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation...
  CVE-2015-3860  packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to...
  CVE-2015-3861  Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device...
  CVE-2015-3863  Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob...
  CVE-2015-3864  Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka...
  CVE-2015-6575  SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory...

2015-09-27  CVE-2015-6278  The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...
  CVE-2015-6279  The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...
  CVE-2015-6280  The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly...

2015-09-25  CVE-2015-6282  Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka...

2015-09-18  CVE-2014-8611  The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a...

2015-08-31  CVE-2015-6269  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.
  CVE-2015-6270  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.
  CVE-2015-6271  Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and...
  CVE-2015-6272  Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393,...

2015-08-28  CVE-2015-6267  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.
  CVE-2015-6268  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.
  CVE-2015-6273  Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash)...

2015-08-22  CVE-2015-6258  The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.

2015-08-19  CVE-2015-4277  The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory...
  CVE-2015-4296  Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006.
  CVE-2015-4301  Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225.
  CVE-2015-4323  Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices...
  CVE-2015-4324  Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote...

2015-08-08  CVE-2015-1805  The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local...

2015-07-31  CVE-2015-4291  Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.
  CVE-2015-4295  The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.

2015-07-30  OVAL29400  Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers
  OVAL29480  Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code
  OVAL29418  Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2
  CVE-2015-4293  The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after...

2015-07-24  CVE-2015-0681  The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG,...

2015-07-23  OVAL29139  Microsoft Office memory corruption vulnerability
  OVAL29245  Microsoft Office memory corruption vulnerability
  OVAL29517  Microsoft Office memory corruption vulnerability
  OVAL28805  Microsoft Office memory corruption vulnerability
  OVAL28544  Microsoft Office memory corruption vulnerability
  OVAL29525  Microsoft Excel DLL remote code execution vulnerability
  OVAL29284  Microsoft Office memory corruption vulnerability
  OVAL29449  Microsoft Office memory corruption vulnerability
  CVE-2015-4285  The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows...

2015-07-22  OVAL29357  Internet Explorer memory corruption vulnerability
  OVAL29414  Internet Explorer memory corruption vulnerability
  OVAL29075  Internet Explorer XSS filter bypass vulnerability
  OVAL28818  Internet Explorer memory corruption vulnerability
  OVAL29452  SQL Server elevation of privilege vulnerability
  OVAL28743  Win32k information disclosure vulnerability
  OVAL28804  Internet Explorer memory corruption vulnerability
  OVAL29159  Internet Explorer memory corruption vulnerability
  OVAL28614  Internet Explorer memory corruption vulnerability
  OVAL28968  Elevation of privilege vulnerability in Netlogon
  OVAL29454  Internet Explorer elevation of privilege vulnerability
  OVAL29132  Win32k information disclosure vulnerability
  OVAL29128  Win32k elevation of privilege vulnerability
  OVAL29315  SQL Server remote code execution vulnerability
  OVAL28990  OLE Elevation of privilege vulnerability
  OVAL28938  VBScript Memory corruption vulnerability
  OVAL29015  Internet Explorer memory corruption vulnerability
  OVAL29406  Hyper-V system data structure vulnerability
  OVAL29436  Win32k Elevation of privilege vulnerability
  OVAL28529  Internet Explorer memory corruption vulnerability
  OVAL29391  Hyper-V buffer overflow vulnerability
  OVAL29485  SQL Server remote code execution vulnerability
  OVAL28834  Internet Explorer memory corruption vulnerability
  OVAL29292  Internet Explorer memory corruption vulnerability
  OVAL29164  Internet Explorer memory corruption vulnerability
  OVAL29327  Windows RPC elevation of privilege vulnerability
  OVAL29247  Internet Explorer memory corruption vulnerability
  OVAL29487  Internet Explorer memory corruption vulnerability
  OVAL29360  Internet Explorer memory corruption vulnerability
  OVAL29355  Internet Explorer ASLR bypass vulnerability
  OVAL29156  Win32k elevation of privilege vulnerability
  OVAL29280  Windows DLL remote code execution vulnerability
  OVAL29278  Internet Explorer memory corruption vulnerability
  OVAL29422  Internet Explorer information disclosure vulnerability
  OVAL29087  Internet Explorer memory corruption vulnerability
  OVAL29295  Internet Explorer memory corruption vulnerability
  OVAL29316  Jscript9 Memory corruption vulnerability
  OVAL29493  OpenType font driver vulnerability
  OVAL29388  Win32k information disclosure vulnerability
  OVAL28708  Graphics component EOP vulnerability
  OVAL29395  Internet Explorer memory corruption vulnerability
  OVAL29324  Internet Explorer memory corruption vulnerability
  OVAL29392  Remote Desktop Protocol
  OVAL29219  Internet Explorer memory corruption vulnerability
  OVAL29332  ATMFD.DLL Memory corruption vulnerability
  OVAL29149  DLL planting remote code execution vulnerability
  OVAL29470  Internet Explorer memory corruption vulnerability
  OVAL29198  OLE Elevation of privilege vulnerability
  OVAL29431  Windows installer EoP vulnerability
  OVAL29296  Internet Explorer memory corruption vulnerability
  OVAL29010  Internet Explorer memory corruption vulnerability
  CVE-2015-4284  The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.

2015-07-16  CVE-2015-5357  The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified...
  CVE-2015-5360  IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5,...
  CVE-2015-5363  The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial...

2015-07-14  CVE-2015-3007  The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically...
  CVE-2015-5358  Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6,...
  CVE-2015-5359  Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before...
  CVE-2015-5362  The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-4269  The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
  CVE-2015-4272  Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID...

2015-07-08  CVE-2015-4243  The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug...

2015-07-03  CVE-2015-4231  The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
  CVE-2015-4232  Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
  CVE-2015-4234  Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.
  CVE-2015-4237  The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491,...

2015-06-29  OVAL28934  RHSA-2009:0402 -- openswan security update
  OVAL29179  RHSA-2009:1164 -- tomcat security update
  OVAL28966  RHSA-2009:0264 -- kernel security update
  OVAL29188  RHSA-2009:1162 -- firefox security update
  OVAL29167  RHSA-2008:0789 -- dnsmasq security update
  OVAL29230  RHSA-2009:1530 -- firefox security update
  OVAL29192  RHSA-2008:0855 -- openssh security update
  OVAL29052  RHSA-2009:1341 -- cman security, bug fix, and enhancement update
  OVAL29317  RHSA-2009:1579 -- httpd security update
  OVAL29029  RHSA-2008:0649 -- libxslt security update
  OVAL28716  RHSA-2008:0616 -- thunderbird security update
  OVAL29154  RHSA-2009:1193 -- kernel security and bug fix update
  OVAL28930  RHSA-2008:0892 -- xen security and bug fix update
  OVAL29185  RHSA-2008:0937 -- cups security update
  OVAL28514  RHSA-2015:0800 -- openssl security update
  OVAL29299  RHSA-2009:1107 -- apr-util security update
  OVAL28741  RHSA-2009:0354 -- evolution-data-server security update
  OVAL29008  RHSA-2008:0879 -- firefox security update
  OVAL29116  RHSA-2008:0976 -- thunderbird security update
  OVAL29178  RHSA-2009:0397 -- firefox security update
  OVAL29340  RHSA-2009:1472 -- xen security and bug fix update
  OVAL29196  RHSA-2009:0333 -- libpng security update
  OVAL29253  RHSA-2009:0012 -- netpbm security update
  OVAL29215  RHSA-2008:1036 -- firefox security update
  OVAL29084  RHSA-2015:0807 -- java-1.7.0-openjdk security update
  OVAL29289  RHSA-2008:0967 -- httpd security and bug fix update
  OVAL28965  RHSA-2009:1122 -- icu security update
  OVAL28617  RHSA-2009:1106 -- kernel security and bug fix update
  OVAL28696  SUSE-SU-2015:0974-1 -- Security update for apache2
  OVAL29310  RHSA-2009:1513 -- cups security update
  OVAL28916  RHSA-2009:1504 -- poppler security and bug fix update
  OVAL29150  RHSA-2008:0544 -- php security update
  OVAL29463  RHSA-2009:1039 -- ntp security update
  OVAL28421  RHSA-2009:0408 -- krb5 security update
  OVAL29044  RHSA-2008:0849 -- ipsec-tools security update
  OVAL29358  RHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update
  OVAL28765  RHSA-2009:1453 -- pidgin security update
  OVAL28333  SUSE-SU-2015:0743-1 -- Security update for mariadb
  OVAL29133  RHSA-2008:0818 -- hplip security update
  OVAL29170  RHSA-2009:1561 -- libvorbis security update
  OVAL29254  RHSA-2009:1102 -- cscope security update
  OVAL28629  RHSA-2009:1179 -- bind security update
  OVAL29146  SUSE-SU-2015:0942-1 -- Security update for gstreamer-0_10-plugins-bad
  OVAL29077  RHSA-2009:1204 -- apr and apr-util security update
  OVAL29079  RHSA-2009:0479 -- perl-DBD-Pg security update
  OVAL29379  RHSA-2009:1427 -- fetchmail security update
  OVAL29271  RHSA-2009:1470 -- openssh security update
  OVAL29236  RHSA-2009:0339 -- lcms security update
  OVAL29110  RHSA-2009:1060 -- pidgin security update
  OVAL29359  RHSA-2009:1238 -- dnsmasq security update
  OVAL29269  RHSA-2009:1548 -- kernel security and bug fix update
  OVAL28964  RHSA-2008:0965 -- lynx security update
  OVAL29038  RHSA-2008:0583 -- openldap security update
  OVAL29270  RHSA-2009:1452 -- neon security update
  OVAL28686  RHSA-2008:0981 -- ruby security update
  OVAL29365  RHSA-2009:1601 -- kdelibs security update
  OVAL29202  SUSE-SU-2015:0515-1 -- Security update for gnome-settings-daemon
  OVAL29193  RHSA-2009:0431 -- kdegraphics security update
  OVAL29283  RHSA-2009:1646 -- libtool security update
  OVAL29028  RHSA-2008:0569 -- firefox security update
  OVAL28712  RHSA-2009:0004 -- openssl security update
  OVAL29264  RHSA-2009:1529 -- samba security update
  OVAL29237  RHSA-2008:0978 -- firefox security update
  OVAL28792  SUSE-SU-2015:1014-1 -- Security update for vorbis-tools
  OVAL29234  RHSA-2008:0575 -- rdesktop security update
  OVAL29190  RHSA-2009:1490 -- squirrelmail security update
  OVAL29266  RHSA-2009:1648 -- ntp security update
  OVAL29347  RHSA-2009:1625 -- expat security update
  OVAL29354  RHSA-2008:1017 -- kernel security and bug fix update
  OVAL29331  RHSA-2009:1451 -- freeradius security update
  OVAL29446  RHSA-2009:0473 -- kernel security and bug fix update
  OVAL29201  RHSA-2009:0002 -- thunderbird security update
  OVAL29045  RHSA-2009:0256 -- firefox security update
  OVAL29111  RHSA-2009:1426 -- openoffice.org security update
  OVAL29090  RHSA-2008:0907 -- pam_krb5 security update
  OVAL28987  RHSA-2009:0020 -- bind security update
  OVAL28256  RHSA-2008:0839 -- postfix security update
  OVAL28973  RHSA-2008:0847 -- libtiff security and bug fix update
  OVAL29342  RHSA-2009:1674 -- firefox security update
  OVAL28838  RHSA-2009:0474 -- acpid security update
  OVAL29350  RHSA-2009:1287 -- openssh security, bug fix, and enhancement update
  OVAL28929  RHSA-2009:1278 -- lftp security and bug fix update
  OVAL29372  RHSA-2009:0010 -- squirrelmail security update
  OVAL29068  RHSA-2009:0336 -- glib2 security update
  OVAL29091  RHSA-2009:1061 -- freetype security update
  OVAL29222  RHSA-2009:1218 -- pidgin security update
  OVAL29197  RHSA-2008:0971 -- net-snmp security update
  OVAL29055  SUSE-SU-2015:0953-2 -- Security update for perl-YAML-LibYAML
  OVAL29165  SUSE-SU-2015:0990-1 -- Security update for curl
  OVAL28976  RHSA-2008:1016 -- enscript security update
  OVAL29125  RHSA-2009:1130 -- kdegraphics security update
  OVAL29267  RHSA-2009:0436 -- firefox security update
  OVAL29288  RHSA-2009:0008 -- dbus security update
  OVAL29183  RHSA-2009:1126 -- thunderbird security update
  OVAL29371  RHSA-2009:0344 -- libsoup security update
  OVAL29255  RHSA-2008:0581 -- bluez-libs and bluez-utils security update
  OVAL29143  RHSA-2009:0018 -- xterm security update
  OVAL29311  RHSA-2009:1123 -- gstreamer-plugins-good security update
  OVAL29041  RHSA-2009:1463 -- newt security update
  OVAL29169  RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update
  OVAL29205  RHSA-2009:1201 -- java-1.6.0-openjdk security and bug fix update
  OVAL29088  RHSA-2009:0313 -- wireshark security update
  OVAL29047  RHSA-2009:1615 -- xerces-j2 security update
  OVAL29199  RHSA-2008:0946 -- ed security update
  OVAL29066  RHSA-2008:0597 -- firefox security update
  OVAL28842  RHSA-2008:0815 -- yum-rhn-plugin security update
  OVAL29381  RHSA-2009:0315 -- firefox security update
  OVAL29313  RHSA-2009:0205 -- dovecot security and bug fix update
  OVAL28495  RHSA-2009:1036 -- ipsec-tools security update
  OVAL28983  RHSA-2008:0612 -- kernel security and bug fix update
  OVAL29208  SUSE-SU-2015:1077-1 -- Security update for openldap2
  OVAL29020  RHSA-2008:0982 -- gnutls security update
  OVAL28941  RHSA-2009:1484 -- postgresql security update
  OVAL28279  SUSE-SU-2015:0884-1 -- Security update for spice
  OVAL29195  RHSA-2009:0296 -- icu security update
  OVAL28850  RHSA-2009:0259 -- mod_auth_mysql security update
  OVAL29263  RHSA-2009:1642 -- acpid security update
  OVAL28888  RHSA-2009:1289 -- mysql security and bug fix update
  OVAL29306  RHSA-2008:0988 -- libxml2 security update
  OVAL28894  RHSA-2009:1100 -- wireshark security update
  OVAL28896  RHSA-2009:0271 -- gstreamer-plugins-good security update
  OVAL29140  RHSA-2015:0808 -- java-1.6.0-openjdk security update
  OVAL28800  RHSA-2009:1075 -- httpd security update
  OVAL28921  SUSE-SU-2015:0866-1 -- Security update for gd
  OVAL29103  RHSA-2009:1138 -- openswan security update
  OVAL29339  RHSA-2009:1066 -- squirrelmail security update
  OVAL29258  RHSA-2009:1140 -- ruby security update
  OVAL28736  RHSA-2009:0449 -- firefox security update
  OVAL28946  RHSA-2009:0476 -- pango security update
  OVAL29098  RHSA-2009:0267 -- sudo security update
  OVAL29148  SUSE-SU-2015:1020-1 -- Security update for autofs
  OVAL28887  RHSA-2008:0486 -- nfs-utils security update
  OVAL29277  RHSA-2009:0377 -- java-1.6.0-openjdk security update
  OVAL29265  RHSA-2008:0957 -- kernel security and bug fix update
  OVAL28953  RHSA-2009:1337 -- gfs2-utils security and bug fix update
  OVAL28776  RHSA-2009:0003 -- xen security and bug fix update
  OVAL29301  RHSA-2009:1127 -- kdelibs security update
  OVAL29275  RHSA-2009:1549 -- wget security update
  OVAL29396  RHSA-2009:1095 -- firefox security update
  OVAL29039  RHSA-2008:0893 -- bzip2 security update
  OVAL29100  RHSA-2009:1139 -- pidgin security and bug fix update
  OVAL29345  RHSA-2009:0338 -- php security update
  OVAL28898  RHSA-2009:1584 -- java-1.6.0-openjdk security update
  OVAL29206  RHSA-2009:1082 -- cups security update
  OVAL28242  RHSA-2008:0897 -- ruby security update
  OVAL29248  RHSA-2015:0803 -- kernel security and bug fix update
  OVAL29213  RHSA-2009:0057 -- squirrelmail security update
  OVAL29320  RHSA-2009:1428 -- xmlsec1 security update
  OVAL29069  RHSA-2008:0939 -- openoffice.org security update
  OVAL29367  RHSA-2009:0261 -- vnc security update
  OVAL29380  RHSA-2009:0457 -- libwmf security update
  OVAL29242  SUSE-SU-2015:0979-1 -- Security update for dnsmasq
  OVAL29166  RHSA-2009:0258 -- thunderbird security update
  OVAL29232  RHSA-2008:0580 -- vim security update
  OVAL29095  SUSE-SU-2015:1013-1 -- Security update for wpa_supplicant
  OVAL29163  RHSA-2009:1203 -- subversion security update
  OVAL29012  RHSA-2008:0890 -- wireshark security update
  OVAL28592  RHSA-2009:0429 -- cups security update
  OVAL29046  RHSA-2009:1536 -- pidgin security update
  OVAL29276  RHSA-2009:0421 -- ghostscript security update
  OVAL29252  SUSE-SU-2015:1150-1 -- Security update for compat-openssl098
  OVAL28926  RHSA-2009:1471 -- elinks security update
  OVAL29171  RHSA-2009:0345 -- ghostscript security update
  OVAL28954  RHSA-2009:0373 -- systemtap security update
  OVAL29281  RHSA-2009:1232 -- gnutls security update
  OVAL29022  RHSA-2009:1116 -- cyrus-imapd security update
  OVAL28897  RHSA-2009:1502 -- kdegraphics security update
  OVAL29294  RHSA-2009:1176 -- python security update
  OVAL28980  RHSA-2008:0561 -- ruby security update
  OVAL29369  RHSA-2009:1321 -- nfs-utils security and bug fix update
  OVAL28925  SUSE-SU-2015:0803-1 -- Security update for gdm
  OVAL29261  RHSA-2009:0013 -- avahi security update
  OVAL28749  RHSA-2009:1335 -- openssl security, bug fix, and enhancement update
  OVAL28879  RHSA-2009:1159 -- libtiff security update
  OVAL29233  SUSE-SU-2015:0108-1 -- Security update for evolution-data-server
  OVAL29153  RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update
  OVAL29334  RHSA-2009:1430 -- firefox security update
  OVAL29300  RHSA-2009:0011 -- lcms security update
  OVAL29387  RHSA-2009:0411 -- device-mapper-multipath security update
  OVAL28862  RHSA-2009:1670 -- kernel security and bug fix update
  OVAL29286  RHSA-2009:0444 -- giflib security update
  OVAL29030  RHSA-2008:0884 -- libxml2 security update
  OVAL29262  RHSA-2009:0361 -- NetworkManager security update
  OVAL29129  RHSA-2008:0885 -- kernel security and bug fix update
  OVAL29308  RHSA-2008:1001 -- tog-pegasus security update
  OVAL29251  SUSE-SU-2015:0805-1 -- Security update for cups-filters
  OVAL29241  RHSA-2008:0836 -- libxml2 security update
  OVAL28958  RHSA-2009:1206 -- libxml and libxml2 security update
  OVAL29259  RHSA-2009:1364 -- gdm security and bug fix update
  OVAL28758  RHSA-2009:1459 -- cyrus-imapd security update
  OVAL28407  RHSA-2008:0648 -- tomcat security update
  OVAL28923  RHSA-2009:0046 -- ntp security update
  OVAL29382  RHSA-2009:1619 -- dstat security update
  OVAL29137  RHSA-2008:1029 -- cups security update
  OVAL29319  RHSA-2009:0352 -- gstreamer-plugins-base security update
  OVAL29144  RHSA-2008:0584 -- pidgin security and bug fix update
  OVAL28869  RHSA-2009:0480 -- poppler security update
  OVAL28978  RHSA-2009:0341 -- curl security update
  OVAL28703  RHSA-2009:0427 -- udev security update
  OVAL28793  RHSA-2009:0326 -- kernel security and bug fix update
  OVAL28823  ELSA-2015-1189 -- kvm security update
  OVAL28693  RHSA-2008:0908 -- thunderbird security update
  OVAL28396  RHSA-2009:1148 -- httpd security update
  OVAL29109  RHSA-2009:1620 -- bind security update
  OVAL29217  RHSA-2009:1219 -- libvorbis security update
  OVAL28265  SUSE-SU-2015:1143-1 -- Security update for openssl
  OVAL29134  RHSA-2009:1209 -- curl security update
  OVAL28627  RHSA-2009:1222 -- kernel security and bug fix update
  OVAL28787  RHSA-2008:0533 -- bind security update
  OVAL29343  RHSA-2009:0225 -- Red Hat Enterprise Linux 5.3 kernel security and bug fix update
  OVAL29136  RHSA-2015:0809 -- java-1.8.0-openjdk security update
  OVAL29210  RHSA-2008:1023 -- pidgin security and bug fix update
  OVAL29162  RHSA-2008:0835 -- openoffice.org security update
  OVAL28599  RHSA-2015:0806 -- java-1.7.0-openjdk security update

2015-06-27  CVE-2015-4199  Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent...
  CVE-2015-4225  Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors,...

2015-06-26  CVE-2015-4224  Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

2015-06-25  CVE-2015-4223  Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.

2015-06-24  OVAL28971  Vulnerability in Active Directory Federation Services could allow elevation of privilege
  CVE-2015-4213  Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.
  CVE-2015-4215  Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6...

2015-06-23  CVE-2015-4200  Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation,...
  CVE-2015-4203  Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed...
  CVE-2015-4204  Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests...
  CVE-2015-4205  Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.

2015-06-20  CVE-2015-4197  Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.
  CVE-2015-4202  Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization...

2015-06-18  CVE-2015-4191  Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
  CVE-2015-4195  Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.

2015-06-16  OVAL29099  CESA-2015:1115 -- centos 7 openssl
  OVAL28643  ELSA-2015-1115 -- Oracle openssl
  OVAL28674  CESA-2015:1115 -- centos 6 openssl
  OVAL28440  RHSA-2015:1115-01 -- Redhat openssl
  OVAL29126  ELSA-2015-1115 -- Oracle openssl
  OVAL28518  Internet Explorer memory corruption vulnerability
  OVAL28910  Windows Media Player RCE via DataObject vulnerability
  OVAL28769  Internet Explorer memory corruption vulnerability
  OVAL28806  Microsoft Windows Kernel Bitmap handling use after free vulnerability
  OVAL29142  Internet Explorer elevation of privilege vulnerability
  OVAL29118  Microsoft Windows Kernel use after free vulnerability –
  OVAL29050  Win32k Pool buffer overflow vulnerability
  OVAL28650  Internet Explorer memory corruption vulnerability
  OVAL29076  Internet Explorer memory corruption vulnerability
  OVAL28201  Microsoft Windows Kernel Brush Object use after free vulnerability
  OVAL29072  Microsoft common control use after free vulnerability
  OVAL29057  Internet Explorer memory corruption vulnerability
  OVAL29119  Internet Explorer memory corruption vulnerability
  OVAL29093  Microsoft Windows Kernel information disclosure vulnerability –
  OVAL28513  Microsoft Office memory corruption vulnerability –
  OVAL29147  Internet Explorer elevation of privilege vulnerability
  OVAL29123  Internet Explorer memory corruption vulnerability
  OVAL29124  Microsoft Windows Kernel Object use after free vulnerability
  OVAL29060  Internet Explorer memory corruption vulnerability
  OVAL28948  Internet Explorer memory corruption vulnerability
  OVAL29115  Exchange Cross-Site Request Forgery vulnerability
  OVAL28994  Win32k elevation of privilege vulnerability
  OVAL28665  Win32k buffer overflow vulnerability
  OVAL28607  Exchange Server-Side Request Forgery vulnerability
  OVAL29113  Internet Explorer memory corruption vulnerability
  OVAL29067  Microsoft Windows Station use after free vulnerability
  OVAL28724  Internet Explorer memory corruption vulnerability
  OVAL28848  Internet Explorer memory corruption vulnerability
  OVAL29081  Internet Explorer memory corruption vulnerability
  OVAL29145  Win32k Null pointer dereference vulnerability
  OVAL28889  Internet Explorer memory corruption vulnerability
  OVAL28512  Internet Explorer memory corruption vulnerability
  OVAL28593  Internet Explorer memory corruption vulnerability
  OVAL28610  Internet Explorer memory corruption vulnerability
  OVAL29005  Internet Explorer elevation of privilege vulnerability
  OVAL28525  Windows LoadLibrary EoP vulnerability
  OVAL28928  Exchange HTML injection vulnerability
  OVAL28429  Internet Explorer information disclosure vulnerability
  OVAL28531  Microsoft Office uninitialized memory use vulnerability –
  OVAL28508  Win32k memory corruption elevation of privilege vulnerability
  OVAL29033  Internet Explorer memory corruption vulnerability
  OVAL28530  Internet Explorer memory corruption vulnerability
  OVAL28744  Microsoft Office memory corruption vulnerability –
  OVAL29061  Internet Explorer memory corruption vulnerability

2015-06-13  CVE-2015-4185  The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.

2015-06-12  CVE-2015-0771  The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID...
  CVE-2015-0775  The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000...
  CVE-2015-0776  telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.

2015-06-02  OVAL29004  ELSA-2015-0998 -- Oracle qemu-kvm_qemu-guest-agent
  OVAL28974  ELSA-2015-1002 -- Oracle xen
  OVAL28539  RHSA-2015:1002-01 -- Redhat xen
  OVAL28198  CESA-2015:1003 -- centos 5 kvm
  OVAL28600  CESA-2015:0999 -- centos 7 qemu-kvm,libcacard
  OVAL28106  RHSA-2015:0999-01 -- Redhat qemu-kvm, libcacard
  OVAL28949  ELSA-2015-1003 -- Oracle kvm-83
  OVAL28893  ELSA-2015-0999 -- Oracle qemu-kvm
  OVAL28702  RHSA-2015:0998-01 -- Redhat qemu-kvm, qemu-guest-agent
  OVAL28937  CESA-2015:1002 -- centos 5 xen
  OVAL28912  CESA-2015:0998 -- centos 6 qemu-kvm,qemu-guest-agent

2015-05-29  CVE-2015-0751  Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.
  CVE-2015-0756  Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.

2015-05-20  OVAL28950  Windows forms elevation of privilege vulnerability
  OVAL28207  TrueType font parsing vulnerability
  OVAL28985  Microsoft Silverlight out of browser application vulnerability
  OVAL28680  Internet Explorer memory corruption vulnerability
  OVAL29016  Internet Explorer ASLR bypass vulnerability
  OVAL28710  Windows Journal remote code execution vulnerability
  OVAL28576  Internet Explorer memory corruption vulnerability
  OVAL28829  Internet Explorer elevation of privilege vulnerability
  OVAL28649  Windows Journal remote code execution vulnerability
  OVAL28867  VBScript memory corruption vulnerability
  OVAL28822  Internet Explorer clipboard information disclosure vulnerability
  OVAL28840  Internet Explorer memory corruption vulnerability
  OVAL28932  Service control manager elevation of privilege vulnerability
  OVAL28993  Internet Explorer memory corruption vulnerability
  OVAL28984  Internet Explorer memory corruption vulnerability
  OVAL28753  Internet Explorer memory corruption vulnerability
  OVAL28692  Internet Explorer elevation of privilege vulnerability
  OVAL28739  .NET XML decryption denial of service vulnerability
  OVAL28555  Microsoft windows kernel memory disclosure vulnerability
  OVAL28473  Internet Explorer memory corruption vulnerability
  OVAL28672  Schannel information disclosure vulnerability
  OVAL28815  Internet Explorer elevation of privilege vulnerability
  OVAL29018  Microsoft Management Console file format denial of service vulnerability
  OVAL29001  Microsoft windows kernel memory disclosure vulnerability
  OVAL28745  VBScript and JScript ASLR bypass vulnerability
  OVAL29000  Internet Explorer memory corruption vulnerability
  OVAL28936  Windows Journal remote code execution vulnerability
  OVAL28742  Windows Journal remote code execution vulnerability
  OVAL28405  Internet Explorer memory corruption vulnerability
  OVAL28162  Internet Explorer memory corruption vulnerability
  OVAL28699  Windows Kernel security feature bypass vulnerability
  OVAL28068  Microsoft windows kernel memory disclosure vulnerability
  OVAL28517  Windows Journal remote code execution vulnerability
  OVAL28924  Microsoft SharePoint page content vulnerabilities –
  OVAL28340  Internet Explorer memory corruption vulnerability
  OVAL28883  Microsoft windows kernel memory disclosure vulnerability
  OVAL28876  Microsoft windows kernel memory disclosure vulnerability
  OVAL28951  Internet Explorer memory corruption vulnerability
  OVAL28723  Microsoft Office memory corruption vulnerability –
  OVAL28808  Microsoft windows kernel memory disclosure vulnerability
  OVAL28390  Windows Journal remote code execution vulnerability
  OVAL28641  Internet Explorer memory corruption vulnerability
  OVAL28917  Internet Explorer memory corruption vulnerability
  OVAL28645  Microsoft Office memory corruption vulnerability –
  OVAL28362  OpenType Font parsing vulnerability
  OVAL28167  Internet Explorer memory corruption vulnerability

2015-05-16  CVE-2015-0717  Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.
  CVE-2015-0723  The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.
  CVE-2015-0726  The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via...

2015-05-15  CVE-2015-0731  The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890.

2015-05-12  OVAL28575  Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 could allow attackers to execute arbitrary code on Windows

2015-05-01  CVE-2014-8361  The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

2015-04-28  CVE-2015-0708  Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.
  CVE-2015-0709  Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348.
  CVE-2015-0710  The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling,...

2015-04-24  OVAL29009  MSXML3 same origin policy SFB vulnerability

2015-04-21  OVAL28865  Internet Explorer memory corruption vulnerability
  OVAL28704  Internet Explorer memory corruption vulnerability
  OVAL27908  Internet Explorer memory corruption vulnerability
  OVAL28523  Microsoft SharePoint XSS vulnerability –
  OVAL28783  Internet Explorer memory corruption vulnerability
  OVAL28895  Internet Explorer memory corruption vulnerability
  OVAL27899  Internet Explorer memory corruption vulnerability
  OVAL28821  Internet Explorer ASLR bypass vulnerability
  OVAL28709  Internet Explorer memory corruption vulnerability
  OVAL28574  Internet Explorer memory corruption vulnerability
  OVAL28861  Internet Explorer memory corruption vulnerability
  OVAL28565  Microsoft SharePoint XSS vulnerability –

2015-04-17  OVAL28782  Active Directory Federation Services information disclosure vulnerability
  OVAL27878  Microsoft office memory corruption vulnerability –
  OVAL28690  Microsoft office component use after free vulnerability
  OVAL28831  NtCreateTransactionManager type confusion vulnerability
  OVAL28752  Microsoft office component use after free vulnerability
  OVAL28101  EMF processing remote code execution vulnerability
  OVAL28561  Microsoft office component use after free vulnerability
  OVAL28603  Windows MS-DOS device name vulnerability
  OVAL28116  ASP.NET information disclosure vulnerability
  OVAL28623  HTTP.sys Remote code execution vulnerability
  OVAL28397  Windows Hyper-V DoS vulnerability

2015-04-16  CVE-2015-0695  Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card...

2015-04-10  CVE-2015-1090  CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1091  The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin...
  CVE-2015-3005  Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject...
  CVE-2015-1092  NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity...
  CVE-2015-1093  FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
  CVE-2015-1094  IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1095  IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
  CVE-2015-3002  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port...
  CVE-2015-3003  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users...
  CVE-2015-1085  AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
  CVE-2015-3004  J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3...
  CVE-2015-1086  The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2015-1087  Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
  CVE-2015-1088  CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
  CVE-2015-1089  CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
  CVE-2015-1096  IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1097  IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1098  iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-1099  Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
  CVE-2015-1100  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
  CVE-2015-1101  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-1102  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
  CVE-2015-1103  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain...
  CVE-2015-1104  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering...
  CVE-2015-1105  The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial...
  CVE-2015-1106  The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
  CVE-2015-1107  The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making...
  CVE-2015-1108  The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
  CVE-2015-1109  NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
  CVE-2015-1110  The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
  CVE-2015-1111  Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1112  Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive...
  CVE-2015-1113  The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
  CVE-2015-1114  The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
  CVE-2015-1115  The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
  CVE-2015-1116  The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
  CVE-2015-1117  The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to...
  CVE-2015-1118  libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
  CVE-2015-1119  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1120  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1121  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1122  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1123  WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-1124  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1125  The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
  CVE-2015-1126  WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource...

2015-04-06  CVE-2015-0690  Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.

2015-04-03  CVE-2015-0688  Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.

2015-04-02  CVE-2015-0685  Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.
  CVE-2015-0686  The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID...
  CVE-2015-0687  The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka...

2015-03-27  CVE-2015-0658  The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on...
  CVE-2015-0679  The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.
  CVE-2015-0680  Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.

2015-03-26  CVE-2015-0638  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.
  CVE-2015-0639  The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S,...
  CVE-2015-0635  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA)...
  CVE-2015-0636  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via...
  CVE-2015-0637  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN...
  CVE-2015-0640  The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0641  Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted...
  CVE-2015-0642  Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0643  Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0644  AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service...
  CVE-2015-0645  The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0646  Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of...
  CVE-2015-0647  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371.
  CVE-2015-0648  Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.
  CVE-2015-0649  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514.
  CVE-2015-0650  The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote...
  CVE-2015-0672  The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.

2015-03-20  CVE-2015-0669  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN)...

2015-03-18  CVE-2015-1068  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1069  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1070  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1071  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1072  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1073  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1074  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1076  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1077  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1078  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1079  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1080  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1081  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1082  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1083  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1084  The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

2015-03-17  OVAL28851  Microsoft word local zone remote code execution vulnerability –
  OVAL27875  Microsoft SharePoint xss vulnerability –
  OVAL28356  Microsoft office memory corruption vulnerability –
  OVAL28562  Vulnerability in Microsoft Schannel could allow security feature bypass
  OVAL28658  Microsoft SharePoint xss vulnerability –
  OVAL28631  Microsoft office component use after free vulnerability

2015-03-16  OVAL28803  Microsoft windows kernel memory disclosure vulnerability
  OVAL28807  Adobe font driver remote code execution vulnerability
  OVAL28670  Internet Explorer memory corruption vulnerability
  OVAL28675  JPEG XR parser information disclosure vulnerability
  OVAL28813  Win32k elevation of privilege vulnerability
  OVAL28768  Internet Explorer memory corruption vulnerability
  OVAL28797  VBScript memory corruption vulnerability
  OVAL28656  Microsoft windows kernel memory disclosure vulnerability
  OVAL28780  Task scheduler security feature bypass vulnerability
  OVAL28843  Internet Explorer memory corruption vulnerability
  OVAL27987  WTS remote code execution vulnerability
  OVAL28487  Internet Explorer memory corruption vulnerability
  OVAL28609  DLL planting remote code execution vulnerability
  OVAL28847  Remote desktop protocol
  OVAL28464  Internet Explorer memory corruption vulnerability
  OVAL28811  OWA modified canary parameter cross site scripting vulnerability
  OVAL28730  Adobe font driver denial of service vulnerability
  OVAL28816  Registry virtualization elevation of privilege vulnerability
  OVAL28605  Internet Explorer elevation of privilege vulnerability
  OVAL28738  Adobe font driver remote code execution vulnerability
  OVAL28844  Impersonation level check elevation of privilege vulnerability
  OVAL28294  Exchange forged meeting request spoofing vulnerability
  OVAL28684  Adobe font driver remote code execution vulnerability
  OVAL28469  Adobe font driver information disclosure vulnerability
  OVAL28737  Internet Explorer elevation of privilege vulnerability
  OVAL28836  Internet Explorer memory corruption vulnerability
  OVAL28757  Internet Explorer memory corruption vulnerability
  OVAL28667  Microsoft windows kernel memory disclosure vulnerability
  OVAL28770  Adobe font driver remote code execution vulnerability
  OVAL28549  Adobe font driver information disclosure vulnerability
  OVAL28524  Audit report cross site scripting vulnerability
  OVAL28569  Internet Explorer memory corruption vulnerability
  OVAL28428  Malformed PNG parsing information disclosure vulnerability
  OVAL28748  ExchangeDLP cross site scripting vulnerability
  OVAL28863  NETLOGON spoofing vulnerability
  OVAL28771  Adobe font driver remote code execution vulnerability
  OVAL28781  Internet Explorer memory corruption vulnerability
  OVAL27900  Exchange error message cross site scripting vulnerability

2015-03-12  CVE-2015-1061  IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
  CVE-2015-1062  MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
  CVE-2015-1063  CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
  CVE-2015-1064  Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
  CVE-2015-1065  Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.

2015-03-10  CVE-2015-1067  Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to...

2015-03-05  CVE-2015-0598  The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.
  CVE-2015-0607  The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that...
  CVE-2015-0657  Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.
  CVE-2015-0659  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
  CVE-2015-0661  The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.

2015-03-04  CVE-2015-0204  FREAK: SSL/TLS vulnerability

2015-02-26  CVE-2015-0632  Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

2015-02-21  CVE-2015-0618  Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with...

2015-02-20  CVE-2015-2077  MITM installed: Superfish adware
  CVE-2015-2078  MITM installed: Superfish certificate

2015-02-18  CVE-2015-0622  The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the...

2015-02-15  CVE-2015-1474  Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption)...
  CVE-2015-0609  Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via...

2015-02-13  OVAL28402  Internet Explorer memory corruption vulnerability
  OVAL28347  Internet Explorer memory corruption vulnerability
  OVAL28449  Internet Explorer ASLR bypass vulnerability
  OVAL28750  Internet Explorer memory corruption vulnerability
  OVAL28382  Internet Explorer memory corruption vulnerability
  OVAL28540  Internet Explorer memory corruption vulnerability
  OVAL28394  Internet Explorer memory corruption vulnerability
  OVAL28728  Internet Explorer elevation of privilege vulnerability
  OVAL28666  Internet Explorer memory corruption vulnerability
  OVAL28700  Group Policy remote code execution vulnerability
  OVAL28668  Microsoft Office component use after free vulnerability
  OVAL28718  Internet Explorer memory corruption vulnerability
  OVAL27765  Internet Explorer memory corruption vulnerability
  OVAL28558  Internet Explorer memory corruption vulnerability
  OVAL28689  Win32k elevation of privilege vulnerability
  OVAL28731  TIFF Processing information disclosure vulnerability
  OVAL28272  Internet Explorer memory corruption vulnerability
  OVAL27957  Internet Explorer memory corruption vulnerability
  OVAL28486  Internet Explorer ASLR bypass vulnerability
  OVAL28688  Windows font driver denial of service vulnerability
  OVAL28653  Internet Explorer memory corruption vulnerability
  OVAL28711  Internet Explorer memory corruption vulnerability
  OVAL28735  Internet Explorer memory corruption vulnerability
  OVAL28074  Office remote code execution vulnerability
  OVAL28395  Internet Explorer memory corruption vulnerability
  OVAL28202  CNG security feature bypass vulnerability
  OVAL28633  TrueType font parsing remote code execution vulnerability
  OVAL28764  Windows create process elevation of privilege vulnerability
  OVAL28691  Internet Explorer memory corruption vulnerability
  OVAL28573  Internet Explorer memory corruption vulnerability
  OVAL28683  Internet Explorer memory corruption vulnerability
  OVAL28695  Internet Explorer memory corruption vulnerability
  OVAL27977  Internet Explorer memory corruption vulnerability
  OVAL28590  Internet Explorer memory corruption vulnerability
  OVAL28762  Microsoft schannel remote code execution vulnerability
  OVAL27780  Microsoft schannel remote code execution vulnerability
  OVAL28598  OneTableDocumentStream remote code execution vulnerability
  OVAL28475  Internet Explorer memory corruption vulnerability
  OVAL28413  Internet Explorer memory corruption vulnerability
  OVAL28257  Internet Explorer ASLR bypass vulnerability
  OVAL28018  Internet Explorer cross-domain information disclosure vulnerability
  OVAL28767  Group Policy security feature bypass vulnerability
  OVAL28384  Internet Explorer memory corruption vulnerability
  OVAL28732  Internet Explorer memory corruption vulnerability
  OVAL28193  Internet Explorer elevation of privilege vulnerability
  OVAL28383  Internet Explorer memory corruption vulnerability
  OVAL28639  Internet Explorer memory corruption vulnerability
  OVAL28522  Internet Explorer memory corruption vulnerability
  OVAL28337  Internet Explorer memory corruption vulnerability
  OVAL28548  Internet Explorer use-after-free vulnerability
  OVAL28021  Internet Explorer memory corruption vulnerability
  OVAL28714  Internet Explorer memory corruption vulnerability
  OVAL27772  Internet Explorer memory corruption vulnerability
  OVAL28663  Internet Explorer memory corruption vulnerability
  OVAL28604  Excel remote code execution vulnerability

2015-02-12  CVE-2015-0593  The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003.

2015-02-11  CVE-2015-0592  The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.
  CVE-2015-0606  The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696.
  CVE-2015-0608  Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper...
  CVE-2015-0610  Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco...

2015-02-05  OVAL28602  Adobe Flash Player 14.x though 16.0.0.296 and 13.x through 13.0.0.264 could crash and potentially allow system takeover on the Windows platform
  OVAL28646  Adobe Flash Player 14.x though 16.0.0.257 and 13.x through 13.0.0.260 could be used to circumvent memory randomization mitigations on the Windows platform
  OVAL28471  Adobe Flash Player 14.x though 16.0.0.287 and 13.x through 13.0.0.262 can cause a crash and potentially allow an attacker to take control of the Windows platform

2015-02-03  CVE-2014-8013  The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.

2015-01-30  CVE-2014-4493  The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
  CVE-2014-4494  Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging...
  CVE-2014-4495  The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass...
  CVE-2014-4496  The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR...
  CVE-2014-8840  The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.
  CVE-2014-4467  WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
  CVE-2014-4476  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4477  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4479  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4480  Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
  CVE-2014-4481  Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
  CVE-2014-4483  Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file...
  CVE-2014-4484  FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
  CVE-2014-4485  Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a...
  CVE-2014-4486  IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a...
  CVE-2014-4487  Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2014-4488  IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2014-4489  IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of...
  CVE-2014-4491  The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for...
  CVE-2014-4492  libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via...

2015-01-28  OVAL28360  RHSA-2015:0090 -- glibc security update
  OVAL28438  RHSA-2015:0092 -- glibc security update
  OVAL28622  ELSA-2015-0092 -- glibc security update
  OVAL28638  ELSA-2015-0090 -- glibc security update
  CVE-2015-0586  The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR...

2015-01-22  CVE-2014-8008  Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

2015-01-16  OVAL28634  Windows Error Reporting security feature bypass vulnerability
  OVAL28664  Graphics component information disclosure vulnerability
  OVAL28478  Network policy server RADIUS implementation denial of service vulnerability
  OVAL28717  Directory Traversal elevation of privilege vulnerability
  OVAL28330  Microsoft user profile service elevation of privilege vulnerability
  OVAL28297  NLA Security Feature Bypass Vulnerability
  OVAL28554  Windows Telnet service buffer overflow vulnerability
  OVAL27743  WebDAV elevation of privilege vulnerability
  CVE-2014-6382  The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of...
  CVE-2014-6383  The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.
  CVE-2014-6384  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle...
  CVE-2014-6385  Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1...
  CVE-2014-6386  Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before...

2015-01-09  CVE-2015-0582  The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.

2014-12-30  OVAL28532  RHSA-2014:2021 -- jasper security update
  OVAL28585  SUSE-SU-2014:1652-1 -- Security update for cpio
  OVAL28044  SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g
  OVAL28460  RHSA-2014:2025 -- ntp security update
  OVAL28439  RHSA-2014:2023 -- glibc security and bug fix update
  OVAL28571  SUSE-SU-2014:1650-1 -- Security update for flash-player
  OVAL28591  SUSE-SU-2014:1595-1 -- Security update for ImageMagick
  OVAL28499  SUSE-SU-2014:1545-1 -- Security update for flash-player
  OVAL28652  RHSA-2014:1982 -- xorg-x11-server security update
  OVAL28498  RHSA-2014:1985 -- bind97 security update
  OVAL28385  RHSA-2014:1999 -- mailx security update
  OVAL28661  RHSA-2014:1974 -- rpm security update
  OVAL28630  RHSA-2014:2010 -- kernel security update
  OVAL27703  RHSA-2014:1997 -- kernel security and bug fix update
  OVAL28314  SUSE-SU-2014:1615-1 -- Security update for pidgin
  OVAL28659  SUSE-SU-2014:1649-1 -- Security update for flash-player
  OVAL28685  SUSE-SU-2014:1628-1 -- Security update for gnutls
  OVAL28588  RHSA-2014:1984 -- bind security update
  OVAL28483  RHSA-2014:2024 -- ntp security update
  OVAL28676  SUSE-SU-2014:1592-1 -- Security update for tigervnc
  OVAL28453  RHSA-2014:2008 -- kernel security update
  OVAL28399  RHSA-2014:1971 -- kernel security and bug fix update
  OVAL28466  SUSE-SU-2014:1555-1 -- Security update for file
  OVAL28097  SUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm
  OVAL28437  RHSA-2014:1976 -- rpm security update
  OVAL28613  RHSA-2014:1983 -- xorg-x11-server security update
  OVAL28176  SUSE-SU-2014:1623-1 -- Security update for pidgin

2014-12-22  OVAL28612  ELSA-2014-1997 -- kernel security and bug fix update
  OVAL28324  ELSA-2014-1999 -- mailx security update
  OVAL28192  ELSA-2014-2025 -- ntp security update
  OVAL28616  ELSA-2014-2008-1 -- kernel security update
  OVAL28304  ELSA-2014-2024 -- ntp security update
  OVAL28088  ELSA-2014-2023 -- glibc security and bug fix update
  OVAL28420  ELSA-2014-2021 -- jasper security update
  OVAL28310  ELSA-2014-2010 -- kernel security update
  OVAL28418  ELSA-2014-1971 -- kernel security and bug fix update
  OVAL27668  ELSA-2014-3105 -- Unbreakable Enterprise kernel security update
  OVAL28492  ELSA-2014-3107 -- Unbreakable Enterprise kernel security update
  OVAL28543  ELSA-2014-1983 -- xorg-x11-server security update
  OVAL28387  ELSA-2014-2008 -- kernel security update
  OVAL28079  ELSA-2014-1985 -- bind97 security update
  OVAL28615  ELSA-2014-1976 -- rpm security update
  OVAL27915  ELSA-2014-3106 -- Unbreakable Enterprise kernel security update
  OVAL28577  ELSA-2014-1982 -- xorg-x11-server security update
  OVAL28305  ELSA-2014-3103 -- Unbreakable Enterprise kernel security update
  OVAL28485  ELSA-2014-1984 -- bind security update
  OVAL28647  ELSA-2014-3108 -- Unbreakable Enterprise kernel security update
  OVAL28261  ELSA-2014-1974 -- rpm security update
  OVAL28482  ELSA-2014-3104 -- Unbreakable Enterprise kernel security update

2014-12-18  CVE-2014-8014  Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.

2014-12-17  CVE-2014-9322  arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that...

2014-12-15  CVE-2014-7911  luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization,...
  CVE-2014-8507  Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary...
  CVE-2014-8609  The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for...
  CVE-2014-8610  AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or...

2014-12-12  OVAL28401  Internet Explorer memory corruption vulnerability
  OVAL28328  OWA XSS vulnerability () - MS14-075
  OVAL28329  Internet Explorer memory corruption vulnerability
  OVAL27937  Microsoft Office component use after free vulnerability
  OVAL28006  Use After Free Word Remote Code Execution Vulnerability
  OVAL28084  Graphics component information disclosure vulnerability
  OVAL28404  Internet Explorer memory corruption vulnerability
  OVAL28280  Global free remote code execution in excel vulnerability
  OVAL28408  Internet Explorer memory corruption vulnerability
  OVAL28368  Internet Explorer memory corruption vulnerability
  OVAL28377  Internet Explorer memory corruption vulnerability
  OVAL27704  Internet Explorer memory corruption vulnerability
  OVAL28425  Outlook Web App token spoofing vulnerability () - MS14-075
  OVAL28415  Exchange URL redirection vulnerability () - MS14-075
  OVAL28430  Internet Explorer memory corruption vulnerability
  OVAL28349  Internet Explorer memory corruption vulnerability
  OVAL28392  Internet Explorer memory corruption vulnerability
  OVAL27446  Excel invalid pointer remote code execution vulnerability
  OVAL28172  Internet Explorer XSS filter bypass vulnerability
  OVAL28416  Internet Explorer memory corruption vulnerability
  OVAL27932  Internet Explorer XSS filter bypass vulnerability
  OVAL28299  Invalid index remote code execution vulnerability
  OVAL28291  OWA XSS vulnerability () - MS14-075
  OVAL28376  Internet Explorer memory corruption vulnerability

2014-12-10  CVE-2014-4465  WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of...
  CVE-2014-4466  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4468  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4469  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4470  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4471  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4472  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4473  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4474  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4475  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...

2014-12-08  OVAL28273  SUSE-SU-2014:1524-1 -- Security update for openssl
  OVAL28443  SUSE-SU-2014:1464-1 -- Security update for wget
  OVAL28150  SUSE-SU-2014:1510-1 -- Security update for MozillaFirefox and mozilla-nss
  OVAL28112  ELSA-2014-1919 -- firefox security update
  OVAL27992  RHSA-2014:1843 -- kernel security and bug fix update
  OVAL28050  ELSA-2014-1885 -- libxml2 security update
  OVAL27935  RHSA-2014:1912 -- ruby security update
  OVAL28481  SUSE-SU-2014:1512-1 -- Security update for compat-openssl098
  OVAL27738  ELSA-2014-1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  OVAL28186  RHSA-2014:1824 -- php security update
  OVAL27981  SUSE-SU-2014:1259-1 -- bash
  OVAL28393  ELSA-2014-1870 -- libXfont security update
  OVAL27895  RHSA-2014:1846 -- gnutls security update
  OVAL28142  RHSA-2014:1911 -- ruby security update
  OVAL28391  ELSA-2014-1956 -- wpa_supplicant security update
  OVAL28303  ELSA-2014-1912 -- ruby security update
  OVAL27461  ELSA-2014-3093 -- bash security update
  OVAL27990  ELSA-2014-1959 -- kernel security and bug fix update
  OVAL27707  RHSA-2014:1885 -- libxml2 security update
  OVAL28090  RHSA-2014:1724 -- kernel security and bug fix update
  OVAL27600  SUSE-SU-2014:1458-3 -- Security update for MozillaFirefox
  OVAL28254  ELSA-2014-1924 -- thunderbird security update
  OVAL28435  RHSA-2014:1870 -- libXfont security update
  OVAL28139  RHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  OVAL27526  SUSE-SU-2014:1360-1 -- Security update for flash-player
  OVAL28389  RHSA-2014:1859 -- mysql55-mysql security update
  OVAL28194  SUSE-SU-2014:1442-1 -- Security update for flash-player
  OVAL27716  RHSA-2014:1893 -- libXfont security update
  OVAL28374  RHSA-2014:1803 -- mod_auth_mellon security update
  OVAL27775  ELSA-2014-1959-1 -- kernel security and bug fix update
  OVAL28459  RHSA-2014:1924 -- thunderbird security update
  OVAL28295  RHSA-2014:1959 -- kernel security and bug fix update
  OVAL27549  ELSA-2014-3095 -- docker security and bug fix update
  OVAL27507  RHSA-2014:1956 -- wpa_supplicant security update
  OVAL28472  SUSE-SU-2014:1544-1 -- Security update for LibreOffice
  OVAL27610  RHSA-2014:1861 -- mariadb security update
  OVAL28461  SUSE-SU-2014:1423-1 -- Security update for flash-player
  OVAL27540  SUSE-SU-2014:1511-1 -- Security update for python, python-base, python-doc
  OVAL28369  ELSA-2014-1859 -- mysql55-mysql security update
  OVAL28326  RHSA-2014:1768 -- php53 security update
  OVAL28457  SUSE-SU-2014:1387-1 -- Security update for OpenSSL
  OVAL28378  ELSA-2014-1873 -- libvirt security and bug fix update
  OVAL28313  RHSA-2014:1873 -- libvirt security and bug fix update
  OVAL27830  SUSE-SU-2014:1260-1 -- bash
  OVAL28315  SUSE-SU-2014:1178-1 -- Update for update-test-security
  OVAL28027  ELSA-2014-1911 -- ruby security update
  OVAL28208  RHSA-2014:1826 -- libvncserver security update
  OVAL28277  SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK
  OVAL28030  RHSA-2014:1767 -- php security update
  OVAL28432  SUSE-SU-2014:1438-1 -- update for rsyslog
  OVAL28250  SUSE-SU-2014:1465-1 -- Security update for flash-player
  OVAL28507  SUSE-SU-2014:1408-1 -- Security update for wget
  OVAL28039  RHSA-2014:1827 -- kdenetwork security update
  OVAL27983  RHSA-2014:1919 -- firefox security update
  OVAL28263  ELSA-2014-3094 -- bash security update
  OVAL28363  SUSE-SU-2014:1494-1 -- Security update for libreoffice
  OVAL28375  RHSA-2014:1795 -- cups-filters security update
  OVAL27477  ELSA-2014-1861 -- mariadb security update
  OVAL28252  SUSE-SU-2014:1542-1 -- Security update for flash-player
  OVAL28373  ELSA-2014-3096 -- Unbreakable Enterprise kernel security update
  OVAL28354  RHSA-2014:1764 -- wget security update
  OVAL28414  ELSA-2014-1893 -- libXfont security update
  OVAL27612  RHSA-2014:1801 -- shim security update
  OVAL28325  SUSE-SU-2014:1422-1 -- Security update for java-1_7_0-openjdk
  OVAL28237  ELSA-2014-3092 -- bash security update

2014-11-25  CVE-2014-8004  Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.
  CVE-2014-8005  Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

2014-11-18  OVAL28205  Internet Explorer memory corruption vulnerability
  OVAL28266  Internet Explorer elevation of privilege vulnerability
  OVAL27601  Internet Explorer memory corruption vulnerability
  OVAL28204  Internet Explorer cross-domain information disclosure vulnerability
  OVAL28334  Internet Explorer Clipboard Information Disclosure Vulnerability
  OVAL27356  Internet Explorer memory corruption vulnerability
  OVAL28358  Internet Explorer memory corruption vulnerability
  OVAL28290  Internet Explorer cross-domain information disclosure vulnerability
  OVAL28339  Internet Explorer cross-domain information disclosure vulnerability.
  OVAL27897  Internet Explorer elevation of privilege vulnerability
  OVAL27372  Internet Explorer memory corruption vulnerability
  OVAL28177  Internet Explorer memory corruption vulnerability
  CVE-2014-4451  Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
  CVE-2014-4452  WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-4453  Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via...
  CVE-2014-4455  dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
  CVE-2014-4457  The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time...
  CVE-2014-4459  Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
  CVE-2014-4460  CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-4461  The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
  CVE-2014-4462  WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-4463  Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

2014-11-17  OVAL28173  Active Directory Federation Services information disclosure vulnerability
  CVE-2014-7992  The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

2014-11-14  OVAL28219  ELSA-2014-1827 -- kdenetwork security update
  OVAL28227  ELSA-2014-3087 -- Unbreakable Enterprise kernel security update
  OVAL27974  ELSA-2014-3089 -- Unbreakable Enterprise kernel security update
  OVAL28056  TypeFilterLevel vulnerability
  OVAL27794  Microsoft schannel remote code execution vulnerability
  CVE-2014-7997  The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by...
  CVE-2014-7998  Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.

2014-11-13  CVE-2014-7991  The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS...

2014-11-05  OVAL27388  ELSA-2013-2587 -- unbreakable enterprise kernel security update
  OVAL26522  ELSA-2014-3002 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27236  ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update
  OVAL27160  ELSA-2014-0927 -- qemu-kvm security and bug fix update
  OVAL27351  ELSA-2014-0921 -- httpd security update
  OVAL26595  ELSA-2014-0926-1 -- kernel security and bug fix update
  OVAL27232  ELSA-2014-0108-1 -- kernel security and bug fix update
  OVAL28038  ELSA-2011-2024 -- Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update
  OVAL27735  ELSA-2012-2026 -- Unbreakable Enterprise kernel Security update
  OVAL28158  ELSA-2011-2029 -- Unbreakable Enterprise kernel security update
  OVAL27240  ELSA-2010-2009 -- Oracle Linux 5 Unbreakable Enterprise kernel security fix update
  OVAL27250  ELSA-2014-3043 -- unbreakable enterprise kernel security update
  OVAL27698  ELSA-2012-2014 -- Unbreakable Enterprise kernel security update
  OVAL27818  ELSA-2012-0690-1 -- kernel security and bug fix update
  OVAL27823  ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update
  OVAL27051  ELSA-2013-0168-1 -- kernel security and bug fix update
  OVAL27623  ELSA-2013-0594-1 -- kernel security and bug fix update
  OVAL26359  ELSA-2014-3052 -- unbreakable enterprise kernel security update
  OVAL26983  ELSA-2012-2044 -- Unbreakable Enterprise kernel security update
  OVAL27334  ELSA-2013-0847-1 -- kernel security and bug fix update
  OVAL26673  ELSA-2013-1790-1 -- kernel security and bug fix update
  OVAL26951  ELSA-2014-3067 -- unbreakable enterprise kernel security update
  OVAL27158  ELSA-2014-3054 -- unbreakable enterprise kernel security update
  OVAL27016  ELSA-2014-1669 -- qemu-kvm security and bug fix update
  OVAL27343  ELSA-2013-2589 -- unbreakable enterprise kernel security update
  OVAL27466  ELSA-2013-2534 -- Unbreakable Enterprise kernel Security update
  OVAL26800  ELSA-2013-0621-1 -- kernel security update
  OVAL27903  ELSA-2011-2021 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL28028  ELSA-2010-2010 -- kernel security update
  OVAL26901  ELSA-2013-0747-1 -- kernel security and bug fix update
  OVAL26519  ELSA-2014-3081 -- Unbreakable Enterprise kernel security update
  OVAL27194  ELSA-2012-1061-1 -- kernel security and bug fix update
  OVAL27916  ELSA-2011-2037 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL26365  ELSA-2014-3034 -- Unbreakable Enterprise kernel security update
  OVAL27375  ELSA-2012-1540-1 -- kernel security, bug fix, and enhancement update
  OVAL27635  ELSA-2012-0721-1 -- kernel security update
  OVAL26880  ELSA-2014-1075 -- qemu-kvm security and bug fix update
  OVAL27247  ELSA-2014-0704 -- qemu-kvm security and bug fix update
  OVAL28157  ELSA-2011-2025 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27337  ELSA-2014-0702 -- mariadb security update
  OVAL27071  ELSA-2012-2041 -- Unbreakable Enterprise kernel Security update
  OVAL27550  ELSA-2012-2020 -- Unbreakable Enterprise kernel security and bugfix update
  OVAL27502  ELSA-2013-2577 -- unbreakable enterprise kernel security update
  OVAL28004  ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL27378  ELSA-2013-2575 -- unbreakable enterprise kernel security update
  OVAL27959  ELSA-2011-2010 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL27255  ELSA-2013-1348 -- Oracle linux 5 kernel update
  OVAL27587  ELSA-2010-2008 -- Unbreakable enterprise kernel security update
  OVAL27596  ELSA-2012-2038 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27266  ELSA-2014-3070 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL26514  ELSA-2014-3049 -- unbreakable enterprise kernel security update
  OVAL27341  ELSA-2014-3048 -- unbreakable enterprise kernel security update
  OVAL27331  ELSA-2014-0675 -- java-1.7.0-openjdk security update
  OVAL27047  ELSA-2013-2512 -- Unbreakable Enterprise kernel Security update
  OVAL27318  ELSA-2014-3021 -- Unbreakable Enterprise kernel security update
  OVAL27347  ELSA-2014-3016 -- Unbreakable Enterprise kernel security update
  OVAL26804  ELSA-2014-1004 -- yum-updatesd security update
  OVAL27278  ELSA-2014-3011 -- Unbreakable Enterprise kernel security update
  OVAL27338  ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update
  OVAL27200  ELSA-2014-3046 -- unbreakable enterprise kernel security update
  OVAL27491  ELSA-2013-1292-1 -- kernel security and bug fix update
  OVAL27657  ELSA-2013-2504 -- Unbreakable Enterprise kernel security update
  OVAL27296  ELSA-2014-0433-1 -- kernel security, bug fix, and enhancement update
  OVAL27648  ELSA-2012-2035 -- Unbreakable Enterprise kernel security update
  OVAL27275  ELSA-2014-0285-1 -- kernel security, bug fix, and enhancement update
  OVAL27242  ELSA-2014-3010 -- Unbreakable Enterprise kernel security update
  OVAL28005  ELSA-2011-2014 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL27233  ELSA-2014-1052 -- openssl security update
  OVAL27215  ELSA-2014-3069 -- unbreakable enterprise kernel security update
  OVAL27622  ELSA-2013-2520 -- Unbreakable Enterprise kernel security update
  OVAL27358  ELSA-2013-2585 -- Unbreakable Enterprise Kernel security update
  OVAL26661  ELSA-2013-1034-1 -- kernel security and bug fix update
  OVAL27281  ELSA-2013-1348-1 -- Oracle Linux 5 kernel update
  OVAL26940  ELSA-2014-0926 -- kernel security and bug fix update
  OVAL27535  ELSA-2012-1174-1 -- kernel security and bug fix update
  OVAL27249  ELSA-2012-2007 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27323  ELSA-2014-0740-1 -- kernel security and bug fix update
  OVAL27812  ELSA-2012-1445-1 -- kernel security and bug fix update
  OVAL26620  ELSA-2014-3086 -- Unbreakable Enterprise kernel security update
  OVAL27877  ELSA-2012-0150-1 -- Oracle Linux 5.8 kernel security and bug update
  OVAL27342  ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update
  OVAL26531  ELSA-2014-0790 -- dovecot security update
  OVAL27093  ELSA-2014-3039 -- Unbreakable Enterprise kernel security update
  OVAL26883  ELSA-2014-3014 -- unbreakable enterprise kernel security update
  OVAL27518  ELSA-2011-2019 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL27842  ELSA-2012-2001 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27914  ELSA-2012-2003 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27793  ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update
  OVAL27425  ELSA-2013-1166-1 -- kernel security and bug fix update
  OVAL27141  ELSA-2014-0889 -- java-1.7.0-openjdk security update
  OVAL27029  ELSA-2014-0685 -- java-1.6.0-openjdk security update
  OVAL27060  ELSA-2014-0920 -- httpd security update
  OVAL27629  ELSA-2012-2048 -- Unbreakable Enterprise kernel security update
  OVAL26512  ELSA-2013-2542 -- unbreakable enterprise kernel security update
  OVAL27352  ELSA-2014-3041 -- unbreakable enterprise kernel security update
  OVAL27316  ELSA-2014-3037 -- Unbreakable Enterprise kernel security update
  OVAL27433  ELSA-2013-2537 -- unbreakable enterprise kernel security update
  OVAL26995  ELSA-2014-0890 -- java-1.7.0-openjdk security update
  OVAL27123  ELSA-2014-0679 -- openssl security update
  OVAL27092  ELSA-2014-3023 -- Unbreakable Enterprise kernel security update
  OVAL27227  ELSA-2014-3083 -- Unbreakable Enterprise kernel Security update
  OVAL27381  ELSA-2013-1449-1 -- kernel security and bug fix update
  OVAL27688  ELSA-2012-1323-1 -- kernel security and bug fix update
  OVAL28092  ELSA-2011-2033 -- Unbreakable Enterprise kernel security update
  OVAL27702  ELSA-2010-2011 -- Unbreakable enterprise kernel security and bug fix update
  OVAL27955  ELSA-2011-2038 -- Unbreakable Enterprise kernel security update

2014-10-31  CVE-2014-3366  SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
  CVE-2014-3372  Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
  CVE-2014-3373  Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug...
  CVE-2014-3374  Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
  CVE-2014-3375  Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

2014-10-28  OVAL27220  RHSA-2013:1353 -- sudo security and bug fix update
  OVAL27022  RHSA-2014:1669 -- qemu-kvm security and bug fix update
  OVAL27070  RHSA-2013:0519 -- openssh security, bug fix and enhancement update

2014-10-25  CVE-2014-3409  The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

2014-10-22  CVE-2014-4448  House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
  CVE-2014-4449  iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
  CVE-2014-4450  The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading...

2014-10-17  OVAL26915  RHSA-2014:1657: java-1.7.0-oracle security update
  OVAL26927  RHSA-2014:1507: trousers security, bug fix, and enhancement update
  OVAL26805  RHSA-2014:1552: openssh security, bug fix, and enhancement update
  OVAL26605  RHSA-2014:1391: glibc security, bug fix, and enhancement update
  OVAL27085  ELSA-2014-1552 -- openssh security, bug fix, and enhancement update
  OVAL27086  RHSA-2014:1392: kernel security, bug fix, and enhancement update
  OVAL26917  RHSA-2014:1389: krb5 security and bug fix update
  OVAL26796  ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update
  OVAL26390  RHSA-2014:1390: luci security, bug fix, and enhancement update
  OVAL27084  ELSA-2014-1652 -- openssl security update
  OVAL26179  ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
  OVAL26947  RHSA-2014:1636: java-1.8.0-openjdk security update
  OVAL27149  RHSA-2014:1655: libxml2 security update
  OVAL26570  ELSA-2014-1388 -- cups security and bug fix update
  OVAL26716  ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update
  OVAL27101  RHSA-2014:1606: file security and bug fix update
  OVAL26767  RHSA-2014:1654: rsyslog7 security update
  OVAL27056  RHSA-2014:1388: cups security and bug fix update
  OVAL27068  RHSA-2014:1658: java-1.6.0-sun security update
  OVAL26759  RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update
  OVAL26757  .NET Framework remote code execution vulnerability
  OVAL26910  .NET ClickOnce elevation of privilege vulnerability

2014-10-16  CVE-2014-3566  POODLE: SSLv3 vulnerability

2014-10-14  CVE-2014-3818  Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49...
  CVE-2014-3825  The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote...
  CVE-2014-6378  Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5,...
  CVE-2014-6379  Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2...
  CVE-2014-6380  Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before...

2014-10-09  CVE-2014-3403  The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
  CVE-2014-3404  The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677.
  CVE-2014-3405  Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct...

2014-10-08  CVE-2014-3187  Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device...

2014-10-01  OVAL26970  ELSA-2014-1244 -- bind97 security and bug fix update
  OVAL26644  ELSA-2014-1147 -- squid security update
  OVAL27050  ELSA-2014-1166 -- jakarta-commons-httpclient security update
  OVAL26806  ELSA-2014-3072 -- Unbreakable Enterprise kernel security update
  OVAL26892  ELSA-2014-1148 -- squid security update
  OVAL26189  ELSA-2014-3073 -- Unbreakable Enterprise kernel security update

2014-09-29  OVAL26919  ELSA-2014-3018 -- Unbreakable Enterprise kernel security update

2014-09-26  OVAL26777  RHSA-2014:1245: krb5 security and bug fix update
  OVAL26451  RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update
  OVAL26718  RHSA-2014:1255: krb5 security update
  OVAL26030  RHSA-2014:1244: bind97 security and bug fix update
  OVAL26851  RHSA-2014:1194: conga security and bug fix update
  OVAL26641  RHSA-2014:1243: automake security update

2014-09-25  CVE-2014-6271  Bash environment variables code injection
  CVE-2014-7169  Bash environment variables code injection
  CVE-2014-3354  Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a...
  CVE-2014-3355  The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3356  The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3357  Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug...
  CVE-2014-3358  Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface...
  CVE-2014-3359  Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or...
  CVE-2014-3360  Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service...
  CVE-2014-3361  The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.

2014-09-20  CVE-2014-3376  Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.
  CVE-2014-3377  snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.
  CVE-2014-3378  tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.

2014-09-18  CVE-2014-4411  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4412  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4413  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4414  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4415  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4418  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in...
  CVE-2014-4419  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4420  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4421  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4422  The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using...
  CVE-2014-4352  Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
  CVE-2014-4353  Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
  CVE-2014-4354  Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
  CVE-2014-4356  Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.
  CVE-2014-4357  Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
  CVE-2014-4361  The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
  CVE-2014-4362  The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
  CVE-2014-4363  Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509...
  CVE-2014-4364  The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then...
  CVE-2014-4366  Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
  CVE-2014-4367  Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
  CVE-2014-4368  The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
  CVE-2014-4369  The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.
  CVE-2014-4371  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4372  syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
  CVE-2014-4373  The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
  CVE-2014-4374  NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
  CVE-2014-4375  Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
  CVE-2014-4377  Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
  CVE-2014-4378  CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
  CVE-2014-4388  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in...
  CVE-2014-4389  Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
  CVE-2014-4404  Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
  CVE-2014-4405  IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping...
  CVE-2014-4407  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
  CVE-2014-4408  The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.
  CVE-2014-4409  WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
  CVE-2014-4410  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4379  An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.
  CVE-2014-4380  The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
  CVE-2014-4381  Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
  CVE-2014-4383  The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
  CVE-2014-4384  Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
  CVE-2014-4386  Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
  CVE-2014-4423  The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.

2014-09-17  OVAL26312  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  OVAL26668  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  OVAL26551  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL26807  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow remote attackers to bypass the Same Origin Policy
  OVAL26708  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  OVAL26301  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  OVAL26813  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  OVAL26758  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection...
  OVAL26434  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  OVAL26616  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows attackers to execute arbitrary code
  OVAL26603  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  OVAL26818  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service

2014-09-12  OVAL26601  .NET framework denial of service vulnerability

2014-09-11  CVE-2014-3342  The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
  CVE-2014-3363  Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.

2014-09-10  CVE-2014-3343  Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.

2014-09-04  CVE-2014-3353  Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165.

2014-09-03  OVAL25633  Arbitrary code executing via unknown vectors.
  OVAL26532  Heap-based buffer overflow in KMPlayer 3.0.0.1441
  OVAL26378  Unspecified vulnerability allows remote attackers to bypass Protected Mode

2014-08-29  OVAL26362  Apache Subversion vulnerability Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials
  OVAL25808  Apache Subversion vulnerability 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate

2014-08-19  OVAL26275  CSyncBasePlayer use after free vulnerability

2014-08-18  OVAL26154  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  OVAL25856  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows allows attackers to execute arbitrary code
  OVAL26134  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  OVAL26161  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  OVAL26337  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism
  OVAL26316  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses

2014-08-12  CVE-2014-3338  The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via...

2014-08-11  CVE-2014-3327  The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101.
  CVE-2014-3332  Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

2014-08-06  OVAL26284  SUSE-SU-2014:0905-1 -- Security update for Mozilla Firefox

2014-08-05  OVAL26244  RHSA-2013-1605: glibc security, bug fix, and enhancement update
  OVAL26186  RHSA-2014:1004: yum-updatesd security update
  OVAL26218  RHSA-2012:0884: openssh security, bug fix, and enhancement update

2014-07-28  OVAL25091  RHSA-2014:0927: qemu-kvm security and bug fix update
  OVAL25160  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  OVAL24828  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity
  OVAL25273  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality
  OVAL25136  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity
  OVAL24806  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  OVAL25224  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity
  OVAL25066  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity
  OVAL24827  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality

2014-07-15  OVAL26212  SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox
  OVAL25815  SUSE-SU-2013:0306-1 -- Security update for Mozilla Firefox
  OVAL25341  SUSE-SU-2014:0665-2 -- Security update for Mozilla Firefox
  OVAL25898  SUSE-RU-2013:0703-2 -- Recommended update for ksh
  OVAL25231  SUSE-RU-2013:0634-1 -- Recommended update for Xorg
  OVAL25349  SUSE-SU-2014:0727-1 -- Security update for Mozilla Firefox
  OVAL25916  SUSE-SU-2013:1183-1 -- Security update for xorg-x11

2014-07-14  CVE-2014-3317  Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
  CVE-2014-3319  Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.

2014-07-11  OVAL24871  Windows journal remote code execution vulnerability
  CVE-2014-3815  Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.
  CVE-2014-3816  Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before...
  CVE-2014-3817  Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote...
  CVE-2014-3819  Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4,...
  CVE-2014-3821  Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote...
  CVE-2014-3822  Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service...

2014-07-10  CVE-2014-3315  Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka...
  CVE-2014-3316  The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
  CVE-2014-3318  Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.

2014-07-09  OVAL24783  Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  OVAL24931  Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  OVAL25191  Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  CVE-2014-3309  The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka...

2014-07-02  CVE-2014-3100  Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended...

2014-07-01  CVE-2014-1325  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1345  WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
  CVE-2014-1348  Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-1349  Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.
  CVE-2014-1350  Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.
  CVE-2014-1351  Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
  CVE-2014-1352  Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
  CVE-2014-1353  Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application,...
  CVE-2014-1354  CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...
  CVE-2014-1355  The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via...
  CVE-2014-1356  Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
  CVE-2014-1357  Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
  CVE-2014-1358  Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
  CVE-2014-1359  Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
  CVE-2014-1360  Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
  CVE-2014-1361  Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive...
  CVE-2014-1362  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1363  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1364  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1365  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1366  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1367  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1368  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1382  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...

2014-06-25  CVE-2014-3299  Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.

2014-06-16  OVAL24929  Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
  OVAL24682  Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file
  OVAL24909  Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct...
  OVAL24621  Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
  OVAL24920  Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet
  OVAL24854  ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts...
  OVAL24545  Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or...

2014-06-14  CVE-2014-3290  The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a...
  CVE-2014-3295  The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.

2014-06-13  CVE-2014-3813  Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors...
  CVE-2014-3814  The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the...

2014-06-10  CVE-2014-3287  SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL,...
  CVE-2014-3292  The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.

2014-06-08  CVE-2014-3291  Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling,...

2014-05-26  OVAL24567  SharePoint Page Content Vulnerabilities () - MS14-022

2014-05-25  CVE-2013-1191  Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management...
  CVE-2014-2200  Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID...
  CVE-2014-3284  Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

2014-05-20  CVE-2013-6975  Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
  CVE-2014-3269  The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.
  CVE-2014-3270  The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.
  CVE-2014-3271  The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.
  CVE-2014-3273  The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.

2014-05-16  CVE-2014-3262  The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet...
  CVE-2014-3263  The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.

2014-05-15  OVAL24420  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  OVAL24298  Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism
  OVAL24319  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  OVAL24605  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  OVAL24644  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy
  OVAL24595  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions

2014-05-13  CVE-2010-4832  Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate...

2014-05-07  CVE-2014-0684  Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.

2014-04-30  OVAL24683  Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

2014-04-29  CVE-2013-7373  Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
  CVE-2014-2183  The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.
  CVE-2014-2184  The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
  CVE-2014-2185  The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.

2014-04-24  CVE-2012-3946  Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the...
  CVE-2012-5723  Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

2014-04-23  CVE-2012-5014  Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.
  CVE-2012-5017  Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268.
  CVE-2012-5032  The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or...
  CVE-2012-5036  Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.
  CVE-2012-5037  The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.
  CVE-2012-5039  The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.
  CVE-2012-5044  Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
  CVE-2012-5427  Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.
  CVE-2012-0360  Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.
  CVE-2012-1317  The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
  CVE-2012-1366  Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
  CVE-2012-3062  Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID...
  CVE-2012-4638  Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.
  CVE-2012-4651  Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.
  CVE-2012-4658  The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.
  CVE-2014-1295  Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation,...
  CVE-2014-1296  CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass...
  CVE-2014-1320  IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading...

2014-04-21  OVAL24520  Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  OVAL24510  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
  OVAL24709  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI
  OVAL24672  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
  OVAL24523  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  OVAL24676  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  OVAL24441  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
  OVAL24502  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  OVAL24712  Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols
  OVAL23723  The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened,...

2014-04-15  CVE-2014-2842  Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.

2014-04-14  CVE-2014-0612  Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote...
  CVE-2014-2711  Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3...
  CVE-2014-2712  Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before...
  CVE-2014-2713  Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of...
  CVE-2014-2714  The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows...
  CVE-2014-0614  Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.

2014-04-11  OVAL24718  RHSA-2014:0376: openssl security update
  OVAL24439  RHSA-2014:0380: flash-plugin security update
  OVAL24563  Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  OVAL24613  Buffer overflow vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  OVAL24659  Cross-site scripting
  OVAL24062  Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  OVAL24066  Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  OVAL24561  Vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  OVAL24368  Cross-site scripting vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  OVAL24029  Cross-site scripting
  OVAL24795  Cross-site scripting
  OVAL24657  Use-after-free vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83

2014-04-10  CVE-2014-0160  openSSL Vulnerability: Heartbleed
  REF000672  openSSL Vulnerability: Heartbleed - unix

2014-04-07  OVAL24283  Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server
  OVAL24101  Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server

2014-04-05  CVE-2014-2144  Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.

2014-04-04  CVE-2014-2143  The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

2014-03-31  CVE-2013-6770  The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by...

2014-03-28  CVE-2014-2131  The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.

2014-03-27  OVAL24405  Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
  OVAL24141  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and...
  CVE-2014-2106  Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.
  CVE-2014-2107  Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID...
  CVE-2014-2108  Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.
  CVE-2014-2109  The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
  CVE-2014-2111  The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.
  CVE-2014-2112  The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
  CVE-2014-2113  Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet,...

2014-03-24  OVAL23928  RHSA-2014:0289: flash-plugin security update

2014-03-20  CVE-2014-2124  Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.

2014-03-19  OVAL23940  Apache Subversion vulnerability before 1.7.15 and 1.8.x before 1.8.6 in VisualSVN Server allows remote attackers to cause a denial of service
  OVAL24277  Apache Subversion vulnerability 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4 in VisualSVN Server allows remote attackers to cause a denial of service
  OVAL23340  Apache Subversion vulnerability 1.8.0 through 1.8.2 in VisualSVN Server
  OVAL24294  Apache Subversion vulnerability 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 in VisualSVN Server allows remote attackers to bypass intended access restrictions and possibly cause a denial of service
  OVAL24245  Apache Subversion vulnerability 1.8.0 through 1.8.1 in VisualSVN Server allows to split "pack file" in the repository

2014-03-17  OVAL23774  Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

2014-03-14  CVE-2014-1282  The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.
  CVE-2014-1285  Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.
  CVE-2014-1286  SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.
  CVE-2014-1287  USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
  CVE-2014-1289  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1290  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5133  Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
  CVE-2013-6835  TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a...
  CVE-2014-1267  The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by...
  CVE-2014-1271  CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
  CVE-2014-1272  CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
  CVE-2014-1273  dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.
  CVE-2014-1274  FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
  CVE-2014-1275  Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
  CVE-2014-1276  IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.
  CVE-2014-1278  The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.
  CVE-2014-1280  Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.
  CVE-2014-2291  Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows...
  CVE-2014-1281  Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a...
  CVE-2014-2292  Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via...
  CVE-2014-1291  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1292  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1293  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1294  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...

2014-03-13  OVAL22228  Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK and Compiler before 4.0.0.1390 allow attackers to defeat the ASLR...
  OVAL22530  Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK and Compiler before 4.0.0.1390 allow attackers to bypass...
  OVAL22099  Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
  OVAL22171  Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows allows attackers to read the clipboard via unspecified vectors.

2014-03-07  OVAL24162  RHSA-2014:0196: flash-plugin security update

2014-03-06  CVE-2014-0701  Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high...
  CVE-2014-0703  Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by...
  CVE-2014-0704  The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device...
  CVE-2014-0705  The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a...
  CVE-2014-0706  Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
  CVE-2014-0707  Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.

2014-03-02  CVE-2013-4710  Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a...

2014-02-26  CVE-2014-0740  Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to...
  CVE-2014-0741  The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command,...
  CVE-2014-0742  The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors,...
  CVE-2014-0743  The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID...
  CVE-2014-0747  The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.

2014-02-25  OVAL22445  Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 do not prevent access to address information, which makes it...
  OVAL22201  Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows remote attackers to...
  OVAL22568  Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows attackers to execute...

2014-02-22  CVE-2014-1266  The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and...
  CVE-2014-0731  The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.

2014-02-20  CVE-2014-0732  The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct...
  CVE-2014-0733  The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a...
  CVE-2014-0734  SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka...
  CVE-2014-0735  Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug...
  CVE-2014-0736  Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary...

2014-02-18  CVE-2014-2019  The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this...

2014-02-17  OVAL22065  VBScript Memory Corruption Vulnerability () - MS14-010, MS14-011

2014-02-15  REF000670  End of Windows XP support from Microsoft

2014-02-14  OVAL22390  RHSA-2014:0137: flash-plugin security update
  OVAL22560  RHSA-2014:0135: java-1.6.0-ibm security update
  OVAL22092  RHSA-2014:0136: java-1.5.0-ibm security update
  OVAL22292  RHSA-2014:0134: java-1.7.0-ibm security update

2014-02-13  CVE-2014-0722  The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka...
  CVE-2014-0723  Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
  CVE-2014-0724  The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
  CVE-2014-0725  Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.
  CVE-2014-0726  SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
  CVE-2014-0727  SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
  CVE-2014-0728  SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
  CVE-2014-0729  SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.

2014-02-05  OVAL22436  Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows allows remote attackers to execute arbitrary code via unspecified vectors

2014-02-04  CVE-2014-0686  Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

2014-01-28  OVAL22499  RHSA-2014:0028: flash-plugin security update

2014-01-23  CVE-2013-7313  The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database,...

2014-01-22  CVE-2014-0661  The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a...
  CVE-2014-0676  Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.
  CVE-2014-0677  The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

2014-01-19  CVE-2013-3594  The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.
  CVE-2013-3595  The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL.
  CVE-2013-3606  The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username.

2014-01-17  OVAL22170  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22233  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22214  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22270  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22289  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22304  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  OVAL22200  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  OVAL21384  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  OVAL22227  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22372  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22096  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL21979  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22402  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE

2014-01-15  OVAL21758  RHSA-2011:0471: firefox security update
  OVAL21898  RHSA-2011:0305: samba security update
  OVAL21479  RHSA-2011:0180: pango security update
  OVAL21813  RHSA-2011:0154: hplip security update
  OVAL21138  RHSA-2011:0197: postgresql security update
  OVAL21857  RHSA-2011:0206: flash-plugin security update
  OVAL21931  RHSA-2011:0281: java-1.6.0-openjdk security update
  OVAL21856  RHSA-2011:0337: vsftpd security update
  OVAL21214  RHSA-2011:0310: firefox security and bug fix update
  OVAL21740  RHSA-2011:0845: bind security update
  OVAL21426  RHSA-2011:0373: firefox security update
  OVAL21627  RHSA-2011:0318: libtiff security update
  OVAL21713  RHSA-2011:0214: java-1.6.0-openjdk security update
  OVAL21684  RHSA-2011:0472: nss security update
  OVAL21822  RHSA-2011:0324: logwatch security update
  OVAL21616  RHSA-2011:0859: cyrus-imapd security update
  OVAL22006  RHSA-2011:0926: bind security update
  OVAL21920  RHSA-2011:0506: rdesktop security update
  OVAL21821  RHSA-2011:0391: libvirt security update
  OVAL21301  RHSA-2011:0862: subversion security update
  OVAL21847  RHSA-2011:0332: scsi-target-utils security update
  OVAL21712  RHSA-2011:0428: dhcp security update
  OVAL21165  RHSA-2011:0433: xorg-x11-server-utils security update
  OVAL21435  RHSA-2011:0885: firefox security and bug fix update
  OVAL21899  RHSA-2011:0843: postfix security update
  OVAL21913  RHSA-2011:0918: curl security update
  CVE-2014-0613  The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before...
  CVE-2014-0615  Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...
  CVE-2014-0616  Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...
  CVE-2014-0617  Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet.

2014-01-14  OVAL21334  RHSA-2012:1245: java-1.5.0-ibm security update
  OVAL21660  RHSA-2012:1431: flash-plugin security update
  OVAL21501  RHSA-2012:1569: flash-plugin security update
  OVAL21614  RHSA-2012:1465: java-1.5.0-ibm security update
  OVAL21594  RHSA-2012:1346: flash-plugin security update
  OVAL21011  RHSA-2012:1466: java-1.6.0-ibm security update
  OVAL21404  RHSA-2012:0514: java-1.6.0-ibm security update
  OVAL21162  RHSA-2012:0688: flash-plugin security update
  OVAL20413  RHSA-2012:0144: flash-plugin security update
  OVAL21447  RHSA-2012:1238: java-1.6.0-ibm security update
  OVAL21376  RHSA-2012:0722: flash-plugin security update
  OVAL21398  RHSA-2012:0508: java-1.5.0-ibm security update

2014-01-10  CVE-2014-0618  Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote...

2014-01-09  OVAL21081  RHSA-2013:1818: flash-plugin security update
  OVAL21219  RHSA-2013:1059: java-1.6.0-ibm security update
  OVAL20801  RHSA-2013:0254: flash-plugin security update
  OVAL20806  RHSA-2013:0643: flash-plugin security update
  OVAL20942  RHSA-2013:1035: flash-plugin security update
  OVAL21078  RHSA-2013:0730: flash-plugin security update
  OVAL21196  RHSA-2013:1081: java-1.5.0-ibm security update
  OVAL20438  RHSA-2013:0574: flash-plugin security update
  OVAL21077  RHSA-2013:0625: java-1.6.0-ibm security update
  OVAL21109  RHSA-2013:0624: java-1.5.0-ibm security update
  OVAL21131  RHSA-2013:1060: java-1.7.0-ibm security update
  OVAL20926  RHSA-2013:0243: flash-plugin security update
  OVAL21111  RHSA-2013:0823: java-1.6.0-ibm security update
  OVAL21040  RHSA-2013:0626: java-1.7.0-ibm security update
  OVAL21241  RHSA-2013:0855: java-1.5.0-ibm security update
  OVAL20714  RHSA-2013:1518: flash-plugin security update
  OVAL20910  RHSA-2013:0941: flash-plugin security update
  OVAL20254  RHSA-2013:0822: java-1.7.0-ibm security update
  OVAL21201  RHSA-2013:0825: flash-plugin security update
  OVAL21151  RHSA-2013:1507: java-1.7.0-ibm security update
  OVAL20642  RHSA-2013:1509: java-1.5.0-ibm security update
  OVAL21027  RHSA-2013:0551: acroread security update
  OVAL20442  RHSA-2013:0150: acroread security update
  OVAL20740  RHSA-2013:0826: acroread security update
  OVAL20796  RHSA-2013:1402: Adobe Reader - notification of end of updates
  OVAL21240  RHSA-2013:1508: java-1.6.0-ibm security update
  OVAL21009  RHSA-2013:0149: flash-plugin security update
  OVAL20919  RHSA-2013:1256: flash-plugin security update
  OVAL20871  Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK and Compiler before 3.9.0.1380 allow remote attackers to...
  OVAL20738  Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK and Compiler before 3.9.0.1380 allow attackers to execute...

2014-01-08  CVE-2013-6982  The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer...
  CVE-2014-0653  The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.
  CVE-2014-0655  The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID...
  CVE-2014-0657  The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a...

2013-12-27  CVE-2013-6981  Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

2013-12-23  CVE-2013-6979  The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source...

2013-12-21  CVE-2012-4135  Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
  CVE-2013-6978  The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug...
  CVE-2012-4131  Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.

2013-12-18  CVE-2013-4775  NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware...
  CVE-2013-4776  NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
  CVE-2013-5196  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5197  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5198  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5199  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5225  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5228  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...

2013-12-14  CVE-2013-6271  Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class...

2013-12-13  CVE-2013-6956  Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web...
  CVE-2013-6958  Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.

2013-12-12  CVE-2013-7030  ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential...
  CVE-2013-2751  Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to...
  CVE-2013-2752  Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.

2013-12-10  OVAL20434  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20459  Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20915  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20472  Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability"
  OVAL20424  Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20770  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL19994  Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20840  Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors
  OVAL20651  Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow remote attackers to read content from a different domain via a crafted web site
  OVAL20880  Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service...
  OVAL20589  Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows has unknown impact and attack vectors
  OVAL20772  Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  OVAL20654  Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20934  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20873  Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20727  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20656  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20893  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20035  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
  OVAL20963  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL19970  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20632  Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors
  OVAL20892  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20879  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20693  Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20318  Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content
  OVAL20954  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20904  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20556  Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs
  OVAL20701  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20607  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20928  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20876  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20323  Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors
  OVAL20925  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20789  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20739  Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  OVAL20395  Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20859  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20844  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20799  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20838  Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20674  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20510  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20958  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL19949  Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20964  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20559  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20148  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20274  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20846  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20968  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20688  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...

2013-12-05  OVAL20079  Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19856  Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
  OVAL19929  Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL19805  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL19467  Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code via crafted SWF content
  OVAL19913  Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL19930  Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19896  Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19661  Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  OVAL20133  Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
  OVAL20111  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL19907  Integer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19898  Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows remote attackers to execute arbitrary code via crafted SWF content
  OVAL19629  Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL19957  Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19802  Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
  OVAL20078  Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
  OVAL20011  Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a...
  OVAL20004  Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to obtain sensitive information via unspecified vectors
  OVAL20080  Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
  OVAL19510  Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability...
  OVAL19427  Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL19961  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL19824  Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors
  OVAL19525  Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
  OVAL20081  The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content
  OVAL19410  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL19528  Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  OVAL19966  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20025  Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
  OVAL20125  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20096  Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and in Adobe AIR before 3.5.0.1060, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20006  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL19869  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20073  Integer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19694  Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL20015  Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL19826  Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content
  OVAL20044  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20137  Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling

2013-12-03  CVE-2013-6704  Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
  CVE-2013-6705  The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.

2013-12-02  CVE-2013-6696  Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.

2013-11-28  CVE-2013-6700  The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
  CVE-2013-6706  The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.

2013-11-22  CVE-2013-6694  The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
  CVE-2013-6698  The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,...
  CVE-2013-6699  The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,...

2013-11-21  CVE-2013-6692  Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka...
  CVE-2013-6693  The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID...

2013-11-17  CVE-2013-5556  The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches...
  CVE-2013-6686  The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
  CVE-2013-6688  Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted...
  CVE-2013-5193  The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous...
  CVE-2013-6689  Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

2013-11-13  CVE-2013-5552  Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID...
  CVE-2013-6683  The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
  CVE-2013-6684  The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.

2013-11-07  CVE-2013-5553  Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
  CVE-2013-5565  The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
  CVE-2013-5566  Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.

2013-11-05  CVE-2013-6618  jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

2013-10-31  CVE-2013-5555  Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
  CVE-2013-5543  Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by...
  CVE-2013-5545  The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
  CVE-2013-5546  The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,...
  CVE-2013-5547  Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
  CVE-2013-5548  The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.

2013-10-28  CVE-2013-6012  Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote...
  CVE-2013-6014  Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when...

2013-10-24  OVAL19088  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19002  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18894  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19207  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL19101  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL19032  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18733  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18990  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19024  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18645  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL19188  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
  OVAL19150  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19020  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18971  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19185  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18504  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19189  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19046  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL19096  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL18436  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18874  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  CVE-2013-5549  Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6...
  CVE-2013-5522  Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.

2013-10-23  CVE-2013-5144  Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain...
  CVE-2013-5162  Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
  CVE-2013-5164  Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.

2013-10-19  CVE-2013-6027  Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to...

2013-10-17  CVE-2013-4689  J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site...
  CVE-2013-6013  Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might...
  CVE-2013-6015  Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a...
  CVE-2013-6170  Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing...

2013-10-16  OVAL19036  Denial of service vulnerability in Microsoft SharePoint () - MS13-067
  OVAL19136  Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
  OVAL18750  Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067

2013-10-13  CVE-2012-4076  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
  CVE-2012-4077  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
  CVE-2012-4097  The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
  CVE-2012-4099  The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
  CVE-2012-4121  Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.

2013-10-10  CVE-2013-5499  The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
  CVE-2013-5527  The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
  CVE-2013-5528  Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug...

2013-10-05  CVE-2012-4141  Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
  CVE-2012-4075  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
  CVE-2012-4090  The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
  CVE-2012-4091  The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
  CVE-2012-4098  The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
  CVE-2012-4122  The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.

2013-10-03  CVE-2013-5519  Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

2013-10-02  OVAL18986  Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  OVAL18087  Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18827  Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server
  OVAL19057  Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  OVAL18835  Apache HTTP vulnerability before 2.2.25 in VisualSVN Server
  OVAL18985  OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server
  OVAL18554  Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server
  OVAL18999  Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  OVAL18973  Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18967  Apache Subversion vulnerability before 1.6.16 in VisualSVN Server
  OVAL18922  Apache Subversion vulnerability before 1.6.17 in VisualSVN Server
  OVAL18910  OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server
  OVAL18790  Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server
  OVAL18621  Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server
  OVAL19039  OpenSSL vulnerability before 1.0.0c in VisualSVN Server
  OVAL19081  OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  OVAL18868  OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server
  OVAL18980  Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18154  Apache HTTP vulnerability before 2.2.21 in VisualSVN Server
  OVAL19016  OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  OVAL18788  Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL19007  Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server
  OVAL18538  Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18772  Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server
  OVAL18889  Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  CVE-2013-5503  The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.

2013-09-30  CVE-2013-5516  The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka...

2013-09-27  OVAL18997  The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
  CVE-2013-5160  Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button...
  CVE-2013-5161  Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened...
  CVE-2013-5472  The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of...
  CVE-2013-5473  Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
  CVE-2013-5474  Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug...
  CVE-2013-5475  Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID...
  CVE-2013-5476  The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID...
  CVE-2013-5477  The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
  CVE-2013-5478  Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
  CVE-2013-5479  The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
  CVE-2013-5480  The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
  CVE-2013-5481  The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
  CVE-2013-5498  The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.

2013-09-19  CVE-2011-2391  The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
  CVE-2013-1036  Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
  CVE-2013-0957  Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
  CVE-2013-1121  The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
  CVE-2013-1037  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1038  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1039  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1040  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1041  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1042  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1043  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1044  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5126  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5127  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5128  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1045  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1046  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1047  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5125  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5129  Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
  CVE-2013-5131  Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  CVE-2013-5137  IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
  CVE-2013-5138  IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
  CVE-2013-5139  The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
  CVE-2013-5140  The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
  CVE-2013-5141  The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer...
  CVE-2013-5142  The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
  CVE-2013-5145  kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
  CVE-2013-5147  Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of...
  CVE-2013-5149  The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification...
  CVE-2013-5150  The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
  CVE-2013-5151  Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
  CVE-2013-5152  Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
  CVE-2013-5153  Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
  CVE-2013-5154  The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a...
  CVE-2013-5155  The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
  CVE-2013-5156  The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct...
  CVE-2013-5157  The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
  CVE-2013-5158  The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified...
  CVE-2013-5159  WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.

2013-09-16  CVE-2013-1025  Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
  CVE-2013-1026  Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
  CVE-2013-1028  The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive...
  CVE-2013-5496  Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.

2013-09-13  CVE-2013-5649  Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary...

2013-09-07  CVE-2013-3458  Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID...

2013-08-30  CVE-2013-3474  The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or...
  CVE-2013-5469  The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN...

2013-08-29  CVE-2013-3463  The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use...
  CVE-2013-3470  The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
  CVE-2013-3472  Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,...

2013-08-24  CVE-2013-3459  Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
  CVE-2013-3460  Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka...
  CVE-2013-3461  Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,...
  CVE-2013-3462  Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified...

2013-08-22  CVE-2013-3453  Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP...

2013-08-19  OVAL18318  Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066

2013-08-13  CVE-2013-3464  Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C...

2013-08-12  CVE-2013-4806  The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link...

2013-08-08  CVE-2013-3454  Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the...

2013-08-05  CVE-2013-3442  The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
  CVE-2013-3450  Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
  CVE-2013-3451  Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug...

2013-08-01  CVE-2012-5460  Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText...

2013-07-30  OVAL17427  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17241  WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory...
  OVAL17384  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16762  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17413  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17020  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17269  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17530  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16903  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17212  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17161  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17544  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17458  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17128  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16879  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17304  Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file
  OVAL17082  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16714  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17339  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17441  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17334  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17204  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17387  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17199  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17288  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17368  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17246  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17546  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17365  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17605  Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate
  OVAL17264  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17127  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17486  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17352  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17163  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17207  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17366  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17433  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17300  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16678  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17072  WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or...
  OVAL17401  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17562  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17076  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16986  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17516  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16907  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17064  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17308  WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
  OVAL17445  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17303  Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file
  OVAL17184  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17370  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17187  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17419  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17191  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17016  Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist
  OVAL17481  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17211  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17094  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16788  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17170  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16941  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17367  Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium...
  OVAL17302  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17048  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16916  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17133  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17319  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17394  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17446  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17009  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17336  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16974  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17575  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16588  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17084  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17250  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17298  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16938  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16488  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17432  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16874  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17473  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16780  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17362  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16795  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17172  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17174  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17272  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17070  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16638  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17018  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17138  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16959  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17604  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17099  Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon
  OVAL16843  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16865  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17469  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17185  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16919  CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)...
  OVAL17396  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17561  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17156  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17282  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17400  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17299  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17548  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17463  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17359  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17582  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17539  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17434  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16724  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17060  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17168  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17393  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17317  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17276  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17136  Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning
  OVAL17452  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17464  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17068  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17143  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17601  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17203  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16532  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17167  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17507  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16871  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17475  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17340  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17271  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17297  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16826  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17438  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17092  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16994  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17378  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17152  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17407  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16457  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17467  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17287  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17331  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17051  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17559  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16730  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17437  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17059  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16626  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17144  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17222  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17372  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17057  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17377  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17488  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17482  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17374  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17444  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16726  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16980  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17483  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17081  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17357  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17104  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17523  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17429  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17355  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17237  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17169  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17524  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16568  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16768  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17247  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17252  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17228  Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding
  OVAL17208  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17383  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17280  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17158  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17263  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16983  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17466  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17342  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17518  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16891  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17218  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17312  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17435  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17572  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17364  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17326  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16756  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17254  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17373  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17471  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17621  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17375  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17224  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16862  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17123  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17327  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17478  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17431  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17397  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16784  Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream
  OVAL16978  Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a...
  OVAL17220  Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...

2013-07-25  CVE-2013-3414  Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.

2013-07-19  CVE-2013-3436  The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy...

2013-07-18  CVE-2013-3402  An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
  CVE-2013-3403  Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged...
  CVE-2013-3404  SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging...
  CVE-2013-3412  SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
  CVE-2013-3433  Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
  CVE-2013-3434  Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...

2013-07-15  OVAL17341  TrueType Font Parsing Vulnerability

2013-07-12  OVAL16998  WMV Video Decoder remote code execution vulnerability - MS13-057

2013-07-11  OVAL17253  Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058
  CVE-2013-4684  flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM...
  CVE-2013-4685  Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute...
  CVE-2013-4686  The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and...
  CVE-2013-4687  flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via...
  CVE-2013-4688  flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
  CVE-2013-4690  Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of...

2013-07-10  CVE-2013-3400  The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.

2013-07-09  CVE-2013-4787  Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does...

2013-07-06  CVE-2013-2340  Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute...
  CVE-2013-2341  Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to...

2013-06-26  CVE-2013-3382  The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device...
  CVE-2013-3397  Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified...

2013-06-21  CVE-2013-3377  Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.

2013-06-19  OVAL17090  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17294  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17116  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  OVAL17236  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17106  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL16840  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL16580  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL16712  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL16982  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  OVAL17189  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17052  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL16311  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17214  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17069  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to...
  OVAL16803  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  OVAL17149  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17195  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability...
  OVAL17181  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17202  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  OVAL17206  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  OVAL16899  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
  OVAL17042  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL16887  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  OVAL16389  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17014  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors...
  OVAL17098  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
  OVAL17180  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
  OVAL17221  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect...
  OVAL16806  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17230  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL16617  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
  OVAL17256  Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity...
  OVAL16545  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to...
  OVAL17257  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  OVAL17176  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  OVAL17265  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and...
  OVAL17192  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
  OVAL16770  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...

2013-06-18  OVAL17030  Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows; Adobe AIR before 3.7.0.2090 on Windows; and Adobe AIR SDK and Compiler before 3.7.0.2090 on Windows allow attackers to execute arbitrary code or cause a...
  CVE-2013-4616  The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier...

2013-06-13  OVAL16995  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL16804  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL16913  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL17141  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL16846  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL16407  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL17118  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL17050  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL17083  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL16932  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL16921  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL16897  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
  OVAL16969  Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...

2013-06-10  OVAL16375  The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to...

2013-06-05  CVE-2013-3948  Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary...
  CVE-2013-3950  Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR...
  CVE-2013-3953  The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory...
  CVE-2013-3954  The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is...

2013-05-29  CVE-2013-1208  The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by...
  CVE-2013-1209  The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable...
  CVE-2013-1210  Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by...
  CVE-2013-1211  Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a...
  CVE-2013-1212  The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,...
  CVE-2013-1213  Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability...

2013-05-24  CVE-2013-1019  Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

2013-05-23  CVE-2013-1204  Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.

2013-05-22  CVE-2013-2842  Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

2013-05-20  CVE-2013-1007  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1008  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1010  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-0999  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1000  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1001  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1002  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1003  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1004  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1005  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1006  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...

2013-05-15  CVE-2013-1188  Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.

2013-05-13  CVE-2013-1136  The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then...

2013-05-03  CVE-2013-1240  The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
  CVE-2013-1234  The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
  CVE-2013-1235  Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly...

2013-04-29  OVAL16960  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  OVAL17175  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful...
  OVAL17268  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  OVAL16395  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  OVAL16877  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network...
  OVAL17077  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  OVAL17266  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
  OVAL16792  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
  OVAL16835  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  OVAL16451  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  OVAL17186  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated...
  OVAL16267  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to...
  OVAL16758  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful...
  OVAL16947  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  OVAL17255  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  OVAL16632  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  OVAL16825  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  CVE-2013-1216  Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
  CVE-2013-1226  The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.

2013-04-25  CVE-2013-1178  Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices...
  CVE-2013-1179  Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to...
  CVE-2013-1180  Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted...
  CVE-2013-1181  Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by...
  CVE-2013-1192  The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp...
  CVE-2013-1215  The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.

2013-04-24  CVE-2013-1217  The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.

2013-04-22  OVAL15923  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
  OVAL16550  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  OVAL16058  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  OVAL16312  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
  OVAL16519  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  OVAL16259  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
  OVAL16430  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality,...
  OVAL16649  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  OVAL16513  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
  OVAL16168  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Swing) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
  OVAL16567  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  OVAL16566  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  OVAL16502  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier...
  OVAL16496  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  OVAL15888  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  OVAL16013  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
  OVAL16528  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  OVAL16581  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on...
  OVAL16530  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via...
  OVAL16652  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  OVAL15996  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
  OVAL16613  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  OVAL15832  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  OVAL16680  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  OVAL15733  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  OVAL16558  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  OVAL16035  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  OVAL16537  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
  OVAL16045  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...

2013-04-18  CVE-2013-1194  The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via...
  CVE-2013-1199  Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing...

2013-04-17  OVAL16688  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  OVAL16297  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful...
  OVAL16597  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  OVAL16654  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  OVAL16043  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  OVAL16446  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  OVAL16684  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
  OVAL16549  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  OVAL16538  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  OVAL16685  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity...
  OVAL16578  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  OVAL16553  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  OVAL16697  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  OVAL16564  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  OVAL16527  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  OVAL16702  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  OVAL16585  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  OVAL16314  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  OVAL16602  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  OVAL16227  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity,...
  OVAL16506  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and...
  OVAL16546  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and...
  OVAL16466  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  OVAL16686  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and...
  OVAL16544  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and...

2013-04-16  CVE-2012-5415  Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for...

2013-04-12  OVAL16293  Elevation of privilege vulnerability in Windows Defender - MS13-034
  OVAL16598  Microsoft Windows Remote Desktop Client remote code execution vulnerability - MS13-029

2013-04-11  CVE-2013-1149  Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall...
  CVE-2013-1150  The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before...
  CVE-2013-1152  Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.
  CVE-2013-1164  Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card...
  CVE-2013-1165  Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293.
  CVE-2013-1166  Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by...
  CVE-2013-1167  Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not...
  CVE-2013-2779  Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a...

2013-03-28  CVE-2013-1142  Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.
  CVE-2013-1143  The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect...
  CVE-2013-1144  Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055.
  CVE-2012-5216  Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of...
  CVE-2013-1145  Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP...
  CVE-2013-1146  The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.
  CVE-2013-1147  The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote...
  CVE-2013-1148  The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service...

2013-03-25  CVE-2013-1162  The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000.

2013-03-20  CVE-2013-0977  dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains...
  CVE-2013-0978  The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection...
  CVE-2013-0979  lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that...
  CVE-2013-0980  The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call...
  CVE-2013-0981  The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via...

2013-02-28  CVE-2013-1141  The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS...

2013-02-27  CVE-2013-1133  Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused...
  CVE-2013-1134  The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct...

2013-02-25  CVE-2013-1138  The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.

2013-02-24  CVE-2013-0120  The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request.

2013-02-23  CVE-2013-0879  Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have...

2013-02-13  CVE-2013-1100  The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.
  CVE-2013-1122  Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.

2013-02-12  CVE-2011-5262  SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.

2013-02-05  CVE-2011-1350  The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
  CVE-2011-1352  The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.

2013-01-29  CVE-2013-0950  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0951  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0952  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0953  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0954  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0955  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0948  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0949  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0956  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0958  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0959  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0962  Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.
  CVE-2013-0963  Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an...
  CVE-2013-0964  The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page...
  CVE-2013-0968  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0974  StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript...

2013-01-24  CVE-2013-1102  The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service...
  CVE-2013-1103  Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.
  CVE-2013-1104  The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
  CVE-2013-1105  Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device...

2013-01-19  CVE-2012-6396  Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces...

2013-01-18  CVE-2012-5717  Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID...
  CVE-2012-6395  Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors,...

2012-12-21  CVE-2012-0841  libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

2012-12-19  CVE-2012-5991  screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type...
  CVE-2012-5992  Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts...
  CVE-2012-6007  Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter,...

2012-12-10  CVE-2012-6301  The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.

2012-11-30  CVE-2012-4220  diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference)...
  CVE-2012-4221  Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an...
  CVE-2012-4222  drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses...

2012-11-27  CVE-2012-5134  Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or...

2012-11-14  CVE-2012-2619  The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service...

2012-11-03  CVE-2012-3748  Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
  CVE-2012-3749  The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a...
  CVE-2012-3750  The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

2012-10-29  CVE-2012-4663  The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before...
  CVE-2012-4643  The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before...
  CVE-2012-4659  The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before...
  CVE-2012-4660  The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5...
  CVE-2012-4661  Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before...
  CVE-2012-4662  The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before...

2012-10-17  OVAL15395  Reflected XSS Vulnerability - MS12-070

2012-10-11  CVE-2012-5112  Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

2012-10-07  CVE-2011-3918  The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.

2012-09-26  CVE-2012-4617  The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed...
  CVE-2012-4618  The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.
  CVE-2012-4619  The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.
  CVE-2012-4620  Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug...
  CVE-2012-4621  The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
  CVE-2012-4622  Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error...
  CVE-2012-2889  Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
  CVE-2012-3949  The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS,...
  CVE-2012-3950  The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS...
  CVE-2012-4623  The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a...

2012-09-20  CVE-2012-3740  The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
  CVE-2012-3741  The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step...
  CVE-2012-3742  Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the...
  CVE-2012-3722  The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service...
  CVE-2012-3724  CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived...
  CVE-2012-3725  The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information...
  CVE-2012-3726  Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
  CVE-2012-3727  Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
  CVE-2012-3728  The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.
  CVE-2012-3729  The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a...
  CVE-2012-3730  Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a...
  CVE-2012-3731  Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
  CVE-2012-3732  Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
  CVE-2012-3733  Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain...
  CVE-2012-3734  Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
  CVE-2012-3735  The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the...
  CVE-2012-3736  The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call.
  CVE-2012-3737  The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.
  CVE-2012-3738  The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime...
  CVE-2012-3739  The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.
  CVE-2012-3743  The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
  CVE-2012-3744  Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating...
  CVE-2012-3745  Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.
  CVE-2012-3746  UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
  CVE-2012-3747  WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

2012-09-17  CVE-2012-2993  Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an...

2012-09-16  CVE-2012-3051  Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822.
  CVE-2012-3079  Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957.
  CVE-2012-3893  The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
  CVE-2012-3895  Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224.
  CVE-2012-3915  The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.
  CVE-2012-3923  The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a...
  CVE-2012-3924  The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a...

2012-09-13  CVE-2012-3606  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3607  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3621  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3632  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3687  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3701  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...

2012-08-31  CVE-2012-2870  libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not...
  CVE-2012-2871  libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or...

2012-08-06  CVE-2012-1338  Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.
  CVE-2012-1344  Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka...
  CVE-2012-2857  Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a...
  CVE-2012-1350  Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426.
  CVE-2012-1357  The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521.
  CVE-2012-1361  Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750.
  CVE-2012-1367  The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka...
  CVE-2012-2469  Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP)...
  CVE-2012-2472  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU...
  CVE-2012-2474  Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN...

2012-07-13  OVAL14783  ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045

2012-06-27  CVE-2012-2807  Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via...
  CVE-2012-2824  Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.

2012-06-20  CVE-2012-3058  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause...

2012-05-31  CVE-2012-2488  Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.

2012-05-15  CVE-2011-3102  Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

2012-05-08  OVAL15621  GDI+ Record Type Vulnerability
  CVE-2012-0672  WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
  CVE-2012-0674  Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

2012-05-03  CVE-2011-4019  Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs...
  CVE-2011-4023  Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
  CVE-2011-4231  Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
  CVE-2012-0376  The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
  CVE-2012-0378  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect...
  CVE-2012-1324  Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
  CVE-2012-1327  dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S,...

2012-05-02  CVE-2011-2586  The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
  CVE-2011-2578  Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366.
  CVE-2011-3285  CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
  CVE-2011-3289  Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640.
  CVE-2011-3295  The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888.
  CVE-2011-3309  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE...
  CVE-2011-4006  The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
  CVE-2011-4007