Update Reports

OVAL Vulnerability Bulletins




Date Bulletin ID Title

2023-11-29 CVE-2023-6346 Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-11-21 CVE-2023-6207 Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
  CVE-2023-6213 Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.
  CVE-2023-6205 It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

2023-10-25 CVE-2023-5722 Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.
  CVE-2023-5721 It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
  CVE-2023-5728 During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
  CVE-2023-5724 Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
  CVE-2023-5723 An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.
  CVE-2023-5732 An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
  CVE-2023-5729 A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.
  CVE-2023-5725 A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

2023-10-05 CVE-2023-5346 Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-09-28 CVE-2023-5186 Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction.
  CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-09-12 CVE-2023-4863 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

2023-09-11 CVE-2023-4580 Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

2023-09-05 CVE-2023-4762 Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
  CVE-2023-4761 Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.

2023-08-29 CVE-2023-4572 Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-08-25 CVE-2022-4452 Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
  CVE-2019-13689 Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file.

2023-08-23 CVE-2023-4430 Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4429 Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4427 Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
  CVE-2023-4431 Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
  CVE-2023-4428 Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

2023-08-15 CVE-2023-2312 Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4351 Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4366 Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4358 Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4349 Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4356 Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4352 Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4355 Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4357 Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page.
  CVE-2023-4363 Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page.
  CVE-2023-4364 Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
  CVE-2023-4365 Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
  CVE-2023-4350 Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox
  CVE-2023-4360 Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
  CVE-2023-4361 Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page.
  CVE-2023-4359 Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page.
  CVE-2023-4354 Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4353 Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-08-01 CVE-2023-32681 RHSA-2023:4350: python-requests security update
  CVE-2023-28484,CVE-2023-29469 RHSA-2023:4349: libxml2 security update

2023-07-31 CVE-2023-30581,CVE-2023-30588,CVE-2023-30589,CVE-2023-30590 RHSA-2023:4331: nodejs security, bug fix, and enhancement update
  CVE-2023-3347 RHSA-2023:4325: samba security and bug fix update

2023-07-20 CVE-2023-22045,CVE-2023-22049 RHSA-2023:4178: java-1.8.0-openjdk security and bug fix update
  CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 RHSA-2023:4177: java-17-openjdk security and bug fix update
  CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 RHSA-2023:4158: java-11-openjdk security and bug fix update

2023-07-18 CVE-2023-32435,CVE-2023-32439,CVE-2023-37450 RHSA-2023:4201: webkit2gtk3 security update

2023-07-17 CVE-2023-2828 RHSA-2023:4099: bind security update

2023-07-13 CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211 RHSA-2023:4071: firefox security update
  CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211 RHSA-2023:4064: thunderbird security update
  CVE-2023-33170 RHSA-2023:4060: .NET 6.0 security, bug fix, and enhancement update
  CVE-2023-33170 RHSA-2023:4057: .NET 7.0 security, bug fix, and enhancement update

2023-07-12 CVE-2023-3128 RHSA-2023:4030: grafana security update

2023-05-16 CVE-2023-2721 Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2725 Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2723 Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2722 Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2724 Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2726 Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page.

2023-05-03 CVE-2023-2466 Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page.
  CVE-2023-2462 Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page.
  CVE-2023-2459 Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page.
  CVE-2023-2467 Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page.
  CVE-2023-2468 Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page.
  CVE-2023-2463 Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox

2023-04-19 CVE-2023-2135 Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2134 Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2137 Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-04-14 CVE-2023-2033 Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-04-04 CVE-2023-1818 Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1811 Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1393 RHSA-2023:1594: tigervnc and xorg-x11-server security update
  CVE-2023-25690 RHSA-2023:1593: httpd security update
  CVE-2023-1393 RHSA-2023:1592: tigervnc security update
  CVE-2023-28154 RHSA-2023:1591: pcs security update
  CVE-2023-1819 Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
  CVE-2023-1812 Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
  CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page.
  CVE-2023-1817 Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
  CVE-2023-1816 Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page.
  CVE-2023-1822 Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
  CVE-2023-1821 Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox
  CVE-2023-1823 Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
  CVE-2023-1813 Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page.
  CVE-2023-1810 Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

2023-03-21 CVE-2023-1533 Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1530 Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1528 Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1531 Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1532 Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1534 Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

2023-03-02 CISEC:9468 Multiple vulnerabilities on Adobe Animate 2022, Adobe Animate 2023
  CISEC:9470 Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability.

2023-03-01 CISEC:9466 Multiple vulnerabilities on Adobe Media Encoder
  CISEC:9469 Multiple vulnerabilities on Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1
  CISEC:9471 Multiple vulnerabilites on Photoshop version 23.5.3
  CISEC:9467 Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability.
  CISEC:9472 Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability.

2023-02-22 CVE-2023-0927 Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0929 Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0931 Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0928 Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0941 Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0933 Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
  CVE-2023-0930 Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-02-07 CVE-2023-0699 Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown.
  CVE-2023-0696 Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0703 Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions.
  CVE-2023-0698 Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
  CVE-2023-0705 Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0704 Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page.
  CVE-2023-0697 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page.
  CVE-2023-0700 Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox
  CVE-2023-0701 Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction .

2022-11-01 CVE-2022-3661 Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension.

2022-07-22 CISEC:9448 Windows SMB Denial of Service Vulnerability
  CISEC:9439 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9462 Windows Network File System Remote Code Execution Vulnerability
  CISEC:9454 Windows Network Address Translation (NAT) Denial of Service Vulnerability
  CISEC:9440 Windows Media Center Elevation of Privilege Vulnerability
  CISEC:9458 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9436 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9438 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9441 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9442 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9445 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9453 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9461 Windows Kernel Information Disclosure Vulnerability
  CISEC:9437 Windows Kernel Denial of Service Vulnerability
  CISEC:9456 Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9446 Windows iSCSI Discovery Service Remote Code Execution Vulnerability
  CISEC:9455 Windows Installer Elevation of Privilege Vulnerability
  CISEC:9465 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9457 Windows File History Remote Code Execution Vulnerability
  CISEC:9452 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
  CISEC:9443 Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability
  CISEC:9449 Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:9463 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
  CISEC:9451 Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability
  CISEC:9447 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:9450 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
  CISEC:9459 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
  CISEC:9460 Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability
  CISEC:9444 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
  CISEC:9464 Kerberos AppContainer Security Feature Bypass Vulnerability

2022-06-17 CISEC:9390 Windows WLAN AutoConfig Service Information Disclosure Vulnerability
  CISEC:9414 Windows WLAN AutoConfig Service Denial of Service Vulnerability
  CISEC:9378 Windows Server Service Information Disclosure Vulnerability
  CISEC:9406 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:9376 Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:9396 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9393 Windows Push Notifications Apps Elevation of Privilege Vulnerability
  CISEC:9409 Windows Print Spooler Information Disclosure Vulnerability
  CISEC:9375 Windows Print Spooler Information Disclosure Vulnerability
  CISEC:9413 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9425 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9387 Windows PlayToManager Elevation of Privilege Vulnerability
  CISEC:9386 Windows NTFS Information Disclosure Vulnerability
  CISEC:9417 Windows Network File System Remote Code Execution Vulnerability
  CISEC:9397 Windows LSA Spoofing Vulnerability
  CISEC:9410 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9381 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9398 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9400 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9402 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9422 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9423 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9424 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9432 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9433 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9434 Windows Kernel Information Disclosure Vulnerability
  CISEC:9427 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9430 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9431 Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9389 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
  CISEC:9421 Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:9426 Windows Hyper-V Denial of Service Vulnerability
  CISEC:9374 Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:9412 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:9394 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:9418 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:9416 Windows Fax Service Remote Code Execution Vulnerability
  CISEC:9405 Windows Failover Cluster Information Disclosure Vulnerability
  CISEC:9382 Windows Digital Media Receiver Elevation of Privilege Vulnerability
  CISEC:9404 Windows Clustered Shared Volume Information Disclosure Vulnerability
  CISEC:9419 Windows Clustered Shared Volume Information Disclosure Vulnerability
  CISEC:9428 Windows Clustered Shared Volume Information Disclosure Vulnerability
  CISEC:9429 Windows Clustered Shared Volume Information Disclosure Vulnerability
  CISEC:9379 Windows Clustered Shared Volume Elevation of Privilege Vulnerability
  CISEC:9383 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
  CISEC:9401 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
  CISEC:9420 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
  CISEC:9403 Windows Authentication Security Feature Bypass Vulnerability
  CISEC:9377 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9388 Windows Address Book Remote Code Execution Vulnerability
  CISEC:9435 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
  CISEC:9384 Storage Spaces Direct Elevation of Privilege Vulnerability
  CISEC:9385 Storage Spaces Direct Elevation of Privilege Vulnerability
  CISEC:9407 Storage Spaces Direct Elevation of Privilege Vulnerability
  CISEC:9380 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9391 Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:9411 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9392 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
  CISEC:9395 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
  CISEC:9415 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:9399 BitLocker Security Feature Bypass Vulnerability
  CISEC:9408 Active Directory Domain Services Elevation of Privilege Vulnerability

2022-05-27 CISEC:9302 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:9327 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:9309 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:9303 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:9360 Windows Telephony Server Elevation of Privilege Vulnerability
  CISEC:9328 Windows SMB Remote Code Execution Vulnerability
  CISEC:9316 Windows Server Service Remote Code Execution Vulnerability
  CISEC:9279 Windows Secure Channel Denial of Service Vulnerability
  CISEC:9369 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9373 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9282 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9322 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9323 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9329 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9280 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9292 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9296 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9298 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9304 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9306 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9342 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9343 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9368 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9355 Windows Network File System Remote Code Execution Vulnerability
  CISEC:9278 Windows Network File System Remote Code Execution Vulnerability
  CISEC:9308 Windows Local Security Authority (LSA) Remote Code Execution Vulnerability
  CISEC:9281 Windows LDAP Remote Code Execution Vulnerability
  CISEC:9365 Windows LDAP Denial of Service Vulnerability
  CISEC:9325 Windows Kernel Information Disclosure Vulnerability
  CISEC:9276 Windows Kerberos Remote Code Execution Vulnerability
  CISEC:9354 Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9334 Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9351 Windows iSCSI Target Service Information Disclosure Vulnerability
  CISEC:9312 Windows Installer Elevation of Privilege Vulnerability
  CISEC:9361 Windows Installer Elevation of Privilege Vulnerability
  CISEC:9370 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
  CISEC:9324 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
  CISEC:9314 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
  CISEC:9340 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
  CISEC:9277 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9286 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9295 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9358 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9336 Windows Hyper-V Denial of Service Vulnerability
  CISEC:9362 Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:9359 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:9284 Windows File Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:9363 Windows File Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:9357 Windows File Explorer Elevation of Privilege Vulnerability
  CISEC:9294 Windows Fax Compose Form Remote Code Execution Vulnerability
  CISEC:9345 Windows Fax Compose Form Remote Code Execution Vulnerability
  CISEC:9367 Windows Fax Compose Form Remote Code Execution Vulnerability
  CISEC:9349 Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability
  CISEC:9310 Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9372 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9289 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9326 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9290 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9297 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9301 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9315 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9318 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9319 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9320 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9330 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9333 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9337 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9338 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9341 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9347 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9364 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9344 Windows DNS Server Information Disclosure Vulnerability
  CISEC:9331 Windows Direct Show - Remote Code Execution Vulnerability
  CISEC:9288 Windows Digital Media Receiver Elevation of Privilege Vulnerability
  CISEC:9285 Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:9287 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9348 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9307 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
  CISEC:9313 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
  CISEC:9317 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
  CISEC:9300 Windows Bluetooth Driver Elevation of Privilege Vulnerability
  CISEC:9335 Windows AppX Package Manager Elevation of Privilege Vulnerability
  CISEC:9371 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:9353 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9356 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9311 Win32k Elevation of Privilege Vulnerability
  CISEC:9283 Win32 Stream Enumeration Remote Code Execution Vulnerability
  CISEC:9291 Win32 Stream Enumeration Remote Code Execution Vulnerability
  CISEC:9366 Win32 File Enumeration Remote Code Execution Vulnerability
  CISEC:9321 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9352 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9305 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9332 Remote Desktop Protocol Remote Code Execution Vulnerability
  CISEC:9299 PowerShell Elevation of Privilege Vulnerability
  CISEC:9293 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
  CISEC:9350 Local Security Authority (LSA) Elevation of Privilege Vulnerability
  CISEC:9275 DiskUsage.exe Remote Code Execution Vulnerability
  CISEC:9346 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
  CISEC:9339 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability

2022-05-18 CVE-2022-22965 Spring4Shell - Windows
  CVE-2022-22965 Spring4Shell - Unix

2022-04-15 CISEC:9258 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability
  CISEC:9273 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:9246 Windows SMBv3 Client/Server Remote Code Execution Vulnerability
  CISEC:9271 Windows Security Support Provider Interface Elevation of Privilege Vulnerability
  CISEC:9250 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9256 Windows PDEV Elevation of Privilege Vulnerability
  CISEC:9263 Windows NT OS Kernel Elevation of Privilege Vulnerability
  CISEC:9267 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
  CISEC:9266 Windows Media Center Update Denial of Service Vulnerability
  CISEC:9268 Windows Installer Elevation of Privilege Vulnerability
  CISEC:9247 Windows Inking COM Elevation of Privilege Vulnerability
  CISEC:9272 Windows Hyper-V Denial of Service Vulnerability
  CISEC:9270 Windows HTML Platforms Security Feature Bypass Vulnerability
  CISEC:9251 Windows Fax and Scan Service Elevation of Privilege Vulnerability
  CISEC:9265 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
  CISEC:9253 Windows Event Tracing Remote Code Execution Vulnerability
  CISEC:9243 Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9261 Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9245 Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:9255 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:9252 Windows CD-ROM Driver Elevation of Privilege Vulnerability
  CISEC:9260 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:9244 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9254 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9257 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9264 Tablet Windows User Interface Application Elevation of Privilege Vulnerability
  CISEC:9274 Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:9262 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9269 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9248 Point-to-Point Tunneling Protocol Denial of Service Vulnerability
  CISEC:9249 Media Foundation Information Disclosure Vulnerability
  CISEC:9259 Media Foundation Information Disclosure Vulnerability

2022-03-18 CISEC:9229 Windows User Account Profile Picture Denial of Service Vulnerability
  CISEC:9241 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:9227 Windows Runtime Remote Code Execution Vulnerability
  CISEC:9226 Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:9214 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9209 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9230 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9231 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9235 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9221 Windows Mobile Device Management Remote Code Execution Vulnerability
  CISEC:9234 Windows Mobile Device Management Elevation of Privilege Vulnerability
  CISEC:9239 Windows Kernel Information Disclosure Vulnerability
  CISEC:9215 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9236 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9240 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9213 Windows Hyper-V Denial of Service Vulnerability
  CISEC:9223 Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9220 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9225 Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:9212 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9238 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9222 Windows Common Log File System Driver Denial of Service Vulnerability
  CISEC:9232 Win32k Elevation of Privilege Vulnerability
  CISEC:9233 Win32k Elevation of Privilege Vulnerability
  CISEC:9237 Roaming Security Rights Management Services Remote Code Execution Vulnerability
  CISEC:9228 Named Pipe File System Elevation of Privilege Vulnerability

2022-03-04 CISEC:9137 Workstation Service Remote Protocol Security Feature Bypass Vulnerability
  CISEC:9129 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
  CISEC:9190 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:9155 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:9142 Windows UI Immersive Server API Elevation of Privilege Vulnerability
  CISEC:9157 Windows System Launcher Elevation of Privilege Vulnerability
  CISEC:9161 Windows Storage Elevation of Privilege Vulnerability
  CISEC:9187 Windows StateRepository API Server file Elevation of Privilege Vulnerability
  CISEC:9189 Windows Security Center API Remote Code Execution Vulnerability
  CISEC:9184 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9186 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9198 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9144 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9136 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9149 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9162 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9176 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9191 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9131 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9207 Windows Push Notifications Apps Elevation Of Privilege Vulnerability
  CISEC:9183 Windows Modern Execution Server Remote Code Execution Vulnerability
  CISEC:9196 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9126 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9173 Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9166 Windows Installer Elevation of Privilege Vulnerability
  CISEC:9192 Windows IKE Extension Remote Code Execution Vulnerability
  CISEC:9185 Windows IKE Extension Denial of Service Vulnerability
  CISEC:9193 Windows IKE Extension Denial of Service Vulnerability
  CISEC:9160 Windows IKE Extension Denial of Service Vulnerability
  CISEC:9168 Windows IKE Extension Denial of Service Vulnerability
  CISEC:9178 Windows IKE Extension Denial of Service Vulnerability
  CISEC:9140 Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:9177 Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:9143 Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:9201 Windows Hyper-V Denial of Service Vulnerability
  CISEC:9188 Windows Geolocation Service Remote Code Execution Vulnerability
  CISEC:9133 Windows GDI+ Information Disclosure Vulnerability
  CISEC:9169 Windows GDI+ Information Disclosure Vulnerability
  CISEC:9204 Windows GDI Information Disclosure Vulnerability
  CISEC:9146 Windows GDI Elevation of Privilege Vulnerability
  CISEC:9154 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
  CISEC:9174 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:9171 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
  CISEC:9147 Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9158 Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9175 Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9167 Windows Devices Human Interface Elevation of Privilege Vulnerability
  CISEC:9199 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9203 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9159 Windows Cleanup Manager Elevation of Privilege Vulnerability
  CISEC:9151 Windows Certificate Spoofing Vulnerability
  CISEC:9163 Windows Bind Filter Driver Elevation of Privilege Vulnerability
  CISEC:9200 Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
  CISEC:9170 Windows Application Model Core API Elevation of Privilege Vulnerability
  CISEC:9197 Windows AppContracts API Server Elevation of Privilege Vulnerability
  CISEC:9152 Windows Accounts Control Elevation of Privilege Vulnerability
  CISEC:9132 Win32k Information Disclosure Vulnerability
  CISEC:9127 Win32k Elevation of Privilege Vulnerability
  CISEC:9179 Virtual Machine IDE Drive Elevation of Privilege Vulnerability
  CISEC:9134 Tile Data Repository Elevation of Privilege Vulnerability
  CISEC:9181 Task Flow Data Engine Elevation of Privilege Vulnerability
  CISEC:9180 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
  CISEC:9206 Storage Spaces Controller Information Disclosure Vulnerability
  CISEC:9156 Secure Boot Security Feature Bypass Vulnerability
  CISEC:9139 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9153 Remote Desktop Protocol Remote Code Execution Vulnerability
  CISEC:9135 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
  CISEC:9208 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9145 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9172 Open Source Curl Remote Code Execution Vulnerability
  CISEC:9164 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
  CISEC:9195 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
  CISEC:9205 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability
  CISEC:9148 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
  CISEC:9182 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass
  CISEC:9165 Libarchive Remote Code Execution Vulnerability
  CISEC:9141 HTTP Protocol Stack Remote Code Execution Vulnerability
  CISEC:9128 DirectX Graphics Kernel Remote Code Execution Vulnerability
  CISEC:9150 DirectX Graphics Kernel Remote Code Execution Vulnerability
  CISEC:9138 DirectX Graphics Kernel File Denial of Service Vulnerability
  CISEC:9130 Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:9202 Clipboard User Service Elevation of Privilege Vulnerability
  CISEC:9194 Active Directory Domain Services Elevation of Privilege Vulnerability

2022-01-14 CISEC:9100 Windows TCP/IP Driver Elevation of Privilege Vulnerability
  CISEC:9110 Windows Setup Elevation of Privilege Vulnerability
  CISEC:9096 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:9098 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9107 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
  CISEC:9105 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9097 Windows NTFS Elevation of Privilege Vulnerability
  CISEC:9112 Windows NTFS Elevation of Privilege Vulnerability
  CISEC:9122 Windows NTFS Elevation of Privilege Vulnerability
  CISEC:9123 Windows Media Center Elevation of Privilege Vulnerability
  CISEC:9101 Windows Kernel Information Disclosure Vulnerability
  CISEC:9103 Windows Installer Elevation of Privilege Vulnerability
  CISEC:9104 Windows Hyper-V Denial of Service Vulnerability
  CISEC:9099 Windows Fax Service Remote Code Execution Vulnerability
  CISEC:9117 Windows Event Tracing Remote Code Execution Vulnerability
  CISEC:9115 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
  CISEC:9094 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
  CISEC:9121 Windows Digital TV Tuner Elevation of Privilege Vulnerability
  CISEC:9118 Windows Digital Media Receiver Elevation of Privilege Vulnerability
  CISEC:9109 Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:9106 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9108 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9120 SymCrypt Denial of Service Vulnerability
  CISEC:9102 Storage Spaces Controller Information Disclosure Vulnerability
  CISEC:9116 Storage Spaces Controller Information Disclosure Vulnerability
  CISEC:9125 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9095 NTFS Set Short Name Elevation of Privilege Vulnerability
  CISEC:9119 Microsoft Message Queuing Information Disclosure Vulnerability
  CISEC:9124 Microsoft Message Queuing Information Disclosure Vulnerability
  CISEC:9113 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability
  CISEC:9111 iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution
  CISEC:9114 DirectX Graphics Kernel File Denial of Service Vulnerability

2021-12-21 CVE-2021-45105 Log4j: multiple vulnerabilities - Windows

2021-12-20 CVE-2021-45105 Log4j: multiple vulnerabilities - Linux

2021-12-10 CISEC:9071 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:9090 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:9092 Windows NTFS Remote Code Execution Vulnerability
  CISEC:9068 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9081 Windows Installer Elevation of Privilege Vulnerability
  CISEC:9077 Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
  CISEC:9079 Windows Hyper-V Denial of Service Vulnerability
  CISEC:9083 Windows Hello Security Feature Bypass Vulnerability
  CISEC:9093 Windows Feedback Hub Elevation of Privilege Vulnerability
  CISEC:9080 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
  CISEC:9063 Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:9076 Windows Denial of Service Vulnerability
  CISEC:9074 Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
  CISEC:9067 Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:9088 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9062 NTFS Elevation of Privilege Vulnerability
  CISEC:9078 NTFS Elevation of Privilege Vulnerability
  CISEC:9084 NTFS Elevation of Privilege Vulnerability
  CISEC:9086 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:9066 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
  CISEC:9061 Microsoft COM for Windows Remote Code Execution Vulnerability
  CISEC:9089 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
  CISEC:9069 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:9065 Active Directory Domain Services Elevation of Privilege Vulnerability
  CISEC:9070 Active Directory Domain Services Elevation of Privilege Vulnerability
  CISEC:9072 Active Directory Domain Services Elevation of Privilege Vulnerability
  CISEC:9087 Active Directory Domain Services Elevation of Privilege Vulnerability

2021-11-19 CISEC:9023 Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 21.007.20095 (and earlier), Acrobat 2020 and Acrobat Reader 2020 version 20.004.30015 (and earlier), Acrobat 2017 and Acrobat Reader 2017 version...
  CISEC:9022 Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 21.005.20060 (and earlier), Acrobat 2020 and Acrobat Reader 2020 version 20.004.30006 (and earlier), Acrobat 2017 and Acrobat Reader 2017 version...

2021-11-12 CISEC:8988 Windows Text Shaping Remote Code Execution Vulnerability
  CISEC:9018 Windows TCP/IP Denial of Service Vulnerability
  CISEC:9006 Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
  CISEC:9014 Windows Print Spooler Spoofing Vulnerability
  CISEC:8994 Windows Print Spooler Information Disclosure Vulnerability
  CISEC:8979 Windows Nearby Sharing Elevation of Privilege Vulnerability
  CISEC:9012 Windows NAT Denial of Service Vulnerability
  CISEC:8992 Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8995 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
  CISEC:9007 Windows Media Audio Decoder Remote Code Execution Vulnerability
  CISEC:8996 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8984 Windows Installer Spoofing Vulnerability
  CISEC:9004 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:8985 Windows HTTP.sys Elevation of Privilege Vulnerability
  CISEC:8986 Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:9021 Windows Fast FAT File System Driver Information Disclosure Vulnerability
  CISEC:8980 Windows Fast FAT File System Driver Information Disclosure Vulnerability
  CISEC:9017 Windows exFAT File System Information Disclosure Vulnerability
  CISEC:9008 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:9002 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8989 Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:9001 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9015 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9016 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9011 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
  CISEC:8999 Windows Bind Filter Driver Information Disclosure Vulnerability
  CISEC:8982 Windows AppX Deployment Service Elevation of Privilege Vulnerability
  CISEC:9013 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
  CISEC:8993 Windows AppContainer Elevation Of Privilege Vulnerability
  CISEC:8981 Windows AD FS Security Feature Bypass Vulnerability
  CISEC:8998 Win32k Elevation of Privilege Vulnerability
  CISEC:9000 Win32k Elevation of Privilege Vulnerability
  CISEC:8983 Win32k Elevation of Privilege Vulnerability
  CISEC:9003 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:9010 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:9020 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8978 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8987 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8991 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:9005 Microsoft DWM Core Library Elevation of Privilege Vulnerability
  CISEC:8990 DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:8997 Console Window Host Security Feature Bypass Vulnerability
  CISEC:9009 Active Directory Security Feature Bypass Vulnerability
  CISEC:9019 Active Directory Federation Server Spoofing Vulnerability

2021-10-22 CISEC:8975 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
  CISEC:8949 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
  CISEC:8948 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:8976 Windows Storage Information Disclosure Vulnerability
  CISEC:8968 Windows SMB Information Disclosure Vulnerability
  CISEC:8973 Windows SMB Information Disclosure Vulnerability
  CISEC:8965 Windows SMB Elevation of Privilege Vulnerability
  CISEC:8977 Windows Scripting Engine Memory Corruption Vulnerability
  CISEC:8962 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
  CISEC:8963 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
  CISEC:8969 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
  CISEC:8971 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
  CISEC:8956 Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8942 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8964 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8974 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8966 Windows Key Storage Provider Security Feature Bypass Vulnerability
  CISEC:8945 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8959 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8960 Windows Installer Information Disclosure Vulnerability
  CISEC:8967 Windows Installer Denial of Service Vulnerability
  CISEC:8947 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8958 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8961 Windows DNS Elevation of Privilege Vulnerability
  CISEC:8943 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8944 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8951 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8952 Windows Bind Filter Driver Elevation of Privilege Vulnerability
  CISEC:8950 Windows Authenticode Spoofing Vulnerability
  CISEC:8953 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
  CISEC:8954 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:8972 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:8946 Win32k Elevation of Privilege Vulnerability
  CISEC:8970 Win32k Elevation of Privilege Vulnerability
  CISEC:8957 Microsoft Windows Update Client Elevation of Privilege Vulnerability
  CISEC:8941 Microsoft MSHTML Remote Code Execution Vulnerability
  CISEC:8955 BitLocker Security Feature Bypass Vulnerability

2021-10-08 CISEC:8937 Multiple vulnerabilities on Creative Cloud Desktop Application versions 4.6.1 and earlier
  CISEC:8938 Multiple vulnerabilities on Adobe Media Encoder versions 13.1 and earlier
  CISEC:8939 Multiple vulnerabilities on Adobe Digital Editions versions 4.5.10 and below
  CISEC:8940 Creative Cloud Desktop Application

2021-09-24 CISEC:8935 Multiple vulnerabilities on Creative Cloud Desktop Application versions 5.1 and earlier
  CISEC:8934 Multiple vulnerabilities on Adobe Media Encoder versions 14.2 and earlier
  CISEC:8933 Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration

2021-09-17 CISEC:8929 Multiple vulnerabilities on Creative Cloud Desktop Application version 5.3
  CISEC:8931 Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2020.009.20074?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.001.30002, Acrobat 2017 and Acrobat Reader 2017 version...
  CISEC:8922 InCopy version 15.1.1
  CISEC:8925 Adobe Prelude version 9.0.1
  CISEC:8924 Adobe Lightroom Classic version 10.0
  CISEC:8927 Adobe Illustrator version 25.0

2021-09-10 CISEC:8903 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:8915 Windows User Account Profile Picture Elevation of Privilege Vulnerability
  CISEC:8899 Windows Update Medic Service Elevation of Privilege Vulnerability
  CISEC:8909 Windows TCP/IP Remote Code Execution Vulnerability
  CISEC:8894 Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
  CISEC:8895 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:8902 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:8911 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:8914 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:8908 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
  CISEC:8898 Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8900 Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8913 Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8916 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8912 Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8897 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
  CISEC:8906 Windows LSA Spoofing Vulnerability
  CISEC:8920 Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:8907 Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
  CISEC:8893 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8905 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8921 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8917 Windows Elevation of Privilege Vulnerability
  CISEC:8919 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
  CISEC:8896 Windows Cryptographic Primitives Library Information Disclosure Vulnerability
  CISEC:8918 Windows Bluetooth Driver Elevation of Privilege Vulnerability
  CISEC:8904 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8910 Scripting Engine Memory Corruption Vulnerability
  CISEC:8901 Remote Desktop Client Remote Code Execution Vulnerability

2021-08-27 CISEC:8885 Multiple vulnerabilities on Illustrator 2021 version 25.2.3 and?earlier?versions
  CISEC:8890 Multiple vulnerabilities on Adobe Bridge version 11.0.2 and earlier versions
  CISEC:8888 Multiple vulnerabilities on Adobe Animate version 21.0.6 and?earlier versions
  CISEC:8891 Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2021.005.20054?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.004.30005 and earlier versions, Acrobat 2017 and Acrobat Reader...
  CISEC:8892 Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2021.001.20155?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.001.30025 and earlier versions, Acrobat 2017 and Acrobat Reader...
  CISEC:8887 Adobe Robohelp version 2020.0.3
  CISEC:8889 Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file (CVE-2021-28548, CVE-2021-28549).

2021-08-13 CISEC:8815 Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8817 Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8837 Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8791 Windows SMB Information Disclosure Vulnerability
  CISEC:8826 Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability
  CISEC:8806 Windows Secure Kernel Mode Security Feature Bypass Vulnerability
  CISEC:8824 Windows Remote Assistance Information Disclosure Vulnerability
  CISEC:8839 Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:8840 Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:8858 Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:8866 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:8823 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:8827 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:8836 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:8844 Windows Projected File System Elevation of Privilege Vulnerability
  CISEC:8860 Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8796 Windows Partition Management Driver Elevation of Privilege Vulnerability
  CISEC:8868 Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8789 Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8813 Windows Media Remote Code Execution Vulnerability
  CISEC:8829 Windows LSA Security Feature Bypass Vulnerability
  CISEC:8838 Windows LSA Denial of Service Vulnerability
  CISEC:8797 Windows Key Distribution Center Information Disclosure Vulnerability
  CISEC:8853 Windows Kernel Remote Code Execution Vulnerability
  CISEC:8870 Windows Kernel Remote Code Execution Vulnerability
  CISEC:8825 Windows Kernel Memory Information Disclosure Vulnerability
  CISEC:8816 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8828 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8833 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8846 Windows InstallService Elevation of Privilege Vulnerability
  CISEC:8834 Windows Installer Spoofing Vulnerability
  CISEC:8805 Windows Installer Elevation of Privilege Vulnerability
  CISEC:8848 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:8832 Windows Hyper-V Denial of Service Vulnerability
  CISEC:8798 Windows Hyper-V Denial of Service Vulnerability
  CISEC:8831 Windows HTML Platforms Security Feature Bypass Vulnerability
  CISEC:8859 Windows Hello Security Feature Bypass Vulnerability
  CISEC:8863 Windows GDI Information Disclosure Vulnerability
  CISEC:8862 Windows GDI Elevation of Privilege Vulnerability
  CISEC:8793 Windows Font Driver Host Remote Code Execution Vulnerability
  CISEC:8812 Windows File History Service Elevation of Privilege Vulnerability
  CISEC:8865 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8807 Windows DNS Snap-in Remote Code Execution Vulnerability
  CISEC:8822 Windows DNS Snap-in Remote Code Execution Vulnerability
  CISEC:8842 Windows DNS Snap-in Remote Code Execution Vulnerability
  CISEC:8787 Windows DNS Snap-in Remote Code Execution Vulnerability
  CISEC:8864 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8820 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8850 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8856 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8794 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8819 Windows DNS Server Denial of Service Vulnerability
  CISEC:8857 Windows DNS Server Denial of Service Vulnerability
  CISEC:8800 Windows DNS Server Denial of Service Vulnerability
  CISEC:8799 Windows DNS Server Denial of Service Vulnerability
  CISEC:8803 Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:8808 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
  CISEC:8810 Windows Console Driver Elevation of Privilege Vulnerability
  CISEC:8854 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8861 Windows Certificate Spoofing Vulnerability
  CISEC:8801 Windows Authenticode Spoofing Vulnerability
  CISEC:8811 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8821 Windows AppContainer Elevation Of Privilege Vulnerability
  CISEC:8843 Windows AF_UNIX Socket Provider Denial of Service Vulnerability
  CISEC:8788 Windows ADFS Security Feature Bypass Vulnerability
  CISEC:8852 Windows Address Book Remote Code Execution Vulnerability
  CISEC:8835 Win32k Information Disclosure Vulnerability
  CISEC:8841 Win32k Elevation of Privilege Vulnerability
  CISEC:8851 Win32k Elevation of Privilege Vulnerability
  CISEC:8855 Storage Spaces Controller Information Disclosure Vulnerability
  CISEC:8809 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8814 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8830 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8790 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8795 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8792 Scripting Engine Memory Corruption Vulnerability
  CISEC:8802 Raw Image Extension Remote Code Execution Vulnerability
  CISEC:8867 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8847 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8786 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8818 Media Foundation Information Disclosure Vulnerability
  CISEC:8849 GDI+ Information Disclosure Vulnerability
  CISEC:8804 DirectWrite Remote Code Execution Vulnerability
  CISEC:8869 Bowser.sys Denial of Service Vulnerability
  CISEC:8845 Active Directory Security Feature Bypass Vulnerability

2021-08-03 CVE-2021-30560 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2021-07-23 CISEC:8779 Out-of-Bounds Read vulnerability on Adobe Media Encoder 15.1 and earlier versions
  CISEC:8773 Multiple vulnerabilities on Illustrator 2021 version 25.2 and earlier versions
  CISEC:8778 Multiple vulnerabilities on Adobe InDesign 16.0 and earlier versions
  CISEC:8774 Multiple vulnerabilities on Adobe Animate 21.0.5 and earlier versions
  CISEC:8777 Multiple vulnerabilities on Acrobat DC Continuous and Acrobat Reader DC Continuous versions 2021.001.20150 and earlier, Acrobat 2020 and Acrobat Reader 2020 versions 2020.001.30020 and earlier versions, Acrobat 2017 and...

2021-07-09 CISEC:8754 Windows TCP/IP Driver Security Feature Bypass Vulnerability
  CISEC:8762 Windows Remote Desktop Services Denial of Service Vulnerability
  CISEC:8760 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8771 Windows NTLM Elevation of Privilege Vulnerability
  CISEC:8769 Windows NTFS Elevation of Privilege Vulnerability
  CISEC:8745 Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8751 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
  CISEC:8750 Windows Kernel Information Disclosure Vulnerability
  CISEC:8757 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8755 Windows Hyper-V Denial of Service Vulnerability
  CISEC:8756 Windows HTML Platform Security Feature Bypass Vulnerability
  CISEC:8763 Windows GPSVC Elevation of Privilege Vulnerability
  CISEC:8752 Windows Filter Manager Elevation of Privilege Vulnerability
  CISEC:8766 Windows DCOM Server Security Feature Bypass
  CISEC:8746 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8761 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8748 Windows Bind Filter Driver Information Disclosure Vulnerability
  CISEC:8753 Server for NFS Information Disclosure Vulnerability
  CISEC:8768 Server for NFS Information Disclosure Vulnerability
  CISEC:8758 Server for NFS Denial of Service Vulnerability
  CISEC:8749 Scripting Engine Memory Corruption Vulnerability
  CISEC:8747 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  CISEC:8764 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  CISEC:8765 Microsoft DWM Core Library Elevation of Privilege Vulnerability
  CISEC:8767 Kerberos AppContainer Security Feature Bypass Vulnerability
  CISEC:8770 Event Tracing for Windows Information Disclosure Vulnerability

2021-07-02 CISEC:8740 Multiple vulnerabilities in Adobe Acrobat and Reader versions 2020.013.20074 and earlier, 2020.001.30018 and earlier, and 2017.011.30188 and earlier
  CISEC:8741 Multiple vulnerabilities in Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier

2021-06-11 CISEC:8723 Windows Wireless Networking Spoofing Vulnerability
  CISEC:8725 Windows Wireless Networking Spoofing Vulnerability
  CISEC:8721 Windows Wireless Networking Information Disclosure Vulnerability
  CISEC:8730 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8734 Windows SSDP Service Elevation of Privilege Vulnerability
  CISEC:8715 Windows SMB Client Security Feature Bypass Vulnerability
  CISEC:8724 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:8726 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
  CISEC:8728 Windows Media Foundation Core Remote Code Execution Vulnerability
  CISEC:8722 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8732 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8718 Windows Desktop Bridge Denial of Service Vulnerability
  CISEC:8719 Windows CSC Service Information Disclosure Vulnerability
  CISEC:8717 Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8720 Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8727 Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8729 Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8737 Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8735 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
  CISEC:8733 OLE Automation Remote Code Execution Vulnerability
  CISEC:8731 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
  CISEC:8716 Microsoft Bluetooth Driver Spoofing Vulnerability
  CISEC:8736 Hyper-V Remote Code Execution Vulnerability
  CISEC:8738 HTTP Protocol Stack Remote Code Execution Vulnerability

2021-05-14 CISEC:8691 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
  CISEC:8677 Windows TCP/IP Information Disclosure Vulnerability
  CISEC:8684 Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8709 Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8665 Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8700 Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8706 Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8644 Windows SMB Information Disclosure Vulnerability
  CISEC:8701 Windows SMB Information Disclosure Vulnerability
  CISEC:8687 Windows Services and Controller App Elevation of Privilege Vulnerability
  CISEC:8663 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  CISEC:8678 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
  CISEC:8688 Windows Portmapping Information Disclosure Vulnerability
  CISEC:8692 Windows Overlay Filter Information Disclosure Vulnerability
  CISEC:8651 Windows NTFS Denial of Service Vulnerability
  CISEC:8649 Windows Network File System Remote Code Execution Vulnerability
  CISEC:8696 Windows Media Video Decoder Remote Code Execution Vulnerability
  CISEC:8705 Windows Media Video Decoder Remote Code Execution Vulnerability
  CISEC:8680 Windows Media Photo Codec Information Disclosure Vulnerability
  CISEC:8645 Windows Kernel Information Disclosure Vulnerability
  CISEC:8661 Windows Kernel Information Disclosure Vulnerability
  CISEC:8671 Windows Installer Spoofing Vulnerability
  CISEC:8652 Windows Installer Information Disclosure Vulnerability
  CISEC:8682 Windows Installer Elevation of Privilege Vulnerability
  CISEC:8699 Windows Installer Elevation of Privilege Vulnerability
  CISEC:8693 Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:8657 Windows Hyper-V Information Disclosure Vulnerability
  CISEC:8676 Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:8640 Windows Hyper-V Denial of Service Vulnerability
  CISEC:8666 Windows GDI+ Remote Code Execution Vulnerability
  CISEC:8702 Windows GDI+ Remote Code Execution Vulnerability
  CISEC:8707 Windows GDI+ Remote Code Execution Vulnerability
  CISEC:8675 Windows GDI+ Information Disclosure Vulnerability
  CISEC:8660 Windows Event Tracing Information Disclosure Vulnerability
  CISEC:8642 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8653 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
  CISEC:8697 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
  CISEC:8674 Windows DNS Information Disclosure Vulnerability
  CISEC:8683 Windows DNS Information Disclosure Vulnerability
  CISEC:8638 Windows Console Driver Denial of Service Vulnerability
  CISEC:8690 Windows Console Driver Denial of Service Vulnerability
  CISEC:8712 Windows AppX Deployment Server Denial of Service Vulnerability
  CISEC:8670 Windows Application Compatibility Cache Denial of Service Vulnerability
  CISEC:8641 Win32k Elevation of Privilege Vulnerability
  CISEC:8668 Win32k Elevation of Privilege Vulnerability
  CISEC:8639 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
  CISEC:8643 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8646 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8647 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8648 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8650 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8655 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8656 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8658 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8659 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8662 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8667 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8669 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8672 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8679 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8681 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8685 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8686 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8689 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8694 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8695 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8698 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8703 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8704 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8708 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8711 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8713 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8714 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8654 NTFS Elevation of Privilege Vulnerability
  CISEC:8673 Microsoft Windows Codecs Library Information Disclosure Vulnerability
  CISEC:8710 Microsoft Internet Messaging API Remote Code Execution Vulnerability
  CISEC:8664 Azure AD Web Sign-in Security Feature Bypass Vulnerability

2021-04-16 CISEC:8621 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8623 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8603 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8610 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8629 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8600 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8636 Windows Virtual Registry Provider Elevation of Privilege Vulnerability
  CISEC:8616 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:8611 Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:8635 Windows Update Stack Setup Elevation of Privilege Vulnerability
  CISEC:8615 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:8628 Windows Update Service Elevation of Privilege Vulnerability
  CISEC:8612 Windows Projected File System Elevation of Privilege Vulnerability
  CISEC:8627 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8631 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8595 Windows Overlay Filter Elevation of Privilege Vulnerability
  CISEC:8591 Windows NAT Denial of Service Vulnerability
  CISEC:8607 Windows Media Photo Codec Information Disclosure Vulnerability
  CISEC:8626 Windows Installer Elevation of Privilege Vulnerability
  CISEC:8604 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:8625 Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:8594 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8633 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
  CISEC:8613 Windows Event Tracing Information Disclosure Vulnerability
  CISEC:8637 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8597 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8609 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8632 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:8614 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8624 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8592 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8598 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8605 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8617 Windows DNS Server Denial of Service Vulnerability
  CISEC:8602 Windows DNS Server Denial of Service Vulnerability
  CISEC:8618 Windows Container Execution Agent Elevation of Privilege Vulnerability
  CISEC:8630 Windows Container Execution Agent Elevation of Privilege Vulnerability
  CISEC:8608 Windows App-V Overlay Filter Elevation of Privilege Vulnerability
  CISEC:8599 Windows ActiveX Installer Service Information Disclosure Vulnerability
  CISEC:8606 Windows 10 Update Assistant Elevation of Privilege Vulnerability
  CISEC:8601 User Profile Service Denial of Service Vulnerability
  CISEC:8622 Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8590 Remote Access API Elevation of Privilege Vulnerability
  CISEC:8634 OpenType Font Parsing Remote Code Execution Vulnerability
  CISEC:8596 Microsoft Windows Security Feature Bypass Vulnerability
  CISEC:8620 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8619 DirectX Elevation of Privilege Vulnerability
  CISEC:8593 Application Virtualization Remote Code Execution Vulnerability

2021-03-17 CISEC:8562 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8589 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8580 Windows Trust Verification API Denial of Service Vulnerability
  CISEC:8576 Windows TCP/IP Remote Code Execution Vulnerability
  CISEC:8579 Windows TCP/IP Remote Code Execution Vulnerability
  CISEC:8577 Windows TCP/IP Denial of Service Vulnerability
  CISEC:8586 Windows Remote Procedure Call Information Disclosure Vulnerability
  CISEC:8574 Windows PKU2U Elevation of Privilege Vulnerability
  CISEC:8584 Windows Network File System Denial of Service Vulnerability
  CISEC:8569 Windows Mobile Device Management Information Disclosure Vulnerability
  CISEC:8563 Windows Local Spooler Remote Code Execution Vulnerability
  CISEC:8582 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8566 Windows Installer Elevation of Privilege Vulnerability
  CISEC:8585 Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:8573 Windows Fax Service Remote Code Execution Vulnerability
  CISEC:8581 Windows Fax Service Remote Code Execution Vulnerability
  CISEC:8570 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8583 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8567 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8564 Windows DirectX Information Disclosure Vulnerability
  CISEC:8571 Windows Console Driver Denial of Service Vulnerability
  CISEC:8565 Windows Camera Codec Pack Remote Code Execution Vulnerability
  CISEC:8575 Windows Backup Engine Information Disclosure Vulnerability
  CISEC:8588 Windows Address Book Remote Code Execution Vulnerability
  CISEC:8572 PFX Encryption Security Feature Bypass Vulnerability
  CISEC:8587 Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
  CISEC:8578 Microsoft Windows VMSwitch Information Disclosure Vulnerability
  CISEC:8568 Microsoft Windows Codecs Library Remote Code Execution Vulnerability

2021-02-12 CISEC:8545 Windows WLAN Service Elevation of Privilege Vulnerability
  CISEC:8516 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8505 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8528 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8550 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8559 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8537 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:8529 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
  CISEC:8532 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
  CISEC:8542 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
  CISEC:8503 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
  CISEC:8513 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
  CISEC:8523 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
  CISEC:8522 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8555 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
  CISEC:8515 Windows Multipoint Management Elevation of Privilege Vulnerability
  CISEC:8548 Windows LUAFV Elevation of Privilege Vulnerability
  CISEC:8534 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8560 Windows InstallService Elevation of Privilege Vulnerability
  CISEC:8506 Windows Installer Elevation of Privilege Vulnerability
  CISEC:8538 Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:8527 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:8554 Windows GDI+ Information Disclosure Vulnerability
  CISEC:8518 Windows Fax Compose Form Remote Code Execution Vulnerability
  CISEC:8543 Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8541 Windows Event Logging Service Elevation of Privilege Vulnerability
  CISEC:8552 Windows Docker Information Disclosure Vulnerability
  CISEC:8540 Windows DNS Query Information Disclosure Vulnerability
  CISEC:8504 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8510 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8519 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8535 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8553 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8556 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8561 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8520 Windows CryptoAPI Denial of Service Vulnerability
  CISEC:8536 Windows Bluetooth Security Feature Bypass Vulnerability
  CISEC:8530 Windows Bluetooth Security Feature Bypass Vulnerability
  CISEC:8557 Windows Bluetooth Security Feature Bypass Vulnerability
  CISEC:8512 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8524 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8511 Windows (modem.sys) Information Disclosure Vulnerability
  CISEC:8507 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8539 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8517 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8521 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8525 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8526 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8533 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8546 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8547 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8549 NTLM Security Feature Bypass Vulnerability
  CISEC:8531 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8558 Microsoft splwow64 Elevation of Privilege Vulnerability
  CISEC:8514 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
  CISEC:8508 Hyper-V Denial of Service Vulnerability
  CISEC:8551 Hyper-V Denial of Service Vulnerability
  CISEC:8509 GDI+ Remote Code Execution Vulnerability
  CISEC:8544 Active Template Library Elevation of Privilege Vulnerability

2021-01-08 CISEC:8502 Windows SMB Information Disclosure Vulnerability
  CISEC:8482 Windows Overlay Filter Security Feature Bypass Vulnerability
  CISEC:8487 Windows NTFS Remote Code Execution Vulnerability
  CISEC:8498 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:8492 Windows Lock Screen Security Feature Bypass Vulnerability
  CISEC:8489 Windows GDI+ Information Disclosure Vulnerability
  CISEC:8481 Windows Error Reporting Information Disclosure Vulnerability
  CISEC:8500 Windows Error Reporting Information Disclosure Vulnerability
  CISEC:8483 Windows Digital Media Receiver Elevation of Privilege Vulnerability
  CISEC:8488 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8490 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8501 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8484 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8485 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8491 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8493 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8495 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8497 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8499 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8494 Kerberos Security Feature Bypass Vulnerability
  CISEC:8496 Hyper-V Remote Code Execution Vulnerability
  CISEC:8486 DirectX Graphics Kernel Elevation of Privilege Vulnerability

2020-12-23 CVE-2020-10148 Solarwinds Orion SUNBURST infection

2020-12-11 CISEC:8473 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8437 Windows WalletService Information Disclosure Vulnerability
  CISEC:8451 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8425 Windows USO Core Worker Elevation of Privilege Vulnerability
  CISEC:8472 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:8450 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:8431 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:8433 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:8440 Windows Update Medic Service Elevation of Privilege Vulnerability
  CISEC:8463 Windows Spoofing Vulnerability
  CISEC:8454 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8467 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8469 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8475 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8428 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8429 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8439 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8462 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8464 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8478 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8480 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8474 Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8446 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8426 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8471 Windows Print Configuration Elevation of Privilege Vulnerability
  CISEC:8455 Windows Port Class Library Elevation of Privilege Vulnerability
  CISEC:8479 Windows Network File System Remote Code Execution Vulnerability
  CISEC:8476 Windows Network File System Information Disclosure Vulnerability
  CISEC:8448 Windows Network File System Denial of Service Vulnerability
  CISEC:8424 Windows NDIS Information Disclosure Vulnerability
  CISEC:8435 Windows MSCTF Server Information Disclosure Vulnerability
  CISEC:8423 Windows KernelStream Information Disclosure Vulnerability
  CISEC:8444 Windows Kernel Local Elevation of Privilege Vulnerability
  CISEC:8434 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8436 Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:8427 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:8438 Windows GDI+ Remote Code Execution Vulnerability
  CISEC:8456 Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
  CISEC:8432 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:8461 Windows Error Reporting Denial of Service Vulnerability
  CISEC:8458 Windows Delivery Optimization Information Disclosure Vulnerability
  CISEC:8453 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8468 Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
  CISEC:8466 Windows Canonical Display Driver Information Disclosure Vulnerability
  CISEC:8470 Windows Camera Codec Information Disclosure Vulnerability
  CISEC:8445 Windows Bind Filter Driver Elevation of Privilege Vulnerability
  CISEC:8442 Win32k Information Disclosure Vulnerability
  CISEC:8449 Win32k Elevation of Privilege Vulnerability
  CISEC:8460 Win32k Elevation of Privilege Vulnerability
  CISEC:8441 Remote Desktop Protocol Server Information Disclosure Vulnerability
  CISEC:8443 Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:8459 Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
  CISEC:8430 Kerberos Security Feature Bypass Vulnerability
  CISEC:8465 DirectX Elevation of Privilege Vulnerability

2020-11-13 CISEC:8381 Windows Text Services Framework Information Disclosure Vulnerability
  CISEC:8386 Windows TCP/IP Remote Code Execution Vulnerability
  CISEC:8413 Windows TCP/IP Denial of Service Vulnerability
  CISEC:8392 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:8414 Windows Storage VSP Driver Elevation of Privilege Vulnerability
  CISEC:8397 Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:8376 Windows Spoofing Vulnerability
  CISEC:8419 Windows SMBv3 Client/Server Denial of Service Vulnerability
  CISEC:8374 Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
  CISEC:8373 Windows Security Feature Bypass Vulnerability
  CISEC:8415 Windows Remote Desktop Service Denial of Service Vulnerability
  CISEC:8385 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:8398 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:8363 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:8369 Windows NAT Remote Code Execution Vulnerability
  CISEC:8402 Windows KernelStream Information Disclosure Vulnerability
  CISEC:8379 Windows Kernel Information Disclosure Vulnerability
  CISEC:8407 Windows Kernel Information Disclosure Vulnerability
  CISEC:8404 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8411 Windows iSCSI Target Service Elevation of Privilege Vulnerability
  CISEC:8420 Windows Installer Elevation of Privilege Vulnerability
  CISEC:8391 Windows Image Elevation of Privilege Vulnerability
  CISEC:8377 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:8370 Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:8401 Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:8395 Windows Hyper-V Denial of Service Vulnerability
  CISEC:8393 Windows GDI+ Information Disclosure Vulnerability
  CISEC:8410 Windows Event System Elevation of Privilege Vulnerability
  CISEC:8368 Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:8418 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:8405 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:8421 Windows Enterprise App Management Service Information Disclosure Vulnerability
  CISEC:8390 Windows Elevation of Privilege Vulnerability
  CISEC:8365 Windows COM Server Elevation of Privilege Vulnerability
  CISEC:8387 Windows COM Server Elevation of Privilege Vulnerability
  CISEC:8384 Windows Camera Codec Pack Remote Code Execution Vulnerability
  CISEC:8406 Windows Camera Codec Pack Remote Code Execution Vulnerability
  CISEC:8412 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8416 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8367 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8380 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8382 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8383 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8388 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8364 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
  CISEC:8366 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
  CISEC:8409 Windows - User Profile Service Elevation of Privilege Vulnerability
  CISEC:8378 Win32k Elevation of Privilege Vulnerability
  CISEC:8389 Win32k Elevation of Privilege Vulnerability
  CISEC:8417 Projected Filesystem Security Feature Bypass Vulnerability
  CISEC:8394 NetBT Information Disclosure Vulnerability
  CISEC:8371 Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8400 Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8372 Media Foundation Memory Corruption Vulnerability
  CISEC:8396 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8408 Group Policy Elevation of Privilege Vulnerability
  CISEC:8403 GDI+ Remote Code Execution Vulnerability
  CISEC:8422 Connected User Experiences and Telemetry Service Denial of Service Vulnerability

2020-10-09 CISEC:8314 Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8344 Windows UPnP Service Elevation of Privilege Vulnerability
  CISEC:8353 Windows Text Service Module Remote Code Execution Vulnerability
  CISEC:8329 Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:8341 Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:8326 Windows State Repository Service Information Disclosure Vulnerability
  CISEC:8292 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8350 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8288 Windows RSoP Service Application Elevation of Privilege Vulnerability
  CISEC:8340 Windows Routing Utilities Denial of Service
  CISEC:8317 Windows Remote Code Execution Vulnerability
  CISEC:8318 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8320 Windows Modules Installer Elevation of Privilege Vulnerability
  CISEC:8304 Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
  CISEC:8325 Windows Media Audio Decoder Remote Code Execution Vulnerability
  CISEC:8349 Windows Media Audio Decoder Remote Code Execution Vulnerability
  CISEC:8293 Windows Language Pack Installer Elevation of Privilege Vulnerability
  CISEC:8290 Windows Kernel Information Disclosure Vulnerability
  CISEC:8309 Windows Kernel Information Disclosure Vulnerability
  CISEC:8310 Windows Kernel Information Disclosure Vulnerability
  CISEC:8319 Windows Kernel Information Disclosure Vulnerability
  CISEC:8345 Windows Kernel Information Disclosure Vulnerability
  CISEC:8298 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8301 Windows InstallService Elevation of Privilege Vulnerability
  CISEC:8335 Windows Information Disclosure Vulnerability
  CISEC:8308 Windows Hyper-V Denial of Service Vulnerability
  CISEC:8322 Windows Hyper-V Denial of Service Vulnerability
  CISEC:8352 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:8354 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:8303 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8315 Windows GDI Information Disclosure Vulnerability
  CISEC:8332 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
  CISEC:8295 Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:8327 Windows Elevation of Privilege Vulnerability
  CISEC:8333 Windows Elevation of Privilege Vulnerability
  CISEC:8334 Windows Elevation of Privilege Vulnerability
  CISEC:8302 Windows dnsrslvr.dll Elevation of Privilege Vulnerability
  CISEC:8342 Windows DNS Denial of Service Vulnerability
  CISEC:8359 Windows DNS Denial of Service Vulnerability
  CISEC:8328 Windows DHCP Server Information Disclosure Vulnerability
  CISEC:8312 Windows Defender Application Control Security Feature Bypass Vulnerability
  CISEC:8307 Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
  CISEC:8296 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8357 Windows CloudExperienceHost Elevation of Privilege Vulnerability
  CISEC:8336 Windows Camera Codec Pack Remote Code Execution Vulnerability
  CISEC:8299 Win32k Information Disclosure Vulnerability
  CISEC:8316 Win32k Information Disclosure Vulnerability
  CISEC:8291 Win32k Elevation of Privilege Vulnerability
  CISEC:8348 TLS Information Disclosure Vulnerability
  CISEC:8323 Shell infrastructure component Elevation of Privilege Vulnerability
  CISEC:8311 Projected Filesystem Information Disclosure Vulnerability
  CISEC:8300 NTFS Elevation of Privilege Vulnerability
  CISEC:8346 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  CISEC:8356 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  CISEC:8297 Microsoft Store Runtime Elevation of Privilege Vulnerability
  CISEC:8358 Microsoft Store Runtime Elevation of Privilege Vulnerability
  CISEC:8324 Microsoft splwow64 Information Disclosure Vulnerability
  CISEC:8339 Microsoft splwow64 Elevation of Privilege Vulnerability
  CISEC:8313 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:8338 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:8305 Microsoft COM for Windows Remote Code Execution Vulnerability
  CISEC:8294 Microsoft COM for Windows Elevation of Privilege Vulnerability
  CISEC:8289 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8306 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8330 Group Policy Elevation of Privilege Vulnerability
  CISEC:8355 GDI+ Remote Code Execution Vulnerability
  CISEC:8343 DirectX Elevation of Privilege Vulnerability
  CISEC:8347 DirectX Elevation of Privilege Vulnerability
  CISEC:8351 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:8331 ADFS Spoofing Vulnerability
  CISEC:8321 Active Directory Remote Code Execution Vulnerability
  CISEC:8337 Active Directory Remote Code Execution Vulnerability
  CISEC:8286 Active Directory Information Disclosure Vulnerability
  CISEC:8287 Active Directory Information Disclosure Vulnerability

2020-09-18 CISEC:8248 Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:8262 Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:8284 Vulnerability in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB before 5.5.52, and 10.0.x before 10.0.28, and 10.1.x before 10.1.18
  CISEC:8260 Vulnerability in Oracle MySQL before 5.7.3 and MariaDB before 5.5.44
  CISEC:8267 Vulnerability in Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier
  CISEC:8279 Vulnerability in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6
  CISEC:8258 Vulnerability in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier
  CISEC:8265 Vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions
  CISEC:8257 Vulnerability in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8264 Vulnerability in MariaDB before 10.1.30 and 10.2.x before 10.2.10
  CISEC:8285 Vulnerability in MariaDB 10.4.7 through 10.4.11
  CISEC:8276 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14
  CISEC:8263 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9
  CISEC:8256 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier
  CISEC:8268 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier
  CISEC:8255 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14
  CISEC:8271 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14
  CISEC:8275 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14
  CISEC:8246 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8250 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8254 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8259 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8273 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8277 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8249 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8251 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8252 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8261 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8269 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8274 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8278 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8280 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8282 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8253 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8247 Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14
  CISEC:8283 Multiple SQL injection vulnerabilities in Oracle MySQL
  CISEC:8270 Buffer overflow in Oracle MySQL and MariaDB before 5.5.35

2020-09-11 CISEC:8123 Windows Work Folders Service Elevation of Privilege Vulnerability
  CISEC:8143 Windows Work Folders Service Elevation of Privilege Vulnerability
  CISEC:8171 Windows Work Folders Service Elevation of Privilege Vulnerability
  CISEC:8133 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:8166 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8167 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8155 Windows WaasMedic Service Information Disclosure Vulnerability
  CISEC:8161 Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:8168 Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:8163 Windows Telephony Server Elevation of Privilege Vulnerability
  CISEC:8165 Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:8100 Windows State Repository Service Information Disclosure Vulnerability
  CISEC:8147 Windows Spoofing Vulnerability
  CISEC:8119 Windows Speech Shell Components Elevation of Privilege Vulnerability
  CISEC:8095 Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8134 Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8141 Windows Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:8160 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8136 Windows RRAS Service Information Disclosure Vulnerability
  CISEC:8137 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
  CISEC:8117 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8125 Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8108 Windows Registry Elevation of Privilege Vulnerability
  CISEC:8142 Windows Registry Elevation of Privilege Vulnerability
  CISEC:8132 Windows Radio Manager API Elevation of Privilege Vulnerability
  CISEC:8130 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8102 Windows Network Connection Broker Elevation of Privilege Vulnerability
  CISEC:8154 Windows Media Remote Code Execution Vulnerability
  CISEC:8099 Windows Kernel Information Disclosure Vulnerability
  CISEC:8101 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8145 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8175 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8104 Windows Image Acquisition Service Information Disclosure Vulnerability
  CISEC:8109 Windows Image Acquisition Service Information Disclosure Vulnerability
  CISEC:8094 Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:8111 Windows GDI Elevation of Privilege Vulnerability
  CISEC:8146 Windows GDI Elevation of Privilege Vulnerability
  CISEC:8162 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
  CISEC:8170 Windows Font Driver Host Remote Code Execution Vulnerability
  CISEC:8105 Windows File Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:8116 Windows File Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:8126 Windows Elevation of Privilege Vulnerability
  CISEC:8097 Windows dnsrslvr.dll Elevation of Privilege Vulnerability
  CISEC:8153 Windows Custom Protocol Engine Elevation of Privilege Vulnerability
  CISEC:8113 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8120 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8144 Windows CDP User Components Elevation of Privilege Vulnerability
  CISEC:8150 Windows CDP User Components Elevation of Privilege Vulnerability
  CISEC:8149 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8093 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8098 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8115 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8122 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8135 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8139 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8140 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8148 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8151 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8152 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8169 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8173 Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8157 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8138 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:8159 Windows Accounts Control Elevation of Privilege Vulnerability
  CISEC:8103 Win32k Information Disclosure Vulnerability
  CISEC:8206 Vulnerability PostgreSQL before 12.2, before 11.7, before 10.12 and before 9.6.17.
  CISEC:8216 Vulnerability insufficiently random numbers
  CISEC:8185 Vulnerability in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5
  CISEC:8227 Vulnerability in Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24
  CISEC:8211 Vulnerability in PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24
  CISEC:8218 Vulnerability in PostgreSQL before 9.5.x before 9.5.2
  CISEC:8240 Vulnerability in PostgreSQL before 9.5.x before 9.5.2
  CISEC:8242 Vulnerability in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5
  CISEC:8225 Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4
  CISEC:8219 Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4
  CISEC:8202 Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4
  CISEC:8224 Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3
  CISEC:8236 Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3
  CISEC:8190 Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3
  CISEC:8222 Vulnerability in PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4
  CISEC:8207 Vulnerability in PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4
  CISEC:8234 Vulnerability in PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1
  CISEC:8210 Vulnerability in PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1
  CISEC:8208 Vulnerability in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5
  CISEC:8179 Vulnerability in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8180 Vulnerability in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8237 Vulnerability in PostgreSQL before 11.1, 10.6
  CISEC:8193 Vulnerability in PostgreSQL 9.3.x before 9.3.22, 9.4.x before 9.4.17, 9.5.x before 9.5.12, 9.6.x before 9.6.8 and 10.x before 10.3
  CISEC:8198 Vulnerability in PostgreSQL 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2
  CISEC:8199 Vulnerability in PostgreSQL 9.3.3 and earlier
  CISEC:8197 Vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23
  CISEC:8177 Vulnerability in PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9
  CISEC:8200 Vulnerability in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23
  CISEC:8205 Vulnerability in PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
  CISEC:8183 Vulnerability in PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4
  CISEC:8232 Vulnerability in PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2
  CISEC:8184 Vulnerability in PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2
  CISEC:8189 Vulnerability in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4
  CISEC:8220 Vulnerability in PostgreSQL 11.x prior to 11.3
  CISEC:8192 Vulnerability in PostgreSQL 11.x before 11.5, 10.x before 10.10, 9.6.x before 9.6.15, 9.5.x before 9.5.19, 9.4.x before 9.4.24
  CISEC:8212 Vulnerability in PostgreSQL 11.x before 11.5
  CISEC:8196 Vulnerability in PostgreSQL 11.x before 11.3, 10.xbefore 10.8, 9.6.x before 9.6.13, 9.5.x before 9.5.17
  CISEC:8181 Vulnerability in PostgreSQL 10.x before 10.4, 9.6.x before 9.6.9
  CISEC:8187 Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10
  CISEC:8204 Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20
  CISEC:8223 Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24
  CISEC:8221 Vulnerability in PostgreSQL
  CISEC:8229 Vulnerability in PostgreSQL
  CISEC:8186 Vulnerability in PostgreSQL
  CISEC:8194 Vulnerability in PostgreSQL
  CISEC:8195 Vulnerability in PostgreSQL
  CISEC:8203 Vulnerability in PHP through 5.3.13, PostgreSQL 8.4 before 8.4.12, PostgreSQL 9.0 before 9.0.8, PostgreSQL 9.1 before 9.1.4
  CISEC:8213 Vulnerability in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5
  CISEC:8182 Unanticipated errors from the standard library in PostgreSQL
  CISEC:8226 Race condition INDEX and
  CISEC:8201 pgcrypto has multiple error messages for decryption with an incorrect key in PostgreSQL
  CISEC:8114 Netlogon Elevation of Privilege Vulnerability
  CISEC:8176 Multiple stack-based buffer overflows in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5
  CISEC:8188 Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8191 Multiple integer overflows in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8245 Multiple integer overflows in PostgreSQL
  CISEC:8241 Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8106 Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8110 Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8244 Memory errors in the pgcrypto extension in PostgreSQL
  CISEC:8178 Memory disclosure vulnerability in PostgreSQL 10.x before 10.2
  CISEC:8096 Media Foundation Memory Corruption Vulnerability
  CISEC:8129 Media Foundation Memory Corruption Vulnerability
  CISEC:8131 Media Foundation Memory Corruption Vulnerability
  CISEC:8156 Media Foundation Memory Corruption Vulnerability
  CISEC:8158 Media Foundation Memory Corruption Vulnerability
  CISEC:8174 Media Foundation Memory Corruption Vulnerability
  CISEC:8112 Media Foundation Information Disclosure Vulnerability
  CISEC:8172 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
  CISEC:8118 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8121 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8127 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8128 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8215 Integer overflow in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2
  CISEC:8243 EnterpriseDB Windows installer bundled OpenSSL executes code from unprotected directory
  CISEC:8235 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2
  CISEC:8164 DirectX Elevation of Privilege Vulnerability
  CISEC:8107 DirectWrite Information Disclosure Vulnerability
  CISEC:8217 CRLF injection vulnerability in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
  CISEC:8228 CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
  CISEC:8238 Constraint violation errors in PostgreSQL
  CISEC:8124 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:8209 Buffer overruns in PostgreSQL
  CISEC:8239 Buffer overrun in PostgreSQL
  CISEC:8230 Buffer overflow intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20
  CISEC:8214 Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13
  CISEC:8231 Arbitrary code execution vulnerability in PostgreSQL 9.3 through 11.2
  CISEC:8233 An error in PostgreSQL

2020-08-21 CISEC:8065 Vulnerability in JetBrains Hub versions earlier than 2019.1.11738
  CISEC:8064 Vulnerability in JetBrains Hub before 2020.1.12099
  CISEC:8062 Vulnerability in JetBrains Hub before 2018.4.11436
  CISEC:8066 Vulnerability in JetBrains Hub before 2018.4.11298
  CISEC:8061 Vulnerability in Bitdefender Total Security 21.0.24.62
  CISEC:8058 Vulnerability in Bitdefender Total Security 2020 prior to 24.9
  CISEC:8048 Vulnerability in Bitdefender Total Security 2020 prior to 24.0.20.116
  CISEC:8052 Vulnerability in Bitdefender Total Security 2020 prior to 24.0.12.69
  CISEC:8050 Vulnerability in Bitdefender Safepay before 23.0.10.34
  CISEC:8057 Vulnerability in Bitdefender Safepay before 23.0.10.34
  CISEC:8060 Vulnerability in Bitdefender Safepay before 23.0.10.34
  CISEC:8053 Vulnerability in Bitdefender products
  CISEC:8059 Vulnerability in Bitdefender Endpoint Security Tools prior to 6.6.11.163
  CISEC:8051 Vulnerability in Bitdefender Antivirus Free prior to 1.0.17.178
  CISEC:8045 Vulnerability in Bitdefender Antivirus Free prior to 1.0.17
  CISEC:8054 Vulnerability in Bitdefender Antivirus Free prior to 1.0.15.138
  CISEC:8047 Code injection vulnerability in Bitdefender

2020-08-13 CISEC:7959 Windows WalletService Information Disclosure Vulnerability
  CISEC:8022 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8037 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:7997 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8010 Windows WalletService Denial of Service Vulnerability
  CISEC:7996 Windows USO Core Worker Elevation of Privilege Vulnerability
  CISEC:8033 Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:7968 Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:7958 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7974 Windows System Events Broker Elevation of Privilege Vulnerability
  CISEC:8025 Windows Sync Host Service Elevation of Privilege Vulnerability
  CISEC:7976 Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:7993 Windows Spatial Data Service Elevation of Privilege Vulnerability
  CISEC:7970 Windows SharedStream Library Elevation of Privilege Vulnerability
  CISEC:8015 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8017 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8021 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8039 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7960 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7975 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7987 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7990 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7991 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8028 Windows Resource Policy Information Disclosure Vulnerability
  CISEC:7988 Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:8006 Windows Profile Service Elevation of Privilege Vulnerability
  CISEC:7963 Windows Print Workflow Service Elevation of Privilege Vulnerability
  CISEC:8018 Windows Picker Platform Elevation of Privilege Vulnerability
  CISEC:8029 Windows Network Location Awareness Service Elevation of Privilege Vulnerability
  CISEC:8042 Windows Network List Service Elevation of Privilege Vulnerability
  CISEC:8008 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:8011 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7995 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7979 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7981 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7986 Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
  CISEC:7973 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
  CISEC:7983 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
  CISEC:8041 Windows Lockscreen Elevation of Privilege Vulnerability
  CISEC:8016 Windows Kernel Information Disclosure Vulnerability
  CISEC:8026 Windows Kernel Information Disclosure Vulnerability
  CISEC:8036 Windows Kernel Information Disclosure Vulnerability
  CISEC:7964 Windows Kernel Information Disclosure Vulnerability
  CISEC:7961 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7966 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8027 Windows iSCSI Target Service Elevation of Privilege Vulnerability
  CISEC:7977 Windows Imaging Component Information Disclosure Vulnerability
  CISEC:8007 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8013 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7998 Windows GDI Information Disclosure Vulnerability
  CISEC:7962 Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:7985 Windows Font Library Remote Code Execution Vulnerability
  CISEC:8012 Windows Font Driver Host Remote Code Execution Vulnerability
  CISEC:8032 Windows Event Logging Service Elevation of Privilege Vulnerability
  CISEC:7980 Windows Event Logging Service Elevation of Privilege Vulnerability
  CISEC:8019 Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:7972 Windows Error Reporting Information Disclosure Vulnerability
  CISEC:8002 Windows Elevation of Privilege Vulnerability
  CISEC:8009 Windows Elevation of Privilege Vulnerability
  CISEC:8023 Windows Elevation of Privilege Vulnerability
  CISEC:8000 Windows Elevation of Privilege Vulnerability
  CISEC:8030 Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8040 Windows Diagnostics Hub Elevation of Privilege Vulnerability
  CISEC:8001 Windows Credential Picker Elevation of Privilege Vulnerability
  CISEC:7994 Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
  CISEC:7969 Windows COM Server Elevation of Privilege Vulnerability
  CISEC:7989 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
  CISEC:7992 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
  CISEC:7967 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8035 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:8034 Windows Agent Activation Runtime Information Disclosure Vulnerability
  CISEC:8004 Windows Address Book Remote Code Execution Vulnerability
  CISEC:7971 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:8003 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:8005 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:7982 Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8020 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7965 Local Security Authority Subsystem Service Denial of Service Vulnerability
  CISEC:8031 LNK Remote Code Execution Vulnerability
  CISEC:8014 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8024 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8038 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7999 Group Policy Services Policy Processing Elevation of Privilege Vulnerability
  CISEC:7984 GDI+ Remote Code Execution Vulnerability
  CISEC:7978 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability

2020-07-31 CISEC:7936 Vulnerability in Avira Antivirus through 15.0.2005.1866
  CISEC:7935 Vulnerability in Avira Antivirus before 8.3.54.138
  CISEC:7933 Vulnerability in Avira Antivirus before 15.0.2004.1825
  CISEC:7934 Vulnerability in Avira Antivirus before 15.0.2003.1821
  CISEC:7932 Vulnerability in Avira Antivirus
  CISEC:7937 Vulnerability in Avira Antivirus
  CISEC:7939 Vulnerability in Avira Antivirus

2020-07-24 CISEC:7925 Vulnerability in Kaspersky products
  CISEC:7904 Vulnerability in Kaspersky Password Manager before 8.0.6.538
  CISEC:7921 Vulnerability in Kaspersky Embedded Systems Security 1.2.0.300 and 2.0.0.385
  CISEC:7905 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7906 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7908 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7912 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7916 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7919 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7923 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7927 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7928 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7929 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7930 Vulnerability in Kaspersky Anti-Virus products
  CISEC:7924 Vulnerability in AhnLab V3 Internet Security 2011.01.18.00, avast! Antivirus 4.8.1351.0 and 5.0.677.0, Kaspersky Anti-Virus 7.0.0.125, ClamAV 0.96.4, Emsisoft Anti-Malware 5.1.0.1

2020-07-17 CISEC:7856 Vulnerability index error in Google Chrome before 41.0.2272.76
  CISEC:7825 Vulnerability in Skia, as used in Google Chrome before 41.0.2272.76
  CISEC:7896 Vulnerability in Skia, as used in Google Chrome before 41.0.2272.76
  CISEC:7822 Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7839 Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7848 Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7854 Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7881 Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7866 Vulnerability in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings
  CISEC:7819 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7837 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7838 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7844 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7847 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7863 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7867 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7869 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7898 Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7864 Vulnerability in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute
  CISEC:7872 Vulnerability in Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value
  CISEC:7821 Vulnerability in Google Chrome before 43.0.2357.65
  CISEC:7855 Vulnerability in Google Chrome before 43.0.2357.65
  CISEC:7901 Vulnerability in Google Chrome before 43.0.2357.65
  CISEC:7824 Vulnerability in Google Chrome before 43.0.2357.130
  CISEC:7829 Vulnerability in Google Chrome before 43.0.2357.130
  CISEC:7841 Vulnerability in Google Chrome before 43.0.2357.130
  CISEC:7885 Vulnerability in Google Chrome before 43.0.2357.130
  CISEC:7812 Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7818 Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7826 Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7832 Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7840 Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7874 Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7891 Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7813 Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7817 Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7853 Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7859 Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7861 Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7884 Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7897 Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7902 Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7845 Vulnerability in Google Chrome before 41.0.2272.118
  CISEC:7870 Vulnerability in Google Chrome before 40.0.2214.91
  CISEC:7889 Vulnerability in Google Chrome before 40.0.2214.111
  CISEC:7890 Vulnerability in Blink, as used initialize a certain width field
  CISEC:7852 Vulnerability in Blink, as used in Google Chrome before 45.0.2454.85
  CISEC:7830 Vulnerability in Blink, as used in Google Chrome before 43.0.2357.65
  CISEC:7892 Vulnerability in Blink, as used in Google Chrome before 43.0.2357.65
  CISEC:7873 Vulnerability in Blink, as used in Google Chrome before 42.0.2311.90
  CISEC:7883 Vulnerability in Blink, as used in Google Chrome before 42.0.2311.90
  CISEC:7835 Vulnerability in Blink, as used in Google Chrome before 40.0.2214.111
  CISEC:7882 Use-after-free vulnerability IndexedDB implementation in Google Chrome before 44.0.2403.89
  CISEC:7880 Use-after-free vulnerability in the Speech subsystem in Google Chrome before 43.0.2357.65
  CISEC:7879 Use-after-free vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7850 Use-after-free vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7886 Use-after-free vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7851 Use-after-free vulnerability in Google Chrome before 43.0.2357.65
  CISEC:7816 Use-after-free vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7820 Use-after-free vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7878 Use-after-free vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7900 Use-after-free vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7831 Use-after-free vulnerability in Blink, as used in Google Chrome before 45.0.2454.85
  CISEC:7877 Use-after-free vulnerability in Blink, as used in Google Chrome before 43.0.2357.65
  CISEC:7828 Use-after-free vulnerability in Blink, as used in Google Chrome before 42.0.2311.135
  CISEC:7893 Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76
  CISEC:7815 Use-after-free vulnerability in Blink, as used in Google Chrome before 40.0.2214.111
  CISEC:7868 Race condition in Google Chrome before 41.0.2272.118
  CISEC:7875 Multiple use-after-free vulnerabilities in Google Chrome before 45.0.2454.85
  CISEC:7899 Multiple use-after-free vulnerabilities in Google Chrome before 44.0.2403.89
  CISEC:7827 Multiple use-after-free vulnerabilities in Google Chrome before 43.0.2357.65
  CISEC:7849 Multiple use-after-free vulnerabilities in Google Chrome before 41.0.2272.76
  CISEC:7894 Multiple use-after-free vulnerabilities in Blink, as used in Google Chrome before 41.0.2272.76
  CISEC:7895 Multiple use-after-free vulnerabilities in Blink, as used in Google Chrome before 41.0.2272.76
  CISEC:7871 Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89
  CISEC:7836 Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65
  CISEC:7903 Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90
  CISEC:7860 Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135
  CISEC:7865 Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76
  CISEC:7876 Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91
  CISEC:7823 Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111
  CISEC:7814 Multiple integer overflows in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products
  CISEC:7887 Memory corruption in V8 in Google Chrome before 44.0.2403.89
  CISEC:7842 Integer overflow in Skia, as used in Google Chrome before 41.0.2272.76
  CISEC:7843 Integer overflow in Google Chrome before 44.0.2403.89
  CISEC:7888 Integer overflow in Google Chrome before 41.0.2272.76
  CISEC:7834 Heap-based buffer overflow in PDFium in Google Chrome before 44.0.2403.89
  CISEC:7862 Double-free vulnerability in Google Chrome 41.0.2251.0
  CISEC:7846 Cross-site scripting
  CISEC:7857 Cross-site scripting

2020-07-10 CISEC:7785 Windows WLAN Service Elevation of Privilege Vulnerability
  CISEC:7782 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:7719 Windows WalletService Elevation of Privilege Vulnerability
  CISEC:7776 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:7777 Windows Text Service Framework Elevation of Privilege Vulnerability
  CISEC:7766 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7718 Windows SMBv3 Client/Server Information Disclosure Vulnerability
  CISEC:7727 Windows SMB Remote Code Execution Vulnerability
  CISEC:7778 Windows Shell Remote Code Execution Vulnerability
  CISEC:7757 Windows Service Information Disclosure Vulnerability
  CISEC:7763 Windows Runtime Information Disclosure Vulnerability
  CISEC:7797 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7758 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7715 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7731 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7738 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7746 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7750 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7779 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7752 Windows Remote Code Execution Vulnerability
  CISEC:7760 Windows Registry Denial of Service Vulnerability
  CISEC:7795 Windows Print Configuration Elevation of Privilege Vulnerability
  CISEC:7717 Windows OLE Remote Code Execution Vulnerability
  CISEC:7787 Windows Now Playing Session Manager Elevation of Privilege Vulnerability
  CISEC:7774 Windows Network List Service Elevation of Privilege Vulnerability
  CISEC:7728 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7780 Windows Modules Installer Service Elevation of Privilege Vulnerability
  CISEC:7720 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
  CISEC:7764 Windows Lockscreen Elevation of Privilege Vulnerability
  CISEC:7722 Windows Kernel Security Feature Bypass Vulnerability
  CISEC:7789 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7790 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7791 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7723 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7724 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7725 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7726 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7730 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7734 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7735 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7736 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7742 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7769 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7796 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7748 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7751 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7762 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7793 Windows Host Guardian Service Security Feature Bypass Vulnerability
  CISEC:7786 Windows GDI Information Disclosure Vulnerability
  CISEC:7714 Windows GDI Elevation of Privilege Vulnerability
  CISEC:7744 Windows GDI Elevation of Privilege Vulnerability
  CISEC:7747 Windows Feedback Hub Elevation of Privilege Vulnerability
  CISEC:7775 Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:7792 Windows Error Reporting Information Disclosure Vulnerability
  CISEC:7759 Windows Error Reporting Information Disclosure Vulnerability
  CISEC:7773 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7799 Windows Elevation of Privilege Vulnerability
  CISEC:7756 Windows Elevation of Privilege Vulnerability
  CISEC:7741 Windows Diagnostics & feedback Information Disclosure Vulnerability
  CISEC:7765 Windows Denial of Service Vulnerability
  CISEC:7767 Windows Bluetooth Service Elevation of Privilege Vulnerability
  CISEC:7753 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:7716 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
  CISEC:7743 Win32k Information Disclosure Vulnerability
  CISEC:7732 Win32k Elevation of Privilege Vulnerability
  CISEC:7737 Win32k Elevation of Privilege Vulnerability
  CISEC:7739 Win32k Elevation of Privilege Vulnerability
  CISEC:7740 Win32k Elevation of Privilege Vulnerability
  CISEC:7770 Win32k Elevation of Privilege Vulnerability
  CISEC:7749 OpenSSH for Windows Elevation of Privilege Vulnerability
  CISEC:7772 OLE Automation Elevation of Privilege Vulnerability
  CISEC:7781 Microsoft Store Runtime Elevation of Privilege Vulnerability
  CISEC:7798 Microsoft Store Runtime Elevation of Privilege Vulnerability
  CISEC:7794 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7783 Media Foundation Memory Corruption Vulnerability
  CISEC:7771 Media Foundation Memory Corruption Vulnerability
  CISEC:7755 Media Foundation Information Disclosure Vulnerability
  CISEC:7729 LNK Remote Code Execution Vulnerability
  CISEC:7745 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7768 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7754 Group Policy Elevation of Privilege Vulnerability
  CISEC:7733 GDI+ Remote Code Execution Vulnerability
  CISEC:7721 DirectX Elevation of Privilege Vulnerability
  CISEC:7784 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
  CISEC:7788 Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7761 Component Object Model Elevation of Privilege Vulnerability

2020-07-03 CISEC:7663 Vulnerability in Acronis True Image up to and including version 2017 Build 8053
  CISEC:7666 Untrusted search path vulnerability in Amazon Kindle before 1.19
  CISEC:7653 Microsoft Office Remote Code Execution Vulnerability

2020-06-12 CISEC:7576 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7585 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7590 Windows Task Scheduler Security Feature Bypass Vulnerability
  CISEC:7609 Windows Subsystem for Linux Information Disclosure Vulnerability
  CISEC:7619 Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:7564 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7584 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7596 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7599 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7600 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7602 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7603 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7604 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7606 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7617 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7618 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7558 Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7569 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7578 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7591 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7594 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7605 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7611 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7613 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7623 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7560 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7561 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7552 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7555 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7550 Windows Remote Code Execution Vulnerability
  CISEC:7620 Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
  CISEC:7551 Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7597 Windows Printer Service Elevation of Privilege Vulnerability
  CISEC:7607 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:7546 Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:7579 Windows Kernel Information Disclosure Vulnerability
  CISEC:7573 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7595 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7574 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7622 Windows Hyper-V Denial of Service Vulnerability
  CISEC:7554 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7588 Windows GDI Information Disclosure Vulnerability
  CISEC:7601 Windows GDI Information Disclosure Vulnerability
  CISEC:7548 Windows GDI Information Disclosure Vulnerability
  CISEC:7549 Windows GDI Information Disclosure Vulnerability
  CISEC:7570 Windows GDI Elevation of Privilege Vulnerability
  CISEC:7562 Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:7587 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7589 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7621 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7553 Windows Denial of Service Vulnerability
  CISEC:7608 Windows CSRSS Information Disclosure Vulnerability
  CISEC:7571 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:7565 Windows Clipboard Service Elevation of Privilege Vulnerability
  CISEC:7568 Windows Clipboard Service Elevation of Privilege Vulnerability
  CISEC:7556 Windows Clipboard Service Elevation of Privilege Vulnerability
  CISEC:7559 Windows Clipboard Service Elevation of Privilege Vulnerability
  CISEC:7592 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
  CISEC:7598 Win32k Elevation of Privilege Vulnerability
  CISEC:7612 Win32k Elevation of Privilege Vulnerability
  CISEC:7580 Microsoft Windows Transport Layer Security Denial of Service Vulnerability
  CISEC:7567 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:7610 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:7547 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:7581 Microsoft Script Runtime Remote Code Execution Vulnerability
  CISEC:7582 Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:7615 Microsoft Color Management Remote Code Execution Vulnerability
  CISEC:7577 Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
  CISEC:7572 Media Foundation Memory Corruption Vulnerability
  CISEC:7583 Media Foundation Memory Corruption Vulnerability
  CISEC:7614 Media Foundation Memory Corruption Vulnerability
  CISEC:7557 Media Foundation Memory Corruption Vulnerability
  CISEC:7566 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7575 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7586 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7563 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7616 DirectX Elevation of Privilege Vulnerability
  CISEC:7593 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
  CISEC:7545 Connected User Experiences and Telemetry Service Denial of Service Vulnerability

2020-05-29 CISEC:7516 Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:7515 VBScript Remote Code Execution Vulnerability
  CISEC:7513 Scripting Engine Memory Corruption Vulnerability
  CISEC:7518 Scripting Engine Memory Corruption Vulnerability
  CISEC:7519 Scripting Engine Memory Corruption Vulnerability
  CISEC:7506 Scripting Engine Memory Corruption Vulnerability
  CISEC:7507 Scripting Engine Memory Corruption Vulnerability
  CISEC:7508 Scripting Engine Memory Corruption Vulnerability
  CISEC:7512 Scripting Engine Memory Corruption Vulnerability
  CISEC:7509 Microsoft Edge Memory Corruption Vulnerability
  CISEC:7517 Internet Explorer Memory Corruption Vulnerability
  CISEC:7514 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:7510 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:7511 Chakra Scripting Engine Memory Corruption Vulnerability

2020-05-22 CISEC:7427 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7443 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7487 Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7488 Windows Token Security Feature Bypass Vulnerability
  CISEC:7455 Windows SMBv3 Client/Server Remote Code Execution Vulnerability
  CISEC:7480 Windows Scheduled Task Elevation of Privilege Vulnerability
  CISEC:7454 Windows Push Notification Service Information Disclosure Vulnerability
  CISEC:7436 Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7469 Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7482 Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7486 Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7426 Windows Kernel Information Disclosure Vulnerability
  CISEC:7493 Windows Kernel Information Disclosure Vulnerability
  CISEC:7477 Windows Kernel Information Disclosure in CPU Memory Access
  CISEC:7430 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7466 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7472 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7490 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7438 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:7428 Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:7464 Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:7424 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7437 Windows GDI Information Disclosure Vulnerability
  CISEC:7433 Windows Elevation of Privilege Vulnerability
  CISEC:7440 Windows Elevation of Privilege Vulnerability
  CISEC:7444 Windows Elevation of Privilege Vulnerability
  CISEC:7449 Windows Elevation of Privilege Vulnerability
  CISEC:7450 Windows Elevation of Privilege Vulnerability
  CISEC:7489 Windows Elevation of Privilege Vulnerability
  CISEC:7475 Windows DNS Denial of Service Vulnerability
  CISEC:7432 Windows Denial of Service Vulnerability
  CISEC:7452 Win32k Information Disclosure Vulnerability
  CISEC:7481 Win32k Information Disclosure Vulnerability
  CISEC:7445 Win32k Elevation of Privilege Vulnerability
  CISEC:7484 Win32k Elevation of Privilege Vulnerability
  CISEC:7491 Win32k Elevation of Privilege Vulnerability
  CISEC:7448 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:7483 Microsoft Windows Update Client Elevation of Privilege Vulnerability
  CISEC:7470 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  CISEC:7447 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:7457 Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:7429 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7456 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7468 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7434 Media Foundation Memory Corruption Vulnerability
  CISEC:7446 Media Foundation Memory Corruption Vulnerability
  CISEC:7459 Media Foundation Memory Corruption Vulnerability
  CISEC:7431 Media Foundation Information Disclosure Vulnerability
  CISEC:7453 Media Foundation Information Disclosure Vulnerability
  CISEC:7461 Media Foundation Information Disclosure Vulnerability
  CISEC:7465 Media Foundation Information Disclosure Vulnerability
  CISEC:7471 Media Foundation Information Disclosure Vulnerability
  CISEC:7425 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7439 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7458 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7460 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7463 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7473 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7474 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7476 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7479 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7492 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7451 GDI+ Remote Code Execution Vulnerability
  CISEC:7467 DirectX Elevation of Privilege Vulnerability
  CISEC:7478 DirectX Elevation of Privilege Vulnerability
  CISEC:7435 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:7442 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:7462 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:7441 Adobe Font Manager Library Remote Code Execution Vulnerability
  CISEC:7485 Adobe Font Manager Library Remote Code Execution Vulnerability

2020-04-17 CISEC:7340 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7370 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7387 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7398 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7402 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7328 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7330 Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7374 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:7347 Windows UPnP Service Elevation of Privilege Vulnerability
  CISEC:7359 Windows UPnP Service Elevation of Privilege Vulnerability
  CISEC:7365 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:7329 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:7384 Windows Tile Object Service Denial of Service Vulnerability
  CISEC:7339 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7334 Windows Network List Service Elevation of Privilege Vulnerability
  CISEC:7364 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
  CISEC:7350 Windows Network Connections Service Information Disclosure Vulnerability
  CISEC:7343 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7366 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7367 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7368 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7375 Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7338 Windows Modules Installer Service Information Disclosure Vulnerability
  CISEC:7381 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
  CISEC:7344 Windows Language Pack Installer Elevation of Privilege Vulnerability
  CISEC:7327 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7361 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7377 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7395 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7400 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7333 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7385 Windows Imaging Component Information Disclosure Vulnerability
  CISEC:7341 Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:7355 Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:7358 Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:7331 Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:7372 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:7342 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7383 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7369 Windows GDI Information Disclosure Vulnerability
  CISEC:7382 Windows GDI Information Disclosure Vulnerability
  CISEC:7389 Windows GDI Information Disclosure Vulnerability
  CISEC:7393 Windows GDI Information Disclosure Vulnerability
  CISEC:7337 Windows GDI Information Disclosure Vulnerability
  CISEC:7376 Windows Error Reporting Information Disclosure Vulnerability
  CISEC:7360 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7399 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7352 Windows Elevation of Privilege Vulnerability
  CISEC:7388 Windows Elevation of Privilege Vulnerability
  CISEC:7351 Windows Device Setup Manager Elevation of Privilege Vulnerability
  CISEC:7378 Windows Defender Security Center Elevation of Privilege Vulnerability
  CISEC:7379 Windows Defender Security Center Elevation of Privilege Vulnerability
  CISEC:7348 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:7401 Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:7363 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
  CISEC:7332 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:7357 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:7362 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:7391 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:7354 Win32k Information Disclosure Vulnerability
  CISEC:7349 Win32k Elevation of Privilege Vulnerability
  CISEC:7371 Win32k Elevation of Privilege Vulnerability
  CISEC:7336 Win32k Elevation of Privilege Vulnerability
  CISEC:7386 Provisioning Runtime Elevation of Privilege Vulnerability
  CISEC:7373 Microsoft IIS Server Tampering Vulnerability
  CISEC:7380 Media Foundation Memory Corruption Vulnerability
  CISEC:7392 Media Foundation Memory Corruption Vulnerability
  CISEC:7394 Media Foundation Memory Corruption Vulnerability
  CISEC:7335 Media Foundation Memory Corruption Vulnerability
  CISEC:7353 Media Foundation Information Disclosure Vulnerability
  CISEC:7346 LNK Remote Code Execution Vulnerability
  CISEC:7396 GDI+ Remote Code Execution Vulnerability
  CISEC:7397 GDI+ Remote Code Execution Vulnerability
  CISEC:7390 DirectX Elevation of Privilege Vulnerability
  CISEC:7356 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
  CISEC:7345 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

2020-04-05 CVE-2019-20781 oval:com.altx-soft.win:def:68524: Vulnerability in LG Bridge before 1.2.54

2020-03-27 CISEC:7274 Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a heap corruption vulnerability

2020-03-20 CISEC:7273 Multiple vulnerabilities on Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier
  CISEC:7271 Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier.
  CISEC:7270 Internet Explorer Memory Corruption Vulnerability

2020-03-13 CISEC:7212 Windows Wireless Network Manager Elevation of Privilege Vulnerability
  CISEC:7253 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:7243 Windows SSH Elevation of Privilege Vulnerability
  CISEC:7193 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7217 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7247 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7264 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7219 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:7203 Windows Remote Code Execution Vulnerability
  CISEC:7258 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
  CISEC:7210 Windows Modules Installer Service Information Disclosure Vulnerability
  CISEC:7194 Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7202 Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7205 Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7228 Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7239 Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7251 Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7265 Windows Kernel Information Disclosure Vulnerability
  CISEC:7192 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7215 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7245 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7249 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7261 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7197 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7263 Windows Installer Elevation of Privilege Vulnerability
  CISEC:7240 Windows Information Disclosure Vulnerability
  CISEC:7188 Windows IME Elevation of Privilege Vulnerability
  CISEC:7241 Windows Imaging Library Remote Code Execution Vulnerability
  CISEC:7196 Windows Hyper-V Denial of Service Vulnerability
  CISEC:7227 Windows Hyper-V Denial of Service Vulnerability
  CISEC:7201 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7222 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7250 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7208 Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:7254 Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:7257 Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:7237 Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:7252 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7260 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7207 Windows Elevation of Privilege Vulnerability
  CISEC:7226 Windows Elevation of Privilege Vulnerability
  CISEC:7191 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:7214 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:7231 Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:7259 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:7262 Windows COM Server Elevation of Privilege Vulnerability
  CISEC:7195 Windows Client License Service Elevation of Privilege Vulnerability
  CISEC:7206 Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:7233 Win32k Information Disclosure Vulnerability
  CISEC:7235 Win32k Information Disclosure Vulnerability
  CISEC:7198 Win32k Elevation of Privilege Vulnerability
  CISEC:7199 Win32k Elevation of Privilege Vulnerability
  CISEC:7204 Win32k Elevation of Privilege Vulnerability
  CISEC:7211 Win32k Elevation of Privilege Vulnerability
  CISEC:7218 Win32k Elevation of Privilege Vulnerability
  CISEC:7221 Win32k Elevation of Privilege Vulnerability
  CISEC:7223 Win32k Elevation of Privilege Vulnerability
  CISEC:7225 Win32k Elevation of Privilege Vulnerability
  CISEC:7242 Win32k Elevation of Privilege Vulnerability
  CISEC:7244 Win32k Elevation of Privilege Vulnerability
  CISEC:7216 Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:7232 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:7255 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:7229 Microsoft Secure Boot Security Feature Bypass Vulnerability
  CISEC:7234 Microsoft Graphics Components Information Disclosure Vulnerability
  CISEC:7213 Media Foundation Memory Corruption Vulnerability
  CISEC:7236 LNK Remote Code Execution Vulnerability
  CISEC:7190 DirectX Information Disclosure Vulnerability
  CISEC:7189 DirectX Elevation of Privilege Vulnerability
  CISEC:7209 DirectX Elevation of Privilege Vulnerability
  CISEC:7266 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:7200 Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7224 Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7238 Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7246 Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7248 Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7256 Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7220 Active Directory Elevation of Privilege Vulnerability

2020-03-06 CISEC:7174 Brackets versions 1.14 and earlier have a command injection vulnerability

2020-02-28 CISEC:7173 Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability

2020-02-21 CISEC:7160 VBScript Remote Code Execution Vulnerability
  CISEC:7164 Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier.
  CISEC:7162 Microsoft Browser Spoofing Vulnerability
  CISEC:7163 Microsoft Browser Security Feature Bypass Vulnerability
  CISEC:7161 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:7158 Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability
  CISEC:7157 Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability

2020-02-14 CISEC:7138 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:7128 Windows Security Feature Bypass Vulnerability
  CISEC:7122 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7124 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7135 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7136 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7137 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7139 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7142 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7146 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7148 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7149 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7154 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7155 Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7133 Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
  CISEC:7134 Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
  CISEC:7151 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
  CISEC:7145 Windows GDI+ Information Disclosure Vulnerability
  CISEC:7125 Windows Elevation of Privilege Vulnerability
  CISEC:7152 Windows Elevation of Privilege Vulnerability
  CISEC:7156 Windows CryptoAPI Spoofing Vulnerability
  CISEC:7143 Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:7144 Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:7132 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:7121 Win32k Information Disclosure Vulnerability
  CISEC:7123 Win32k Elevation of Privilege Vulnerability
  CISEC:7130 Win32k Elevation of Privilege Vulnerability
  CISEC:7147 Update Notification Manager Elevation of Privilege Vulnerability
  CISEC:7126 Remote Desktop Web Access Information Disclosure Vulnerability
  CISEC:7140 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:7150 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:7129 Microsoft Windows Denial of Service Vulnerability
  CISEC:7153 Microsoft Graphics Components Information Disclosure Vulnerability
  CISEC:7141 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7127 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
  CISEC:7131 Hyper-V Denial of Service Vulnerability

2020-01-17 CISEC:6833 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:6830 Windows Printer Service Elevation of Privilege Vulnerability
  CISEC:6836 Windows OLE Remote Code Execution Vulnerability
  CISEC:6828 Windows Media Player Information Disclosure Vulnerability
  CISEC:6829 Windows Media Player Information Disclosure Vulnerability
  CISEC:6840 Windows Kernel Information Disclosure Vulnerability
  CISEC:6842 Windows Kernel Information Disclosure Vulnerability
  CISEC:6844 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6839 Windows Hyper-V Information Disclosure Vulnerability
  CISEC:6826 Windows GDI Information Disclosure Vulnerability
  CISEC:6831 Windows GDI Information Disclosure Vulnerability
  CISEC:6834 Windows GDI Information Disclosure Vulnerability
  CISEC:6832 Windows Elevation of Privilege Vulnerability
  CISEC:6835 Windows Elevation of Privilege Vulnerability
  CISEC:6838 Windows COM Server Elevation of Privilege Vulnerability
  CISEC:6827 Win32k Information Disclosure Vulnerability
  CISEC:6843 Win32k Graphics Remote Code Execution Vulnerability
  CISEC:6841 Win32k Elevation of Privilege Vulnerability
  CISEC:6837 Microsoft Defender Security Feature Bypass Vulnerability

2019-12-20 CISEC:6767 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:6770 Windows UPnP Service Elevation of Privilege Vulnerability
  CISEC:6778 Windows TCP/IP Information Disclosure Vulnerability
  CISEC:6788 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6780 Windows Remote Procedure Call Information Disclosure Vulnerability
  CISEC:6781 Windows Modules Installer Service Information Disclosure Vulnerability
  CISEC:6760 Windows Kernel Information Disclosure Vulnerability
  CISEC:6758 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6763 Windows Installer Elevation of Privilege Vulnerability
  CISEC:6739 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6743 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6772 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6750 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6786 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6793 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6794 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6755 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6746 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6756 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6773 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6789 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6792 Windows GDI Information Disclosure Vulnerability
  CISEC:6764 Windows Error Reporting Information Disclosure Vulnerability
  CISEC:6740 Windows Elevation of Privilege Vulnerability
  CISEC:6748 Windows Elevation of Privilege Vulnerability
  CISEC:6759 Windows Elevation of Privilege Vulnerability
  CISEC:6742 Windows Denial of Service Vulnerability
  CISEC:6768 Windows Denial of Service Vulnerability
  CISEC:6745 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6757 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6782 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6777 Windows Certificate Dialog Elevation of Privilege Vulnerability
  CISEC:6741 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:6752 Win32k Information Disclosure Vulnerability
  CISEC:6754 Win32k Information Disclosure Vulnerability
  CISEC:6747 Win32k Graphics Remote Code Execution Vulnerability
  CISEC:6753 Win32k Elevation of Privilege Vulnerability
  CISEC:6744 Win32k Elevation of Privilege Vulnerability
  CISEC:6761 Win32k Elevation of Privilege Vulnerability
  CISEC:6762 Win32k Elevation of Privilege Vulnerability
  CISEC:6769 Win32k Elevation of Privilege Vulnerability
  CISEC:6790 Win32k Elevation of Privilege Vulnerability
  CISEC:6749 OpenType Font Parsing Remote Code Execution Vulnerability
  CISEC:6784 OpenType Font Parsing Remote Code Execution Vulnerability
  CISEC:6771 OpenType Font Driver Information Disclosure Vulnerability
  CISEC:6785 NetLogon Security Feature Bypass Vulnerability
  CISEC:6812 Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497...
  CISEC:6815 Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and...
  CISEC:6814 Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier.
  CISEC:6810 Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier.
  CISEC:6791 Microsoft Windows Security Feature Bypass Vulnerability
  CISEC:6774 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:6775 Microsoft Windows Information Disclosure Vulnerability
  CISEC:6783 Microsoft splwow64 Elevation of Privilege Vulnerability
  CISEC:6779 Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:6776 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6751 Hyper-V Remote Code Execution Vulnerability
  CISEC:6787 Hyper-V Remote Code Execution Vulnerability
  CISEC:6765 DirectWrite Information Disclosure Vulnerability
  CISEC:6766 DirectWrite Information Disclosure Vulnerability

2019-12-06 CISEC:6648 XmlLite Runtime Denial of Service Vulnerability
  CISEC:6534 Winlogon Elevation of Privilege Vulnerability
  CISEC:6505 Windows WLAN Service Elevation of Privilege Vulnerability
  CISEC:6523 Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:6524 Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:6641 Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:6392 Windows Update Delivery Optimization Elevation of Privilege Vulnerability
  CISEC:6611 Windows Update Client Information Disclosure Vulnerability
  CISEC:6513 Windows Transaction Manager Information Disclosure Vulnerability
  CISEC:6649 Windows Text Service Framework Elevation of Privilege Vulnerability
  CISEC:6607 Windows TCP/IP Information Disclosure Vulnerability
  CISEC:6516 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6553 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6558 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6408 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6581 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6637 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6554 Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:6664 Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:6450 Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:6565 Windows SMB Information Disclosure Vulnerability
  CISEC:6667 Windows SMB Information Disclosure Vulnerability
  CISEC:6631 Windows SMB Information Disclosure Vulnerability
  CISEC:6633 Windows SMB Client Driver Information Disclosure Vulnerability
  CISEC:6466 Windows Shell Elevation of Privilege Vulnerability
  CISEC:6477 Windows Security Feature Bypass Vulnerability
  CISEC:6418 Windows Secure Kernel Mode Security Feature Bypass Vulnerability
  CISEC:6374 Windows Secure Boot Security Feature Bypass Vulnerability
  CISEC:6398 Windows Secure Boot Security Feature Bypass Vulnerability
  CISEC:6635 Windows RPCSS Elevation of Privilege Vulnerability
  CISEC:6416 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:6645 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:6679 Windows Remote Code Execution Vulnerability
  CISEC:6675 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
  CISEC:6356 Windows Print Spooler Information Disclosure Vulnerability
  CISEC:6445 Windows Power Service Elevation of Privilege Vulnerability
  CISEC:6414 Windows OLE Remote Code Execution Vulnerability
  CISEC:6542 Windows NTLM Tampering Vulnerability
  CISEC:6455 Windows NTLM Tampering Vulnerability
  CISEC:6647 Windows NTLM Security Feature Bypass Vulnerability
  CISEC:6357 Windows NTFS Elevation of Privilege Vulnerability
  CISEC:6629 Windows Network File System Elevation of Privilege Vulnerability
  CISEC:6555 Windows Network Connectivity Assistant Elevation of Privilege Vulnerability
  CISEC:6578 Windows NDIS Elevation of Privilege Vulnerability
  CISEC:6351 Windows Media Elevation of Privilege Vulnerability
  CISEC:6529 Windows Kernel Information Disclosure Vulnerability
  CISEC:6559 Windows Kernel Information Disclosure Vulnerability
  CISEC:6564 Windows Kernel Information Disclosure Vulnerability
  CISEC:6697 Windows Kernel Information Disclosure Vulnerability
  CISEC:6346 Windows Kernel Information Disclosure Vulnerability
  CISEC:6349 Windows Kernel Information Disclosure Vulnerability
  CISEC:6375 Windows Kernel Information Disclosure Vulnerability
  CISEC:6684 Windows Kernel Information Disclosure Vulnerability
  CISEC:6688 Windows Kernel Information Disclosure Vulnerability
  CISEC:6402 Windows Kernel Information Disclosure Vulnerability
  CISEC:6425 Windows Kernel Information Disclosure Vulnerability
  CISEC:6470 Windows Kernel Information Disclosure Vulnerability
  CISEC:6473 Windows Kernel Information Disclosure Vulnerability
  CISEC:6573 Windows Kernel Information Disclosure Vulnerability
  CISEC:6574 Windows Kernel Information Disclosure Vulnerability
  CISEC:6626 Windows Kernel Information Disclosure Vulnerability
  CISEC:6651 Windows Kernel Information Disclosure Vulnerability
  CISEC:6541 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6545 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6696 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6662 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6478 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6602 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6660 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6652 Windows IOleCvt Interface Remote Code Execution Vulnerability
  CISEC:6381 Windows Installer Elevation of Privilege Vulnerability
  CISEC:6501 Windows Information Disclosure Vulnerability
  CISEC:6400 Windows Information Disclosure Vulnerability
  CISEC:6597 Windows Information Disclosure Vulnerability
  CISEC:6487 Windows Imaging API Remote Code Execution Vulnerability
  CISEC:6539 Windows Image Elevation of Privilege Vulnerability
  CISEC:6405 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6439 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6440 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6615 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6517 Windows Hyper-V Information Disclosure Vulnerability
  CISEC:6677 Windows Hyper-V Information Disclosure Vulnerability
  CISEC:6590 Windows Hyper-V Information Disclosure Vulnerability
  CISEC:6494 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6480 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6515 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6531 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6543 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6666 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6436 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6458 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6606 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6571 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6625 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6636 Windows Hyper-V Denial of Service Vulnerability
  CISEC:6486 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:6444 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:6658 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:6481 Windows GDI Information Disclosure Vulnerability
  CISEC:6511 Windows GDI Information Disclosure Vulnerability
  CISEC:6532 Windows GDI Information Disclosure Vulnerability
  CISEC:6546 Windows GDI Information Disclosure Vulnerability
  CISEC:6548 Windows GDI Information Disclosure Vulnerability
  CISEC:6557 Windows GDI Information Disclosure Vulnerability
  CISEC:6693 Windows GDI Information Disclosure Vulnerability
  CISEC:6342 Windows GDI Information Disclosure Vulnerability
  CISEC:6343 Windows GDI Information Disclosure Vulnerability
  CISEC:6347 Windows GDI Information Disclosure Vulnerability
  CISEC:6348 Windows GDI Information Disclosure Vulnerability
  CISEC:6358 Windows GDI Information Disclosure Vulnerability
  CISEC:6360 Windows GDI Information Disclosure Vulnerability
  CISEC:6370 Windows GDI Information Disclosure Vulnerability
  CISEC:6371 Windows GDI Information Disclosure Vulnerability
  CISEC:6377 Windows GDI Information Disclosure Vulnerability
  CISEC:6383 Windows GDI Information Disclosure Vulnerability
  CISEC:6661 Windows GDI Information Disclosure Vulnerability
  CISEC:6678 Windows GDI Information Disclosure Vulnerability
  CISEC:6399 Windows GDI Information Disclosure Vulnerability
  CISEC:6394 Windows GDI Information Disclosure Vulnerability
  CISEC:6419 Windows GDI Information Disclosure Vulnerability
  CISEC:6427 Windows GDI Information Disclosure Vulnerability
  CISEC:6446 Windows GDI Information Disclosure Vulnerability
  CISEC:6467 Windows GDI Information Disclosure Vulnerability
  CISEC:6476 Windows GDI Information Disclosure Vulnerability
  CISEC:6604 Windows GDI Information Disclosure Vulnerability
  CISEC:6579 Windows GDI Information Disclosure Vulnerability
  CISEC:6585 Windows GDI Information Disclosure Vulnerability
  CISEC:6598 Windows GDI Information Disclosure Vulnerability
  CISEC:6601 Windows GDI Information Disclosure Vulnerability
  CISEC:6475 Windows File Signature Security Feature Bypass Vulnerability
  CISEC:6685 Windows Event Viewer Information Disclosure Vulnerability
  CISEC:6484 Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:6376 Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:6397 Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:6550 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:6412 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:6420 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:6492 Windows Elevation of Privilege Vulnerability
  CISEC:6485 Windows Elevation of Privilege Vulnerability
  CISEC:6504 Windows Elevation of Privilege Vulnerability
  CISEC:6525 Windows Elevation of Privilege Vulnerability
  CISEC:6535 Windows Elevation of Privilege Vulnerability
  CISEC:6552 Windows Elevation of Privilege Vulnerability
  CISEC:6563 Windows Elevation of Privilege Vulnerability
  CISEC:6568 Windows Elevation of Privilege Vulnerability
  CISEC:6698 Windows Elevation of Privilege Vulnerability
  CISEC:6350 Windows Elevation of Privilege Vulnerability
  CISEC:6355 Windows Elevation of Privilege Vulnerability
  CISEC:6422 Windows Elevation of Privilege Vulnerability
  CISEC:6429 Windows Elevation of Privilege Vulnerability
  CISEC:6431 Windows Elevation of Privilege Vulnerability
  CISEC:6432 Windows Elevation of Privilege Vulnerability
  CISEC:6452 Windows Elevation of Privilege Vulnerability
  CISEC:6462 Windows Elevation of Privilege Vulnerability
  CISEC:6468 Windows Elevation of Privilege Vulnerability
  CISEC:6474 Windows Elevation of Privilege Vulnerability
  CISEC:6582 Windows Elevation of Privilege Vulnerability
  CISEC:6583 Windows Elevation of Privilege Vulnerability
  CISEC:6612 Windows Elevation of Privilege Vulnerability
  CISEC:6627 Windows Elevation of Privilege Vulnerability
  CISEC:6654 Windows Elevation of Privilege Vulnerability
  CISEC:6655 Windows Elevation of Privilege Vulnerability
  CISEC:6407 Windows dnsrlvr.dll Elevation of Privilege Vulnerability
  CISEC:6691 Windows DNS Server Denial of Service Vulnerability
  CISEC:6561 Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:6417 Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:6457 Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:6521 Windows DHCP Server Denial of Service Vulnerability
  CISEC:6442 Windows DHCP Server Denial of Service Vulnerability
  CISEC:6522 Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:6361 Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:6384 Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:6593 Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:6368 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
  CISEC:6490 Windows Denial of Service Vulnerability
  CISEC:6530 Windows Denial of Service Vulnerability
  CISEC:6676 Windows Denial of Service Vulnerability
  CISEC:6409 Windows Denial of Service Vulnerability
  CISEC:6646 Windows Denial of Service Vulnerability
  CISEC:6656 Windows Denial of Service Vulnerability
  CISEC:6586 Windows CSRSS Elevation of Privilege Vulnerability
  CISEC:6639 Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:6533 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:6682 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:6464 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:6617 Windows Code Integrity Module Information Disclosure Vulnerability
  CISEC:6488 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6506 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6556 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6672 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6438 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6471 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6589 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6592 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6596 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6616 Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6495 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:6472 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:6584 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:6650 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:6387 Windows ActiveX Remote Code Execution Vulnerability
  CISEC:6500 Win32k Information Disclosure Vulnerability
  CISEC:6518 Win32k Information Disclosure Vulnerability
  CISEC:6372 Win32k Information Disclosure Vulnerability
  CISEC:6603 Win32k Information Disclosure Vulnerability
  CISEC:6498 Win32k Elevation of Privilege Vulnerability
  CISEC:6537 Win32k Elevation of Privilege Vulnerability
  CISEC:6544 Win32k Elevation of Privilege Vulnerability
  CISEC:6547 Win32k Elevation of Privilege Vulnerability
  CISEC:6369 Win32k Elevation of Privilege Vulnerability
  CISEC:6388 Win32k Elevation of Privilege Vulnerability
  CISEC:6663 Win32k Elevation of Privilege Vulnerability
  CISEC:6683 Win32k Elevation of Privilege Vulnerability
  CISEC:6396 Win32k Elevation of Privilege Vulnerability
  CISEC:6390 Win32k Elevation of Privilege Vulnerability
  CISEC:6428 Win32k Elevation of Privilege Vulnerability
  CISEC:6461 Win32k Elevation of Privilege Vulnerability
  CISEC:6594 Win32k Elevation of Privilege Vulnerability
  CISEC:6618 Win32k Elevation of Privilege Vulnerability
  CISEC:6624 Win32k Elevation of Privilege Vulnerability
  CISEC:6332 VBScript Remote Code Execution Vulnerability
  CISEC:6327 VBScript Remote Code Execution Vulnerability
  CISEC:6344 Unified Write Filter Elevation of Privilege Vulnerability
  CISEC:6680 Task Scheduler Elevation of Privilege Vulnerability
  CISEC:6634 SymCrypt Information Disclosure Vulnerability
  CISEC:6395 SymCrypt Denial of Service Vulnerability
  CISEC:6512 Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6671 Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6674 Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6435 Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6572 Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6580 Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6441 Remote Desktop Protocol Server Information Disclosure Vulnerability
  CISEC:6642 Remote Desktop Protocol Server Information Disclosure Vulnerability
  CISEC:6577 Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:6378 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6690 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6595 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6628 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6643 Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6367 OLE Automation Remote Code Execution Vulnerability
  CISEC:6493 MS XML Remote Code Execution Vulnerability
  CISEC:6527 MS XML Remote Code Execution Vulnerability
  CISEC:6694 MS XML Remote Code Execution Vulnerability
  CISEC:6665 MS XML Remote Code Execution Vulnerability
  CISEC:6668 MS XML Remote Code Execution Vulnerability
  CISEC:6411 MS XML Remote Code Execution Vulnerability
  CISEC:6469 MS XML Remote Code Execution Vulnerability
  CISEC:6576 MS XML Remote Code Execution Vulnerability
  CISEC:6502 Microsoft Windows Update Client Elevation of Privilege Vulnerability
  CISEC:6519 Microsoft Windows Update Client Elevation of Privilege Vulnerability
  CISEC:6386 Microsoft Windows Transport Layer Security Spoofing Vulnerability
  CISEC:6352 Microsoft Windows Store Installer Elevation of Privilege Vulnerability
  CISEC:6423 Microsoft Windows Security Feature Bypass Vulnerability
  CISEC:6456 Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability
  CISEC:6497 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6499 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6669 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6591 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6614 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6653 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6659 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6562 Microsoft Windows Denial of Service Vulnerability
  CISEC:6608 Microsoft Windows CloudStore Elevation of Privilege Vulnerability
  CISEC:6569 Microsoft unistore.dll Information Disclosure Vulnerability
  CISEC:6620 Microsoft splwow64 Elevation of Privilege Vulnerability
  CISEC:6587 Microsoft Speech API Remote Code Execution Vulnerability
  CISEC:6599 Microsoft IIS Server Elevation of Privilege Vulnerability
  CISEC:6345 Microsoft IIS Server Denial of Service Vulnerability
  CISEC:6538 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:6540 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:6363 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:6403 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:6373 Microsoft Graphics Components Information Disclosure Vulnerability
  CISEC:6681 Microsoft Graphics Components Information Disclosure Vulnerability
  CISEC:6453 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:6382 Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability
  CISEC:6424 Local Security Authority Subsystem Service Denial of Service Vulnerability
  CISEC:6508 LNK Remote Code Execution Vulnerability
  CISEC:6401 LNK Remote Code Execution Vulnerability
  CISEC:6496 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6482 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6503 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6507 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6520 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6536 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6560 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6695 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6353 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6364 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6379 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6380 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6670 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6673 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6687 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6692 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6391 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6393 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6404 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6413 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6426 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6433 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6434 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6437 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6448 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6449 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6451 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6465 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6479 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6605 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6575 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6588 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6600 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6613 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6619 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6621 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6630 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6632 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6640 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6644 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6329 Internet Explorer Memory Corruption Vulnerability
  CISEC:6389 Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:6354 Hyper-V Remote Code Execution Vulnerability
  CISEC:6489 Hyper-V Information Disclosure Vulnerability
  CISEC:6514 HTTP/2 Server Denial of Service Vulnerability
  CISEC:6366 HTTP/2 Server Denial of Service Vulnerability
  CISEC:6430 HTTP/2 Server Denial of Service Vulnerability
  CISEC:6460 HTTP/2 Server Denial of Service Vulnerability
  CISEC:6610 HTTP/2 Server Denial of Service Vulnerability
  CISEC:6362 GDI+ Remote Code Execution Vulnerability
  CISEC:6447 GDI+ Remote Code Execution Vulnerability
  CISEC:6609 GDI+ Remote Code Execution Vulnerability
  CISEC:6567 DirectX Information Disclosure Vulnerability
  CISEC:6463 DirectX Information Disclosure Vulnerability
  CISEC:6406 DirectX Elevation of Privilege Vulnerability
  CISEC:6443 DirectX Elevation of Privilege Vulnerability
  CISEC:6459 DirectX Elevation of Privilege Vulnerability
  CISEC:6638 DirectX Elevation of Privilege Vulnerability
  CISEC:6491 DirectWrite Remote Code Execution Vulnerability
  CISEC:6526 DirectWrite Remote Code Execution Vulnerability
  CISEC:6551 DirectWrite Remote Code Execution Vulnerability
  CISEC:6686 DirectWrite Remote Code Execution Vulnerability
  CISEC:6410 DirectWrite Remote Code Execution Vulnerability
  CISEC:6415 DirectWrite Remote Code Execution Vulnerability
  CISEC:6421 DirectWrite Remote Code Execution Vulnerability
  CISEC:6454 DirectWrite Remote Code Execution Vulnerability
  CISEC:6623 DirectWrite Remote Code Execution Vulnerability
  CISEC:6657 DirectWrite Remote Code Execution Vulnerability
  CISEC:6528 DirectWrite Information Disclosure Vulnerability
  CISEC:6549 DirectWrite Information Disclosure Vulnerability
  CISEC:6566 DirectWrite Information Disclosure Vulnerability
  CISEC:6570 DirectWrite Information Disclosure Vulnerability
  CISEC:6622 DirectWrite Information Disclosure Vulnerability
  CISEC:6483 ADFS Security Feature Bypass Vulnerability
  CISEC:6359 ADFS Security Feature Bypass Vulnerability
  CISEC:6689 ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
  CISEC:6510 Active Directory Federation Services XSS Vulnerability
  CISEC:6385 Active Directory Elevation of Privilege Vulnerability

2019-07-26 CVE-2019-13962 VLC avcodec picture copy heap-buffer-overflow

2019-03-29 CISEC:5972 Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:5996 Windows Theme API Remote Code Execution Vulnerability
  CISEC:5926 Windows TCP/IP Information Disclosure Vulnerability
  CISEC:5968 Windows Subsystem for Linux Information Disclosure Vulnerability
  CISEC:5986 Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:5935 Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:5980 Windows SMB Remote Code Execution Vulnerability
  CISEC:5920 Windows SMB Remote Code Execution Vulnerability
  CISEC:6005 Windows Shell Remote Code Execution Vulnerability
  CISEC:5994 Windows Security Feature Bypass Vulnerability
  CISEC:5997 Windows Security Feature Bypass Vulnerability
  CISEC:5919 Windows Security Feature Bypass Vulnerability
  CISEC:5924 Windows Security Feature Bypass Vulnerability
  CISEC:5923 Windows Search Remote Code Execution Vulnerability
  CISEC:5984 Windows Runtime Elevation of Privilege Vulnerability
  CISEC:5948 Windows Remote Code Execution Vulnerability
  CISEC:5918 Windows Registry Elevation of Privilege Vulnerability
  CISEC:5929 Windows Media Player Information Disclosure Vulnerability
  CISEC:5932 Windows Media Player Information Disclosure Vulnerability
  CISEC:5946 Windows Kernel Information Disclosure Vulnerability
  CISEC:5947 Windows Kernel Information Disclosure Vulnerability
  CISEC:5965 Windows Kernel Information Disclosure Vulnerability
  CISEC:5981 Windows Kernel Information Disclosure Vulnerability
  CISEC:5992 Windows Kernel Information Disclosure Vulnerability
  CISEC:6015 Windows Kernel Information Disclosure Vulnerability
  CISEC:6020 Windows Kernel Information Disclosure Vulnerability
  CISEC:5917 Windows Kernel Information Disclosure Vulnerability
  CISEC:5921 Windows Kernel Information Disclosure Vulnerability
  CISEC:5930 Windows Kernel Information Disclosure Vulnerability
  CISEC:5944 Windows Kernel Information Disclosure Vulnerability
  CISEC:6016 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5928 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5937 Windows Information Disclosure Vulnerability
  CISEC:5950 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5956 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5958 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6004 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5931 Windows Hyper-V Information Disclosure Vulnerability
  CISEC:5961 Windows Hyper-V Denial of Service Vulnerability
  CISEC:5951 Windows GDI Information Disclosure Vulnerability
  CISEC:5964 Windows GDI Information Disclosure Vulnerability
  CISEC:5974 Windows GDI Information Disclosure Vulnerability
  CISEC:5975 Windows GDI Information Disclosure Vulnerability
  CISEC:5976 Windows GDI Information Disclosure Vulnerability
  CISEC:5998 Windows GDI Information Disclosure Vulnerability
  CISEC:5940 Windows GDI Information Disclosure Vulnerability
  CISEC:5941 Windows GDI Information Disclosure Vulnerability
  CISEC:5973 Windows Elevation of Privilege Vulnerability
  CISEC:5991 Windows Elevation Of Privilege Vulnerability
  CISEC:5988 Windows DNS Server Heap Overflow Vulnerability
  CISEC:5957 Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:6011 Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:5915 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
  CISEC:5967 Windows Denial of Service Vulnerability
  CISEC:5916 Windows Denial of Service Vulnerability
  CISEC:5970 Windows Defender Firewall Security Feature Bypass Vulnerability
  CISEC:5977 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6009 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6014 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:5938 Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:5966 Windows COM Elevation of Privilege Vulnerability
  CISEC:5922 Windows COM Elevation of Privilege Vulnerability
  CISEC:5983 Windows Code Integrity Module Denial of Service Vulnerability
  CISEC:5979 Win32k Information Disclosure Vulnerability
  CISEC:5993 Win32k Information Disclosure Vulnerability
  CISEC:6003 Win32k Information Disclosure Vulnerability
  CISEC:5989 Win32k Elevation of Privilege Vulnerability
  CISEC:5990 Win32k Elevation of Privilege Vulnerability
  CISEC:6008 Win32k Elevation of Privilege Vulnerability
  CISEC:6021 Win32k Elevation of Privilege Vulnerability
  CISEC:5934 Win32k Elevation of Privilege Vulnerability
  CISEC:6012 Remote Procedure Call runtime Information Disclosure Vulnerability
  CISEC:5927 Remote Procedure Call runtime Information Disclosure Vulnerability
  CISEC:5995 MS XML Remote Code Execution Vulnerability
  CISEC:5969 Microsoft XmlDocument Elevation of Privilege Vulnerability
  CISEC:5943 Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:5982 Microsoft Text-To-Speech Remote Code Execution Vulnerability
  CISEC:5999 Microsoft JScript Security Feature Bypass Vulnerability
  CISEC:5945 Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:5978 Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:6013 Microsoft Filter Manager Elevation Of Privilege Vulnerability
  CISEC:6007 Microsoft Cortana Elevation of Privilege Vulnerability
  CISEC:5952 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5953 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5955 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5959 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5960 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5963 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5985 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6000 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6001 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6006 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6010 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5914 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5925 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5939 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5942 Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5954 HID Information Disclosure Vulnerability
  CISEC:5987 HID Information Disclosure Vulnerability
  CISEC:6018 GDI+ Remote Code Execution Vulnerability
  CISEC:6019 GDI+ Remote Code Execution Vulnerability
  CISEC:6002 DirectX Information Disclosure Vulnerability
  CISEC:5949 DirectX Elevation of Privilege Vulnerability
  CISEC:5962 DirectX Elevation of Privilege Vulnerability
  CISEC:6017 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5936 Cortana Elevation of Privilege Vulnerability
  CISEC:5971 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
  CISEC:5933 Active Directory Federation Services XSS Vulnerability

2019-01-11 CISEC:5860 Vulnerability

2018-12-21 CISEC:5856 Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows 81, Windows 7, Windows Server 2019
  CISEC:5858 Microsoft Outlook Remote Code Execution Vulnerability This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576
  CISEC:5854 DirectX Information Disclosure Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows 81, Windows Server 2008 R2
  CISEC:5853 DirectX Elevation of Privilege Vulnerability This affects Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 81, Windows 10, Windows 10 Servers This CVE ID is...
  CISEC:5855 Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557,...

2018-12-14 CISEC:5838 Windows Win32k Elevation of Privilege Vulnerability This affects Windows Server 2008, Windows 7, Windows Server 2008 R2
  CISEC:5840 Windows Audio Service Information Disclosure Vulnerability This affects Windows 10 Servers, Windows 10, Windows Server 2019
  CISEC:5841 Windows ALPC Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers
  CISEC:5835 Vulnerability
  CISEC:5837 MS XML Remote Code Execution Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 81, Windows Server 2016, Windows Server...
  CISEC:5836 Microsoft Edge Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8509
  CISEC:5839 Microsoft Edge Elevation of Privilege Vulnerability This affects Microsoft Edge
  CISEC:5842 Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556,...

2018-12-07 CISEC:5823 Windows GDI Information Disclosure Vulnerability
  CISEC:5825 Win32k Elevation of Privilege Vulnerability
  CISEC:5826 NTFS Elevation of Privilege Vulnerability
  CISEC:5833 Linux On Windows Elevation Of Privilege Vulnerability
  CISEC:5832 DirectX Information Disclosure Vulnerability
  CISEC:5834 DirectX Information Disclosure Vulnerability
  CISEC:5822 DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5827 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5828 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5829 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5830 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5831 Chakra Scripting Engine Memory Corruption Vulnerability

2018-11-30 CISEC:5764 Vulnerability
  CISEC:5765 Vulnerability
  CISEC:5767 Vulnerability
  CISEC:5768 Vulnerability
  CISEC:5769 Vulnerability
  CISEC:5770 Vulnerability
  CISEC:5771 Vulnerability
  CISEC:5772 Vulnerability

2018-11-26 CISEC:5751 Vulnerability
  CISEC:5752 Vulnerability
  CISEC:5749 Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:5750 Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:5757 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability
  CISEC:5753 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5754 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5755 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5756 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5758 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5759 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability

2018-11-16 CISEC:5746 Windows Information Disclosure Vulnerability
  CISEC:5747 Win32k Graphics Remote Code Execution Vulnerability
  CISEC:5748 .NET Framework Remote Code Execution Vulnerability

2018-11-02 CISEC:5722 Windows SMB Information Disclosure Vulnerability
  CISEC:5721 Windows SMB Denial of Service Vulnerability
  CISEC:5736 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:5733 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5734 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5735 Microsoft Office SharePoint XSS Vulnerability
  CISEC:5723 DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5724 Device Guard Security Feature Bypass Vulnerability

2018-10-26 CISEC:5702 Windows Subsystem for Linux Security Feature Bypass Vulnerability
  CISEC:5703 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:5685 Windows Hyper-V Information Disclosure Vulnerability
  CISEC:5697 Windows GDI Information Disclosure Vulnerability
  CISEC:5699 Windows GDI Information Disclosure Vulnerability
  CISEC:5693 Scripting Engine Memory Corruption Vulnerability
  CISEC:5694 Scripting Engine Memory Corruption Vulnerability
  CISEC:5695 Scripting Engine Memory Corruption Vulnerability
  CISEC:5696 Scripting Engine Memory Corruption Vulnerability
  CISEC:5701 Scripting Engine Memory Corruption Vulnerability
  CISEC:5700 Scripting Engine Information Disclosure Vulnerability
  CISEC:5720 Microsoft Scripting Engine Information Disclosure Vulnerability
  CISEC:5698 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:5719 Microsoft Edge PDF Remote Code Execution Vulnerability

2018-10-19 CISEC:5668 Windows Kernel Information Disclosure Vulnerability
  CISEC:5669 Windows Kernel Information Disclosure Vulnerability
  CISEC:5670 Windows Kernel Information Disclosure Vulnerability
  CISEC:5671 Windows Kernel Information Disclosure Vulnerability
  CISEC:5672 Windows Kernel Information Disclosure Vulnerability
  CISEC:5673 Windows Kernel Information Disclosure Vulnerability
  CISEC:5674 Windows Kernel Information Disclosure Vulnerability
  CISEC:5684 Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:5683 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5688 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5686 Windows Hyper-V Denial of Service Vulnerability
  CISEC:5687 Windows Hyper-V Denial of Service Vulnerability
  CISEC:5675 Microsoft Edge Spoofing Vulnerability
  CISEC:5677 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5678 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:5676 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:5690 Internet Explorer Security Feature Bypass Vulnerability
  CISEC:5691 Internet Explorer Memory Corruption Vulnerability
  CISEC:5692 Internet Explorer Memory Corruption Vulnerability
  CISEC:5679 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5680 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5681 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5682 Chakra Scripting Engine Memory Corruption Vulnerability

2018-10-05 CISEC:5615 Windows PDF Remote Code Execution Vulnerability
  CISEC:5610 Windows GDI Information Disclosure Vulnerability
  CISEC:5611 Windows GDI Information Disclosure Vulnerability
  CISEC:5613 Windows GDI Information Disclosure Vulnerability
  CISEC:5616 Scripting Engine Memory Corruption Vulnerability
  CISEC:5617 Scripting Engine Memory Corruption Vulnerability
  CISEC:5618 Scripting Engine Memory Corruption Vulnerability
  CISEC:5619 Scripting Engine Memory Corruption Vulnerability
  CISEC:5620 Scripting Engine Memory Corruption Vulnerability
  CISEC:5621 Scripting Engine Memory Corruption Vulnerability
  CISEC:5622 Scripting Engine Memory Corruption Vulnerability
  CISEC:5623 Scripting Engine Memory Corruption Vulnerability
  CISEC:5624 Scripting Engine Memory Corruption Vulnerability
  CISEC:5607 OpenType Font Driver Elevation of Privilege Vulnerability
  CISEC:5656 Microsoft SQL Server Remote Code Execution Vulnerability
  CISEC:5638 Microsoft PowerPoint Remote Code Execution Vulnerability
  CISEC:5639 Microsoft Office Information Disclosure Vulnerability
  CISEC:5654 Microsoft Exchange Server Tampering Vulnerability
  CISEC:5651 Microsoft Exchange Memory Corruption Vulnerability
  CISEC:5625 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5627 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5626 Microsoft Excel Information Disclosure Vulnerability
  CISEC:5614 Microsoft COM for Windows Remote Code Execution Vulnerability
  CISEC:5609 Microsoft Browser Memory Corruption Vulnerability
  CISEC:5606 Microsoft Browser Information Disclosure Vulnerability
  CISEC:5608 Microsoft Browser Elevation of Privilege Vulnerability
  CISEC:5612 GDI+ Remote Code Execution Vulnerability
  CISEC:5629 Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability
  CISEC:5628 Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability
  CISEC:5632 .NET Framework Information Disclosure Vulnerability

2018-09-28 CISEC:5588 Internet Explorer Remote Code Execution Vulnerability
  CISEC:5602 DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5603 DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5604 DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5605 DirectX Graphics Kernel Elevation of Privilege Vulnerability

2018-09-21 CISEC:5582 Windows NDIS Elevation of Privilege Vulnerability
  CISEC:5583 Windows NDIS Elevation of Privilege Vulnerability
  CISEC:5572 Microsoft Edge Spoofing Vulnerability
  CISEC:5575 Microsoft Edge Spoofing Vulnerability
  CISEC:5578 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:5579 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5581 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5580 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5586 LNK Remote Code Execution Vulnerability
  CISEC:5587 LNK Remote Code Execution Vulnerability
  CISEC:5573 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5574 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5576 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5577 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5584 AD FS Security Feature Bypass Vulnerability

2018-09-14 CISEC:5569 Windows Shell Remote Code Execution Vulnerability
  CISEC:5516 Windows Kernel Information Disclosure Vulnerability
  CISEC:5517 Windows Kernel Information Disclosure Vulnerability
  CISEC:5518 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5566 Windows Installer Elevation of Privilege Vulnerability
  CISEC:5571 Win32k Elevation of Privilege Vulnerability
  CISEC:5568 Win32k Elevation of Privilege Vulnerability
  CISEC:5489 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5490 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5491 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5492 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5493 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5494 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5495 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5496 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5497 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5498 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5499 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5500 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5501 Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5419 Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5421 Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5418 Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5420 Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5422 Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5415 Security Bypass Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5473 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5474 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5475 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5476 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5478 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5479 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5480 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5481 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5484 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5485 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5486 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5488 Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5423 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5424 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5425 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5426 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5427 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5428 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5429 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5430 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5431 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5432 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5433 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5434 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5435 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5436 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5437 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5438 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5439 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5440 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5441 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5442 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5443 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5444 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5445 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5446 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5447 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5448 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5449 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5450 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5451 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5452 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5453 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5454 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5455 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5456 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5457 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5458 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5459 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5460 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5461 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5462 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5463 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5464 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5465 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5466 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5467 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5468 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5469 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5470 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5471 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5472 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5477 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5482 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5483 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5487 Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5508 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5509 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5510 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5511 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5512 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5502 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5503 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5504 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5505 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5506 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5507 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5513 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5514 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5515 Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5414 Double Free Vulnerability in Adobe Acrobat Reader 2018.011.20055 and earlier versions, 2017.011.30096 and earlier versions, and 2015.006.30434 and earlier versions
  CISEC:5570 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5567 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5411 Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5412 Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5413 Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5416 Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5553 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability
  CISEC:5538 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability
  CISEC:5519 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5524 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5529 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5531 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5534 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5539 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5541 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5542 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5544 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5547 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5549 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5552 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5556 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5558 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5560 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5561 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5562 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5563 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5564 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5545 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability
  CISEC:5522 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5527 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5528 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5530 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5532 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5533 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5535 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5536 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5548 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5551 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5554 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5555 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5557 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5550 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability
  CISEC:5525 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability
  CISEC:5537 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability
  CISEC:5520 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5521 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5523 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5526 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5546 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5559 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5565 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5417 Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability
  CISEC:5543 Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability
  CISEC:5540 Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability

2018-09-11 MITRE:61 Windows NT Remote Access Service Phonebook Buffer Overflow
  MITRE:158 Windows NT Process Handle Duplication Privilege Escalation
  MITRE:94 Solaris 8 mibiisa Remote Buffer Overflow Vulnerability
  MITRE:179 Solaris 7 LBXProxy Display Name Buffer Overflow
  MITRE:10 Heap Overflow in Solaris 8 xlock

2018-09-07 CISEC:5394 Windows Denial of Service Vulnerability
  CISEC:5368 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client
  CISEC:5356 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles
  CISEC:5364 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:5371 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:5379 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:5372 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption
  CISEC:5333 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:5360 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:5361 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options
  CISEC:5337 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5380 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5374 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached
  CISEC:5359 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:5369 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:5339 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5346 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5357 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5358 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5363 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5370 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5375 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5341 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
  CISEC:5345 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
  CISEC:5373 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM
  CISEC:5334 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5335 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5338 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5342 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5347 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5366 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5367 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5376 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5340 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension
  CISEC:5336 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
  CISEC:5343 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
  CISEC:5365 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump
  CISEC:5381 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log
  CISEC:5362 Vulnerability in the MySQL Server 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior
  CISEC:5344 Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin
  CISEC:5378 Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs
  CISEC:5350 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency
  CISEC:5353 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries
  CISEC:5351 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE
  CISEC:5354 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL
  CISEC:5349 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security
  CISEC:5348 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX
  CISEC:5355 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB
  CISEC:5352 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:5382 Skype for Business and Lync Security Feature Bypass Vulnerability

2018-08-31 CISEC:5290 WordPad Security Feature Bypass Vulnerability
  CISEC:5332 Windows Firewall Denial of Service Vulnerability
  CISEC:5330 Windows Elevation of Privilege Vulnerability
  CISEC:5327 Windows DNSAPI Denial of Service Vulnerability
  CISEC:5328 Windows Denial of Service Vulnerability
  CISEC:5331 Windows Denial of Service Vulnerability
  CISEC:5326 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
  CISEC:5311 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
  CISEC:5302 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5306 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5313 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5315 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5317 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5324 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5320 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking
  CISEC:5325 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:5299 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection
  CISEC:5298 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5300 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5308 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5309 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5307 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS
  CISEC:5303 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security
  CISEC:5314 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI
  CISEC:5312 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization
  CISEC:5316 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security
  CISEC:5321 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security
  CISEC:5301 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX
  CISEC:5310 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP
  CISEC:5304 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency
  CISEC:5297 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT
  CISEC:5305 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security
  CISEC:5319 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot
  CISEC:5322 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries
  CISEC:5323 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries
  CISEC:5318 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install
  CISEC:5329 Remote Code Execution Vulnerability in Skype For Business and Lync
  CISEC:5294 Microsoft SharePoint Remote Code Execution Vulnerability
  CISEC:5292 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5293 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5289 Microsoft Office Tampering Vulnerability
  CISEC:5291 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

2018-08-24 CISEC:5284 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5278 Win32k Elevation of Privilege Vulnerability
  CISEC:5281 Scripting Engine Security Feature Bypass Vulnerability
  CISEC:5286 Python Integer Overflow vulnerability
  CISEC:5288 Python Heap-Buffer-Overflow vulnerability
  CISEC:5279 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5280 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5282 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5283 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5285 Buffer overflow vulnerability in os.symlink on Windows

2018-08-17 CISEC:5236 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5253 Microsoft Edge Spoofing Vulnerability
  CISEC:5237 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5238 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5239 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5240 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5241 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5242 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5244 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5245 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5246 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5247 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5248 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5249 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5250 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5251 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5252 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5254 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5255 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5257 Internet Explorer Security Feature Bypass Vulnerability
  CISEC:5275 .NET Framework Security Feature Bypass Vulnerability
  CISEC:5274 .NET Framework Remote Code Injection Vulnerability
  CISEC:5277 .NET Framework Remote Code Execution Vulnerability
  CISEC:5276 .NET Framework Elevation of Privilege Vulnerability

2018-08-10 CISEC:5235 Microsoft Excel Remote Code Execution Vulnerability

2018-08-03 CISEC:5234 Windows Wireless Network Profile Information Disclosure Vulnerability
  CISEC:5228 Windows Remote Code Execution Vulnerability
  CISEC:5229 Windows Remote Code Execution Vulnerability
  CISEC:5232 Windows Hyper-V Denial of Service Vulnerability
  CISEC:5224 Windows GDI Information Disclosure Vulnerability
  CISEC:5231 Windows DNSAPI Remote Code Execution Vulnerability
  CISEC:5222 Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:5223 Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:5217 Win32k Elevation of Privilege Vulnerability
  CISEC:5227 WEBDAV Denial of Service Vulnerability
  CISEC:5219 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5220 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5226 Microsoft Publisher Remote Code Execution Vulnerability
  CISEC:5225 Microsoft Office Elevation of Privilege Vulnerability
  CISEC:5233 Media Foundation Memory Corruption Vulnerability
  CISEC:5230 Hypervisor Code Integrity Elevation of Privilege Vulnerability
  CISEC:5218 HTTP.sys Denial of Service Vulnerability
  CISEC:5216 HTTP Protocol Stack Remote Code Execution Vulnerability
  CISEC:5221 HIDParser Elevation of Privilege Vulnerability

2018-07-27 CISEC:5183 Windows Kernel Information Disclosure Vulnerability
  CISEC:5194 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5184 Windows Elevation of Privilege Vulnerability
  CISEC:5185 Windows Elevation of Privilege Vulnerability
  CISEC:5187 Scripting Engine Memory Corruption Vulnerability
  CISEC:5188 Scripting Engine Memory Corruption Vulnerability
  CISEC:5198 NTFS Elevation of Privilege Vulnerability
  CISEC:5173 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:5178 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5180 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5174 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5181 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5176 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5177 Internet Explorer Security Feature Bypass Vulnerability
  CISEC:5179 Internet Explorer Memory Corruption Vulnerability
  CISEC:5175 Internet Explorer Memory Corruption Vulnerability
  CISEC:5190 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5191 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5192 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5193 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5195 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5196 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5197 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5186 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5189 Chakra Scripting Engine Memory Corruption Vulnerability

2018-07-20 CISEC:5133 Microsoft Office Remote Code Execution Vulnerability
  CISEC:5132 Microsoft Office Remote Code Execution Vulnerability
  CISEC:5138 Git OS Command Injection Vulnerability
  CISEC:5141 Git OS Command Injection Vulnerability
  CISEC:5139 Git Input Validation Error Vulnerability
  CISEC:5140 Git Input Validation Error Vulnerability

2018-07-13 CISEC:5128 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5129 Microsoft SharePoint Elevation of Privilege Vulnerabilit
  CISEC:5130 Microsoft SharePoint Elevation of Privilege Vulnerabilit
  CISEC:5131 Microsoft SharePoint Elevation of Privilege Vulnerabilit
  CISEC:5110 .NET and .NET Core Denial Of Service Vulnerability

2018-07-06 CISEC:5102 Scripting Engine Memory Corruption Vulnerability
  CISEC:5103 Scripting Engine Memory Corruption Vulnerability
  CISEC:5104 Scripting Engine Memory Corruption Vulnerability
  CISEC:5105 Scripting Engine Memory Corruption Vulnerability
  CISEC:5106 Scripting Engine Memory Corruption Vulnerability
  CISEC:5107 Scripting Engine Memory Corruption Vulnerability
  CISEC:5108 Scripting Engine Memory Corruption Vulnerability
  CISEC:5109 Scripting Engine Memory Corruption Vulnerability
  CISEC:5124 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5125 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5127 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5126 Microsoft Excel Information Disclosure Vulnerability
  CISEC:5114 Git Arbitrary Code Execution Vulnerability
  CISEC:5112 .NET and .NET Core Denial Of Service Vulnerability

2018-06-29 CISEC:5057 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5097 Scripting Engine Memory Corruption Vulnerability
  CISEC:5098 Scripting Engine Memory Corruption Vulnerability
  CISEC:5099 Scripting Engine Memory Corruption Vulnerability
  CISEC:5101 Scripting Engine Memory Corruption Vulnerability
  CISEC:5055 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:5054 Microsoft Edge Memory Corruption Vulnerability
  CISEC:5053 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5094 Microsoft Edge Information Disclosure Vulnerability
  CISEC:5095 Microsoft Browser Memory Corruption Vulnerability
  CISEC:5093 Microsoft Browser Information Disclosure Vulnerability
  CISEC:5096 Internet Explorer Security Feature Bypass Vulnerability
  CISEC:5050 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5051 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5052 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5056 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5100 Chakra Scripting Engine Memory Corruption Vulnerability

2018-06-22 CISEC:5024 Windows Security Feature Bypass Vulnerability
  CISEC:5025 Windows Security Feature Bypass Vulnerability
  CISEC:5026 Windows Security Feature Bypass Vulnerability
  CISEC:5027 Windows Security Feature Bypass Vulnerability
  CISEC:5033 Windows Security Feature Bypass Vulnerability
  CISEC:5035 Windows Security Feature Bypass Vulnerability
  CISEC:5034 Windows Remote Code Execution Vulnerability
  CISEC:5048 Windows Image Elevation of Privilege Vulnerability
  CISEC:5032 Windows Elevation of Privilege Vulnerability
  CISEC:5049 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:5030 Microsoft COM for Windows Remote Code Execution Vulnerability
  CISEC:5029 Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:5028 Hyper-V Remote Code Execution Vulnerability
  CISEC:5036 DirectX Graphics Kernel Elevation of Privilege Vulnerability

2018-06-15 CISEC:5020 Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:5022 Windows Kernel Information Disclosure Vulnerability
  CISEC:5023 Windows Kernel Information Disclosure Vulnerability

2018-06-08 CISEC:4997 Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:5015 Win32k Elevation of Privilege Vulnerability
  CISEC:5017 Win32k Elevation of Privilege Vulnerability
  CISEC:5018 Win32k Elevation of Privilege Vulnerability
  CISEC:5019 Win32k Elevation of Privilege Vulnerability
  CISEC:4994 Microsoft Office Remote Code Execution Vulnerability
  CISEC:4995 Microsoft Office Remote Code Execution Vulnerability
  CISEC:4992 Microsoft Office Information Disclosure Vulnerability
  CISEC:4993 Microsoft Office Information Disclosure Vulnerability
  CISEC:4998 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:4996 Microsoft Excel Remote Code Execution Vulnerability

2018-06-01 CISEC:4978 Scripting Engine Memory Corruption Vulnerability
  CISEC:4980 Scripting Engine Memory Corruption Vulnerability
  CISEC:4982 Scripting Engine Memory Corruption Vulnerability
  CISEC:4983 Scripting Engine Information Disclosure Vulnerability
  CISEC:4977 Scripting Engine Information Disclosure Vulnerability
  CISEC:4979 Scripting Engine Information Disclosure Vulnerability
  CISEC:4981 Scripting Engine Information Disclosure Vulnerability
  CISEC:4984 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4985 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4986 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4987 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4973 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:4974 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:4975 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:4964 Microsoft Edge Information Disclosure Vulnerability
  CISEC:4965 Microsoft Edge Information Disclosure Vulnerability
  CISEC:4926 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
  CISEC:4976 Microsoft Browser Memory Corruption Vulnerability
  CISEC:4988 Internet Explorer Memory Corruption Vulnerability
  CISEC:4929 Internet Explorer Memory Corruption Vulnerability
  CISEC:4930 Internet Explorer Memory Corruption Vulnerability
  CISEC:4931 Internet Explorer Memory Corruption Vulnerability
  CISEC:4927 Internet Explorer Memory Corruption Vulnerability
  CISEC:4928 Internet Explorer Memory Corruption Vulnerability
  CISEC:4966 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4967 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4968 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4969 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4970 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4971 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4972 Chakra Scripting Engine Memory Corruption Vulnerability

2018-05-25 CISEC:4909 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:4910 Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:4924 Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:4905 Microsoft Graphics Component Denial of Service Vulnerability
  CISEC:4906 Hyper-V Information Disclosure Vulnerability
  CISEC:4907 Hyper-V Information Disclosure Vulnerability
  CISEC:4908 Active Directory Security Feature Bypass Vulnerability

2018-05-18 CISEC:4899 Windows SNMP Service Denial of Service Vulnerability
  CISEC:4859 Windows Kernel Information Disclosure Vulnerability
  CISEC:4860 Windows Kernel Information Disclosure Vulnerability
  CISEC:4861 Windows Kernel Information Disclosure Vulnerability
  CISEC:4862 Windows Kernel Information Disclosure Vulnerability
  CISEC:4863 Windows Kernel Information Disclosure Vulnerability
  CISEC:4864 Windows Kernel Information Disclosure Vulnerability
  CISEC:4865 Windows Kernel Information Disclosure Vulnerability
  CISEC:4867 Windows Kernel Information Disclosure Vulnerability
  CISEC:4868 Windows Kernel Information Disclosure Vulnerability
  CISEC:4869 Windows Kernel Information Disclosure Vulnerability
  CISEC:4866 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4870 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4900 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4901 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4902 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4903 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4904 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4898 HTTP.sys Denial of Service Vulnerability
  CISEC:4897 Device Guard Security Feature Bypass Vulnerability

2018-05-11 CISEC:4858 XSS in interstitials
  CISEC:4853 Use after free in Flash
  CISEC:4852 Use after free in Flash
  CISEC:4854 URL Spoof in OmniBox
  CISEC:4855 Timing attack using SVG filters
  CISEC:4856 Information disclosure via texture data in WebGL
  CISEC:4857 Information disclosure in IPC call
  CISEC:4850 Incorrect processing of AppManifests
  CISEC:4851 Circumvention of port blocking

2018-05-04 CISEC:4751 Microsoft Office Memory Corruption Vulnerability
  CISEC:4753 Microsoft Office Information Disclosure Vulnerability
  CISEC:4755 Microsoft Office Excel Security Feature Bypass
  CISEC:4749 Microsoft Exchange Information Disclosure Vulnerability
  CISEC:4756 Microsoft Exchange Elevation of Privilege Vulnerability
  CISEC:4757 Microsoft Exchange Elevation of Privilege Vulnerability
  CISEC:4752 Microsoft Access Remote Code Execution Vulnerability

2018-05-02 CVE-2013-6272 The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi...

2018-04-27 CISEC:4727 Windows Kernel Information Disclosure Vulnerability
  CISEC:4729 Use after free in Blink
  CISEC:4731 Type confusion in V8
  CISEC:4732 Same Origin Bypass via canvas
  CISEC:4737 Race condition in V8
  CISEC:4723 Microsoft Edge Information Disclosure Vulnerability
  CISEC:4724 Microsoft Browser Information Disclosure Vulnerability
  CISEC:4726 Microsoft Browser Information Disclosure Vulnerability
  CISEC:4725 Internet Explorer Information Disclosure Vulnerability
  CISEC:4722 Internet Explorer Elevation of Privilege Vulnerability
  CISEC:4735 Integer overflow in V8
  CISEC:4730 Incorrect permissions on shared memory
  CISEC:4733 Incorrect permissions on shared memory
  CISEC:4736 Heap buffer overflow in Skia
  CISEC:4734 Buffer overflow in Skia

2018-04-20 CISEC:4707 Windows Security Feature Bypass Vulnerability
  CISEC:4706 Windows Remote Assistance Information Disclosure Vulnerability
  CISEC:4639 Windows Kernel Information Disclosure Vulnerability
  CISEC:4641 Windows Kernel Information Disclosure Vulnerability
  CISEC:4642 Windows Kernel Information Disclosure Vulnerability
  CISEC:4643 Windows Kernel Information Disclosure Vulnerability
  CISEC:4644 Windows Kernel Information Disclosure Vulnerability
  CISEC:4645 Windows Kernel Information Disclosure Vulnerability
  CISEC:4647 Windows Kernel Information Disclosure Vulnerability
  CISEC:4648 Windows Kernel Information Disclosure Vulnerability
  CISEC:4649 Windows Kernel Information Disclosure Vulnerability
  CISEC:4650 Windows Kernel Information Disclosure Vulnerability
  CISEC:4651 Windows Kernel Information Disclosure Vulnerability
  CISEC:4653 Windows Kernel Information Disclosure Vulnerability
  CISEC:4654 Windows Installer Elevation of Privilege Vulnerability
  CISEC:4640 Windows GDI Elevation of Privilege Vulnerability
  CISEC:4646 Windows GDI Elevation of Privilege Vulnerability
  CISEC:4652 Windows GDI Elevation of Privilege Vulnerability
  CISEC:4688 Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
  CISEC:4687 Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:4689 Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:4678 Use-after-free write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4662 Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4682 Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4686 Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4670 Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CVE-2014-0900 The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.
  CISEC:4665 Security Mitigation Bypass vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4720 Scripting Engine Memory Corruption Vulnerability
  CISEC:4690 Scripting Engine Memory Corruption Vulnerability
  CISEC:4694 Scripting Engine Memory Corruption Vulnerability
  CISEC:4699 Scripting Engine Memory Corruption Vulnerability
  CISEC:4719 Scripting Engine Memory Corruption Vulnerability
  CISEC:4721 Scripting Engine Information Disclosure Vulnerability
  CISEC:4702 Scripting Engine Information Disclosure Vulnerability
  CISEC:4660 Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4669 Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4676 Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4677 Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4655 Microsoft Video Control Elevation of Privilege Vulnerability
  CISEC:4705 Microsoft Video Control Elevation of Privilege Vulnerability
  CISEC:4661 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4663 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4683 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4685 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4664 Microsoft Sharepoint Elevation of Privilege Vulnerability
  CISEC:4667 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4668 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4671 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4672 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4673 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4674 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4675 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4680 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4703 Hyper-V Information Disclosure Vulnerability
  CISEC:4704 Hyper-V Information Disclosure Vulnerability
  CISEC:4684 Heap Overflow write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4659 Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4681 Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4679 Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4709 CNG Security Feature Bypass Vulnerability
  CISEC:4691 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4692 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4693 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4695 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4696 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4697 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4698 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4700 Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4701 Chakra Scripting Engine Memory Corruption Vulnerability

2018-04-06 CISEC:4618 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4619 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4620 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4621 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4622 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4599 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4600 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4601 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4602 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4603 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4604 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4616 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4617 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4624 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4625 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4626 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier

2018-04-05 CVE-2015-9016 In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege....

2018-04-04 CVE-2015-9011 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
  CVE-2014-9953 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.
  CVE-2015-9015 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.
  CVE-2015-9014 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.
  CVE-2015-9009 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
  CVE-2015-9013 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.
  CVE-2015-9010 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
  CVE-2014-9956 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
  CVE-2014-9954 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.
  CVE-2014-9957 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.
  CVE-2014-9958 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.
  CVE-2015-9012 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.
  CVE-2015-9008 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
  CVE-2014-9955 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.
  CVE-2014-9959 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.

2018-03-30 CISEC:4169 Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:4170 Windows Security Feature Bypass Vulnerability
  CISEC:4163 Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
  CISEC:4165 Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
  CISEC:4172 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4173 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4174 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4164 Windows Elevation of Privilege Vulnerability
  CISEC:4166 Windows Elevation of Privilege Vulnerability
  CISEC:4167 Windows Elevation of Privilege Vulnerability
  CISEC:4161 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:4162 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:4160 Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4168 StructuredQuery Remote Code Execution Vulnerability
  CISEC:4171 Scripting Engine Memory Corruption Vulnerability
  CISEC:4588 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4589 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4590 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4591 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4592 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4593 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4594 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4595 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4596 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4597 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4154 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4147 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4146 Microsoft Outlook Memory Corruption Vulnerability
  CISEC:4155 Microsoft Outlook Elevation of Privilege Vulnerability
  CISEC:4152 Microsoft Office Memory Corruption Vulnerability
  CISEC:4153 Microsoft Office Memory Corruption Vulnerability
  CISEC:4156 Microsoft Office Memory Corruption Vulnerability
  CISEC:4149 Microsoft Office Memory Corruption Vulnerability
  CISEC:4150 Microsoft Office Memory Corruption Vulnerability
  CISEC:4148 Microsoft Office Information Disclosure Vulnerability
  CISEC:4151 Microsoft Excel Remote Code Execution Vulnerability

2018-03-27 CVE-2014-4959 **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.

2018-03-23 CISEC:4127 Windows Kernel Information Disclosure Vulnerability
  CISEC:4133 Windows Kernel Information Disclosure Vulnerability
  CISEC:4135 Windows Kernel Information Disclosure Vulnerability
  CISEC:4136 Windows Kernel Information Disclosure Vulnerability
  CISEC:4137 Windows Kernel Information Disclosure Vulnerability
  CISEC:4139 Windows Kernel Information Disclosure Vulnerability
  CISEC:4125 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4134 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4138 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4142 Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:4143 Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:4144 Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:4145 Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:4140 Scripting Engine Memory Corruption Vulnerability
  CISEC:4141 Scripting Engine Memory Corruption Vulnerability
  CISEC:4121 Scripting Engine Memory Corruption Vulnerability
  CISEC:4122 Scripting Engine Memory Corruption Vulnerability
  CISEC:4123 Scripting Engine Memory Corruption Vulnerability
  CISEC:4124 Scripting Engine Memory Corruption Vulnerability
  CISEC:4126 Scripting Engine Memory Corruption Vulnerability
  CISEC:4128 Scripting Engine Memory Corruption Vulnerability
  CISEC:4129 Scripting Engine Memory Corruption Vulnerability
  CISEC:4130 Scripting Engine Memory Corruption Vulnerability
  CISEC:4131 Scripting Engine Memory Corruption Vulnerability
  CISEC:4132 Scripting Engine Memory Corruption Vulnerability

2018-03-16 CISEC:4088 XSS in DevTools
  CISEC:4066 WCP dissector crash
  CISEC:4077 Use after free in WebUI
  CISEC:4089 Use after free in PDFium
  CISEC:4076 URL spoof in OmniBox
  CISEC:4078 URL spoof in OmniBox
  CISEC:4091 URL spoof in Navigation
  CISEC:4072 UI spoof in Permissions
  CISEC:4106 Scripting Engine Memory Corruption Vulnerability
  CISEC:4086 Same origin bypass in Shared Worker
  CISEC:4073 Referrer policy bypass in Blink
  CISEC:4087 Referrer leak in XSS Auditor
  CISEC:4070 Race when opening downloaded files
  CISEC:4065 Multiple dissectors could crash
  CISEC:4107 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:4108 Microsoft Edge Information Disclosure Vulnerability
  CISEC:4109 Microsoft Edge Information Disclosure Vulnerability
  CISEC:4075 Leak of page thumbnails in New Tab Page
  CISEC:4064 IxVeriWave file parser crash
  CISEC:4074 Integer underflow in WebAssembly
  CISEC:4069 Integer overflow in Blink
  CISEC:4079 Insufficient user gesture requirements in autofill
  CISEC:4081 Insufficient isolation of devtools from extensions
  CISEC:4082 Insufficient isolation of devtools from extensions
  CISEC:4084 Insufficient isolation of devtools from extensions
  CISEC:4085 Insufficient escaping with external URL handlers
  CISEC:4071 Incomplete no-referrer policy implementation
  CISEC:4068 ImageMagick memory leaks in MontageImageCommand in MagickWand/montage
  CISEC:4103 ImageMagick memory leak vulnerability
  CISEC:4105 ImageMagick memory exhaustion vulnerability
  CISEC:4067 ImageMagick CPU exhaustion vulnerability
  CISEC:4104 ImageMagick CPU exhaustion vulnerability
  CISEC:4096 IBM WebSphere MQ is affected by a privilege escalation vulnerability
  CISEC:4095 IBM MQ is affected by a potential denial of service to channel processes
  CISEC:4092 IBM MQ could allow an authenticated user to insert messages with malformed data into the channel, which would cause it to restart
  CISEC:4093 IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed
  CISEC:4094 IBM MQ and IBM MQ Appliance could allow a local user to crash the queue manager agent thread and expose some sensitive information
  CISEC:4090 Heap buffer overflow in WebGL
  CISEC:4083 Cross origin URL leak in WebGL
  CISEC:4080 Content security policy bypass

2018-03-09 CISEC:4040 Stack overflow in V8
  CISEC:4025 OpenSSL Security Bypass Vulnerability
  CISEC:4026 OpenSSL Security Bypass Vulnerability
  CISEC:4027 OpenSSL Security Bypass Vulnerability
  CISEC:4059 ImageMagick Memory Leaks Vulnerability
  CISEC:4060 ImageMagick memory leaks in ReadPWPImage
  CISEC:4063 ImageMagick Memory Leaks
  CISEC:4058 ImageMagick Information Disclosure Vulnerability
  CISEC:4061 ImageMagick Information Disclosure Vulnerability
  CISEC:4062 ImageMagick heap buffer overflow in sixel_decode

2018-03-02 CISEC:4019 Use after free in V8
  CISEC:4010 Universal Cross-Site Scripting in V8
  CISEC:4018 Stack buffer overflow in QUIC
  CISEC:4011 Out of bounds read in V8

2018-02-23 CISEC:3921 Windows IPSec Denial of Service Vulnerability
  CISEC:3913 Windows GDI Information Disclosure Vulnerability
  CISEC:3914 Windows Elevation of Privilege Vulnerability
  CISEC:3920 Windows Elevation of Privilege Vulnerability
  CISEC:3982 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure
  CISEC:3993 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:3987 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
  CISEC:3998 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
  CISEC:4001 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging (OpenSSL
  CISEC:3988 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3991 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3992 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3995 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3996 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3985 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB
  CISEC:3990 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS
  CISEC:3983 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:3986 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:4000 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:3989 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:3981 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
  CISEC:3984 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
  CISEC:3997 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition
  CISEC:3999 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition
  CISEC:3994 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:3960 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization
  CISEC:3908 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3909 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3910 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3911 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3912 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3903 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3904 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3905 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3906 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3907 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3958 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS
  CISEC:3954 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n
  CISEC:3953 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot
  CISEC:3957 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT
  CISEC:3951 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT
  CISEC:3955 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX
  CISEC:3952 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer
  CISEC:3956 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:3959 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:3947 Use of uninitialized value in Skia
  CISEC:3937 Use after free in PDFium
  CISEC:3949 Use after free in PDFium
  CISEC:3930 Use after free in libXML
  CISEC:3942 URL spoofing in Omnibox
  CISEC:3933 URL Spoof in Omnibox
  CISEC:3935 URL Spoof in Omnibox
  CISEC:3946 URL Spoof in Omnibox
  CISEC:3939 Unsafe navigation in Chromecast Plugin
  CISEC:3936 Type confusion in WebAssembly
  CISEC:3902 Scripting Engine Information Disclosure Vulnerability
  CISEC:3925 Rogue Data Cache Load Vulnerability
  CISEC:3941 Pointer information disclosure in IPC call
  CISEC:3940 Out of bounds write in Skia
  CISEC:3934 Out of bounds write in QUIC
  CISEC:3931 Out of bounds read in Blink
  CISEC:3918 OpenType Font Driver Information Disclosure Vulnerability
  CISEC:3919 OpenType Font Driver Elevation of Privilege Vulnerability
  CISEC:3932 Issue with SPAKE implementation in BoringSSL
  CISEC:3948 Integer overflow in ICU
  CISEC:3938 Insufficient blocking of JavaScript in Omnibox
  CISEC:3945 Heap buffer overflow in PDFium
  CISEC:3915 Guidance to mitigate speculative execution side-channel vulnerabilities
  CISEC:3950 Cross origin leak of redirect URL in Blink
  CISEC:3944 Cross origin information disclosure in Skia
  CISEC:3924 Branch Target Injection Vulnerability
  CISEC:3928 .NET Security Feature Bypass Vulnerability
  CISEC:3927 .NET and .NET Core Denial Of Service Vulnerability

2018-02-16 CISEC:3900 Windows Elevation of Privilege Vulnerability
  CISEC:3890 Microsoft Word Remote Code Execution Vulnerability
  CISEC:3891 Microsoft Word Remote Code Execution Vulnerability
  CISEC:3892 Microsoft Word Remote Code Execution Vulnerability
  CISEC:3896 Microsoft Word Remote Code Execution Vulnerability
  CISEC:3893 Microsoft Word Memory Corruption Vulnerability
  CISEC:3901 Microsoft Word Memory Corruption Vulnerability
  CISEC:3889 Microsoft Office Remote Code Execution Vulnerability
  CISEC:3898 Microsoft Office Remote Code Execution Vulnerability
  CISEC:3894 Microsoft Office Memory Corruption Vulnerability
  CISEC:3895 Microsoft Office Memory Corruption Vulnerability
  CISEC:3899 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:3897 Microsoft Access Tampering Vulnerability

2018-02-09 CISEC:3872 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:3883 Windows Information Disclosure Vulnerability
  CISEC:3884 Windows Information Disclosure Vulnerability
  CISEC:3886 Windows Information Disclosure Vulnerability
  CISEC:3882 Windows Elevation of Privilege Vulnerability
  CISEC:3885 Windows Elevation of Privilege Vulnerability
  CISEC:3860 Scripting Engine Security Feature Bypass
  CISEC:3853 Scripting Engine Memory Corruption Vulnerability
  CISEC:3855 Scripting Engine Memory Corruption Vulnerability
  CISEC:3856 Scripting Engine Memory Corruption Vulnerability
  CISEC:3857 Scripting Engine Memory Corruption Vulnerability
  CISEC:3858 Scripting Engine Memory Corruption Vulnerability
  CISEC:3859 Scripting Engine Memory Corruption Vulnerability
  CISEC:3862 Scripting Engine Memory Corruption Vulnerability
  CISEC:3863 Scripting Engine Memory Corruption Vulnerability
  CISEC:3864 Scripting Engine Memory Corruption Vulnerability
  CISEC:3865 Scripting Engine Memory Corruption Vulnerability
  CISEC:3866 Scripting Engine Memory Corruption Vulnerability
  CISEC:3867 Scripting Engine Memory Corruption Vulnerability
  CISEC:3869 Scripting Engine Memory Corruption Vulnerability
  CISEC:3870 Scripting Engine Memory Corruption Vulnerability
  CISEC:3854 Scripting Engine Information Disclosure Vulnerability
  CISEC:3887 Microsoft Word Remote Code Execution Vulnerability
  CISEC:3888 Microsoft Word Remote Code Execution Vulnerability
  CISEC:3850 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:3849 Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
  CISEC:3851 Microsoft Outlook Remote Code Execution Vulnerability
  CISEC:3852 Microsoft Outlook Remote Code Execution Vulnerability
  CISEC:3861 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3868 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:3871 Microsoft Color Management Information Disclosure Vulnerability

2018-02-02 CISEC:3833 Cumulative Security Update for Internet Explorer

2018-01-26 CISEC:3808 Windows RRAS Service Remote Code Execution Vulnerability
  CISEC:3811 Scripting Engine Memory Corruption Vulnerability
  CISEC:3812 Scripting Engine Memory Corruption Vulnerability
  CISEC:3813 Scripting Engine Memory Corruption Vulnerability
  CISEC:3814 Scripting Engine Memory Corruption Vulnerability
  CISEC:3816 Scripting Engine Memory Corruption Vulnerability
  CISEC:3818 Scripting Engine Memory Corruption Vulnerability
  CISEC:3819 Scripting Engine Memory Corruption Vulnerability
  CISEC:3820 Scripting Engine Memory Corruption Vulnerability
  CISEC:3821 Scripting Engine Memory Corruption Vulnerability
  CISEC:3815 Scripting Engine Information Disclosure Vulnerability
  CISEC:3817 Scripting Engine Information Disclosure Vulnerability
  CISEC:3807 Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:3822 Microsoft PowerPoint Information Disclosure Vulnerability
  CISEC:3806 Microsoft Office Information Disclosure Vulnerability
  CISEC:3810 Microsoft Exchange Spoofing Vulnerability

2018-01-19 CISEC:3789 Scripting Engine Memory Corruption Vulnerability
  CISEC:3790 Scripting Engine Memory Corruption Vulnerability
  CISEC:3791 Scripting Engine Memory Corruption Vulnerability
  CISEC:3792 Scripting Engine Memory Corruption Vulnerability
  CISEC:3794 Scripting Engine Memory Corruption Vulnerability
  CISEC:3795 Scripting Engine Memory Corruption Vulnerability
  CISEC:3796 Scripting Engine Memory Corruption Vulnerability
  CISEC:3797 Scripting Engine Memory Corruption Vulnerability
  CISEC:3798 Scripting Engine Memory Corruption Vulnerability
  CISEC:3799 Scripting Engine Memory Corruption Vulnerability
  CISEC:3793 Scripting Engine Information Disclosure Vulnerability
  CISEC:3802 Microsoft Windows Security Feature Bypass Vulnerability
  CISEC:3801 Microsoft Windows Information Disclosure Vulnerability
  CISEC:3803 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:3804 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:3805 Microsoft Excel Remote Code Execution Vulnerability
  CISEC:3800 Microsoft Edge Memory Corruption Vulnerability

2018-01-12 CVE-2014-7952 The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
  CISEC:3772 Scripting Engine Memory Corruption Vulnerability

2018-01-05 CISEC:3734 Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3736 Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3742 Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3738 Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3739 Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3740 Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3733 Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3743 Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3735 Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3737 Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3744 Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3741 Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3762 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability
  CISEC:3766 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability
  CISEC:3758 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability
  CISEC:3759 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability
  CISEC:3746 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3747 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3750 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3752 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3753 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3755 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3763 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability
  CISEC:3764 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability
  CISEC:3751 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3760 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3761 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3756 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3765 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3767 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3745 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
  CISEC:3748 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
  CISEC:3749 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
  CISEC:3754 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
  CISEC:3757 Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability

2017-12-29 CISEC:3713 Windows Wireless WPA Group Key Reinstallation Vulnerability
  CISEC:3721 Vulnerability in the MySQL Serverk component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3709 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:3718 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
  CISEC:3719 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
  CISEC:3710 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3707 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3717 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3722 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached
  CISEC:3720 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB
  CISEC:3723 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
  CISEC:3708 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:3706 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
  CISEC:3711 Vulnerability in MySQL Server 5.6.35 and earlier, 5.7.18 and earlier
  CISEC:3724 Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3725 Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3727 Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3726 Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3675 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3714 Microsoft Office Memory Corruption Vulnerability
  CISEC:3705 Microsoft Office Memory Corruption Vulnerability
  CISEC:3716 Microsoft Excel Security Feature Bypass Vulnerability
  CISEC:3715 Microsoft Excel Memory Corruption Vulnerability

2017-12-27 CVE-2015-7889 The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote...

2017-12-22 CISEC:3654 Windows Search Denial of Service Vulnerability
  CISEC:3648 Windows Media Player Information Disclosure Vulnerability
  CISEC:3653 Windows Kernel Information Disclosure Vulnerability
  CISEC:3655 Windows Kernel Information Disclosure Vulnerability
  CISEC:3656 Windows Kernel Information Disclosure Vulnerability
  CISEC:3657 Windows Kernel Information Disclosure Vulnerability
  CISEC:3658 Windows Kernel Information Disclosure Vulnerability
  CISEC:3642 Windows Information Disclosure Vulnerability
  CISEC:3644 Windows Information Disclosure Vulnerability
  CISEC:3652 Windows GDI Information Disclosure Vulnerability
  CISEC:3641 Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:3643 Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:3635 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS
  CISEC:3637 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc
  CISEC:3638 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:3636 Vulnerability in Java SE: 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3639 Stack overflow in V8
  CISEC:3669 Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3674 Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3684 Scripting Engine Memory Corruption Vulnerability
  CISEC:3682 Scripting Engine Memory Corruption Vulnerability
  CISEC:3683 Scripting Engine Memory Corruption Vulnerability
  CISEC:3685 Scripting Engine Information Disclosure Vulnerability
  CISEC:3677 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3678 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3679 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3680 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3681 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3659 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3660 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3665 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3666 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3667 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3668 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3661 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3662 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3663 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3664 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3670 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3671 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3672 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3673 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3676 Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3704 Microsoft Word Memory Corruption Vulnerability
  CISEC:3650 Microsoft Project Server Elevation of Privilege Vulnerability
  CISEC:3651 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:3649 Microsoft Browser Memory Corruption Vulnerability
  CISEC:3646 Internet Explorer Memory Corruption Vulnerability
  CISEC:3647 Internet Explorer Memory Corruption Vulnerability
  CISEC:3645 Internet Explorer Information Disclosure Vulnerability
  CISEC:3640 Device Guard Security Feature Bypass Vulnerability

2017-12-15 CISEC:3634 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO
  CISEC:3613 Scripting Engine Memory Corruption Vulnerability
  CISEC:3614 Scripting Engine Memory Corruption Vulnerability
  CISEC:3615 Scripting Engine Memory Corruption Vulnerability
  CISEC:3616 Scripting Engine Memory Corruption Vulnerability
  CISEC:3617 Scripting Engine Memory Corruption Vulnerability
  CISEC:3618 Scripting Engine Memory Corruption Vulnerability
  CISEC:3619 Scripting Engine Memory Corruption Vulnerability
  CISEC:3620 Scripting Engine Memory Corruption Vulnerability
  CISEC:3621 Scripting Engine Memory Corruption Vulnerability
  CISEC:3622 Scripting Engine Memory Corruption Vulnerability
  CISEC:3623 Scripting Engine Memory Corruption Vulnerability
  CISEC:3624 Scripting Engine Memory Corruption Vulnerability
  CISEC:3626 Scripting Engine Memory Corruption Vulnerability
  CISEC:3625 Scripting Engine Information Disclosure Vulnerability
  CISEC:3627 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3630 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3632 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3629 Microsoft Edge Memory Corruption Vulnerability
  CISEC:3628 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3631 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3633 Microsoft Edge Information Disclosure Vulnerability

2017-12-08 CISEC:3579 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:3577 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
  CISEC:3576 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
  CISEC:3578 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS
  CISEC:3553 Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:3554 Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:3555 Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:3575 Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:3573 Vulnerability in Java SE: 6u161, 7u151, 8u144; Java SE Embedded: 8u144
  CISEC:3562 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3563 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3565 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3567 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3574 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3564 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3566 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3568 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3569 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3570 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3571 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3572 Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3559 URL spoofing in OmniBox
  CISEC:3558 URL spoofing in extensions UI
  CISEC:3560 Referrer leak in Devtools
  CISEC:3557 Null pointer dereference in ImageCapture
  CISEC:3561 Incorrect registry key handling in PlatformIntegration
  CISEC:3544 Incorrect handling of picture ID in WebRTC
  CISEC:3556 Extension limitation bypass in Extensions
  CISEC:3550 Blink in Google Chrome
  CISEC:3545 An out-of-bounds read in V8
  CISEC:3547 An out-of-bounds read in V8
  CISEC:3546 An incorrect assumption about block structure in Blink
  CISEC:3543 Address spoofing in Omnibox
  CISEC:3548 A use after free in printing
  CISEC:3549 A use after free in Blink

2017-12-01 CISEC:3518 URL spoofing in OmniBox
  CISEC:3519 UI spoofing in Blink
  CISEC:3523 The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY...
  CISEC:3525 The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange
  CISEC:3520 Out of bounds write in Skia
  CISEC:3522 Out of bounds write in Skia
  CISEC:3521 Out of bounds read in Skia
  CISEC:3516 Heap overflow in libxml2
  CISEC:3517 Content security bypass
  CISEC:3524 An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites...

2017-11-24 CISEC:3502 UXSS with MHTML
  CISEC:3498 Use after free in WebAudio
  CISEC:3495 Use after free in PDFium
  CISEC:3503 Use after free in PDFium
  CISEC:3492 Use after free in Chrome Apps
  CISEC:3485 URL spoofing in OmniBox
  CISEC:3490 URL spoofing in OmniBox
  CISEC:3493 URL spoofing in OmniBox
  CISEC:3488 Uninitialized use in Skia
  CISEC:3489 Uninitialized use in Skia
  CISEC:3491 UI spoofing in payments dialog
  CISEC:3494 UI spoofing in browser
  CISEC:3486 Type confusion in PDFium
  CISEC:3512 The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message
  CISEC:3513 The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times
  CISEC:3514 The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths
  CISEC:3496 Out of bounds read in V8
  CISEC:3515 Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service
  CISEC:3511 Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service
  CISEC:3497 Incorrect stack manipulation in WebAssembly
  CISEC:3504 Heap overflow in WebGL
  CISEC:3501 Heap overflow in Skia

2017-11-17 CISEC:3426 Windows Update Delivery Optimization Elevation of Privilege Vulnerability
  CISEC:3421 Windows Subsystem for Linux Denial of Service Vulnerability
  CISEC:3465 Windows Storage Security Feature Bypass Vulnerability
  CISEC:3410 Windows SMB Remote Code Execution Vulnerability
  CISEC:3416 Windows SMB Information Disclosure Vulnerability
  CISEC:3466 Windows SMB Elevation of Privilege Vulnerability
  CISEC:3413 Windows SMB Denial of Service Vulnerability
  CISEC:3429 Windows Shell Remote Code Execution Vulnerability
  CISEC:3427 Windows Shell Memory Corruption Vulnerability
  CISEC:3432 Windows Security Feature Bypass Vulnerability
  CISEC:3431 Windows Search Remote Code Execution Vulnerability
  CISEC:3411 Windows Kernel Information Disclosure Vulnerability
  CISEC:3412 Windows Kernel Information Disclosure Vulnerability
  CISEC:3414 Windows Kernel Information Disclosure Vulnerability
  CISEC:3415 Windows Kernel Information Disclosure Vulnerability
  CISEC:3422 Windows Information Disclosure Vulnerability
  CISEC:3474 Windows GDI Information Disclosure Vulnerability
  CISEC:3424 Windows Elevation of Privilege Vulnerability
  CISEC:3428 Windows DNSAPI Remote Code Execution Vulnerability
  CISEC:3484 User information leak via SVG
  CISEC:3470 Use after free in V8
  CISEC:3441 Use after free in print preview
  CISEC:3445 Use after free in credit card autofill
  CISEC:3439 Use after free in Apps Bluetooth
  CISEC:3436 UI spoofing in Blink
  CISEC:3440 UI spoofing in Blink
  CISEC:3434 Type confusion in V8
  CISEC:3430 TRIE Remote Code Execution Vulnerability
  CISEC:3460 Skype for Business Elevation of Privilege Vulnerability
  CISEC:3447 Scripting Engine Memory Corruption Vulnerability
  CISEC:3448 Scripting Engine Memory Corruption Vulnerability
  CISEC:3449 Scripting Engine Memory Corruption Vulnerability
  CISEC:3450 Scripting Engine Memory Corruption Vulnerability
  CISEC:3451 Scripting Engine Memory Corruption Vulnerability
  CISEC:3452 Scripting Engine Memory Corruption Vulnerability
  CISEC:3453 Scripting Engine Memory Corruption Vulnerability
  CISEC:3454 Scripting Engine Memory Corruption Vulnerability
  CISEC:3455 Scripting Engine Memory Corruption Vulnerability
  CISEC:3456 Scripting Engine Memory Corruption Vulnerability
  CISEC:3457 Scripting Engine Memory Corruption Vulnerability
  CISEC:3417 Scripting Engine Memory Corruption Vulnerability
  CISEC:3418 Scripting Engine Memory Corruption Vulnerability
  CISEC:3419 Scripting Engine Memory Corruption Vulnerability
  CISEC:3420 Scripting Engine Memory Corruption Vulnerability
  CISEC:3438 Possible command injection in mailto handling
  CISEC:3444 Out of bounds read in V8
  CISEC:3425 Microsoft Windows Security Feature Bypass
  CISEC:3423 Microsoft Search Information Disclosure Vulnerability
  CISEC:3464 Microsoft Outlook Security Feature Bypass Vulnerability
  CISEC:3459 Microsoft Outlook Information Disclosure Vulnerability
  CISEC:3461 Microsoft Office SharePoint XSS Vulnerability
  CISEC:3462 Microsoft Office SharePoint XSS Vulnerability
  CISEC:3463 Microsoft Office SharePoint XSS Vulnerability
  CISEC:3467 Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:3468 Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:3472 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3473 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3446 Information leak in CSP reporting
  CISEC:3442 Heap buffer overflow in Skia
  CISEC:3435 Extension verification bypass
  CISEC:3437 Address spoofing in Omnibox

2017-11-10 CISEC:3397 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:3390 Win32k Elevation of Privilege Vulnerability
  CISEC:3391 Win32k Elevation of Privilege Vulnerability
  CISEC:3378 Use after free in PPAPI
  CISEC:3379 Use after free in IndexedDB
  CISEC:3384 UI spoofing in Blink
  CISEC:3386 Type confusion in extensions
  CISEC:3408 Scripting Engine Memory Corruption Vulnerability
  CISEC:3409 Scripting Engine Memory Corruption Vulnerability
  CISEC:3385 Out-of-bounds write in PDFium
  CISEC:3377 OpenSSL Security Bypass Vulnerability
  CISEC:3394 Microsoft Office Remote Code Execution Vulnerability
  CISEC:3395 Microsoft Office Memory Corruption Vulnerability
  CISEC:3392 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:3396 Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:3393 Microsoft Graphics Information Disclosure Vulnerability
  CISEC:3387 Internet Explorer Information Disclosure Vulnerability
  CISEC:3388 Internet Explorer Information Disclosure Vulnerability
  CISEC:3389 Internet Explorer Information Disclosure Vulnerability

2017-11-03 CISEC:3353 Remote Code Execution Vulnerability in Apache Tomcat 7.0.0 to 7.0.79
  CISEC:3358 RAR decompression memory corruption
  CISEC:3357 RAR Decompression Denial Of Service Vulnerability
  CISEC:3355 Out-of-bounds access in V8
  CISEC:3356 Out-of-bounds access in V8
  CISEC:3354 Information Disclosure Vulnerability in Apache Tomcat 7.0.0 to 7.0.80
  CISEC:3351 IBM WebSphere MQ and IBM MQ Appliance proliferation of channel agents causes denial of service
  CISEC:3352 IBM MQ Java clients might send a password in clear text
  CISEC:3311 IBM MQ cluster channel definition causes denial of service to cluster
  CISEC:3350 IBM MQ and IBM WebSphere MQ Trace enablement could cause denial of service
  CISEC:3310 IBM MQ administration command could cause denial of service

2017-10-27 CISEC:3264 Windows Shell Remote Code Execution Vulnerability
  CISEC:3267 Windows Security Feature Bypass Vulnerability
  CISEC:3257 Windows Information Disclosure Vulnerability
  CISEC:3256 Windows Elevation of Privilege Vulnerability
  CISEC:3270 Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:3268 Uniscribe Remote Code Execution Vulnerability
  CISEC:3259 Scripting Engine Memory Corruption Vulnerability
  CISEC:3260 Scripting Engine Memory Corruption Vulnerability
  CISEC:3261 Scripting Engine Memory Corruption Vulnerability
  CISEC:3262 Scripting Engine Memory Corruption Vulnerability
  CISEC:3263 Scripting Engine Memory Corruption Vulnerability
  CISEC:3269 Remote Desktop Virtual Host Remote Code Execution Vulnerability
  CISEC:3286 Plaintext Credentials Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
  CISEC:3251 Microsoft Office Publisher Remote Code Execution
  CISEC:3252 Microsoft Office Memory Corruption Vulnerability
  CISEC:3258 Microsoft Bluetooth Driver Spoofing Vulnerability
  CISEC:3280 Local Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
  CISEC:3254 Internet Explorer Spoofing Vulnerability
  CISEC:3253 Internet Explorer Memory Corruption Vulnerability
  CISEC:3255 Internet Explorer Memory Corruption Vulnerability
  CISEC:3309 IBM MQ Invalid channel protocol flows cause denial of service on HP-UX
  CISEC:3307 IBM MQ Channel data conversion denial of service
  CISEC:3308 IBM MQ and IBM WebSphere MQ invalid requests could cause denial of service to MQXR listener
  CISEC:3266 Device Guard Security Feature Bypass Vulnerability
  CISEC:3276 Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
  CISEC:3281 Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
  CISEC:3271 Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x
  CISEC:3278 Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600
  CISEC:3265 .NET Framework Remote Code Execution Vulnerability

2017-10-20 CISEC:3221 Windows GDI+ Information Disclosure Vulnerability
  CISEC:3236 Scripting Engine Memory Corruption Vulnerability
  CISEC:3240 Scripting Engine Memory Corruption Vulnerability
  CISEC:3241 Scripting Engine Memory Corruption Vulnerability
  CISEC:3242 Scripting Engine Memory Corruption Vulnerability
  CISEC:3245 Scripting Engine Memory Corruption Vulnerability
  CISEC:3247 Scripting Engine Memory Corruption Vulnerability
  CISEC:3248 Scripting Engine Memory Corruption Vulnerability
  CISEC:3246 Scripting Engine Information Disclosure Vulnerability
  CISEC:3222 PowerPoint Remote Code Execution Vulnerability
  CISEC:3228 PowerPoint Remote Code Execution Vulnerability
  CISEC:3237 NetBIOS Remote Code Execution Vulnerability
  CISEC:3226 Microsoft PDF Remote Code Execution Vulnerability
  CISEC:3229 Microsoft PDF Remote Code Execution Vulnerability
  CISEC:3233 Microsoft Office Memory Corruption Vulnerability
  CISEC:3234 Microsoft Office Memory Corruption Vulnerability
  CISEC:3235 Microsoft Office Memory Corruption Vulnerability
  CISEC:3219 Microsoft Graphics Component Remote Code Execution
  CISEC:3216 Microsoft Edge Spoofing Vulnerability
  CISEC:3215 Microsoft Edge Memory Corruption Vulnerability
  CISEC:3244 Microsoft Edge Memory Corruption Vulnerability
  CISEC:3214 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3243 Microsoft Browser Memory Corruption Vulnerability
  CISEC:3213 Microsoft Browser Information Disclosure Vulnerability
  CISEC:3223 Hyper-V Information Disclosure Vulnerability
  CISEC:3224 Hyper-V Information Disclosure Vulnerability
  CISEC:3230 Hyper-V Information Disclosure Vulnerability
  CISEC:3231 Hyper-V Information Disclosure Vulnerability
  CISEC:3232 Hyper-V Information Disclosure Vulnerability
  CISEC:3227 Hyper-V Denial of Service Vulnerability
  CISEC:3220 Graphics Component Information Disclosure Vulnerability
  CISEC:3238 Broadcom BCM43xx Remote Code Execution Vulnerability

2017-10-18 CVE-2014-3164 cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder...

2017-10-13 CISEC:3203 Windows Kernel Information Disclosure Vulnerability
  CISEC:3205 Windows Kernel Information Disclosure Vulnerability
  CISEC:3197 Windows Kernel Information Disclosure Vulnerability
  CISEC:3200 Windows Kernel Information Disclosure Vulnerability
  CISEC:3210 Windows GDI+ Information Disclosure Vulnerability
  CISEC:3211 Windows GDI+ Information Disclosure Vulnerability
  CISEC:3212 Windows GDI+ Information Disclosure Vulnerability
  CISEC:3204 Win32k Information Disclosure Vulnerability
  CISEC:3192 Win32k Information Disclosure Vulnerability
  CISEC:3196 Win32k Information Disclosure Vulnerability
  CISEC:3198 Win32k Information Disclosure Vulnerability
  CISEC:3199 Win32k Information Disclosure Vulnerability
  CISEC:3191 Win32k Graphics Remote Code Execution Vulnerability
  CISEC:3194 Win32k Graphics Information Disclosure Vulnerability
  CISEC:3193 Win32k Elevation of Privilege Vulnerability
  CISEC:3201 Win32k Elevation of Privilege Vulnerability
  CISEC:3159 Vulnerability in ImageMagick 7.0.5-8
  CISEC:3169 Vulnerability in ImageMagick 7.0.5-7
  CISEC:3175 Vulnerability in ImageMagick 7.0.5-7
  CISEC:3158 Vulnerability in ImageMagick 7.0.5-5
  CISEC:3160 Vulnerability in ImageMagick 7.0.5-5
  CISEC:3168 Vulnerability in ImageMagick 7.0.5-5
  CISEC:3172 Vulnerability in ImageMagick 7.0.5-5
  CISEC:3174 Vulnerability in ImageMagick 7.0.5-5
  CISEC:3163 Use of uninitialized value in Skia
  CISEC:3171 Use of uninitialized value in Skia
  CISEC:3162 Use after free in PDFium
  CISEC:3166 Type confusion in V8
  CISEC:3167 Type confusion in V8
  CISEC:3181 The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file
  CISEC:3186 The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file
  CISEC:3161 Potential HTTPS downgrade during redirect navigation
  CISEC:3202 Microsoft SharePoint XSS Vulnerability
  CISEC:3195 Microsoft SharePoint Cross Site Scripting Vulnerability
  CISEC:3189 Microsoft Exchange Information Disclosure Vulnerability
  CISEC:3187 Microsoft Exchange Cross-Site Scripting Vulnerability
  CISEC:3176 Microsoft Edge Spoofing Vulnerability
  CISEC:3208 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3179 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3207 Microsoft Edge Remote Code Execution Vulnerability
  CISEC:3206 Microsoft Edge Memory Corruption Vulnerability
  CISEC:3178 Microsoft Edge Memory Corruption Vulnerability
  CISEC:3209 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3177 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3173 Memory lifecycle issue in PDFium
  CISEC:3131 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3132 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3133 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3156 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3157 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3129 In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak
  CISEC:3121 In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak
  CISEC:3122 In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak
  CISEC:3123 In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak
  CISEC:3183 In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak
  CISEC:3124 In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak
  CISEC:3127 In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak
  CISEC:3180 In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak
  CISEC:3125 In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak
  CISEC:3128 In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak
  CISEC:3184 In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak
  CISEC:3126 In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak
  CISEC:3185 In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak
  CISEC:3130 In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak
  CISEC:3182 In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak
  CISEC:3155 Heap buffer overflow vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3170 Heap buffer overflow in WebGL
  CISEC:3165 Heap buffer overflow in Skia
  CISEC:3164 Bypass of Content Security Policy in Blink

2017-10-06 CISEC:3105 Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3098 Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3113 Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3109 Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3107 Office Remote Code Execution Vulnerability
  CISEC:3099 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3106 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3108 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3111 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3112 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3114 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3110 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3117 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3116 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3115 Information disclosure vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier

2017-09-29 CISEC:3081 Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3079 Vulnerability in Oracle Java SE: 7u141 and 8u131
  CISEC:3080 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3083 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3084 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3082 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
  CISEC:3054 RPCoRDMA dissector infinite loop
  CISEC:3075 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability
  CISEC:3055 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
  CISEC:3058 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
  CISEC:3068 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
  CISEC:3077 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
  CISEC:3057 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability
  CISEC:3069 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3070 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3071 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3073 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3074 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3056 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3059 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3061 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3064 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3065 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3066 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3067 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3078 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3060 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
  CISEC:3062 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
  CISEC:3063 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
  CISEC:3076 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability

2017-09-27 CVE-2015-1526 The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.
  CVE-2015-1537 Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.

2017-09-25 CVE-2014-0997 WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android...
  CVE-2011-4667 The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6),...
  CVE-2010-3050 Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
  CVE-2010-3049 Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).

2017-09-22 CISEC:3008 Windows NetBIOS Denial of Service Vulnerability
  CISEC:3010 Vulnerability in the MySQL Server
  CISEC:3047 Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3025 Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3037 Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3026 Type Confusion vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3000 Scripting Engine Memory Corruption Vulnerability
  CISEC:3001 Scripting Engine Memory Corruption Vulnerability
  CISEC:3002 Scripting Engine Memory Corruption Vulnerability
  CISEC:3009 Scripting Engine Memory Corruption Vulnerability
  CISEC:3013 Scripting Engine Memory Corruption Vulnerability
  CISEC:3019 Scripting Engine Memory Corruption Vulnerability
  CISEC:3046 Scripting Engine Memory Corruption Vulnerability
  CISEC:3048 Scripting Engine Memory Corruption Vulnerability
  CISEC:3018 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
  CISEC:3007 Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:3016 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3011 Microsoft Edge Memory Corruption Vulnerability
  CISEC:3012 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3014 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3015 Microsoft Edge Information Disclosure Vulnerability
  CISEC:3003 Microsoft Browser Memory Corruption Vulnerability
  CISEC:3004 Microsoft Browser Memory Corruption Vulnerability
  CISEC:3020 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3021 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3022 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3023 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3024 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3027 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3028 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3029 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3030 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3032 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3033 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3034 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3035 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3036 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3038 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3039 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3040 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3042 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3043 Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3044 Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3005 Internet Explorer Security Feature Bypass Vulnerability
  CISEC:3006 Internet Explorer Memory Corruption Vulnerability
  CISEC:3052 IMAP dissector crash
  CISEC:3053 DOF dissector infinite loop

2017-09-15 CISEC:2987 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:2988 Windows Subsystem for Linux Denial of Service Vulnerability
  CISEC:2959 Windows Search Remote Code Execution Vulnerability
  CISEC:2968 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:2980 Windows PDF Remote Code Execution Vulnerability
  CISEC:2985 Windows IME Remote Code Execution Vulnerability
  CISEC:2958 Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:2956 Windows Hyper-V Denial of Service Vulnerability
  CISEC:2974 Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:2986 Windows CLFS Elevation of Privilege Vulnerability
  CISEC:2957 Win32k Information Disclosure Vulnerability
  CISEC:2955 Win32k Elevation of Privilege Vulnerability
  CISEC:2983 Vulnerability in the MySQL Server
  CISEC:2972 Volume Manager Extension Driver Information Disclosure Vulnerability
  CISEC:2984 Scripting Engine Memory Corruption Vulnerability
  CISEC:2989 Scripting Engine Memory Corruption Vulnerability
  CISEC:2982 Scripting Engine Memory Corruption Vulnerability
  CISEC:2960 Scripting Engine Memory Corruption Vulnerability
  CISEC:2961 Scripting Engine Memory Corruption Vulnerability
  CISEC:2962 Scripting Engine Memory Corruption Vulnerability
  CISEC:2963 Scripting Engine Memory Corruption Vulnerability
  CISEC:2964 Scripting Engine Memory Corruption Vulnerability
  CISEC:2975 Scripting Engine Memory Corruption Vulnerability
  CISEC:2978 Scripting Engine Memory Corruption Vulnerability
  CISEC:2979 Scripting Engine Memory Corruption Vulnerability
  CISEC:2981 Scripting Engine Information Disclosure Vulnerability
  CISEC:2971 Microsoft Office SharePoint XSS Vulnerability
  CISEC:2969 Microsoft Office Outlook Security Feature Bypass Vulnerability
  CISEC:2967 Microsoft Office Outlook Memory Corruption Vulnerability
  CISEC:2973 Microsoft Office Outlook Information Disclosure Vulnerability
  CISEC:2976 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:2977 Microsoft Edge Elevation of Privilege Vulnerability
  CVE-2015-1527 Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.
  CISEC:2970 Express Compressed Fonts Remote Code Execution Vulnerability

2017-09-08 CISEC:2923 Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2924 Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2926 Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2927 Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2932 Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2925 Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2928 Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2929 Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2931 Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier
  CISEC:2930 Vulnerability in MySQL Cluster 7.3.5 and earlier
  CISEC:2938 Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131
  CISEC:2935 Vulnerability in Java SE: 7u141, 8u131
  CISEC:2933 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:2934 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:2936 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:2937 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
  CISEC:2940 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
  CISEC:2941 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
  CISEC:2939 Vulnerability in Java SE: 6u151, 7u141, 8u131
  CISEC:2942 Vulnerability in Java SE: 6u151, 7u141, 8u131
  CISEC:2843 Unspecified vulnerability in Oracle Java SE 8u131
  CISEC:2847 Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2838 Unspecified vulnerability in Oracle Java SE 7u141, and 8u131
  CISEC:2839 Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14
  CISEC:2841 Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2842 Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2845 Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2846 Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2840 Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131
  CISEC:2844 Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131

2017-09-01 CISEC:2867 WBXML dissector infinite loop
  CISEC:2850 Vulnerability in the MySQL Server
  CISEC:2853 Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2857 Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2859 Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2861 Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2862 Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2858 Vulnerability in Oracle MySQL 5.7.16 and earlier
  CISEC:2854 Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2860 Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2855 Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2856 Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2852 Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:2848 Scripting Engine Memory Corruption Vulnerability
  CISEC:2849 Scripting Engine Memory Corruption Vulnerability
  CISEC:2864 Scripting Engine Memory Corruption Vulnerability
  CISEC:2865 Scripting Engine Memory Corruption Vulnerability
  CISEC:2866 Scripting Engine Memory Corruption Vulnerability
  CISEC:2863 NetScaler file parser infinite loop
  CISEC:2851 Microsoft Browser Security Feature Bypass

2017-08-25 CISEC:2816 Windows PowerShell Remote Code Execution Vulnerability
  CISEC:2802 Windows IME Elevation of Privilege Vulnerability
  CISEC:2795 Windows Explorer Remote Code Execution Vulnerability
  CISEC:2796 Windows Elevation of Privilege Vulnerability
  CISEC:2803 Windows CLFS Elevation of Privilege Vulnerability
  CISEC:2799 Windows ALPC Elevation of Privilege Vulnerability
  CISEC:2827 Use after free in Blink
  CISEC:2798 SharePoint Server XSS Vulnerability
  CISEC:2837 Scripting Engine Memory Corruption Vulnerability
  CISEC:2805 Scripting Engine Memory Corruption Vulnerability
  CISEC:2806 Scripting Engine Memory Corruption Vulnerability
  CISEC:2817 Scripting Engine Memory Corruption Vulnerability
  CISEC:2818 Scripting Engine Memory Corruption Vulnerability
  CISEC:2819 Scripting Engine Memory Corruption Vulnerability
  CISEC:2820 Scripting Engine Memory Corruption Vulnerability
  CISEC:2801 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2813 Local Information Disclosure Vulnerability in ImageMagick before 7.0.5-2
  CISEC:2809 Local Denial of Service Vulnerability in ImageMagick 7.0.5-7
  CISEC:2825 Incorrect UI in Blink
  CISEC:2824 Incorrect signature handing in Networking
  CISEC:2797 Https.sys Information Disclosure Vulnerability
  CISEC:2804 HoloLens Remote Code Execution Vulnerability
  CISEC:2828 Heap overflow in Skia
  CISEC:2800 DirectX Elevation of Privilege Vulnerability
  CISEC:2812 Denial of Service Vulnerability in ImageMagick 7.0.5-7
  CISEC:2808 Denial of Service Vulnerability in ImageMagick 7.0.5-6
  CISEC:2811 Denial of Service Vulnerability in ImageMagick 7.0.5-6
  CISEC:2815 Denial of Service Vulnerability in ImageMagick 7.0.5-6
  CISEC:2807 Denial of Service Vulnerability in ImageMagick 7.0.5-5
  CISEC:2810 Denial of Service Vulnerability in ImageMagick 7.0.5-5
  CISEC:2814 Denial of Service Vulnerability in ImageMagick 7.0.5-5
  CISEC:2826 Cross-origin bypass in Blink

2017-08-18 CISEC:2781 WordPad Remote Code Execution Vulnerability
  CISEC:2757 Windows System Information Console Information Disclosure Vulnerability
  CISEC:2782 Windows Search Remote Code Execution Vulnerability
  CISEC:2756 Windows Performance Monitor Information Disclosure Vulnerability
  CISEC:2751 Windows Kernel Information Disclosure Vulnerability
  CISEC:2749 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2742 Windows Explorer Denial of Service Vulnerability
  CISEC:2745 Win32k Information Disclosure Vulnerability
  CISEC:2747 Win32k Information Disclosure Vulnerability
  CISEC:2743 Win32k Elevation of Privilege Vulnerability
  CISEC:2744 Win32k Elevation of Privilege Vulnerability
  CISEC:2746 Win32k Elevation of Privilege Vulnerability
  CISEC:2748 Win32k Elevation of Privilege Vulnerability
  CISEC:2750 Win32k Elevation of Privilege Vulnerability
  CISEC:2775 Scripting Engine Memory Corruption Vulnerability
  CISEC:2779 Scripting Engine Memory Corruption Vulnerability
  CISEC:2729 Office Remote Code Execution Vulnerability
  CISEC:2730 Office Remote Code Execution Vulnerability
  CISEC:2731 Office Remote Code Execution Vulnerability
  CISEC:2732 Office Remote Code Execution Vulnerability
  CISEC:2738 Microsoft Office Remote Code Execution Vulnerability
  CISEC:2739 Microsoft Office Remote Code Execution Vulnerability
  CISEC:2740 Microsoft Office Memory Corruption Vulnerability
  CISEC:2741 Microsoft Office Memory Corruption Vulnerability
  CISEC:2761 Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:2758 Microsoft Graphics Component Elevation of Privilege Vulnerability
  CISEC:2759 Microsoft Graphics Component Elevation of Privilege Vulnerability
  CISEC:2760 Microsoft Graphics Component Elevation of Privilege Vulnerability
  CISEC:2762 Microsoft Graphics Component Elevation of Privilege Vulnerability
  CISEC:2733 Microsoft Exchange Open Redirect Vulnerability
  CISEC:2734 Microsoft Exchange Cross-Site Scripting Vulnerability
  CISEC:2736 Microsoft Exchange Cross-Site Scripting Vulnerability
  CISEC:2776 Microsoft Edge Spoofing Vulnerability
  CISEC:2777 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2778 Microsoft Edge Remote Code Execution Vulnerability
  CISEC:2752 Microsoft Browser Security Feature Bypass
  CISEC:2755 Kerberos SNAME Security Feature Bypass Vulnerability
  CISEC:2780 Internet Explorer Memory Corruption Vulnerability
  CISEC:2763 In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference
  CISEC:2772 In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash
  CISEC:2768 In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer
  CISEC:2769 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop
  CISEC:2773 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash
  CISEC:2764 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory
  CISEC:2765 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer
  CISEC:2774 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop
  CISEC:2767 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop
  CISEC:2766 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer
  CISEC:2771 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero
  CISEC:2770 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop
  CISEC:2754 .NET Denial of Service Vulnerability

2017-08-11 CISEC:2719 WSP infinite loop in Wireshark
  CISEC:2718 RTMPT dissector infinite loop in Wireshark
  CISEC:2722 NetScaler file parser infinite loop in Wireshark
  CISEC:2727 Netscaler file parser infinite loop in Wireshark
  CISEC:2723 NetScaler file parser crash in Wireshark
  CISEC:2713 NCP dissector crash in Wireshark
  CISEC:2725 LDSS dissector crash in Wireshark
  CISEC:2716 K12 file parser crash in Wireshark
  CISEC:2720 IAX2 infinite loop in Wireshark
  CISEC:2726 DHCPv6 large loop in Wireshark
  CISEC:2715 Denial of Service Vulnerability in Wireshark 2.2.7
  CISEC:2721 Denial of Service Vulnerability in Wireshark 2.2.7
  CISEC:2724 Denial of Service Vulnerability in Wireshark 2.2.7
  CISEC:2714 Denial of Service Vulnerability in Wireshark
  CISEC:2728 Bluetooth L2CAP dissector crash in Wireshark
  CISEC:2717 ASTERIX infinite loop in Wireshark

2017-08-07 CISEC:2697 Windows VAD Cloning Denial of Service Vulnerability
  CISEC:2687 Windows Security Feature Bypass Vulnerability
  CISEC:2677 Windows Kernel Information Disclosure Vulnerability
  CISEC:2678 Windows Kernel Information Disclosure Vulnerability
  CISEC:2684 Windows Kernel Information Disclosure Vulnerability
  CISEC:2690 Windows Elevation of Privilege Vulnerability
  CISEC:2694 Windows Default Folder Tampering Vulnerability
  CISEC:2691 Windows Cursor Elevation of Privilege Vulnerability
  CISEC:2692 Windows COM Session Elevation of Privilege Vulnerability
  CVE-2015-3839 The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).
  CISEC:2686 Sandbox Escape in IndexedDB vulnerability in Google Chrome versions
  CISEC:2698 Microsoft SharePoint Reflective XSS Vulnerability
  CISEC:2683 Hypervisor Code Integrity Elevation of Privilege Vulnerability
  CISEC:2685 GDI Information Disclosure Vulnerablity
  CISEC:2688 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:2689 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:2693 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:2695 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:2696 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

2017-08-02 CVE-2012-5030 Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.

2017-07-28 CISEC:2665 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:2667 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:2662 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2666 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2668 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2670 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2671 Windows TDX Elevation of Privilege Vulnerability
  CISEC:2674 Windows Remote Code Execution Vulnerability
  CISEC:2669 Windows PDF Remote Code Execution Vulnerability
  CISEC:2672 Windows PDF Remote Code Execution Vulnerability
  CISEC:2664 Windows PDF Information Disclosure Vulnerability
  CISEC:2629 Windows Kernel Information Disclosure Vulnerability
  CISEC:2631 Windows Kernel Information Disclosure Vulnerability
  CISEC:2632 Windows Kernel Information Disclosure Vulnerability
  CISEC:2633 Windows Kernel Information Disclosure Vulnerability
  CISEC:2634 Windows Kernel Information Disclosure Vulnerability
  CISEC:2635 Windows Kernel Information Disclosure Vulnerability
  CISEC:2636 Windows Kernel Information Disclosure Vulnerability
  CISEC:2637 Windows Kernel Information Disclosure Vulnerability
  CISEC:2638 Windows Kernel Information Disclosure Vulnerability
  CISEC:2639 Windows Kernel Information Disclosure Vulnerability
  CISEC:2640 Windows Kernel Information Disclosure Vulnerability
  CISEC:2641 Windows Kernel Information Disclosure Vulnerability
  CISEC:2642 Windows Kernel Information Disclosure Vulnerability
  CISEC:2643 Windows Kernel Information Disclosure Vulnerability
  CISEC:2644 Windows Kernel Information Disclosure Vulnerability
  CISEC:2630 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2604 Win32k Information Disclosure Vulnerability
  CISEC:2605 Win32k Information Disclosure Vulnerability
  CISEC:2606 Win32k Information Disclosure Vulnerability
  CISEC:2608 Win32k Information Disclosure Vulnerability
  CISEC:2609 Win32k Information Disclosure Vulnerability
  CISEC:2610 Win32k Information Disclosure Vulnerability
  CISEC:2611 Win32k Information Disclosure Vulnerability
  CISEC:2603 Win32k Elevation of Privilege Vulnerability
  CISEC:2607 Win32k Elevation of Privilege Vulnerability
  CISEC:2628 Win32k Elevation of Privilege Vulnerability
  CISEC:2663 Skype for Business Remote Code Execution Vulnerability
  CISEC:2675 Microsoft SharePoint XSS vulnerability
  CISEC:2673 Microsoft PowerPoint Remote Code Execution Vulnerability

2017-07-21 CISEC:2538 Windows Search Remote Code Execution Vulnerability
  CISEC:2543 Windows Search Remote Code Execution Vulnerability
  CISEC:2542 Windows Search Information Disclosure Vulnerability
  CISEC:2573 Windows Graphics Remote Code Execution Vulnerability
  CISEC:2571 Windows Graphics Information Disclosure Vulnerability
  CISEC:2572 Windows Graphics Information Disclosure Vulnerability
  CISEC:2574 Windows Graphics Information Disclosure Vulnerability
  CISEC:2575 Windows Graphics Information Disclosure Vulnerability
  CISEC:2576 Windows Graphics Information Disclosure Vulnerability
  CISEC:2577 Windows Graphics Information Disclosure Vulnerability
  CISEC:2578 Windows Graphics Information Disclosure Vulnerability
  CISEC:2541 Use after free in Chrome Apps
  CISEC:2535 URL spoofing in Omnibox
  CISEC:2536 URL spoofing in Omnibox
  CISEC:2544 URL spoofing in Omnibox
  CISEC:2540 Type confusion in PDFium
  CISEC:2537 Type confusion in Blink
  CISEC:2525 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2528 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2530 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2531 Microsoft Edge Memory Corruption Vulnerability
  CISEC:2532 Microsoft Edge Memory Corruption Vulnerability
  CISEC:2526 Microsoft Edge Information Disclosure Vulnerability
  CISEC:2527 Microsoft Edge Information Disclosure Vulnerability
  CISEC:2529 Microsoft Browser Information Disclosure Vulnerability
  CISEC:2533 Internet Explorer Memory Corruption Vulnerability
  CISEC:2534 Internet Explorer Memory Corruption Vulnerability
  CISEC:2539 Heap use after free in Print Preview

2017-07-18 CISEC:2753 RHSA-2016:2098 -- kernel security update

2017-07-14 CISEC:2508 Scripting Engine Memory Corruption Vulnerability
  CISEC:2509 Scripting Engine Memory Corruption Vulnerability
  CISEC:2510 Scripting Engine Memory Corruption Vulnerability
  CISEC:2511 Scripting Engine Memory Corruption Vulnerability
  CISEC:2512 Scripting Engine Memory Corruption Vulnerability
  CISEC:2513 Scripting Engine Memory Corruption Vulnerability
  CISEC:2506 Scripting Engine Memory Corruption Vulnerability
  CISEC:2507 Scripting Engine Memory Corruption Vulnerability

2017-07-07 CISEC:2425 XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2429 V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CVE-2014-7953 Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target...
  CISEC:2432 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2417 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2431 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2416 Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2418 Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2419 Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2424 Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2427 Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation
  CVE-2014-7954 Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files...
  CISEC:2423 Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView
  CISEC:2428 Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2420 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2421 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2422 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2426 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2430 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux

2017-06-30 CISEC:2406 Use after free in PDFium
  CISEC:2408 Use after free in PDFium
  CISEC:2409 Use after free in PDFium
  CISEC:2414 Use after free in GuestView
  CISEC:2404 Use after free in ANGLE
  CISEC:2411 Out of bounds write in PDFium
  CISEC:2413 Multiple out of bounds writes in ChunkDemuxer
  CISEC:2401 Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2402 Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2399 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:2407 Memory corruption in V8
  CISEC:2412 Integer overflow in libxslt
  CISEC:2405 Information disclosure in V8
  CISEC:2410 Incorrect security UI in Omnibox
  CISEC:2403 Bypass of Content Security Policy in Blink

2017-06-28 CISEC:2627 Security Update for Windows Vista, Windows Server 2008
  CISEC:2621 Security Update for Windows Server 2008, Windows Vista for x64-based Systems
  CISEC:2612 Security Update for Microsoft Office 2007
  CISEC:2616 April, 2017 Security Only Quality Update for Windows Server 2012
  CISEC:2620 April, 2017 Security Only Quality Update for Windows 7 for x64-based Systems
  CISEC:2625 April, 2017 Security Only Quality Update for Windows 7
  CISEC:2622 April, 2017 Security Monthly Quality Rollup for Windows Server 2012
  CISEC:2615 April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems
  CISEC:2617 April, 2017 Security Monthly Quality Rollup for Windows 7

2017-06-27 CVE-2015-3840 The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

2017-06-23 CISEC:2377 Windows Kernel Information Disclosure Vulnerability
  CISEC:2378 Windows Kernel Information Disclosure Vulnerability
  CISEC:2379 Windows Kernel Information Disclosure Vulnerability
  CISEC:2384 Windows Kernel Information Disclosure Vulnerability
  CISEC:2380 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2373 Windows Hyper-V vSMB Elevation of Privilege Vulnerability
  CISEC:2385 Windows GDI Information Disclosure Vulnerability
  CISEC:2390 Windows DNS Server Denial of Service Vulnerability
  CISEC:2375 Windows COM Elevation of Privilege Vulnerability
  CISEC:2376 Windows COM Elevation of Privilege Vulnerability
  CISEC:2383 Win32k Information Disclosure Vulnerability
  CISEC:2381 Win32k Elevation of Privilege Vulnerability
  CISEC:2382 Win32k Elevation of Privilege Vulnerability
  CISEC:2389 Microsoft SharePoint XSS Vulnerability
  CISEC:2394 Microsoft Office Remote Code Execution Vulnerability
  CISEC:2392 Microsoft Office Memory Corruption Vulnerability
  CISEC:2372 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2391 Microsoft ActiveX Information Disclosure Vulnerability
  CISEC:2374 Dxgkrnl.sys Elevation of Privilege Vulnerability
  CISEC:2393 .Net Security Feature Bypass Vulnerability

2017-06-16 CISEC:2338 Windows SMB Remote Code Execution Vulnerability
  CISEC:2342 Windows SMB Remote Code Execution Vulnerability
  CISEC:2344 Windows SMB Remote Code Execution Vulnerability
  CISEC:2347 Windows SMB Remote Code Execution Vulnerability
  CISEC:2337 Windows SMB Information Disclosure Vulnerability
  CISEC:2339 Windows SMB Information Disclosure Vulnerability
  CISEC:2340 Windows SMB Information Disclosure Vulnerability
  CISEC:2343 Windows SMB Information Disclosure Vulnerability
  CISEC:2334 Windows SMB Information Disclosure Vulnerability
  CISEC:2336 Windows SMB Information Disclosure Vulnerability
  CISEC:2346 Windows SMB Information Disclosure Vulnerability
  CISEC:2341 Windows SMB Denial of Service Vulnerability
  CISEC:2345 Windows SMB Denial of Service Vulnerability
  CISEC:2335 Windows SMB Denial of Service Vulnerability
  CISEC:2352 Scripting Engine Memory Corruption Vulnerability
  CISEC:2353 Scripting Engine Memory Corruption Vulnerability
  CISEC:2354 Scripting Engine Memory Corruption Vulnerability
  CISEC:2355 Scripting Engine Memory Corruption Vulnerability
  CISEC:2357 Scripting Engine Memory Corruption Vulnerability
  CISEC:2359 Scripting Engine Memory Corruption Vulnerability
  CISEC:2360 Scripting Engine Memory Corruption Vulnerability
  CISEC:2361 Scripting Engine Memory Corruption Vulnerability
  CISEC:2365 Scripting Engine Memory Corruption Vulnerability
  CISEC:2332 Microsoft Office Remote Code Execution Vulnerability
  CISEC:2333 Microsoft Office Remote Code Execution Vulnerability
  CISEC:2362 Microsoft Edge Remote Code Execution Vulnerability
  CISEC:2351 Microsoft Edge Memory Corruption Vulnerability
  CISEC:2363 Microsoft Edge Memory Corruption Vulnerability
  CISEC:2364 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:2350 Microsoft Browser Spoofing Vulnerability
  CISEC:2366 Internet Explorer Security Feature Bypass Vulnerability
  CISEC:2356 Internet Explorer Memory Corruption Vulnerability
  CISEC:2358 Internet Explorer Memory Corruption Vulnerability
  CISEC:2349 Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

2017-06-14 CISEC:2505 Vulnerable version of JetBrains TeamCity

2017-06-09 CISEC:2269 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2270 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2271 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2272 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2273 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2274 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2275 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2276 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2277 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2278 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2279 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2280 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2281 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2282 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2283 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2284 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2285 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2286 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2287 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2288 Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier

2017-06-08 CVE-2014-7919 b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).

2017-06-06 CVE-2015-3830 The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.
  CVE-2014-9929 In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.
  CVE-2014-9930 In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9927 In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9949 In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.
  CVE-2015-9005 In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
  CVE-2014-9947 In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist.
  CVE-2014-9951 In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.
  CVE-2014-9948 In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.
  CVE-2014-9945 In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
  CVE-2015-9007 In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
  CVE-2014-9944 In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
  CVE-2014-9952 In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.
  CVE-2014-9941 In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
  CVE-2015-9006 In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
  CVE-2014-9923 In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9925 In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9926 In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9928 In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9950 In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
  CVE-2014-9946 In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9943 In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.
  CVE-2014-9942 In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.
  CVE-2014-9924 In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.

2017-06-02 CISEC:2235 Scripting Engine Memory Corruption Vulnerability
  CISEC:2222 libjpeg Information Disclosure Vulnerability
  CISEC:2232 LDAP Elevation of Privilege Vulnerability
  CISEC:2224 Hyper-V Remote Code Execution Vulnerability
  CISEC:2226 Hyper-V Remote Code Execution Vulnerability
  CISEC:2229 Hyper-V Remote Code Execution Vulnerability
  CISEC:2239 Hyper-V Remote Code Execution Vulnerability
  CISEC:2225 Hyper-V Information Disclosure Vulnerability
  CISEC:2231 Hyper-V Information Disclosure Vulnerability
  CISEC:2227 Hyper-V Denial of Service Vulnerability
  CISEC:2228 Hyper-V Denial of Service Vulnerability
  CISEC:2230 Hyper-V Denial of Service Vulnerability
  CISEC:2233 Hyper-V Denial of Service Vulnerability
  CISEC:2234 Hyper-V Denial of Service Vulnerability
  CISEC:2236 Hyper-V Denial of Service Vulnerability
  CISEC:2237 Hyper-V Denial of Service Vulnerability
  CISEC:2250 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2256 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2242 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2251 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2252 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2255 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2264 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2266 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2257 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2260 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2261 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2267 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2240 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2243 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2244 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2258 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability
  CISEC:2246 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2248 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2265 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2245 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2247 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2249 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2253 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2254 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2262 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2263 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2241 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2223 ADFS Security Feature Bypass Vulnerability
  CISEC:2238 Active Directory Denial of Service Vulnerability

2017-05-26 CISEC:2195 Windows Elevation of Privilege Vulnerability
  CISEC:2194 Windows Denial of Service Vulnerability
  CISEC:2215 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2216 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2217 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2211 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption
  CISEC:2209 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
  CISEC:2212 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:2210 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API
  CISEC:2218 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump
  CISEC:2179 Vulnerability in the MySQL Cluster 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier – CVE-2016-3304
  CISEC:2176 Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2177 Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2182 Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2189 Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2191 Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2193 Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2190 Vulnerability in Oracle MySQL 5.7.11 to 5.7.17
  CISEC:2183 Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2192 Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2184 Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2185 Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2186 Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2187 Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2178 Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2188 Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2180 Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier
  CISEC:2181 Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.20 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:2206 Vulnerability in Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JCE
  CISEC:2221 Vulnerability in Java SE: 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT
  CISEC:2214 Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking
  CISEC:2220 Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking
  CISEC:2219 Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JAXP
  CISEC:2208 Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Security
  CISEC:2207 Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Networking
  CISEC:2213 Vulnerability in Java SE: 6u141, 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT
  CISEC:2174 Microsoft Office XSS Elevation of Privilege Vulnerability
  CISEC:2175 Microsoft Office XSS Elevation of Privilege Vulnerability
  CISEC:2204 ATMFD.dll Information Disclosure Vulnerability
  CISEC:2205 .NET Remote Code Execution Vulnerability

2017-05-19 CISEC:2171 Windows OLE Elevation of Privilege Vulnerability
  CISEC:2161 Windows Kernel Information Disclosure Vulnerability
  CISEC:2130 Windows HelpPane Elevation of Privilege Vulnerability
  CISEC:2163 Windows Graphics Elevation of Privilege Vulnerability
  CISEC:2165 Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:2126 Windows DNS Query Information Disclosure Vulnerability
  CISEC:2128 Windows DLL Loading Remote Code Execution Vulnerability
  CISEC:2170 Win32k Information Disclosure Vulnerability
  CISEC:2162 Win32k Information Disclosure Vulnerability
  CISEC:2169 Win32k Elevation of Privilege Vulnerability
  CISEC:2127 SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability
  CISEC:2155 Scripting Engine Memory Corruption Vulnerability
  CISEC:2156 Scripting Engine Memory Corruption Vulnerability
  CISEC:2158 Scripting Engine Information Disclosure Vulnerability
  CISEC:2164 Microsoft Outlook Remote Code Execution Vulnerability
  CISEC:2160 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API
  CISEC:2168 Microsoft Office Security Feature Bypass Vulnerability
  CISEC:2173 Microsoft Office Memory Corruption Vulnerability
  CISEC:2135 Microsoft Exchange Server Elevation of Privilege Vulnerability
  CISEC:2159 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2152 Microsoft Edge Memory Corruption Vulnerability
  CISEC:2154 Microsoft Edge Memory Corruption Vulnerability
  CISEC:2131 iSNS Server Memory Corruption Vulnerability
  CISEC:2153 Internet Explorer Memory Corruption Vulnerability
  CISEC:2157 Internet Explorer Elevation of Privilege Vulnerability
  CISEC:2129 Device Guard Security Feature Bypass Vulnerability

2017-05-16 CVE-2014-9932 In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.
  CVE-2014-9933 Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.
  CVE-2014-9934 A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.
  CVE-2014-9931 A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.

2017-05-14 CISEC:2367 Security Update for Windows XP
  CISEC:2369 Security Update for Windows Server 2003 for x64-based Systems
  CISEC:2370 Security Update for Windows Server 2003
  CISEC:2371 Security Update for Windows 8 for x64-based Systems
  CISEC:2368 Security Update for Windows 8

2017-05-12 CISEC:2089 Windows SMB Remote Code Execution Vulnerability
  CISEC:2094 Windows SMB Remote Code Execution Vulnerability
  CISEC:2095 Windows SMB Remote Code Execution Vulnerability
  CISEC:2096 Windows SMB Remote Code Execution Vulnerability
  CISEC:2099 Windows SMB Remote Code Execution Vulnerability
  CISEC:2101 Windows SMB Remote Code Execution Vulnerability
  CISEC:2090 Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:2106 Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:2100 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:2098 Windows GDI+ Information Disclosure Vulnerability
  CISEC:2103 Windows GDI+ Information Disclosure Vulnerability
  CISEC:2105 Windows GDI+ Information Disclosure Vulnerability
  CISEC:2093 Windows GDI Elevation of Privilege Vulnerability
  CISEC:2097 Windows GDI Elevation of Privilege Vulnerability
  CISEC:2104 Windows GDI Elevation of Privilege Vulnerability
  CISEC:2107 Windows DVD Maker Cross-Site Request Forgery Vulnerability
  CISEC:2081 Windows DirectShow Information Disclosure Vulnerability
  CISEC:2125 Microsoft SharePoint XSS Vulnerability
  CISEC:2115 Microsoft Office Memory Corruption Vulnerability
  CISEC:2116 Microsoft Office Memory Corruption Vulnerability
  CISEC:2117 Microsoft Office Memory Corruption Vulnerability
  CISEC:2118 Microsoft Office Memory Corruption Vulnerability
  CISEC:2120 Microsoft Office Memory Corruption Vulnerability
  CISEC:2123 Microsoft Office Memory Corruption Vulnerability
  CISEC:2124 Microsoft Office Memory Corruption Vulnerability
  CISEC:2119 Microsoft Office Information Disclosure Vulnerability
  CISEC:2121 Microsoft Office Information Disclosure Vulnerability
  CISEC:2122 Microsoft Office Denial of Service Vulnerability
  CISEC:2114 Microsoft IIS Server XSS Elevation of Privilege Vulnerability
  CISEC:2074 Microsoft Hyper-V Network Switch Denial of Service Vulnerability
  CISEC:2091 Microsoft Color Management Information Disclosure Vulnerability
  CISEC:2092 Microsoft Color Management Information Disclosure Vulnerability
  CISEC:2080 Microsoft Active Directory Federation Services Information Disclosure Vulnerability
  CISEC:2075 Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:2078 Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:2069 Hyper-V Remote Code Execution Vulnerability
  CISEC:2076 Hyper-V Remote Code Execution Vulnerability
  CISEC:2071 Hyper-V Information Disclosure Vulnerability
  CISEC:2070 Hyper-V Denial of Service Vulnerability
  CISEC:2072 Hyper-V Denial of Service Vulnerability
  CISEC:2073 Hyper-V Denial of Service Vulnerability
  CISEC:2077 Hyper-V Denial of Service Vulnerability
  CISEC:2079 Hyper-V Denial of Service Vulnerability

2017-05-05 CISEC:2061 Win32k Elevation of Privilege Vulnerability
  CISEC:2062 Win32k Elevation of Privilege Vulnerability
  CISEC:2063 Win32k Elevation of Privilege Vulnerability
  CISEC:2064 Win32k Elevation of Privilege Vulnerability
  CISEC:2065 Win32k Elevation of Privilege Vulnerability
  CISEC:2066 Win32k Elevation of Privilege Vulnerability
  CISEC:2067 Win32k Elevation of Privilege Vulnerability
  CISEC:2068 Win32k Elevation of Privilege Vulnerability

2017-05-02 CVE-2014-9940 The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
  CVE-2015-9004 kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

2017-04-28 CISEC:2059 Windows Registry Elevation of Privilege Vulnerability
  CISEC:2057 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2060 Windows GDI Elevation of Privilege Vulnerability
  CISEC:2056 Windows Elevation of Privilege Vulnerability
  CISEC:2058 Windows Elevation of Privilege Vulnerability

2017-04-24 CVE-2010-1776 Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe...

2017-04-21 CISEC:1970 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1972 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1976 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1977 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1980 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1988 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1989 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1991 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1969 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1971 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1973 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1974 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1975 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1978 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1979 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1981 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1982 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1983 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1984 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1985 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1986 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1987 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1990 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1992 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1993 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1994 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1995 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1996 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1997 Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2006 Scripting Engine Memory Corruption Vulnerability
  CISEC:2011 Scripting Engine Memory Corruption Vulnerability
  CISEC:2012 Scripting Engine Memory Corruption Vulnerability
  CISEC:2013 Scripting Engine Memory Corruption Vulnerability
  CISEC:2014 Scripting Engine Memory Corruption Vulnerability
  CISEC:2016 Scripting Engine Memory Corruption Vulnerability
  CISEC:2017 Scripting Engine Memory Corruption Vulnerability
  CISEC:2018 Scripting Engine Memory Corruption Vulnerability
  CISEC:2020 Scripting Engine Memory Corruption Vulnerability
  CISEC:2021 Scripting Engine Memory Corruption Vulnerability
  CISEC:2023 Scripting Engine Memory Corruption Vulnerability
  CISEC:2024 Scripting Engine Memory Corruption Vulnerability
  CISEC:2027 Scripting Engine Memory Corruption Vulnerability
  CISEC:2031 Scripting Engine Memory Corruption Vulnerability
  CISEC:2033 Scripting Engine Memory Corruption Vulnerability
  CISEC:2036 Scripting Engine Memory Corruption Vulnerability
  CISEC:2038 Scripting Engine Memory Corruption Vulnerability
  CISEC:2001 Scripting Engine Memory Corruption Vulnerability
  CISEC:2004 Scripting Engine Memory Corruption Vulnerability
  CISEC:2005 Scripting Engine Memory Corruption Vulnerability
  CISEC:1998 Microsoft XML Core Services Information Disclosure Vulnerability
  CISEC:2010 Microsoft PDF Memory Corruption Vulnerability
  CISEC:2015 Microsoft Internet Explorer Memory Corruption Vulnerability
  CISEC:2022 Microsoft Edge Spoofing Vulnerability
  CISEC:2025 Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2029 Microsoft Edge Security Feature Bypass
  CISEC:2030 Microsoft Edge Security Feature Bypass
  CISEC:2039 Microsoft Edge Security Feature Bypass
  CISEC:2028 Microsoft Edge Memory Corruption Vulnerability
  CISEC:2008 Microsoft Edge Information Disclosure Vulnerability
  CISEC:2009 Microsoft Edge Information Disclosure Vulnerability
  CISEC:2037 Microsoft Edge Information Disclosure Vulnerability
  CISEC:2035 Microsoft Browser Spoofing Vulnerability
  CISEC:2000 Microsoft Browser Spoofing Vulnerability
  CISEC:2026 Microsoft Browser Memory Corruption Vulnerability
  CISEC:2019 Microsoft Browser Information Disclosure Vulnerability
  CISEC:2034 Microsoft Browser Information Disclosure Vulnerability
  CISEC:2032 Internet Explorer Memory Corruption Vulnerability
  CISEC:1999 Internet Explorer Information Disclosure Vulnerability
  CISEC:2002 Internet Explorer Information Disclosure Vulnerability
  CISEC:2003 Internet Explorer Information Disclosure Vulnerability
  CISEC:2007 Internet Explorer Elevation of Privilege Vulnerability

2017-04-13 CVE-2014-7921 mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
  CVE-2014-7920 mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.

2017-04-07 CISEC:1950 Vulnerability in OpenSSL 1.1.0 before 1.1.0d and OpenSSL 1.0.2 before 1.0.2k
  CISEC:1949 Vulnerability in OpenSSL 1.1.0 before 1.1.0d
  CISEC:1942 UI spoofing
  CISEC:1943 Truncated packet could crash via OOB read in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0d
  CISEC:1948 statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length
  CISEC:1952 PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1944 Montgomery multiplication may produce incorrect results in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0c
  CISEC:1947 Encrypt-Then-Mac renegotiation crash in OpenSSL 1.1.0 before 1.1.0e
  CISEC:1945 CMS Null dereference vulnerability in OpenSSL 1.1.0 before 1.1.0c
  CISEC:1946 ChaCha20/Poly1305 heap-buffer-overflow in OpenSSL 1.1.0 before 1.1.0c
  CISEC:1951 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1953 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1954 A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux

2017-04-04 CVE-2014-9922 The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

2017-03-31 CISEC:1927 Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a
  CISEC:1926 Vulnerability in the ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a
  CISEC:1930 Vulnerability in statem/statem.c in OpenSSL 1.1.0a
  CISEC:1931 Vulnerability in crypto/x509/x509_vfy.c in OpenSSL 1.0.2i
  CISEC:1928 Vulnerability in certificate parser in OpenSSL 1.0.1 before 1.0.1u, and 1.0.2 before 1.0.2i
  CISEC:1905 The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service -...
  CISEC:1903 The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length
  CISEC:1900 The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages
  CISEC:1902 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations
  CISEC:1901 The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results
  CISEC:1906 The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number
  CISEC:1907 OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks
  CISEC:1929 Multiple memory leaks in OpenSSL 1.0.1 before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a
  CISEC:1904 Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service

2017-03-24 CISEC:1884 UI spoofing
  CISEC:1885 Heap overflow in FFmpeg
  CISEC:1865 Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1867 Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs
  CISEC:1866 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1863 Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs
  CISEC:1868 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1864 A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android

2017-03-17 CISEC:1852 WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking
  CISEC:1833 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:1830 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1831 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1829 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:1832 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:1846 Vulnerability in the MySQL Cluster 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier
  CISEC:1850 Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3323
  CISEC:1844 Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3322
  CISEC:1847 Vulnerability in the MySQL Cluster 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier – CVE-2016-3321
  CISEC:1827 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control
  CISEC:1826 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:1851 Vulnerability in Java SE 6u131, 7u121 and 8u112; and Java SE Embedded 8u111
  CISEC:1835 Vulnerability in IBM WebSphere MQ 7.0.1 before 7.0.1.13
  CISEC:1856 Use after free in Renderer
  CISEC:1860 Use after free in Extensions
  CISEC:1855 Universal XSS in chrome://downloads
  CISEC:1862 Universal XSS in chrome://apps
  CISEC:1859 Type confusion in metrics
  CISEC:1858 Heap overflow in FFmpeg
  CISEC:1840 Directory traversal vulnerability in Atlassian JIRA before 6.0.5
  CISEC:1842 Directory traversal vulnerability in Atlassian JIRA before 6.0.4
  CISEC:1839 Cross-site scripting
  CISEC:1841 Cross-site scripting
  CISEC:1857 Bypass of Content Security Policy in Blink
  CISEC:1853 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context
  CISEC:1836 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page
  CISEC:1837 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships
  CISEC:1854 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method

2017-03-10 CISEC:1813 Vulnerability in MySQL Server 5.6.34 and earlier. and 5.7.16 and earlier
  CISEC:1815 Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1818 Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1819 Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1814 Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1816 Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1817 Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1825 Vulnerability in MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4
  CISEC:1822 Vulnerability in MQ Explorer in IBM WebSphere MQ before 8.0.0.3
  CISEC:1823 Vulnerability in cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2
  CISEC:1824 Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2

2017-03-03 CISEC:1796 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB
  CISEC:1795 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:1797 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:1789 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking
  CISEC:1790 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
  CISEC:1791 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
  CISEC:1777 Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1802 Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1778 Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1779 Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1800 Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1801 Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; and Java SE Embedded 8u111
  CISEC:1798 Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5
  CISEC:1799 Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5
  CISEC:1780 Vulnerability in IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5

2017-02-24 CISEC:1774 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption
  CISEC:1772 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1773 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:1770 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries
  CISEC:1769 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS
  CISEC:1771 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control
  CISEC:1765 Vulnerability in SSL 3.0 as used in OpenSSL through 1.0.1i
  CISEC:1776 Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1775 Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1749 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1750 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1751 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1744 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1745 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1746 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1747 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1748 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1739 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability
  CISEC:1740 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability
  CISEC:1734 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1738 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1742 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1735 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1741 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1743 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1733 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability
  CISEC:1736 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability
  CISEC:1737 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability

2017-02-17 CISEC:1727 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1728 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1729 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1730 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1731 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1732 Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1719 EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1720 EPHEMERAL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1717 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1718 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1716 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability

2017-02-10 CISEC:1703 Vulnerability in Samsung Security Manager
  CISEC:1707 Microsoft Office Memory Corruption Vulnerability
  CISEC:1706 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:1705 Local Security Authority Subsystem Service Denial of Service Vulnerability
  CISEC:1715 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability

2017-02-07 CVE-2014-9914 Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations...

2017-02-03 CISEC:1681 Windows Kernel Memory Address Information Disclosure Vulnerability
  CISEC:1680 Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:1691 Vulnerability in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18
  CISEC:1688 Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1684 Microsoft Office Memory Corruption Vulnerability
  CISEC:1687 Microsoft Office Information Disclosure Vulnerability
  CISEC:1689 Microsoft Office Information Disclosure Vulnerability

2017-01-27 CISEC:1651 Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1645 Win32k Elevation of Privilege Vulnerability
  CISEC:1646 Win32k Elevation of Privilege Vulnerability
  CISEC:1676 Vulnerability in NVIDIA Graphics Driver
  CISEC:1653 Secure Kernel Mode Elevation of Privilege Vulnerability
  CISEC:1648 Scripting Engine Memory Corruption Vulnerability
  CISEC:1643 Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1644 Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1639 Microsoft Office Memory Corruption Vulnerability
  CISEC:1640 Microsoft Office Information Disclosure Vulnerability
  CISEC:1641 Microsoft Office Information Disclosure Vulnerability
  CISEC:1642 Microsoft Office Information Disclosure Vulnerability
  CISEC:1647 Microsoft Browser – Memory Corruption Vulnerability
  CISEC:1650 Microsoft Browser Security Feature Bypass
  CISEC:1649 Microsoft Browser Information Disclosure Vulnerability
  CISEC:1652 .NET Information Disclosure Vulnerability

2017-01-20 CISEC:1627 Windows Hyperlink Object Library Information Disclosure Vulnerability
  CISEC:1626 Scripting Engine Memory Corruption Vulnerability
  CISEC:1628 Scripting Engine Memory Corruption Vulnerability
  CISEC:1629 Scripting Engine Memory Corruption Vulnerability
  CISEC:1631 Scripting Engine Memory Corruption Vulnerability
  CISEC:1633 Scripting Engine Memory Corruption Vulnerability
  CISEC:1638 Microsoft Office OLE DLL Side Loading Vulnerability
  CISEC:1636 Microsoft Office Memory Corruption Vulnerability
  CISEC:1637 Microsoft Office Information Disclosure Vulnerability
  CISEC:1630 Microsoft Edge Memory Corruption Vulnerability
  CISEC:1625 Microsoft Edge Information Disclosure Vulnerability
  CISEC:1635 Microsoft Edge Information Disclosure Vulnerability
  CISEC:1634 Internet Explorer Memory Corruption Vulnerability
  CISEC:1632 Internet Explorer Information Disclosure Vulnerability

2017-01-18 CVE-2014-9909 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...
  CVE-2014-9910 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...

2017-01-13 CISEC:1614 Windows Installer Elevation of Privilege Vulnerability
  CISEC:1603 Windows Graphics Remote Code Execution Vulnerability
  CISEC:1604 Windows Graphics Remote Code Execution Vulnerability
  CISEC:1613 Windows Crypto Driver Information Disclosure Vulnerability
  CISEC:1602 GDI Information Disclosure Vulnerability

2017-01-08 CISEC:1704 Remove OneDrive option located in the navigation panel of File Explorer on Windows 10.

2017-01-06 CISEC:1516 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:1558 Vulnerability in Google Chrome before 55.0.2883.75
  CISEC:1498 VHD Driver Elevation of Privilege Vulnerability
  CISEC:1499 VHD Driver Elevation of Privilege Vulnerability
  CISEC:1500 VHD Driver Elevation of Privilege Vulnerability
  CISEC:1501 VHD Driver Elevation of Privilege Vulnerability
  CISEC:1564 Use after free in V8
  CISEC:1555 Use after free in PDFium
  CISEC:1566 Use after free in PDFium
  CISEC:1554 Universal XSS in Blink
  CISEC:1557 Universal XSS in Blink
  CISEC:1561 Universal XSS in Blink
  CISEC:1563 Universal XSS in Blink
  CISEC:1580 Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1570 The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1574 The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1514 SQL Server Agent Elevation of Privilege Vulnerability
  CISEC:1513 SQL RDBMS Engine EoP vulnerability
  CISEC:1517 Secure Boot Component Vulnerability
  CISEC:1560 Same-origin bypass in PDFium
  CISEC:1562 Private property access in V8
  CISEC:1575 PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1565 Out of bounds write in PDFium
  CISEC:1567 Out of bounds write in Blink
  CISEC:1551 MSL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1556 Local file disclosure in DevTools
  CISEC:1552 LABEL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1568 Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1577 Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1573 Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files
  CISEC:1559 CSP Referrer disclosure
  CISEC:1553 Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service
  CISEC:1569 Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1571 Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows
  CISEC:1579 A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux
  CISEC:1578 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1576 A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1572 A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows

2016-12-30 CISEC:1496 Windows NTLM Elevation of Privilege Vulnerability
  CISEC:1483 Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218
  CISEC:1482 Windows Animation Manager Memory Corruption Vulnerability
  CISEC:1486 Win32k Information Disclosure Vulnerability
  CISEC:1484 Win32k Elevation of Privilege Vulnerability
  CISEC:1485 Win32k Elevation of Privilege Vulnerability
  CISEC:1487 Win32k Elevation of Privilege Vulnerability
  CISEC:1480 Virtual Secure Mode Information Disclosure Vulnerability
  CISEC:1491 SQL RDBMS Engine EoP vulnerability
  CISEC:1492 SQL RDBMS Engine EoP vulnerability
  CISEC:1490 SQL Analysis Services Information Disclosure Vulnerability
  CISEC:1478 Open Type Font Remote Code Execution Vulnerability
  CISEC:1479 Open Type Font Information Disclosure Vulnerability
  CISEC:1477 Microsoft Video Control Remote Code Execution Vulnerability
  CISEC:1481 Media Foundation Memory Corruption Vulnerability
  CISEC:1488 MDS API XSS Vulnerability
  CISEC:1497 Local Security Authority Subsystem Service Denial of Service Vulnerability

2016-12-23 CISEC:1474 Windows Remote Code Execution Vulnerability
  CISEC:1407 Windows Journal RCE Vulnerability
  CISEC:1409 Windows Journal RCE Vulnerability
  CISEC:1408 Windows Journal Integer Overflow RCE Vulnerability
  CISEC:1475 Windows IME Elevation of Privilege Vulnerability
  CISEC:1455 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1456 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1457 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1458 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1459 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1460 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1461 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1462 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1463 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1464 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1404 Vulnerability in Symantec Anti-Virus Engine
  CISEC:1476 Task Scheduler Elevation of Privilege Vulnerability
  CISEC:1427 Scripting Engine Memory Corruption Vulnerability
  CISEC:1428 Scripting Engine Memory Corruption Vulnerability
  CISEC:1429 Scripting Engine Memory Corruption Vulnerability
  CISEC:1430 Scripting Engine Memory Corruption Vulnerability
  CISEC:1470 Scripting Engine Memory Corruption Vulnerability
  CISEC:1471 Scripting Engine Memory Corruption Vulnerability
  CISEC:1472 Scripting Engine Memory Corruption Vulnerability
  CISEC:1473 Scripting Engine Memory Corruption Vulnerability
  CISEC:1425 Microsoft Office Memory Corruption Vulnerability
  CISEC:1426 Microsoft Office Memory Corruption Vulnerability
  CISEC:1445 Microsoft Office Memory Corruption Vulnerability
  CISEC:1446 Microsoft Office Memory Corruption Vulnerability
  CISEC:1447 Microsoft Office Memory Corruption Vulnerability
  CISEC:1448 Microsoft Office Memory Corruption Vulnerability
  CISEC:1449 Microsoft Office Memory Corruption Vulnerability
  CISEC:1450 Microsoft Office Memory Corruption Vulnerability
  CISEC:1453 Microsoft Office Memory Corruption Vulnerability
  CISEC:1454 Microsoft Office Memory Corruption Vulnerability
  CISEC:1451 Microsoft Office Information Disclosure Vulnerability
  CISEC:1452 Microsoft Office Denial of Service Vulnerability
  CISEC:1465 Microsoft Edge Spoofing Vulnerability
  CISEC:1467 Microsoft Edge Information Disclosure Vulnerability
  CISEC:1420 Microsoft Browser Memory Corruption Vulnerability
  CISEC:1421 Microsoft Browser Memory Corruption Vulnerability
  CISEC:1422 Microsoft Browser Memory Corruption Vulnerability
  CISEC:1423 Microsoft Browser Memory Corruption Vulnerability
  CISEC:1468 Microsoft Browser Memory Corruption Vulnerability
  CISEC:1466 Microsoft Browser Information Disclosure Vulnerability
  CISEC:1469 Microsoft Browser Information Disclosure Vulnerability
  CISEC:1405 Graphics Component Buffer Overflow Vulnerability

2016-12-09 CISEC:1393 Windows Graphics Component RCE Vulnerability
  CISEC:1378 Scripting Engine Remote Code Execution Vulnerability
  CISEC:1374 Microsoft Office RCE Vulnerability
  CISEC:1375 Microsoft Office Memory Corruption Vulnerability
  CISEC:1380 Memory Corruption Vulnerability
  CISEC:1381 Memory Corruption Vulnerability
  CISEC:1382 Memory Corruption Vulnerability
  CISEC:1383 Memory Corruption Vulnerability
  CISEC:1384 Memory Corruption Vulnerability
  CISEC:1385 Memory Corruption Vulnerability
  CISEC:1386 Memory Corruption Vulnerability
  CISEC:1387 Memory Corruption Vulnerability
  CISEC:1388 Memory Corruption Vulnerability
  CISEC:1389 Memory Corruption Vulnerability
  CISEC:1390 Memory Corruption Vulnerability
  CISEC:1391 Memory Corruption Vulnerability
  CISEC:1392 Memory Corruption Vulnerability
  CISEC:1394 Internet Explorer Information Disclosure Vulnerability

2016-12-08 CVE-2015-8967 arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

2016-11-25 CISEC:1285 Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4
  CISEC:1288 Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  CISEC:1286 Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  CISEC:1312 Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier
  CISEC:1268 Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security
  CISEC:1283 Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1
  CISEC:1293 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1301 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1304 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1306 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1307 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1308 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1309 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1310 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1295 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier
  CISEC:1292 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14
  CISEC:1290 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1291 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1303 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1315 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1311 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12
  CISEC:1289 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1305 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1314 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1316 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1302 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  CISEC:1313 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  CISEC:1294 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  CISEC:1296 Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier
  CISEC:1299 The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files
  CISEC:1300 The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges
  CISEC:1298 The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication
  CISEC:1284 SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  CISEC:1287 Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  CISEC:1297 An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files

2016-11-11 CISEC:1250 Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3
  CISEC:1264 Untrusted search path vulnerability in python.exe in Python through 3.5.0
  CISEC:1238 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  CISEC:1239 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  CISEC:1263 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  CISEC:1241 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33
  CISEC:1258 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CISEC:1259 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CISEC:1260 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CISEC:1261 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91
  CISEC:1262 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91
  CISEC:1257 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92
  CISEC:1240 Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  CISEC:1242 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60
  CISEC:1256 The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails
  CISEC:1255 The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3
  CISEC:1265 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products
  CISEC:1249 SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4
  CISEC:1266 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2
  CISEC:1248 Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4
  CISEC:1267 CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4

2016-11-10 CISEC:1219 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1218 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1230 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65
  CISEC:1231 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65
  CISEC:1229 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  CISEC:1233 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1234 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1237 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1235 Unspecified vulnerability in Oracle Java SE 8u92
  CISEC:1232 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  CISEC:1236 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92

2016-10-28 CISEC:1199 Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17
  CISEC:1180 Use after free in Blink
  CISEC:1181 Use after free in Blink
  CISEC:1197 The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype
  CISEC:1198 Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service
  CISEC:1196 browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests
  CISEC:1182 Arbitrary Memory Read in v8

2016-10-21 CISEC:1179 Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257
  CISEC:1163 Microsoft Browser Information Disclosure Vulnerability

2016-10-14 CISEC:1132 Use after free in PDFium
  CISEC:1133 Use after free in event bindings
  CISEC:1129 Use after free in Blink
  CISEC:1131 Use after destruction in Blink
  CISEC:1128 Universal XSS in Blink
  CISEC:1130 Universal XSS in Blink
  CISEC:1141 The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1138 The download implementation in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1139 The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1145 The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1147 The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1137 Script injection in extensions
  CISEC:1143 Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1142 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1146 Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1134 Heap overflow in PDFium
  CISEC:1135 Heap overflow in PDFium
  CISEC:1144 Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1140 Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1136 Address bar spoofing

2016-10-10 CVE-2015-8956 The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind...
  CVE-2015-8951 Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a...
  CVE-2015-8955 arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during...

2016-10-06 CVE-2015-6393 Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay...
  CVE-2015-0721 Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access...

2016-10-05 CVE-2015-6392 Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or...

2016-09-23 CISEC:1097 WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1057 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1058 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1059 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1060 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1061 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1062 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1063 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1064 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1065 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1066 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1067 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1068 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1069 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1070 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1074 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1075 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1076 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1077 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1078 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1079 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1080 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1081 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1082 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1083 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1086 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1088 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1094 Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1087 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1053 The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116
  CISEC:1089 The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process
  CISEC:1096 The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1092 The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82
  CISEC:1090 objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82
  CISEC:1095 Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82
  CISEC:1055 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
  CISEC:1085 Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1054 Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
  CISEC:1093 Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82
  CISEC:1084 Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1091 Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82
  CISEC:1056 Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar

2016-09-22 CVE-2014-2146 The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access...

2016-09-16 CISEC:1026 Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:987 Various fixes from internal audits, fuzzing and other initiatives
  CISEC:995 Use-after-free in libxml
  CISEC:992 Use after free in extensions
  CISEC:997 URL spoofing
  CISEC:996 URL leakage via PAC script
  CISEC:986 Same origin bypass for images in Blink
  CISEC:989 Parameter sanitization failure in DevTools
  CISEC:994 Parameter sanitization failure in DevTools
  CISEC:988 Origin confusion in proxy authentication
  CISEC:993 Limited same-origin bypass in Service Workers
  CISEC:990 History sniffing with HSTS and CSP
  CISEC:991 Content-Security-Policy bypass

2016-09-02 CISEC:982 ZIP decompression memory access violation
  CISEC:984 TNEF integer overflow
  CISEC:983 MIME message modification memory corruption

2016-08-26 CISEC:978 Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:979 Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:963 SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka...
  CISEC:981 Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:980 Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5

2016-08-12 CISEC:940 Windows Virtual PCI Information Disclosure Vulnerability
  CISEC:946 Windows OLE Memory Remote Code Execution Vulnerability
  CISEC:947 Windows OLE Memory Remote Code Execution Vulnerability
  CISEC:945 Windows Media Parsing Remote Code Execution Vulnerability
  CISEC:929 Windows Media Parsing Remote Code Execution Vulnerability
  CISEC:959 Windows Kerberos Security Feature Bypass
  CISEC:942 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:948 Windows DLL Loading Denial of Service Vulnerability
  CISEC:941 Win32k Elevation of Privilege Vulnerability
  CISEC:939 Win32k Elevation of Privilege Vulnerability
  CISEC:943 Win32k Elevation of Privilege Vulnerability
  CISEC:960 WebDAV Elevation of Privilege Vulnerability
  CISEC:930 Silverlight Runtime Remote Code Execution Vulnerability
  CISEC:961 Remote Desktop Protocol
  CISEC:944 ATMFD.DLL Elevation of Privilege Vulnerability

2016-08-07 CVE-2015-3854 packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug...

2016-08-06 CVE-2014-9892 The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which...
  CVE-2015-8938 The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug...
  CVE-2014-9879 The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221...
  CVE-2014-9870 The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges...
  CVE-2015-8944 The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain...
  CVE-2014-9900 The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to...
  CVE-2014-9872 The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9897 sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9890 Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that...
  CVE-2014-9871 Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted...
  CVE-2014-9863 Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android...
  CVE-2014-9873 Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2015-8940 Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and...
  CVE-2014-9883 Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2014-9885 Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string...
  CVE-2014-9880 drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a...
  CVE-2015-8943 drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain...
  CVE-2014-9893 drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a...
  CVE-2015-8939 drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted...
  CVE-2014-9899 drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9878 drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9894 drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a...
  CVE-2014-9891 drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl...
  CVE-2014-9864 drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9884 drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9887 drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9865 drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9881 drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer...
  CVE-2014-9868 drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted...
  CVE-2014-9866 drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via...
  CVE-2014-9877 drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges...
  CVE-2015-8942 drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted...
  CVE-2014-9889 drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted...
  CVE-2014-9869 drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges...
  CVE-2015-8941 drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges...
  CVE-2014-9867 drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges...
  CVE-2014-9895 drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive...
  CVE-2014-9876 drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,...
  CVE-2015-8937 drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9875 drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal...
  CVE-2014-9896 drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a...
  CVE-2014-9874 Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and...
  CVE-2014-9882 Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546...
  CVE-2014-9898 arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information...
  CVE-2014-9886 arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted...

2016-08-05 CVE-2014-9901 The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android...
  CVE-2014-9902 Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in...

2016-07-29 CISEC:861 WPAD Elevation of Privilege Vulnerability
  CISEC:866 Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability
  CISEC:881 Windows SMB Server Elevation of Privilege Vulnerability
  CISEC:884 Windows Search Component Denial of Service Vulnerability
  CISEC:860 Windows PDF Remote Code Execution Vulnerability
  CISEC:868 Windows PDF Information Disclosure Vulnerability
  CISEC:870 Windows PDF Information Disclosure Vulnerability
  CISEC:883 Windows Netlogon Memory Corruption Remote Code Execution Vulnerability
  CISEC:871 Windows DNS Server Use After Free Vulnerability
  CISEC:880 Windows Diagnostics Hub Elevation of Privilege Vulnerability
  CISEC:826 Scripting Engine Memory Corruption Vulnerability
  CISEC:827 Scripting Engine Memory Corruption Vulnerability
  CISEC:828 Scripting Engine Memory Corruption Vulnerability
  CISEC:829 Scripting Engine Memory Corruption Vulnerability
  CISEC:830 Scripting Engine Memory Corruption Vulnerability
  CISEC:862 Scripting Engine Memory Corruption Vulnerability
  CISEC:863 Scripting Engine Memory Corruption Vulnerability
  CISEC:872 Scripting Engine Memory Corruption Vulnerability
  CISEC:907 Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:909 Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:894 Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:879 Microsoft Office OLE DLL Side Loading Vulnerability
  CISEC:874 Microsoft Office Memory Corruption Vulnerability
  CISEC:876 Microsoft Office Memory Corruption Vulnerability
  CISEC:877 Microsoft Office Information Disclosure Vulnerability
  CISEC:885 Microsoft Exchange Information Disclosure Vulnerability
  CISEC:864 Microsoft Edge Security Feature Bypass
  CISEC:869 Internet Explorer XSS Filter Vulnerability
  CISEC:865 Internet Explorer Memory Corruption Vulnerability
  CISEC:867 Internet Explorer Memory Corruption Vulnerability
  CISEC:858 Internet Explorer Memory Corruption Vulnerability
  CISEC:859 Group Policy Elevation of Privilege Vulnerability
  CISEC:882 Active Directory Denial of Service Vulnerability

2016-07-15 CISEC:776 Windows Media Center Remote Code Execution Vulnerability
  CISEC:775 Windows Kernel Elevation of Privilege Vulnerability
  CISEC:781 Windows Graphics Component RCE Vulnerability
  CISEC:779 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:780 Windows Graphics Component Information Disclosure Vulnerability
  CISEC:774 Windows DLL Loading Remote Code Execution Vulnerability
  CISEC:791 Use-after-free in Extensions
  CISEC:787 Use-after-free in Autofill
  CISEC:784 Secondary Logon Elevation of Privilege Vulnerability
  CISEC:817 Scripting Engine Memory Corruption Vulnerability
  CISEC:818 Scripting Engine Memory Corruption Vulnerability
  CISEC:819 Scripting Engine Memory Corruption Vulnerability
  CISEC:771 RPC Network Data Representation Engine Remote Code Execution Vulnerability
  CISEC:788 Parameter sanitization failure in DevTools
  CISEC:820 Padding oracle in AES-NI CBC MAC check
  CISEC:785 Out-of-bounds read in Skia
  CISEC:786 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79
  CISEC:782 Microsoft Office Memory Corruption Vulnerability
  CISEC:773 Microsoft Office Memory Corruption Vulnerability
  CISEC:772 Microsoft Office Malformed EPS File Vulnerability
  CISEC:821 Memory corruption in the ASN.1 encoder
  CISEC:789 Information leak in Extension bindings
  CISEC:824 EVP_EncryptUpdate overflow
  CISEC:825 EVP_EncodeUpdate overflow
  CISEC:823 EBCDIC overread
  CISEC:783 Cross-origin bypass in extension bindings
  CISEC:792 Cross-origin bypass in extension bindings
  CISEC:790 Cross-origin bypass in Blink
  CISEC:822 ASN.1 BIO excessive memory allocation

2016-07-10 CVE-2013-7457 Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
  CVE-2014-9777 The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers...
  CVE-2014-9778 The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows...
  CVE-2014-9799 The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that...
  CVE-2015-8889 The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm...
  CVE-2014-9789 The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a...
  CVE-2015-8890 platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended...
  CVE-2014-9793 platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9798 platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service...
  CVE-2015-8892 platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug...
  CVE-2014-9801 Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm...
  CVE-2014-9802 Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965...
  CVE-2015-8891 Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal...
  CVE-2014-9788 Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm...
  CVE-2014-9784 Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9800 Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm...
  CVE-2014-9787 Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and...
  CVE-2015-8888 Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka...
  CVE-2014-9786 Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a...
  CVE-2014-9780 drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,...
  CVE-2014-9790 drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted...
  CVE-2014-9785 drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9783 drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted...
  CVE-2014-9782 drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to...
  CVE-2014-9781 Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm...
  CVE-2014-9803 arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a...
  CVE-2014-9779 arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug...
  CVE-2014-9792 arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9795 app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size...
  CVE-2014-9796 app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a...
  CVE-2015-8893 app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal...

2016-07-01 CISEC:520 Windows Shell Remote Code Execution Vulnerability
  CISEC:740 Windows Journal Memory Corruption Vulnerability
  CISEC:745 Windows Imaging Component Memory Corruption Vulnerability
  CISEC:762 Win32k Information Disclosure Vulnerability
  CISEC:760 Win32k Elevation of Privilege Vulnerability
  CISEC:761 Win32k Elevation of Privilege Vulnerability
  CISEC:763 Win32k Elevation of Privilege Vulnerability
  CISEC:764 Win32k Elevation of Privilege Vulnerability
  CISEC:604 Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:605 Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:606 Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:607 Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:649 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:650 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:608 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:648 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:652 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:653 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:654 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:655 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:656 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:657 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:670 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:633 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:634 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:629 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:631 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:632 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:635 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:636 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:637 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:667 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:668 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:669 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:672 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:676 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:640 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:639 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:641 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:644 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:645 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:646 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:647 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:678 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:680 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:683 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:686 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:688 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:689 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:690 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:692 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:693 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:661 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:609 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:611 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:612 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:616 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:619 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:621 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:623 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:626 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:658 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:659 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:660 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:663 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:666 Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:651 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:675 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:628 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:638 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:671 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:673 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:674 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:642 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:643 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:679 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:681 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:685 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:691 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:694 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:610 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:613 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:615 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:617 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:618 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:620 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:662 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:665 Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:630 Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:682 Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:624 Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:733 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2
  CISEC:710 Unspecified vulnerability in Oracle Virtualization VirtualBox before 5.0.18
  CISEC:705 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier
  CISEC:727 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier
  CISEC:730 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
  CISEC:715 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:724 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:729 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:717 Unspecified vulnerability in Oracle Java SE 8u77
  CISEC:703 Unspecified vulnerability in Oracle Java SE 8u77
  CISEC:711 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:712 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:713 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:718 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:716 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:720 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:721 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:722 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:735 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:736 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:737 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:700 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:701 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:709 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:723 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:732 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:739 TLS/SSL Information Disclosure Vulnerability
  CISEC:768 Microsoft Office Memory Corruption Vulnerability
  CISEC:769 Microsoft Office Graphics RCE Vulnerability
  CISEC:766 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
  CISEC:767 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
  CISEC:742 Microsoft Browser Memory Corruption Vulnerability
  CISEC:741 Internet Explorer Security Feature Bypass
  CISEC:743 Internet Explorer Information Disclosure Vulnerability
  CISEC:625 Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:695 Hypervisor Code Integrity Security Feature Bypass
  CISEC:614 Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:664 Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:731 Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g
  CISEC:622 Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056
  CISEC:744 Direct3D Use After Free Vulnerability

2016-06-22 CVE-2015-6289 Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.

2016-06-13 CISEC:501 Windows OLE Remote Code Execution Vulnerability
  CISEC:497 Windows CSRSS Security Feature Bypass Vulnerability
  CISEC:512 Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74
  CISEC:507 Scripting Engine Memory Corruption Vulnerability
  CISEC:509 Scripting Engine Memory Corruption Vulnerability
  CISEC:510 Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
  CISEC:498 Microsoft Office Memory Corruption Vulnerability
  CISEC:502 Microsoft Office Memory Corruption Vulnerability
  CISEC:503 Microsoft Office Memory Corruption Vulnerability
  CISEC:504 Microsoft Office Memory Corruption Vulnerability
  CISEC:519 Microsoft Edge Memory Corruption Vulnerability
  CISEC:508 Microsoft Edge Memory Corruption Vulnerability
  CISEC:511 Microsoft Edge Memory Corruption Vulnerability
  CISEC:505 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:515 Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:514 Microsoft Browser Memory Corruption Vulnerability
  CISEC:500 Graphics Memory Corruption Vulnerability
  CISEC:499 .NET Framework Remote Code Execution Vulnerability

2016-05-27 CISEC:475 Windows SAM and LSAD Downgrade Vulnerability
  CISEC:476 Win32k Elevation of Privilege Vulnerability
  CISEC:479 Win32k Elevation of Privilege Vulnerability
  CISEC:480 Win32k Elevation of Privilege Vulnerability
  CISEC:468 Scripting Engine Memory Corruption Vulnerability
  CISEC:477 MSXML Remote Code Execution Vulnerability
  CISEC:463 Microsoft Office Memory Corruption Vulnerability
  CISEC:474 Internet Explorer Memory Corruption Vulnerability
  CISEC:466 Internet Explorer Memory Corruption Vulnerability
  CISEC:470 Internet Explorer Memory Corruption Vulnerability
  CISEC:472 Internet Explorer Information Disclosure Vulnerability
  CISEC:464 DLL Loading Remote Code Execution Vulnerability

2016-05-14 CISEC:452 Windows Journal DoS Vulnerability
  CISEC:454 Windows Journal DoS Vulnerability
  CISEC:447 Scripting Engine Memory Corruption Vulnerability
  CISEC:450 OpenType Font Parsing Vulnerability
  CISEC:448 Internet Explorer Elevation of Privilege Vulnerability

2016-04-29 CISEC:409 Windows Kernel Memory Information Disclosure Vulnerability
  CISEC:411 Scripting Engine Memory Corruption Vulnerability
  CISEC:418 Microsoft Browser Spoofing Vulnerability
  CISEC:422 Microsoft Browser Memory Corruption Vulnerability
  CISEC:413 Microsoft Browser Memory Corruption Vulnerability
  CISEC:414 Microsoft Browser Memory Corruption Vulnerability
  CISEC:451 Memory Corruption Vulnerability
  CISEC:416 Internet Explorer Memory Corruption Vulnerability
  CISEC:420 Internet Explorer Memory Corruption Vulnerability
  CISEC:421 Internet Explorer Memory Corruption Vulnerability
  CISEC:417 Internet Explorer Memory Corruption Vulnerability
  CISEC:412 Internet Explorer Memory Corruption Vulnerability
  CISEC:424 Internet Explorer Information Disclosure Vulnerability
  CISEC:415 Internet Explorer Elevation of Privilege Vulnerability
  CISEC:419 Internet Explorer Elevation of Privilege Vulnerability
  CISEC:423 DLL Loading Remote Code Execution Vulnerability

2016-04-15 CISEC:410 Windows Kernel Memory Information Disclosure Vulnerability
  CISEC:433 Internet Explorer Memory Corruption Vulnerability
  CISEC:425 Internet Explorer Memory Corruption Vulnerability
  CISEC:426 Internet Explorer Memory Corruption Vulnerability
  CISEC:427 Internet Explorer Memory Corruption Vulnerability
  CISEC:428 Internet Explorer Memory Corruption Vulnerability
  CISEC:429 Internet Explorer Memory Corruption Vulnerability
  CISEC:430 Internet Explorer Memory Corruption Vulnerability
  CISEC:431 Internet Explorer Memory Corruption Vulnerability
  CISEC:432 Internet Explorer Memory Corruption Vulnerability

2016-03-11 CISEC:391 Windows Kernel Memory Elevation of Privilege Vulnerability
  CISEC:392 Windows Kernel Memory Elevation of Privilege Vulnerability
  CISEC:389 Windows Graphics Memory Remote Code Execution Vulnerability
  CISEC:390 Windows Graphics Memory Remote Code Execution Vulnerability
  CISEC:376 Internet Explorer Memory Corruption Vulnerability
  CISEC:381 Internet Explorer Memory Corruption Vulnerability
  CISEC:383 Internet Explorer Memory Corruption Vulnerability
  CISEC:384 Internet Explorer Memory Corruption Vulnerability
  CISEC:385 Internet Explorer Memory Corruption Vulnerability
  CISEC:386 Internet Explorer Memory Corruption Vulnerability
  CISEC:387 Internet Explorer Memory Corruption Vulnerability
  CISEC:388 Internet Explorer Memory Corruption Vulnerability

2016-03-03 CVE-2015-6260 Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

2016-02-08 MITRE:103 Windows RPC Locator Service Buffer Overflow
  MITRE:159 Windows NT Trusted Domain Loophole
  MITRE:161 Windows NT SNMPv1 Trap Handling DoS and Privilege Escalation
  MITRE:145 Windows NT MUP UNC Request Buffer Overflow
  MITRE:37 Windows NT IIS Directory Traversal Command Execution
  MITRE:14 Sun Solaris 8 XSun Color Database File Heap Overflow
  MITRE:33 Sun Solaris 7 XSun Color Database File Heap Overflow
  MITRE:11 String Format Vulnerability in Solaris 8 snmpdx
  MITRE:114 String Format Vulnerability in Solaris 7 snmpdx
  MITRE:56 Solaris 8 rpc.yppasswdd Buffer Overrun Vulnerability
  MITRE:86 Solaris 8 LBXProxy Display Name Buffer Overflow
  MITRE:7 Solaris 8 kcms_configure Command-Line Buffer Overflow
  MITRE:102 Solaris 7 rpc.yppasswdd Buffer Overrun Vulnerability
  MITRE:62 Solaris 7 mibiisa Remote Buffer Overflow Vulnerability
  MITRE:65 Solaris 7 kcms_configure Command-Line Buffer Overflow
  MITRE:87 SNMPv1 Request Handling DoS and Privilege Escalation
  CISEC:311 Internet Explorer Memory Corruption Vulnerability
  CISEC:333 Internet Explorer Memory Corruption Vulnerability
  MITRE:131 Heap Overflow in Solaris 7 xlock

2016-02-07 CVE-2015-6398 Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.

2016-01-14 CVE-2015-6314 Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.

2016-01-08 CVE-2015-7754 Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.

2016-01-07 CVE-2015-6433 SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.

2016-01-06 CVE-2015-5310 The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or...
  CVE-2015-6639 The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
  CVE-2015-6647 The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
  CVE-2015-6646 The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and...
  CVE-2015-6640 The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or...
  CVE-2015-6637 The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
  CVE-2015-6642 The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6638 The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
  CVE-2015-6645 SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
  CVE-2015-6643 Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
  CVE-2015-6636 mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
  CVE-2015-6644 Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
  CVE-2015-6641 Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.

2016-01-04 CVE-2015-6432 Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service...

2015-12-22 MITRE:29327 Windows RPC elevation of privilege vulnerability
  MITRE:29431 Windows installer EoP vulnerability
  MITRE:29280 Windows DLL remote code execution vulnerability
  MITRE:29388 Win32k information disclosure vulnerability
  MITRE:28743 Win32k information disclosure vulnerability
  MITRE:29132 Win32k information disclosure vulnerability
  MITRE:29436 Win32k Elevation of privilege vulnerability
  MITRE:29128 Win32k elevation of privilege vulnerability
  MITRE:29156 Win32k elevation of privilege vulnerability
  MITRE:28938 VBScript Memory corruption vulnerability
  MITRE:29485 SQL Server remote code execution vulnerability
  MITRE:29315 SQL Server remote code execution vulnerability
  MITRE:29452 SQL Server elevation of privilege vulnerability
  MITRE:29392 Remote Desktop Protocol
  MITRE:29493 OpenType font driver vulnerability
  MITRE:28990 OLE Elevation of privilege vulnerability
  MITRE:29198 OLE Elevation of privilege vulnerability
  MITRE:28805 Microsoft Office memory corruption vulnerability
  MITRE:28544 Microsoft Office memory corruption vulnerability
  MITRE:29449 Microsoft Office memory corruption vulnerability
  MITRE:29517 Microsoft Office memory corruption vulnerability
  MITRE:29139 Microsoft Office memory corruption vulnerability
  MITRE:29245 Microsoft Office memory corruption vulnerability
  MITRE:29284 Microsoft Office memory corruption vulnerability
  MITRE:29525 Microsoft Excel DLL remote code execution vulnerability
  MITRE:29316 Jscript9 Memory corruption vulnerability
  MITRE:29075 Internet Explorer XSS filter bypass vulnerability
  MITRE:28804 Internet Explorer memory corruption vulnerability
  MITRE:28818 Internet Explorer memory corruption vulnerability
  MITRE:28834 Internet Explorer memory corruption vulnerability
  MITRE:28529 Internet Explorer memory corruption vulnerability
  MITRE:28614 Internet Explorer memory corruption vulnerability
  MITRE:29357 Internet Explorer memory corruption vulnerability
  MITRE:29360 Internet Explorer memory corruption vulnerability
  MITRE:29395 Internet Explorer memory corruption vulnerability
  MITRE:29414 Internet Explorer memory corruption vulnerability
  MITRE:29470 Internet Explorer memory corruption vulnerability
  MITRE:29487 Internet Explorer memory corruption vulnerability
  MITRE:29010 Internet Explorer memory corruption vulnerability
  MITRE:29015 Internet Explorer memory corruption vulnerability
  MITRE:29087 Internet Explorer memory corruption vulnerability
  MITRE:29159 Internet Explorer memory corruption vulnerability
  MITRE:29164 Internet Explorer memory corruption vulnerability
  MITRE:29219 Internet Explorer memory corruption vulnerability
  MITRE:29247 Internet Explorer memory corruption vulnerability
  MITRE:29278 Internet Explorer memory corruption vulnerability
  MITRE:29292 Internet Explorer memory corruption vulnerability
  MITRE:29295 Internet Explorer memory corruption vulnerability
  MITRE:29296 Internet Explorer memory corruption vulnerability
  MITRE:29324 Internet Explorer memory corruption vulnerability
  MITRE:29422 Internet Explorer information disclosure vulnerability
  MITRE:29454 Internet Explorer elevation of privilege vulnerability
  MITRE:29355 Internet Explorer ASLR bypass vulnerability
  MITRE:29406 Hyper-V system data structure vulnerability
  MITRE:29391 Hyper-V buffer overflow vulnerability
  MITRE:28708 Graphics component EOP vulnerability
  MITRE:28968 Elevation of privilege vulnerability in Netlogon
  MITRE:29149 DLL planting remote code execution vulnerability
  CVE-2015-6431 Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.
  MITRE:29418 Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2
  MITRE:29332 ATMFD.DLL Memory corruption vulnerability
  MITRE:29480 Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code

2015-12-19 CVE-2015-6429 The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.
  CVE-2015-7756 The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18...
  CVE-2015-7755 Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before...

2015-12-16 CVE-2015-6425 The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.

2015-12-15 CVE-2015-6359 The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of...
  CVE-2015-4206 Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.

2015-12-11 CVE-2015-7050 WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
  CVE-2015-7110 The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
  CVE-2015-7080 Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
  CVE-2015-7107 QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-7069 Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
  CVE-2015-7070 Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.
  CVE-2015-7109 IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-7081 iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML...
  CVE-2015-7037 Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
  CVE-2015-7094 CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
  CVE-2015-7062 Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.

2015-12-08 CVE-2015-6623 Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.
  CVE-2015-6629 Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.
  CVE-2015-6622 The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as...
  CVE-2015-6619 The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.
  CVE-2015-6633 The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
  CVE-2015-6634 The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
  CVE-2015-6627 The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka...
  CVE-2015-6630 SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.
  CVE-2015-6621 SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.
  CVE-2015-6624 System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740.
  CVE-2015-6625 System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.
  CVE-2015-6617 Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740.
  CVE-2015-6616 mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and...
  CVE-2015-8506 mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different...
  CVE-2015-8505 mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than...
  CVE-2015-8507 mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than...
  CVE-2015-6628 Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6626 libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6631 libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6632 libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6620 libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and...
  CVE-2015-6618 Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992.

2015-12-05 CVE-2015-6783 The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows...

2015-12-04 CVE-2015-6394 The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408.

2015-12-02 CVE-2015-6383 Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.

2015-12-01 CVE-2015-6385 The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment...

2015-11-21 CVE-2015-5787 The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
  CVE-2015-7036 The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API...
  CVE-2015-6375 The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010.
  CVE-2015-5859 The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain...

2015-11-13 CVE-2015-6365 Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID...

2015-11-12 CVE-2015-6366 Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.

2015-11-03 CVE-2015-6614 Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage...
  CVE-2015-6611 mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs...
  CVE-2015-8074 mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a...
  CVE-2015-6608 mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574,...
  CVE-2015-8072 mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug...
  CVE-2015-8073 mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability...
  CVE-2015-6609 libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
  CVE-2015-6610 libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
  CVE-2015-6612 libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
  CVE-2015-6613 Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or...

2015-10-31 CVE-2015-6343 The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.

2015-10-24 CVE-2015-6341 The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.

2015-10-23 CVE-2015-7013 WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5928 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5929 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5930 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7002 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7012 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7014 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-6981 WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-6982 WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-7005 WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-7022 The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.
  CVE-2015-5924 The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
  CVE-2015-6999 The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.
  CVE-2015-6994 The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
  CVE-2015-6988 The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
  CVE-2015-7004 The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.
  CVE-2015-6995 The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-5940 The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a...
  CVE-2015-7000 Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on...
  CVE-2015-6976 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977,...
  CVE-2015-6977 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6990 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6991 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6993 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7008 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7009 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7010 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7018 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6983 Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
  CVE-2015-6975 CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-6992 CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-7017 CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-6986 com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion."
  CVE-2015-7023 CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

2015-10-19 CVE-2015-7752 The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5,...
  CVE-2015-7749 The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."
  CVE-2015-7750 The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a...
  CVE-2015-7751 Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-7748 Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.

2015-10-16 CVE-2014-6449 Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle...
  CVE-2014-6450 Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42,...
  CVE-2014-6451 J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.

2015-10-11 CVE-2015-6263 The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.

2015-10-09 CVE-2015-5923 Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

2015-10-08 CVE-2015-6311 Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID...

2015-10-06 CVE-2015-3874 The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.
  CVE-2015-6606 The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,...
  CVE-2015-3865 The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
  CVE-2015-3877 Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.
  CVE-2015-6596 mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
  CVE-2015-6605 mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.
  CVE-2015-3862 mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.
  CVE-2015-7717 mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
  CVE-2015-7718 mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.
  CVE-2015-3878 Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that...
  CVE-2015-3879 Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.
  CVE-2015-3875 libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.
  CVE-2015-3873 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824,...
  CVE-2015-6599 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.
  CVE-2015-3872 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
  CVE-2015-6598 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.
  CVE-2015-3868 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.
  CVE-2015-6603 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.
  CVE-2015-3867 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
  CVE-2015-6604 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.
  CVE-2015-3869 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.
  CVE-2015-3871 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.
  CVE-2015-6601 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.
  CVE-2015-6600 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.
  CVE-2015-3870 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.
  CVE-2015-3823 libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
  CVE-2015-7716 libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than...
  CVE-2015-3847 Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.

2015-10-02 CVE-2015-6308 Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

2015-10-01 CVE-2015-6602 libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
  CVE-2015-3876 libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.

2015-09-30 CVE-2015-3843 The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to...
  CVE-2015-3849 The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via...
  CVE-2015-3836 The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary...
  CVE-2015-3845 The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a...
  CVE-2015-3837 The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute...
  CVE-2015-3827 The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary...
  CVE-2015-3824 The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of...
  CVE-2015-3826 The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3828 The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3833 The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the...
  CVE-2015-3844 The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted...
  CVE-2015-3858 The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation...
  CVE-2015-1541 The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an...
  CVE-2015-6575 SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory...
  CVE-2015-3860 packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to...
  CVE-2015-3829 Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and...
  CVE-2015-1539 Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a...
  CVE-2015-3834 Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption,...
  CVE-2015-3863 Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob...
  CVE-2015-3861 Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device...
  CVE-2015-3842 Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
  CVE-2015-3832 Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.
  CVE-2015-3864 Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka...
  CVE-2015-1538 Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an...
  CVE-2015-1528 Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory...
  CVE-2015-1536 Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server...
  CVE-2014-7916 Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
  CVE-2014-7917 Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
  CVE-2014-7915 Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
  CVE-2015-3831 Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted...
  CVE-2015-3835 Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.

2015-09-27 CVE-2015-6280 The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly...
  CVE-2015-6278 The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...
  CVE-2015-6279 The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...

2015-09-25 CVE-2015-6302 The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419.
  CVE-2015-6282 Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka...

2015-09-20 CVE-2015-6295 Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved...

2015-09-18 CVE-2015-5879 XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption)...
  CVE-2015-5793 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5791 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5814 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5816 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5822 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5823 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5792 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5794 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5795 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5796 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5797 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5799 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5800 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5801 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5789 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5790 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5802 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5803 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5804 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5805 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5806 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5807 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5809 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5810 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5811 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5812 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5813 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5817 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5818 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5819 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5821 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5921 WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
  CVE-2015-5826 WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a...
  CVE-2015-5825 WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via...
  CVE-2015-5820 WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
  CVE-2015-5827 WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
  CVE-2015-5907 WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.
  CVE-2015-5788 The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
  CVE-2015-5764 The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
  CVE-2015-5765 The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
  CVE-2015-5767 The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
  CVE-2015-5832 The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified...
  CVE-2015-5906 The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later...
  CVE-2015-3801 The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
  CVE-2015-6297 The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.
  CVE-2015-5851 The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
  CVE-2015-5912 The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
  CVE-2015-5856 The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.
  CVE-2014-8611 The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a...
  CVE-2015-5838 SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.
  CVE-2015-5861 SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.
  CVE-2015-5892 Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
  CVE-2015-5905 Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.
  CVE-2015-5904 Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.
  CVE-2015-5831 NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-5857 Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
  CVE-2015-5880 CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.
  CVE-2015-6294 Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.
  CVE-2015-5850 AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.
  CVE-2015-5835 Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.

2015-08-31 CVE-2015-6270 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.
  CVE-2015-6269 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.
  CVE-2015-6271 Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and...
  CVE-2015-6272 Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393,...

2015-08-28 CVE-2015-6273 Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash)...
  CVE-2015-6267 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.
  CVE-2015-6268 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.

2015-08-22 CVE-2015-6258 The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.

2015-08-19 CVE-2015-4277 The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory...
  CVE-2015-4296 Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006.
  CVE-2015-4301 Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225.
  CVE-2015-4323 Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices...
  CVE-2015-4324 Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote...

2015-08-16 CVE-2015-3730 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3731 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3732 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3733 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3734 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3735 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3736 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3737 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3738 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3739 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3740 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3741 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3742 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3743 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3744 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3745 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3746 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3747 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3748 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3749 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3753 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the...
  CVE-2015-3750 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy...
  CVE-2015-3755 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
  CVE-2015-3751 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in...
  CVE-2015-5759 WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
  CVE-2015-3758 UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
  CVE-2015-3796 The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3797 The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3798 The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-5749 The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
  CVE-2015-5769 The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
  CVE-2015-5748 The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
  CVE-2015-3766 The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-3800 The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
  CVE-2015-3752 The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report...
  CVE-2015-3756 The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
  CVE-2015-3763 Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site.
  CVE-2015-5773 QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
  CVE-2015-5770 MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
  CVE-2015-3759 Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
  CVE-2015-3795 libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
  CVE-2015-5757 libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with...
  CVE-2015-5776 Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
  CVE-2015-3776 IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
  CVE-2015-3768 Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
  CVE-2015-5782 ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
  CVE-2015-5781 ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
  CVE-2015-5758 ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
  CVE-2015-3804 FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5756 FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5775 FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5766 Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
  CVE-2015-5755 CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5761 CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5777 CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different...
  CVE-2015-5778 CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different...
  CVE-2015-3782 CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
  CVE-2015-3793 CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
  CVE-2015-5774 Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
  CVE-2015-3778 bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
  CVE-2015-5752 Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
  CVE-2015-5746 AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
  CVE-2015-3803 Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
  CVE-2015-3802 Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
  CVE-2015-3805 Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
  CVE-2015-3806 Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

2015-08-08 CVE-2015-1805 The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local...

2015-08-03 MITRE:28525 Windows LoadLibrary EoP vulnerability
  MITRE:28971 Vulnerability in Active Directory Federation Services could allow elevation of privilege
  MITRE:28607 Exchange Server-Side Request Forgery vulnerability
  MITRE:28928 Exchange HTML injection vulnerability
  MITRE:29115 Exchange Cross-Site Request Forgery vulnerability

2015-07-31 CVE-2015-4295 The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.
  CVE-2015-4291 Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.

2015-07-30 CVE-2015-4293 The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after...

2015-07-27 MITRE:28910 Windows Media Player RCE via DataObject vulnerability
  MITRE:29050 Win32k Pool buffer overflow vulnerability
  MITRE:29145 Win32k Null pointer dereference vulnerability
  MITRE:28508 Win32k memory corruption elevation of privilege vulnerability
  MITRE:28994 Win32k elevation of privilege vulnerability
  MITRE:28665 Win32k buffer overflow vulnerability
  MITRE:29067 Microsoft Windows Station use after free vulnerability
  MITRE:29118 Microsoft Windows Kernel use after free vulnerability
  MITRE:29124 Microsoft Windows Kernel Object use after free vulnerability
  MITRE:29093 Microsoft Windows Kernel information disclosure vulnerability
  MITRE:28201 Microsoft Windows Kernel Brush Object use after free vulnerability
  MITRE:28806 Microsoft Windows Kernel Bitmap handling use after free vulnerability
  MITRE:28531 Microsoft Office uninitialized memory use vulnerability
  MITRE:28513 Microsoft Office memory corruption vulnerability
  MITRE:28744 Microsoft Office memory corruption vulnerability
  MITRE:29072 Microsoft common control use after free vulnerability
  MITRE:28848 Internet Explorer memory corruption vulnerability
  MITRE:28889 Internet Explorer memory corruption vulnerability
  MITRE:28948 Internet Explorer memory corruption vulnerability
  MITRE:28512 Internet Explorer memory corruption vulnerability
  MITRE:28518 Internet Explorer memory corruption vulnerability
  MITRE:28530 Internet Explorer memory corruption vulnerability
  MITRE:28610 Internet Explorer memory corruption vulnerability
  MITRE:28593 Internet Explorer memory corruption vulnerability
  MITRE:28650 Internet Explorer memory corruption vulnerability
  MITRE:28724 Internet Explorer memory corruption vulnerability
  MITRE:28769 Internet Explorer memory corruption vulnerability
  MITRE:29033 Internet Explorer memory corruption vulnerability
  MITRE:29057 Internet Explorer memory corruption vulnerability
  MITRE:29060 Internet Explorer memory corruption vulnerability
  MITRE:29061 Internet Explorer memory corruption vulnerability
  MITRE:29076 Internet Explorer memory corruption vulnerability
  MITRE:29081 Internet Explorer memory corruption vulnerability
  MITRE:29113 Internet Explorer memory corruption vulnerability
  MITRE:29119 Internet Explorer memory corruption vulnerability
  MITRE:29123 Internet Explorer memory corruption vulnerability
  MITRE:28429 Internet Explorer information disclosure vulnerability
  MITRE:29005 Internet Explorer elevation of privilege vulnerability
  MITRE:29142 Internet Explorer elevation of privilege vulnerability
  MITRE:29147 Internet Explorer elevation of privilege vulnerability

2015-07-24 CVE-2015-0681 The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG,...

2015-07-23 CVE-2015-4285 The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows...

2015-07-22 CVE-2015-4284 The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.

2015-07-16 CVE-2015-5363 The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial...
  CVE-2015-5357 The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified...
  CVE-2015-5360 IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5,...

2015-07-14 CVE-2015-4269 The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
  CVE-2015-3007 The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically...
  CVE-2015-5362 The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-4272 Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID...
  CVE-2015-5358 Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6,...
  CVE-2015-5359 Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before...

2015-07-08 CVE-2015-4243 The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug...

2015-07-06 MITRE:28699 Windows Kernel security feature bypass vulnerability
  MITRE:28936 Windows Journal remote code execution vulnerability
  MITRE:28517 Windows Journal remote code execution vulnerability
  MITRE:28649 Windows Journal remote code execution vulnerability
  MITRE:28710 Windows Journal remote code execution vulnerability
  MITRE:28742 Windows Journal remote code execution vulnerability
  MITRE:28390 Windows Journal remote code execution vulnerability
  MITRE:28950 Windows forms elevation of privilege vulnerability
  MITRE:28867 VBScript memory corruption vulnerability
  MITRE:28745 VBScript and JScript ASLR bypass vulnerability
  MITRE:28207 TrueType font parsing vulnerability
  MITRE:28932 Service control manager elevation of privilege vulnerability
  MITRE:28672 Schannel information disclosure vulnerability
  MITRE:28362 OpenType Font parsing vulnerability
  MITRE:28068 Microsoft windows kernel memory disclosure vulnerability
  MITRE:28876 Microsoft windows kernel memory disclosure vulnerability
  MITRE:28808 Microsoft windows kernel memory disclosure vulnerability
  MITRE:28883 Microsoft windows kernel memory disclosure vulnerability
  MITRE:28555 Microsoft windows kernel memory disclosure vulnerability
  MITRE:29001 Microsoft windows kernel memory disclosure vulnerability
  MITRE:28985 Microsoft Silverlight out of browser application vulnerability
  MITRE:28924 Microsoft SharePoint page content vulnerabilities
  MITRE:28645 Microsoft Office memory corruption vulnerability
  MITRE:28723 Microsoft Office memory corruption vulnerability
  MITRE:29018 Microsoft Management Console file format denial of service vulnerability
  MITRE:28840 Internet Explorer memory corruption vulnerability
  MITRE:28917 Internet Explorer memory corruption vulnerability
  MITRE:28951 Internet Explorer memory corruption vulnerability
  MITRE:28473 Internet Explorer memory corruption vulnerability
  MITRE:28576 Internet Explorer memory corruption vulnerability
  MITRE:28641 Internet Explorer memory corruption vulnerability
  MITRE:28680 Internet Explorer memory corruption vulnerability
  MITRE:28753 Internet Explorer memory corruption vulnerability
  MITRE:28340 Internet Explorer memory corruption vulnerability
  MITRE:28984 Internet Explorer memory corruption vulnerability
  MITRE:28162 Internet Explorer memory corruption vulnerability
  MITRE:28167 Internet Explorer memory corruption vulnerability
  MITRE:28405 Internet Explorer memory corruption vulnerability
  MITRE:28993 Internet Explorer memory corruption vulnerability
  MITRE:29000 Internet Explorer memory corruption vulnerability
  MITRE:28815 Internet Explorer elevation of privilege vulnerability
  MITRE:28829 Internet Explorer elevation of privilege vulnerability
  MITRE:28692 Internet Explorer elevation of privilege vulnerability
  MITRE:28822 Internet Explorer clipboard information disclosure vulnerability
  MITRE:29016 Internet Explorer ASLR bypass vulnerability
  MITRE:28739 .NET XML decryption denial of service vulnerability

2015-07-03 CVE-2015-4231 The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
  CVE-2015-4237 The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491,...
  CVE-2015-4232 Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
  CVE-2015-4234 Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

2015-07-02 CVE-2015-3727 WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access...
  CVE-2015-3719 TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than...
  CVE-2015-3728 The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.
  CVE-2015-3726 The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
  CVE-2015-3659 The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL...
  CVE-2015-3658 The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an...
  CVE-2015-3721 The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-3684 The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
  CVE-2015-3690 The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
  CVE-2015-3725 MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.
  CVE-2015-3710 Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
  CVE-2015-3703 ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.
  CVE-2015-3694 FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
  CVE-2015-3685 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686,...
  CVE-2015-3687 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3688 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3689 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3686 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3723 CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.
  CVE-2015-3724 CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
  CVE-2015-3722 Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.

2015-06-29 MITRE:29136 RHSA-2015:0809 -- java-1.8.0-openjdk security update
  MITRE:29140 RHSA-2015:0808 -- java-1.6.0-openjdk security update
  MITRE:29084 RHSA-2015:0807 -- java-1.7.0-openjdk security update
  MITRE:28599 RHSA-2015:0806 -- java-1.7.0-openjdk security update
  MITRE:29248 RHSA-2015:0803 -- kernel security and bug fix update
  MITRE:28514 RHSA-2015:0800 -- openssl security update
  MITRE:29342 RHSA-2009:1674 -- firefox security update
  MITRE:28862 RHSA-2009:1670 -- kernel security and bug fix update
  MITRE:29266 RHSA-2009:1648 -- ntp security update
  MITRE:29283 RHSA-2009:1646 -- libtool security update
  MITRE:29263 RHSA-2009:1642 -- acpid security update
  MITRE:29347 RHSA-2009:1625 -- expat security update
  MITRE:29109 RHSA-2009:1620 -- bind security update
  MITRE:29382 RHSA-2009:1619 -- dstat security update
  MITRE:29047 RHSA-2009:1615 -- xerces-j2 security update
  MITRE:29365 RHSA-2009:1601 -- kdelibs security update
  MITRE:28898 RHSA-2009:1584 -- java-1.6.0-openjdk security update
  MITRE:29317 RHSA-2009:1579 -- httpd security update
  MITRE:29170 RHSA-2009:1561 -- libvorbis security update
  MITRE:29275 RHSA-2009:1549 -- wget security update
  MITRE:29269 RHSA-2009:1548 -- kernel security and bug fix update
  MITRE:29046 RHSA-2009:1536 -- pidgin security update
  MITRE:29230 RHSA-2009:1530 -- firefox security update
  MITRE:29264 RHSA-2009:1529 -- samba security update
  MITRE:29310 RHSA-2009:1513 -- cups security update
  MITRE:28916 RHSA-2009:1504 -- poppler security and bug fix update
  MITRE:28897 RHSA-2009:1502 -- kdegraphics security update
  MITRE:29190 RHSA-2009:1490 -- squirrelmail security update
  MITRE:28941 RHSA-2009:1484 -- postgresql security update
  MITRE:29340 RHSA-2009:1472 -- xen security and bug fix update
  MITRE:28926 RHSA-2009:1471 -- elinks security update
  MITRE:29271 RHSA-2009:1470 -- openssh security update
  MITRE:29041 RHSA-2009:1463 -- newt security update
  MITRE:28758 RHSA-2009:1459 -- cyrus-imapd security update
  MITRE:28765 RHSA-2009:1453 -- pidgin security update
  MITRE:29270 RHSA-2009:1452 -- neon security update
  MITRE:29331 RHSA-2009:1451 -- freeradius security update
  MITRE:29334 RHSA-2009:1430 -- firefox security update
  MITRE:29320 RHSA-2009:1428 -- xmlsec1 security update
  MITRE:29379 RHSA-2009:1427 -- fetchmail security update
  MITRE:29111 RHSA-2009:1426 -- openoffice.org security update
  MITRE:29259 RHSA-2009:1364 -- gdm security and bug fix update
  MITRE:29052 RHSA-2009:1341 -- cman security, bug fix, and enhancement update
  MITRE:28953 RHSA-2009:1337 -- gfs2-utils security and bug fix update
  MITRE:28749 RHSA-2009:1335 -- openssl security, bug fix, and enhancement update
  MITRE:29369 RHSA-2009:1321 -- nfs-utils security and bug fix update
  MITRE:29358 RHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update
  MITRE:28888 RHSA-2009:1289 -- mysql security and bug fix update
  MITRE:29350 RHSA-2009:1287 -- openssh security, bug fix, and enhancement update
  MITRE:28929 RHSA-2009:1278 -- lftp security and bug fix update
  MITRE:29153 RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update
  MITRE:29359 RHSA-2009:1238 -- dnsmasq security update
  MITRE:29281 RHSA-2009:1232 -- gnutls security update
  MITRE:28627 RHSA-2009:1222 -- kernel security and bug fix update
  MITRE:29217 RHSA-2009:1219 -- libvorbis security update
  MITRE:29222 RHSA-2009:1218 -- pidgin security update
  MITRE:29134 RHSA-2009:1209 -- curl security update
  MITRE:28958 RHSA-2009:1206 -- libxml and libxml2 security update
  MITRE:29077 RHSA-2009:1204 -- apr and apr-util security update
  MITRE:29163 RHSA-2009:1203 -- subversion security update
  MITRE:29205 RHSA-2009:1201 -- java-1.6.0-openjdk security and bug fix update
  MITRE:29154 RHSA-2009:1193 -- kernel security and bug fix update
  MITRE:29169 RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update
  MITRE:28629 RHSA-2009:1179 -- bind security update
  MITRE:29294 RHSA-2009:1176 -- python security update
  MITRE:29179 RHSA-2009:1164 -- tomcat security update
  MITRE:29188 RHSA-2009:1162 -- firefox security update
  MITRE:28879 RHSA-2009:1159 -- libtiff security update
  MITRE:28396 RHSA-2009:1148 -- httpd security update
  MITRE:29258 RHSA-2009:1140 -- ruby security update
  MITRE:29100 RHSA-2009:1139 -- pidgin security and bug fix update
  MITRE:29103 RHSA-2009:1138 -- openswan security update
  MITRE:29125 RHSA-2009:1130 -- kdegraphics security update
  MITRE:29301 RHSA-2009:1127 -- kdelibs security update
  MITRE:29183 RHSA-2009:1126 -- thunderbird security update
  MITRE:29311 RHSA-2009:1123 -- gstreamer-plugins-good security update
  MITRE:28965 RHSA-2009:1122 -- icu security update
  MITRE:29022 RHSA-2009:1116 -- cyrus-imapd security update
  MITRE:29299 RHSA-2009:1107 -- apr-util security update
  MITRE:28617 RHSA-2009:1106 -- kernel security and bug fix update
  MITRE:29254 RHSA-2009:1102 -- cscope security update
  MITRE:28894 RHSA-2009:1100 -- wireshark security update
  MITRE:29396 RHSA-2009:1095 -- firefox security update
  MITRE:29206 RHSA-2009:1082 -- cups security update
  MITRE:28800 RHSA-2009:1075 -- httpd security update
  MITRE:29339 RHSA-2009:1066 -- squirrelmail security update
  MITRE:29091 RHSA-2009:1061 -- freetype security update
  MITRE:29110 RHSA-2009:1060 -- pidgin security update
  MITRE:29463 RHSA-2009:1039 -- ntp security update
  MITRE:28495 RHSA-2009:1036 -- ipsec-tools security update
  MITRE:28869 RHSA-2009:0480 -- poppler security update
  MITRE:29079 RHSA-2009:0479 -- perl-DBD-Pg security update
  MITRE:28946 RHSA-2009:0476 -- pango security update
  MITRE:28838 RHSA-2009:0474 -- acpid security update
  MITRE:29446 RHSA-2009:0473 -- kernel security and bug fix update
  MITRE:29380 RHSA-2009:0457 -- libwmf security update
  MITRE:28736 RHSA-2009:0449 -- firefox security update
  MITRE:29286 RHSA-2009:0444 -- giflib security update
  MITRE:29267 RHSA-2009:0436 -- firefox security update
  MITRE:29193 RHSA-2009:0431 -- kdegraphics security update
  MITRE:28592 RHSA-2009:0429 -- cups security update
  MITRE:28703 RHSA-2009:0427 -- udev security update
  MITRE:29276 RHSA-2009:0421 -- ghostscript security update
  MITRE:29387 RHSA-2009:0411 -- device-mapper-multipath security update
  MITRE:28421 RHSA-2009:0408 -- krb5 security update
  MITRE:28934 RHSA-2009:0402 -- openswan security update
  MITRE:29178 RHSA-2009:0397 -- firefox security update
  MITRE:29277 RHSA-2009:0377 -- java-1.6.0-openjdk security update
  MITRE:28954 RHSA-2009:0373 -- systemtap security update
  MITRE:29262 RHSA-2009:0361 -- NetworkManager security update
  MITRE:28741 RHSA-2009:0354 -- evolution-data-server security update
  MITRE:29319 RHSA-2009:0352 -- gstreamer-plugins-base security update
  MITRE:29171 RHSA-2009:0345 -- ghostscript security update
  MITRE:29371 RHSA-2009:0344 -- libsoup security update
  MITRE:28978 RHSA-2009:0341 -- curl security update
  MITRE:29236 RHSA-2009:0339 -- lcms security update
  MITRE:29345 RHSA-2009:0338 -- php security update
  MITRE:29068 RHSA-2009:0336 -- glib2 security update
  MITRE:29196 RHSA-2009:0333 -- libpng security update
  MITRE:28793 RHSA-2009:0326 -- kernel security and bug fix update
  MITRE:29381 RHSA-2009:0315 -- firefox security update
  MITRE:29088 RHSA-2009:0313 -- wireshark security update
  MITRE:29195 RHSA-2009:0296 -- icu security update
  MITRE:28896 RHSA-2009:0271 -- gstreamer-plugins-good security update
  MITRE:29098 RHSA-2009:0267 -- sudo security update
  MITRE:28966 RHSA-2009:0264 -- kernel security update
  MITRE:29367 RHSA-2009:0261 -- vnc security update
  MITRE:28850 RHSA-2009:0259 -- mod_auth_mysql security update
  MITRE:29166 RHSA-2009:0258 -- thunderbird security update
  MITRE:29045 RHSA-2009:0256 -- firefox security update
  MITRE:29343 RHSA-2009:0225 -- Red Hat Enterprise Linux 5.3 kernel security and bug fix update
  MITRE:29313 RHSA-2009:0205 -- dovecot security and bug fix update
  MITRE:29213 RHSA-2009:0057 -- squirrelmail security update
  MITRE:28923 RHSA-2009:0046 -- ntp security update
  MITRE:28987 RHSA-2009:0020 -- bind security update
  MITRE:29143 RHSA-2009:0018 -- xterm security update
  MITRE:29261 RHSA-2009:0013 -- avahi security update
  MITRE:29253 RHSA-2009:0012 -- netpbm security update
  MITRE:29300 RHSA-2009:0011 -- lcms security update
  MITRE:29372 RHSA-2009:0010 -- squirrelmail security update
  MITRE:29288 RHSA-2009:0008 -- dbus security update
  MITRE:28712 RHSA-2009:0004 -- openssl security update
  MITRE:28776 RHSA-2009:0003 -- xen security and bug fix update
  MITRE:29201 RHSA-2009:0002 -- thunderbird security update
  MITRE:29215 RHSA-2008:1036 -- firefox security update
  MITRE:29137 RHSA-2008:1029 -- cups security update
  MITRE:29210 RHSA-2008:1023 -- pidgin security and bug fix update
  MITRE:29354 RHSA-2008:1017 -- kernel security and bug fix update
  MITRE:28976 RHSA-2008:1016 -- enscript security update
  MITRE:29308 RHSA-2008:1001 -- tog-pegasus security update
  MITRE:29306 RHSA-2008:0988 -- libxml2 security update
  MITRE:29020 RHSA-2008:0982 -- gnutls security update
  MITRE:28686 RHSA-2008:0981 -- ruby security update
  MITRE:29237 RHSA-2008:0978 -- firefox security update
  MITRE:29116 RHSA-2008:0976 -- thunderbird security update
  MITRE:29197 RHSA-2008:0971 -- net-snmp security update
  MITRE:29289 RHSA-2008:0967 -- httpd security and bug fix update
  MITRE:28964 RHSA-2008:0965 -- lynx security update
  MITRE:29265 RHSA-2008:0957 -- kernel security and bug fix update
  MITRE:29199 RHSA-2008:0946 -- ed security update
  MITRE:29069 RHSA-2008:0939 -- openoffice.org security update
  MITRE:29185 RHSA-2008:0937 -- cups security update
  MITRE:28693 RHSA-2008:0908 -- thunderbird security update
  MITRE:29090 RHSA-2008:0907 -- pam_krb5 security update
  MITRE:28242 RHSA-2008:0897 -- ruby security update
  MITRE:29039 RHSA-2008:0893 -- bzip2 security update
  MITRE:28930 RHSA-2008:0892 -- xen security and bug fix update
  MITRE:29012 RHSA-2008:0890 -- wireshark security update
  MITRE:29129 RHSA-2008:0885 -- kernel security and bug fix update
  MITRE:29030 RHSA-2008:0884 -- libxml2 security update
  MITRE:29008 RHSA-2008:0879 -- firefox security update
  MITRE:29192 RHSA-2008:0855 -- openssh security update
  MITRE:29044 RHSA-2008:0849 -- ipsec-tools security update
  MITRE:28973 RHSA-2008:0847 -- libtiff security and bug fix update
  MITRE:28256 RHSA-2008:0839 -- postfix security update
  MITRE:29241 RHSA-2008:0836 -- libxml2 security update
  MITRE:29162 RHSA-2008:0835 -- openoffice.org security update
  MITRE:29133 RHSA-2008:0818 -- hplip security update
  MITRE:28842 RHSA-2008:0815 -- yum-rhn-plugin security update
  MITRE:29167 RHSA-2008:0789 -- dnsmasq security update
  MITRE:29029 RHSA-2008:0649 -- libxslt security update
  MITRE:28407 RHSA-2008:0648 -- tomcat security update
  MITRE:28716 RHSA-2008:0616 -- thunderbird security update
  MITRE:28983 RHSA-2008:0612 -- kernel security and bug fix update
  MITRE:29066 RHSA-2008:0597 -- firefox security update
  MITRE:29144 RHSA-2008:0584 -- pidgin security and bug fix update
  MITRE:29038 RHSA-2008:0583 -- openldap security update
  MITRE:29255 RHSA-2008:0581 -- bluez-libs and bluez-utils security update
  MITRE:29232 RHSA-2008:0580 -- vim security update
  MITRE:29234 RHSA-2008:0575 -- rdesktop security update
  MITRE:29028 RHSA-2008:0569 -- firefox security update
  MITRE:28980 RHSA-2008:0561 -- ruby security update
  MITRE:29150 RHSA-2008:0544 -- php security update
  MITRE:28787 RHSA-2008:0533 -- bind security update
  MITRE:28887 RHSA-2008:0486 -- nfs-utils security update
  MITRE:28823 ELSA-2015-1189 -- kvm security update

2015-06-27 CVE-2015-4199 Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent...
  CVE-2015-4225 Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors,...

2015-06-26 CVE-2015-4224 Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

2015-06-25 CVE-2015-4223 Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.

2015-06-24 CVE-2015-4215 Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6...
  CVE-2015-4213 Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.

2015-06-23 CVE-2015-4203 Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed...
  CVE-2015-4200 Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation,...
  CVE-2015-4204 Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests...
  CVE-2015-4205 Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.

2015-06-22 MITRE:29009 MSXML3 same origin policy SFB vulnerability

2015-06-20 CVE-2015-4197 Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.
  CVE-2015-4202 Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization...

2015-06-18 CVE-2015-4191 Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
  CVE-2015-4195 Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.

2015-06-16 MITRE:28440 RHSA-2015:1115-01 -- Redhat openssl
  MITRE:29126 ELSA-2015-1115 -- Oracle openssl
  MITRE:28643 ELSA-2015-1115 -- Oracle openssl
  MITRE:29099 CESA-2015:1115 -- centos 7 openssl
  MITRE:28674 CESA-2015:1115 -- centos 6 openssl

2015-06-13 CVE-2015-4185 The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.

2015-06-12 CVE-2015-0771 The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID...
  CVE-2015-0775 The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000...
  CVE-2015-0776 telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.

2015-06-02 MITRE:28539 RHSA-2015:1002-01 -- Redhat xen
  MITRE:28106 RHSA-2015:0999-01 -- Redhat qemu-kvm, libcacard
  MITRE:28702 RHSA-2015:0998-01 -- Redhat qemu-kvm, qemu-guest-agent
  MITRE:28949 ELSA-2015-1003 -- Oracle kvm-83
  MITRE:28974 ELSA-2015-1002 -- Oracle xen
  MITRE:28893 ELSA-2015-0999 -- Oracle qemu-kvm
  MITRE:29004 ELSA-2015-0998 -- Oracle qemu-kvm_qemu-guest-agent
  MITRE:28198 CESA-2015:1003 -- centos 5 kvm
  MITRE:28937 CESA-2015:1002 -- centos 5 xen
  MITRE:28600 CESA-2015:0999 -- centos 7 qemu-kvm,libcacard
  MITRE:28912 CESA-2015:0998 -- centos 6 qemu-kvm,qemu-guest-agent

2015-06-01 MITRE:28603 Windows MS-DOS device name vulnerability
  MITRE:28397 Windows Hyper-V DoS vulnerability
  MITRE:28831 NtCreateTransactionManager type confusion vulnerability
  MITRE:28523 Microsoft SharePoint XSS vulnerability
  MITRE:28565 Microsoft SharePoint XSS vulnerability
  MITRE:27878 Microsoft office memory corruption vulnerability
  MITRE:28561 Microsoft office component use after free vulnerability
  MITRE:28690 Microsoft office component use after free vulnerability
  MITRE:28752 Microsoft office component use after free vulnerability
  MITRE:28861 Internet Explorer memory corruption vulnerability
  MITRE:28865 Internet Explorer memory corruption vulnerability
  MITRE:27899 Internet Explorer memory corruption vulnerability
  MITRE:27908 Internet Explorer memory corruption vulnerability
  MITRE:28895 Internet Explorer memory corruption vulnerability
  MITRE:28574 Internet Explorer memory corruption vulnerability
  MITRE:28704 Internet Explorer memory corruption vulnerability
  MITRE:28709 Internet Explorer memory corruption vulnerability
  MITRE:28783 Internet Explorer memory corruption vulnerability
  MITRE:28821 Internet Explorer ASLR bypass vulnerability
  MITRE:28623 HTTP.sys Remote code execution vulnerability
  MITRE:28101 EMF processing remote code execution vulnerability
  MITRE:28116 ASP.NET information disclosure vulnerability
  MITRE:28782 Active Directory Federation Services information disclosure vulnerability

2015-05-29 CVE-2015-0756 Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.
  CVE-2015-0751 Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

2015-05-27 CVE-2015-1157 CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications...

2015-05-16 CVE-2015-0723 The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.
  CVE-2015-0726 The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via...
  CVE-2015-0717 Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.

2015-05-15 CVE-2015-0731 The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890.

2015-05-07 CVE-2015-1152 WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1153 WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1156 The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same...
  CVE-2015-1155 The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

2015-05-01 CVE-2014-8361 The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

2015-04-29 CVE-2015-3447 Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter.

2015-04-28 CVE-2015-0710 The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling,...
  CVE-2015-0709 Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348.
  CVE-2015-0708 Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.

2015-04-27 MITRE:27987 WTS remote code execution vulnerability
  MITRE:28813 Win32k elevation of privilege vulnerability
  MITRE:28562 Vulnerability in Microsoft Schannel could allow security feature bypass
  MITRE:28797 VBScript memory corruption vulnerability
  MITRE:28780 Task scheduler security feature bypass vulnerability
  MITRE:28847 Remote desktop protocol
  MITRE:28816 Registry virtualization elevation of privilege vulnerability
  MITRE:28811 OWA modified canary parameter cross site scripting vulnerability
  MITRE:28863 NETLOGON spoofing vulnerability
  MITRE:28851 Microsoft word local zone remote code execution vulnerability
  MITRE:28803 Microsoft windows kernel memory disclosure vulnerability
  MITRE:28656 Microsoft windows kernel memory disclosure vulnerability
  MITRE:28667 Microsoft windows kernel memory disclosure vulnerability
  MITRE:27875 Microsoft SharePoint xss vulnerability
  MITRE:28658 Microsoft SharePoint xss vulnerability
  MITRE:28356 Microsoft office memory corruption vulnerability
  MITRE:28631 Microsoft office component use after free vulnerability
  MITRE:28428 Malformed PNG parsing information disclosure vulnerability
  MITRE:28675 JPEG XR parser information disclosure vulnerability
  MITRE:28836 Internet Explorer memory corruption vulnerability
  MITRE:28843 Internet Explorer memory corruption vulnerability
  MITRE:28464 Internet Explorer memory corruption vulnerability
  MITRE:28487 Internet Explorer memory corruption vulnerability
  MITRE:28569 Internet Explorer memory corruption vulnerability
  MITRE:28670 Internet Explorer memory corruption vulnerability
  MITRE:28757 Internet Explorer memory corruption vulnerability
  MITRE:28768 Internet Explorer memory corruption vulnerability
  MITRE:28781 Internet Explorer memory corruption vulnerability
  MITRE:28605 Internet Explorer elevation of privilege vulnerability
  MITRE:28737 Internet Explorer elevation of privilege vulnerability
  MITRE:28844 Impersonation level check elevation of privilege vulnerability
  MITRE:28748 ExchangeDLP cross site scripting vulnerability
  MITRE:28294 Exchange forged meeting request spoofing vulnerability
  MITRE:27900 Exchange error message cross site scripting vulnerability
  MITRE:28609 DLL planting remote code execution vulnerability
  MITRE:28524 Audit report cross site scripting vulnerability
  MITRE:28807 Adobe font driver remote code execution vulnerability
  MITRE:28684 Adobe font driver remote code execution vulnerability
  MITRE:28738 Adobe font driver remote code execution vulnerability
  MITRE:28770 Adobe font driver remote code execution vulnerability
  MITRE:28771 Adobe font driver remote code execution vulnerability
  MITRE:28469 Adobe font driver information disclosure vulnerability
  MITRE:28549 Adobe font driver information disclosure vulnerability
  MITRE:28730 Adobe font driver denial of service vulnerability

2015-04-16 CVE-2015-0695 Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card...

2015-04-10 CVE-2015-1126 WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource...
  CVE-2015-1116 The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
  CVE-2015-1125 The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
  CVE-2015-1115 The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
  CVE-2015-1113 The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
  CVE-2015-1106 The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
  CVE-2015-1107 The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making...
  CVE-2015-1108 The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
  CVE-2015-1091 The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin...
  CVE-2015-1111 Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1109 NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
  CVE-2015-3003 Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users...
  CVE-2015-3002 Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port...
  CVE-2015-3004 J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3...
  CVE-2015-1098 iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-1093 FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
  CVE-2015-1087 Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
  CVE-2015-3005 Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject...
  CVE-2015-1088 CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
  CVE-2015-1090 CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1089 CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
  CVE-2015-1085 AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
  CVE-2015-1112 Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive...
  CVE-2015-1129 Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

2015-04-06 CVE-2015-0690 Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.

2015-04-03 CVE-2015-0688 Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.

2015-04-02 CVE-2015-0686 The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID...
  CVE-2015-0687 The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka...
  CVE-2015-0685 Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.

2015-03-30 MITRE:28688 Windows font driver denial of service vulnerability
  MITRE:28764 Windows create process elevation of privilege vulnerability
  MITRE:28689 Win32k elevation of privilege vulnerability
  MITRE:28633 TrueType font parsing remote code execution vulnerability
  MITRE:28731 TIFF Processing information disclosure vulnerability
  MITRE:28598 OneTableDocumentStream remote code execution vulnerability
  MITRE:28074 Office remote code execution vulnerability
  MITRE:27780 Microsoft schannel remote code execution vulnerability
  MITRE:28762 Microsoft schannel remote code execution vulnerability
  MITRE:28668 Microsoft Office component use after free vulnerability
  MITRE:28548 Internet Explorer use-after-free vulnerability
  MITRE:27765 Internet Explorer memory corruption vulnerability
  MITRE:27772 Internet Explorer memory corruption vulnerability
  MITRE:27957 Internet Explorer memory corruption vulnerability
  MITRE:27977 Internet Explorer memory corruption vulnerability
  MITRE:28021 Internet Explorer memory corruption vulnerability
  MITRE:28475 Internet Explorer memory corruption vulnerability
  MITRE:28522 Internet Explorer memory corruption vulnerability
  MITRE:28540 Internet Explorer memory corruption vulnerability
  MITRE:28558 Internet Explorer memory corruption vulnerability
  MITRE:28573 Internet Explorer memory corruption vulnerability
  MITRE:28590 Internet Explorer memory corruption vulnerability
  MITRE:28639 Internet Explorer memory corruption vulnerability
  MITRE:28653 Internet Explorer memory corruption vulnerability
  MITRE:28663 Internet Explorer memory corruption vulnerability
  MITRE:28666 Internet Explorer memory corruption vulnerability
  MITRE:28683 Internet Explorer memory corruption vulnerability
  MITRE:28691 Internet Explorer memory corruption vulnerability
  MITRE:28695 Internet Explorer memory corruption vulnerability
  MITRE:28711 Internet Explorer memory corruption vulnerability
  MITRE:28714 Internet Explorer memory corruption vulnerability
  MITRE:28718 Internet Explorer memory corruption vulnerability
  MITRE:28732 Internet Explorer memory corruption vulnerability
  MITRE:28735 Internet Explorer memory corruption vulnerability
  MITRE:28750 Internet Explorer memory corruption vulnerability
  MITRE:28337 Internet Explorer memory corruption vulnerability
  MITRE:28347 Internet Explorer memory corruption vulnerability
  MITRE:28272 Internet Explorer memory corruption vulnerability
  MITRE:28382 Internet Explorer memory corruption vulnerability
  MITRE:28383 Internet Explorer memory corruption vulnerability
  MITRE:28384 Internet Explorer memory corruption vulnerability
  MITRE:28394 Internet Explorer memory corruption vulnerability
  MITRE:28395 Internet Explorer memory corruption vulnerability
  MITRE:28402 Internet Explorer memory corruption vulnerability
  MITRE:28413 Internet Explorer memory corruption vulnerability
  MITRE:28728 Internet Explorer elevation of privilege vulnerability
  MITRE:28193 Internet Explorer elevation of privilege vulnerability
  MITRE:28018 Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28449 Internet Explorer ASLR bypass vulnerability
  MITRE:28486 Internet Explorer ASLR bypass vulnerability
  MITRE:28257 Internet Explorer ASLR bypass vulnerability
  MITRE:28767 Group Policy security feature bypass vulnerability
  MITRE:28700 Group Policy remote code execution vulnerability
  MITRE:28604 Excel remote code execution vulnerability
  MITRE:28202 CNG security feature bypass vulnerability

2015-03-27 CVE-2015-0679 The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.
  CVE-2015-0658 The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on...
  CVE-2015-0680 Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.

2015-03-26 CVE-2015-0650 The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote...
  CVE-2015-0645 The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0640 The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0672 The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.
  CVE-2015-0639 The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S,...
  CVE-2015-0635 The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA)...
  CVE-2015-0636 The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via...
  CVE-2015-0637 The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN...
  CVE-2015-0646 Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of...
  CVE-2015-0648 Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.
  CVE-2015-0641 Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted...
  CVE-2015-0638 Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.
  CVE-2015-0647 Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371.
  CVE-2015-0649 Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514.
  CVE-2015-0642 Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0643 Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0644 AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service...

2015-03-20 CVE-2015-0669 The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN)...

2015-03-18 CVE-2015-1084 The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

2015-03-12 CVE-2015-1064 Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
  CVE-2015-1065 Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
  CVE-2015-1063 CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.

2015-03-09 MITRE:28554 Windows Telnet service buffer overflow vulnerability

2015-03-05 CVE-2015-0661 The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.
  CVE-2015-0598 The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.
  CVE-2015-0659 The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
  CVE-2015-0607 The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that...
  CVE-2015-0657 Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.

2015-03-04 CVE-2015-0204 FREAK: SSL/TLS vulnerability

2015-02-26 CVE-2015-0632 Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

2015-02-23 MITRE:28634 Windows Error Reporting security feature bypass vulnerability
  MITRE:27743 WebDAV elevation of privilege vulnerability
  MITRE:28297 NLA Security Feature Bypass Vulnerability
  MITRE:28478 Network policy server RADIUS implementation denial of service vulnerability
  MITRE:28330 Microsoft user profile service elevation of privilege vulnerability
  MITRE:28664 Graphics component information disclosure vulnerability
  MITRE:28717 Directory Traversal elevation of privilege vulnerability

2015-02-21 CVE-2015-0618 Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with...

2015-02-20 CVE-2015-2078 MITM installed: Superfish certificate
  CVE-2015-2077 MITM installed: Superfish adware

2015-02-18 CVE-2015-0622 The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the...

2015-02-15 CVE-2015-0609 Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via...
  CVE-2015-1474 Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption)...

2015-02-12 CVE-2015-0593 The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003.

2015-02-11 CVE-2015-0592 The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.
  CVE-2015-0606 The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696.
  CVE-2015-0610 Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco...
  CVE-2015-0608 Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper...

2015-02-03 CVE-2014-8013 The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.

2015-01-30 CVE-2014-4467 WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
  CVE-2014-8840 The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.
  CVE-2014-4493 The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
  CVE-2014-4494 Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging...

2015-01-28 CVE-2015-0586 The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR...
  MITRE:28438 RHSA-2015:0092 -- glibc security update
  MITRE:28360 RHSA-2015:0090 -- glibc security update
  MITRE:28622 ELSA-2015-0092 -- glibc security update
  MITRE:28638 ELSA-2015-0090 -- glibc security update

2015-01-26 MITRE:28006 Use After Free Word Remote Code Execution Vulnerability
  MITRE:28328 OWA XSS vulnerability () - MS14-075
  MITRE:28291 OWA XSS vulnerability () - MS14-075
  MITRE:28425 Outlook Web App token spoofing vulnerability () - MS14-075
  MITRE:27937 Microsoft Office component use after free vulnerability
  MITRE:28299 Invalid index remote code execution vulnerability
  MITRE:27932 Internet Explorer XSS filter bypass vulnerability
  MITRE:28172 Internet Explorer XSS filter bypass vulnerability
  MITRE:27704 Internet Explorer memory corruption vulnerability
  MITRE:28329 Internet Explorer memory corruption vulnerability
  MITRE:28430 Internet Explorer memory corruption vulnerability
  MITRE:28349 Internet Explorer memory corruption vulnerability
  MITRE:28368 Internet Explorer memory corruption vulnerability
  MITRE:28376 Internet Explorer memory corruption vulnerability
  MITRE:28377 Internet Explorer memory corruption vulnerability
  MITRE:28392 Internet Explorer memory corruption vulnerability
  MITRE:28401 Internet Explorer memory corruption vulnerability
  MITRE:28404 Internet Explorer memory corruption vulnerability
  MITRE:28408 Internet Explorer memory corruption vulnerability
  MITRE:28416 Internet Explorer memory corruption vulnerability
  MITRE:28084 Graphics component information disclosure vulnerability
  MITRE:28280 Global free remote code execution in excel vulnerability
  MITRE:28415 Exchange URL redirection vulnerability () - MS14-075
  MITRE:27446 Excel invalid pointer remote code execution vulnerability

2015-01-22 CVE-2014-8008 Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

2015-01-16 CVE-2014-6383 The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.
  CVE-2014-6382 The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of...
  CVE-2014-6384 Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle...
  CVE-2014-6386 Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before...
  CVE-2014-6385 Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1...

2015-01-09 CVE-2015-0582 The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.

2014-12-30 MITRE:28571 SUSE-SU-2014:1650-1 -- Security update for flash-player
  MITRE:28176 SUSE-SU-2014:1623-1 -- Security update for pidgin
  MITRE:28044 SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g
  MITRE:28499 SUSE-SU-2014:1545-1 -- Security update for flash-player
  MITRE:28460 RHSA-2014:2025 -- ntp security update
  MITRE:28483 RHSA-2014:2024 -- ntp security update
  MITRE:28439 RHSA-2014:2023 -- glibc security and bug fix update
  MITRE:28532 RHSA-2014:2021 -- jasper security update
  MITRE:28630 RHSA-2014:2010 -- kernel security update
  MITRE:28453 RHSA-2014:2008 -- kernel security update
  MITRE:28385 RHSA-2014:1999 -- mailx security update
  MITRE:27703 RHSA-2014:1997 -- kernel security and bug fix update
  MITRE:28498 RHSA-2014:1985 -- bind97 security update
  MITRE:28588 RHSA-2014:1984 -- bind security update
  MITRE:28613 RHSA-2014:1983 -- xorg-x11-server security update
  MITRE:28652 RHSA-2014:1982 -- xorg-x11-server security update
  MITRE:28437 RHSA-2014:1976 -- rpm security update
  MITRE:28661 RHSA-2014:1974 -- rpm security update
  MITRE:28399 RHSA-2014:1971 -- kernel security and bug fix update

2014-12-29 MITRE:28056 TypeFilterLevel vulnerability
  MITRE:27794 Microsoft schannel remote code execution vulnerability
  MITRE:27356 Internet Explorer memory corruption vulnerability
  MITRE:27372 Internet Explorer memory corruption vulnerability
  MITRE:27601 Internet Explorer memory corruption vulnerability
  MITRE:28177 Internet Explorer memory corruption vulnerability
  MITRE:28205 Internet Explorer memory corruption vulnerability
  MITRE:28358 Internet Explorer memory corruption vulnerability
  MITRE:27897 Internet Explorer elevation of privilege vulnerability
  MITRE:28266 Internet Explorer elevation of privilege vulnerability
  MITRE:28339 Internet Explorer cross-domain information disclosure vulnerability.
  MITRE:28204 Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28290 Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28334 Internet Explorer Clipboard Information Disclosure Vulnerability
  MITRE:28173 Active Directory Federation Services information disclosure vulnerability

2014-12-22 MITRE:28647 ELSA-2014-3108 -- Unbreakable Enterprise kernel security update
  MITRE:28492 ELSA-2014-3107 -- Unbreakable Enterprise kernel security update
  MITRE:27915 ELSA-2014-3106 -- Unbreakable Enterprise kernel security update
  MITRE:27668 ELSA-2014-3105 -- Unbreakable Enterprise kernel security update
  MITRE:28482 ELSA-2014-3104 -- Unbreakable Enterprise kernel security update
  MITRE:28305 ELSA-2014-3103 -- Unbreakable Enterprise kernel security update
  MITRE:28192 ELSA-2014-2025 -- ntp security update
  MITRE:28304 ELSA-2014-2024 -- ntp security update
  MITRE:28088 ELSA-2014-2023 -- glibc security and bug fix update
  MITRE:28420 ELSA-2014-2021 -- jasper security update
  MITRE:28310 ELSA-2014-2010 -- kernel security update
  MITRE:28616 ELSA-2014-2008-1 -- kernel security update
  MITRE:28387 ELSA-2014-2008 -- kernel security update
  MITRE:28324 ELSA-2014-1999 -- mailx security update
  MITRE:28612 ELSA-2014-1997 -- kernel security and bug fix update
  MITRE:28079 ELSA-2014-1985 -- bind97 security update
  MITRE:28485 ELSA-2014-1984 -- bind security update
  MITRE:28543 ELSA-2014-1983 -- xorg-x11-server security update
  MITRE:28577 ELSA-2014-1982 -- xorg-x11-server security update
  MITRE:28615 ELSA-2014-1976 -- rpm security update
  MITRE:28261 ELSA-2014-1974 -- rpm security update
  MITRE:28418 ELSA-2014-1971 -- kernel security and bug fix update

2014-12-18 CVE-2014-8014 Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.

2014-12-17 CVE-2014-9322 arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that...

2014-12-15 CVE-2014-8609 The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for...
  CVE-2014-8507 Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary...
  CVE-2014-7911 luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization,...
  CVE-2014-8610 AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or...

2014-12-08 MITRE:28472 SUSE-SU-2014:1544-1 -- Security update for LibreOffice
  MITRE:27600 SUSE-SU-2014:1458-3 -- Security update for MozillaFirefox
  MITRE:28194 SUSE-SU-2014:1442-1 -- Security update for flash-player
  MITRE:28507 SUSE-SU-2014:1408-1 -- Security update for wget
  MITRE:28277 SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK
  MITRE:28457 SUSE-SU-2014:1387-1 -- Security update for OpenSSL
  MITRE:27526 SUSE-SU-2014:1360-1 -- Security update for flash-player
  MITRE:28295 RHSA-2014:1959 -- kernel security and bug fix update
  MITRE:27507 RHSA-2014:1956 -- wpa_supplicant security update
  MITRE:28139 RHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  MITRE:28459 RHSA-2014:1924 -- thunderbird security update
  MITRE:27983 RHSA-2014:1919 -- firefox security update
  MITRE:27935 RHSA-2014:1912 -- ruby security update
  MITRE:28142 RHSA-2014:1911 -- ruby security update
  MITRE:27716 RHSA-2014:1893 -- libXfont security update
  MITRE:27707 RHSA-2014:1885 -- libxml2 security update
  MITRE:28313 RHSA-2014:1873 -- libvirt security and bug fix update
  MITRE:28435 RHSA-2014:1870 -- libXfont security update
  MITRE:27610 RHSA-2014:1861 -- mariadb security update
  MITRE:28389 RHSA-2014:1859 -- mysql55-mysql security update
  MITRE:27895 RHSA-2014:1846 -- gnutls security update
  MITRE:27992 RHSA-2014:1843 -- kernel security and bug fix update
  MITRE:28039 RHSA-2014:1827 -- kdenetwork security update
  MITRE:28208 RHSA-2014:1826 -- libvncserver security update
  MITRE:28186 RHSA-2014:1824 -- php security update
  MITRE:28374 RHSA-2014:1803 -- mod_auth_mellon security update
  MITRE:27612 RHSA-2014:1801 -- shim security update
  MITRE:28375 RHSA-2014:1795 -- cups-filters security update
  MITRE:28326 RHSA-2014:1768 -- php53 security update
  MITRE:28030 RHSA-2014:1767 -- php security update
  MITRE:28354 RHSA-2014:1764 -- wget security update
  MITRE:28090 RHSA-2014:1724 -- kernel security and bug fix update
  MITRE:28373 ELSA-2014-3096 -- Unbreakable Enterprise kernel security update
  MITRE:27549 ELSA-2014-3095 -- docker security and bug fix update
  MITRE:28263 ELSA-2014-3094 -- bash security update
  MITRE:27461 ELSA-2014-3093 -- bash security update
  MITRE:28237 ELSA-2014-3092 -- bash security update
  MITRE:27775 ELSA-2014-1959-1 -- kernel security and bug fix update
  MITRE:27990 ELSA-2014-1959 -- kernel security and bug fix update
  MITRE:28391 ELSA-2014-1956 -- wpa_supplicant security update
  MITRE:27738 ELSA-2014-1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  MITRE:28254 ELSA-2014-1924 -- thunderbird security update
  MITRE:28112 ELSA-2014-1919 -- firefox security update
  MITRE:28303 ELSA-2014-1912 -- ruby security update
  MITRE:28027 ELSA-2014-1911 -- ruby security update
  MITRE:28414 ELSA-2014-1893 -- libXfont security update
  MITRE:28050 ELSA-2014-1885 -- libxml2 security update
  MITRE:28378 ELSA-2014-1873 -- libvirt security and bug fix update
  MITRE:28393 ELSA-2014-1870 -- libXfont security update
  MITRE:27477 ELSA-2014-1861 -- mariadb security update
  MITRE:28369 ELSA-2014-1859 -- mysql55-mysql security update

2014-11-25 CVE-2014-8005 Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
  CVE-2014-8004 Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.

2014-11-24 MITRE:26757 .NET Framework remote code execution vulnerability
  MITRE:26601 .NET framework denial of service vulnerability
  MITRE:26910 .NET ClickOnce elevation of privilege vulnerability

2014-11-18 CVE-2014-4457 The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time...
  CVE-2014-4460 CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-4451 Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
  CVE-2014-4453 Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via...
  CVE-2014-4463 Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

2014-11-17 CVE-2014-7992 The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

2014-11-14 CVE-2014-7997 The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by...
  MITRE:27974 ELSA-2014-3089 -- Unbreakable Enterprise kernel security update
  MITRE:28227 ELSA-2014-3087 -- Unbreakable Enterprise kernel security update
  MITRE:28219 ELSA-2014-1827 -- kdenetwork security update
  CVE-2014-7998 Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.

2014-11-13 CVE-2014-7991 The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS...

2014-11-05 MITRE:26620 ELSA-2014-3086 -- Unbreakable Enterprise kernel security update
  MITRE:27236 ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update
  MITRE:27227 ELSA-2014-3083 -- Unbreakable Enterprise kernel Security update
  MITRE:26519 ELSA-2014-3081 -- Unbreakable Enterprise kernel security update
  MITRE:27266 ELSA-2014-3070 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27215 ELSA-2014-3069 -- unbreakable enterprise kernel security update
  MITRE:26951 ELSA-2014-3067 -- unbreakable enterprise kernel security update
  MITRE:27158 ELSA-2014-3054 -- unbreakable enterprise kernel security update
  MITRE:26359 ELSA-2014-3052 -- unbreakable enterprise kernel security update
  MITRE:26514 ELSA-2014-3049 -- unbreakable enterprise kernel security update
  MITRE:27341 ELSA-2014-3048 -- unbreakable enterprise kernel security update
  MITRE:27200 ELSA-2014-3046 -- unbreakable enterprise kernel security update
  MITRE:27250 ELSA-2014-3043 -- unbreakable enterprise kernel security update
  MITRE:27352 ELSA-2014-3041 -- unbreakable enterprise kernel security update
  MITRE:27093 ELSA-2014-3039 -- Unbreakable Enterprise kernel security update
  MITRE:27316 ELSA-2014-3037 -- Unbreakable Enterprise kernel security update
  MITRE:26365 ELSA-2014-3034 -- Unbreakable Enterprise kernel security update
  MITRE:27092 ELSA-2014-3023 -- Unbreakable Enterprise kernel security update
  MITRE:27318 ELSA-2014-3021 -- Unbreakable Enterprise kernel security update
  MITRE:27347 ELSA-2014-3016 -- Unbreakable Enterprise kernel security update
  MITRE:26883 ELSA-2014-3014 -- unbreakable enterprise kernel security update
  MITRE:27278 ELSA-2014-3011 -- Unbreakable Enterprise kernel security update
  MITRE:27242 ELSA-2014-3010 -- Unbreakable Enterprise kernel security update
  MITRE:26522 ELSA-2014-3002 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27016 ELSA-2014-1669 -- qemu-kvm security and bug fix update
  MITRE:26880 ELSA-2014-1075 -- qemu-kvm security and bug fix update
  MITRE:27233 ELSA-2014-1052 -- openssl security update
  MITRE:26804 ELSA-2014-1004 -- yum-updatesd security update
  MITRE:27160 ELSA-2014-0927 -- qemu-kvm security and bug fix update
  MITRE:26595 ELSA-2014-0926-1 -- kernel security and bug fix update
  MITRE:26940 ELSA-2014-0926 -- kernel security and bug fix update
  MITRE:27351 ELSA-2014-0921 -- httpd security update
  MITRE:27060 ELSA-2014-0920 -- httpd security update
  MITRE:27342 ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update
  MITRE:26995 ELSA-2014-0890 -- java-1.7.0-openjdk security update
  MITRE:27141 ELSA-2014-0889 -- java-1.7.0-openjdk security update
  MITRE:26531 ELSA-2014-0790 -- dovecot security update
  MITRE:27323 ELSA-2014-0740-1 -- kernel security and bug fix update
  MITRE:27247 ELSA-2014-0704 -- qemu-kvm security and bug fix update
  MITRE:27337 ELSA-2014-0702 -- mariadb security update
  MITRE:27029 ELSA-2014-0685 -- java-1.6.0-openjdk security update
  MITRE:27123 ELSA-2014-0679 -- openssl security update
  MITRE:27331 ELSA-2014-0675 -- java-1.7.0-openjdk security update
  MITRE:27296 ELSA-2014-0433-1 -- kernel security, bug fix, and enhancement update
  MITRE:27275 ELSA-2014-0285-1 -- kernel security, bug fix, and enhancement update
  MITRE:27232 ELSA-2014-0108-1 -- kernel security and bug fix update
  MITRE:27343 ELSA-2013-2589 -- unbreakable enterprise kernel security update
  MITRE:27388 ELSA-2013-2587 -- unbreakable enterprise kernel security update
  MITRE:27358 ELSA-2013-2585 -- Unbreakable Enterprise Kernel security update
  MITRE:27338 ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update
  MITRE:27502 ELSA-2013-2577 -- unbreakable enterprise kernel security update
  MITRE:27378 ELSA-2013-2575 -- unbreakable enterprise kernel security update
  MITRE:26512 ELSA-2013-2542 -- unbreakable enterprise kernel security update
  MITRE:27433 ELSA-2013-2537 -- unbreakable enterprise kernel security update
  MITRE:27466 ELSA-2013-2534 -- Unbreakable Enterprise kernel Security update
  MITRE:27622 ELSA-2013-2520 -- Unbreakable Enterprise kernel security update
  MITRE:27047 ELSA-2013-2512 -- Unbreakable Enterprise kernel Security update
  MITRE:27657 ELSA-2013-2504 -- Unbreakable Enterprise kernel security update
  MITRE:26673 ELSA-2013-1790-1 -- kernel security and bug fix update
  MITRE:27381 ELSA-2013-1449-1 -- kernel security and bug fix update
  MITRE:27281 ELSA-2013-1348-1 -- Oracle Linux 5 kernel update
  MITRE:27255 ELSA-2013-1348 -- Oracle linux 5 kernel update
  MITRE:27491 ELSA-2013-1292-1 -- kernel security and bug fix update
  MITRE:27425 ELSA-2013-1166-1 -- kernel security and bug fix update
  MITRE:26661 ELSA-2013-1034-1 -- kernel security and bug fix update
  MITRE:27334 ELSA-2013-0847-1 -- kernel security and bug fix update
  MITRE:26901 ELSA-2013-0747-1 -- kernel security and bug fix update
  MITRE:26800 ELSA-2013-0621-1 -- kernel security update
  MITRE:27623 ELSA-2013-0594-1 -- kernel security and bug fix update
  MITRE:27051 ELSA-2013-0168-1 -- kernel security and bug fix update
  MITRE:27629 ELSA-2012-2048 -- Unbreakable Enterprise kernel security update
  MITRE:26983 ELSA-2012-2044 -- Unbreakable Enterprise kernel security update
  MITRE:27071 ELSA-2012-2041 -- Unbreakable Enterprise kernel Security update
  MITRE:27596 ELSA-2012-2038 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27648 ELSA-2012-2035 -- Unbreakable Enterprise kernel security update
  MITRE:27735 ELSA-2012-2026 -- Unbreakable Enterprise kernel Security update
  MITRE:27550 ELSA-2012-2020 -- Unbreakable Enterprise kernel security and bugfix update
  MITRE:27698 ELSA-2012-2014 -- Unbreakable Enterprise kernel security update
  MITRE:27249 ELSA-2012-2007 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27914 ELSA-2012-2003 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27842 ELSA-2012-2001 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27375 ELSA-2012-1540-1 -- kernel security, bug fix, and enhancement update
  MITRE:27812 ELSA-2012-1445-1 -- kernel security and bug fix update
  MITRE:27688 ELSA-2012-1323-1 -- kernel security and bug fix update
  MITRE:27535 ELSA-2012-1174-1 -- kernel security and bug fix update
  MITRE:27194 ELSA-2012-1061-1 -- kernel security and bug fix update
  MITRE:27635 ELSA-2012-0721-1 -- kernel security update
  MITRE:27818 ELSA-2012-0690-1 -- kernel security and bug fix update
  MITRE:27823 ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update
  MITRE:27877 ELSA-2012-0150-1 -- Oracle Linux 5.8 kernel security and bug update
  MITRE:27955 ELSA-2011-2038 -- Unbreakable Enterprise kernel security update
  MITRE:27916 ELSA-2011-2037 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:28092 ELSA-2011-2033 -- Unbreakable Enterprise kernel security update
  MITRE:28158 ELSA-2011-2029 -- Unbreakable Enterprise kernel security update
  MITRE:28157 ELSA-2011-2025 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:28038 ELSA-2011-2024 -- Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update
  MITRE:27903 ELSA-2011-2021 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27518 ELSA-2011-2019 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27793 ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update
  MITRE:28004 ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:28005 ELSA-2011-2014 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27959 ELSA-2011-2010 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27702 ELSA-2010-2011 -- Unbreakable enterprise kernel security and bug fix update
  MITRE:28028 ELSA-2010-2010 -- kernel security update
  MITRE:27240 ELSA-2010-2009 -- Oracle Linux 5 Unbreakable Enterprise kernel security fix update
  MITRE:27587 ELSA-2010-2008 -- Unbreakable enterprise kernel security update

2014-10-31 CVE-2014-3366 SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
  CVE-2014-3375 Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.
  CVE-2014-3372 Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
  CVE-2014-3373 Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug...
  CVE-2014-3374 Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

2014-10-28 MITRE:27022 RHSA-2014:1669 -- qemu-kvm security and bug fix update
  MITRE:27220 RHSA-2013:1353 -- sudo security and bug fix update
  MITRE:27070 RHSA-2013:0519 -- openssh security, bug fix and enhancement update

2014-10-25 CVE-2014-3409 The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

2014-10-22 CVE-2014-4450 The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading...
  CVE-2014-4449 iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
  CVE-2014-4448 House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

2014-10-20 MITRE:26378 Unspecified vulnerability allows remote attackers to bypass Protected Mode
  MITRE:26532 Heap-based buffer overflow in KMPlayer 3.0.0.1441
  MITRE:25633 Arbitrary code executing via unknown vectors.
  MITRE:26362 Apache Subversion vulnerability Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials
  MITRE:25808 Apache Subversion vulnerability 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate

2014-10-17 MITRE:27068 RHSA-2014:1658: java-1.6.0-sun security update
  MITRE:26915 RHSA-2014:1657: java-1.7.0-oracle security update
  MITRE:27149 RHSA-2014:1655: libxml2 security update
  MITRE:26767 RHSA-2014:1654: rsyslog7 security update
  MITRE:26947 RHSA-2014:1636: java-1.8.0-openjdk security update
  MITRE:27101 RHSA-2014:1606: file security and bug fix update
  MITRE:26805 RHSA-2014:1552: openssh security, bug fix, and enhancement update
  MITRE:26927 RHSA-2014:1507: trousers security, bug fix, and enhancement update
  MITRE:26759 RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update
  MITRE:27086 RHSA-2014:1392: kernel security, bug fix, and enhancement update
  MITRE:26605 RHSA-2014:1391: glibc security, bug fix, and enhancement update
  MITRE:26390 RHSA-2014:1390: luci security, bug fix, and enhancement update
  MITRE:26917 RHSA-2014:1389: krb5 security and bug fix update
  MITRE:27056 RHSA-2014:1388: cups security and bug fix update
  MITRE:27084 ELSA-2014-1652 -- openssl security update
  MITRE:26179 ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
  MITRE:26796 ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update
  MITRE:26716 ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update
  MITRE:27085 ELSA-2014-1552 -- openssh security, bug fix, and enhancement update
  MITRE:26570 ELSA-2014-1388 -- cups security and bug fix update

2014-10-16 CVE-2014-3566 POODLE: SSLv3 vulnerability

2014-10-14 CVE-2014-3825 The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote...
  CVE-2014-3818 Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49...
  CVE-2014-6378 Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5,...
  CVE-2014-6379 Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2...
  CVE-2014-6380 Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before...

2014-10-09 CVE-2014-3404 The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677.
  CVE-2014-3403 The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
  CVE-2014-3405 Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct...

2014-10-08 CVE-2014-3187 Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device...

2014-10-06 MITRE:26275 CSyncBasePlayer use after free vulnerability

2014-10-01 MITRE:26189 ELSA-2014-3073 -- Unbreakable Enterprise kernel security update
  MITRE:26806 ELSA-2014-3072 -- Unbreakable Enterprise kernel security update
  MITRE:26970 ELSA-2014-1244 -- bind97 security and bug fix update
  MITRE:27050 ELSA-2014-1166 -- jakarta-commons-httpclient security update
  MITRE:26892 ELSA-2014-1148 -- squid security update
  MITRE:26644 ELSA-2014-1147 -- squid security update

2014-09-29 MITRE:26919 ELSA-2014-3018 -- Unbreakable Enterprise kernel security update

2014-09-26 MITRE:26718 RHSA-2014:1255: krb5 security update
  MITRE:26451 RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update
  MITRE:26777 RHSA-2014:1245: krb5 security and bug fix update
  MITRE:26030 RHSA-2014:1244: bind97 security and bug fix update
  MITRE:26641 RHSA-2014:1243: automake security update
  MITRE:26851 RHSA-2014:1194: conga security and bug fix update

2014-09-25 CVE-2014-3355 The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3356 The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3361 The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.
  CVE-2014-3359 Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or...
  CVE-2014-3358 Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface...
  CVE-2014-3357 Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug...
  CVE-2014-3360 Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service...
  CVE-2014-3354 Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a...
  CVE-2014-6271 Bash environment variables code injection
  CVE-2014-7169 Bash environment variables code injection

2014-09-20 CVE-2014-3378 tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.
  CVE-2014-3377 snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.
  CVE-2014-3376 Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.

2014-09-18 CVE-2014-4409 WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
  CVE-2014-4362 The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
  CVE-2014-4361 The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
  CVE-2014-4423 The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.
  CVE-2014-4368 The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
  CVE-2014-4363 Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509...
  CVE-2014-4386 Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
  CVE-2014-4353 Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
  CVE-2014-4374 NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
  CVE-2014-4366 Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
  CVE-2014-4384 Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
  CVE-2014-4367 Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
  CVE-2014-4354 Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
  CVE-2014-4356 Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.
  CVE-2014-4352 Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

2014-09-11 CVE-2014-3342 The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
  CVE-2014-3363 Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.

2014-09-10 CVE-2014-3343 Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.

2014-09-08 MITRE:25066 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity
  MITRE:25224 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity
  MITRE:24828 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity
  MITRE:25160 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  MITRE:24806 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  MITRE:25136 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity
  MITRE:25273 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality
  MITRE:24827 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality

2014-09-04 CVE-2014-3353 Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165.

2014-08-18 MITRE:24871 Windows journal remote code execution vulnerability

2014-08-12 CVE-2014-3338 The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via...

2014-08-11 CVE-2014-3327 The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101.
  CVE-2014-3332 Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

2014-08-06 MITRE:26284 SUSE-SU-2014:0905-1 -- Security update for Mozilla Firefox

2014-08-05 MITRE:26186 RHSA-2014:1004: yum-updatesd security update
  MITRE:26244 RHSA-2013-1605: glibc security, bug fix, and enhancement update
  MITRE:26218 RHSA-2012:0884: openssh security, bug fix, and enhancement update

2014-07-28 MITRE:25091 RHSA-2014:0927: qemu-kvm security and bug fix update

2014-07-21 MITRE:24567 SharePoint Page Content Vulnerabilities () - MS14-022

2014-07-15 MITRE:25349 SUSE-SU-2014:0727-1 -- Security update for Mozilla Firefox
  MITRE:25341 SUSE-SU-2014:0665-2 -- Security update for Mozilla Firefox
  MITRE:25916 SUSE-SU-2013:1183-1 -- Security update for xorg-x11
  MITRE:26212 SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox
  MITRE:25815 SUSE-SU-2013:0306-1 -- Security update for Mozilla Firefox
  MITRE:25898 SUSE-RU-2013:0703-2 -- Recommended update for ksh
  MITRE:25231 SUSE-RU-2013:0634-1 -- Recommended update for Xorg

2014-07-14 CVE-2014-3319 Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
  CVE-2014-3317 Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.

2014-07-11 CVE-2014-3815 Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.
  CVE-2014-3822 Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service...
  CVE-2014-3817 Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote...
  CVE-2014-3816 Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before...
  CVE-2014-3819 Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4,...
  CVE-2014-3821 Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote...

2014-07-10 CVE-2014-3316 The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
  CVE-2014-3318 Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.
  CVE-2014-3315 Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka...

2014-07-09 CVE-2014-3309 The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka...

2014-07-02 CVE-2014-3100 Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended...

2014-07-01 CVE-2014-1345 WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
  CVE-2014-1349 Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.
  CVE-2014-1351 Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
  CVE-2014-1350 Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.
  CVE-2014-1348 Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-1360 Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
  CVE-2014-1353 Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application,...
  CVE-2014-1352 Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
  CVE-2014-1354 CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...

2014-06-25 CVE-2014-3299 Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.

2014-06-14 CVE-2014-3290 The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a...
  CVE-2014-3295 The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.

2014-06-13 CVE-2014-3813 Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors...
  CVE-2014-3814 The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the...

2014-06-10 CVE-2014-3292 The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
  CVE-2014-3287 SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL,...

2014-06-08 CVE-2014-3291 Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling,...

2014-06-02 MITRE:24712 Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols
  MITRE:24520 Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  MITRE:24523 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  MITRE:24709 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI
  MITRE:24672 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
  MITRE:24441 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
  MITRE:24676 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  MITRE:24510 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
  MITRE:24502 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  MITRE:23723 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened,...

2014-05-25 CVE-2013-1191 Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management...
  CVE-2014-2200 Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID...
  CVE-2014-3284 Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

2014-05-20 CVE-2014-3269 The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.
  CVE-2014-3273 The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.
  CVE-2014-3270 The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.
  CVE-2014-3271 The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.
  CVE-2013-6975 Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.

2014-05-19 MITRE:24283 Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server
  MITRE:24101 Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server

2014-05-16 CVE-2014-3263 The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.
  CVE-2014-3262 The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet...

2014-05-13 CVE-2010-4832 Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate...

2014-05-07 CVE-2014-0684 Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.

2014-05-05 MITRE:24405 Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
  MITRE:24141 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and...

2014-04-29 CVE-2014-2183 The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.
  CVE-2014-2184 The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
  CVE-2014-2185 The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
  CVE-2013-7373 Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.

2014-04-28 MITRE:23940 Apache Subversion vulnerability before 1.7.15 and 1.8.x before 1.8.6 in VisualSVN Server allows remote attackers to cause a denial of service
  MITRE:23340 Apache Subversion vulnerability 1.8.0 through 1.8.2 in VisualSVN Server
  MITRE:24245 Apache Subversion vulnerability 1.8.0 through 1.8.1 in VisualSVN Server allows to split "pack file" in the repository
  MITRE:24277 Apache Subversion vulnerability 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4 in VisualSVN Server allows remote attackers to cause a denial of service
  MITRE:24294 Apache Subversion vulnerability 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 in VisualSVN Server allows remote attackers to bypass intended access restrictions and possibly cause a denial of service
  MITRE:23774 Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

2014-04-24 CVE-2012-3946 Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the...
  CVE-2012-5723 Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

2014-04-23 CVE-2012-1317 The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
  CVE-2012-4658 The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.
  CVE-2012-5032 The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or...
  CVE-2012-5039 The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.
  CVE-2012-5037 The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.
  CVE-2012-0360 Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.
  CVE-2012-5427 Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.
  CVE-2012-4651 Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.
  CVE-2012-5044 Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
  CVE-2012-5014 Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.
  CVE-2012-5017 Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268.
  CVE-2012-3062 Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID...
  CVE-2012-1366 Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
  CVE-2012-4638 Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.
  CVE-2012-5036 Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.

2014-04-15 CVE-2014-2842 Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.

2014-04-14 CVE-2014-0612 Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote...
  CVE-2014-2714 The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows...
  CVE-2014-2713 Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of...
  CVE-2014-0614 Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.
  CVE-2014-2711 Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3...
  CVE-2014-2712 Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before...

2014-04-11 MITRE:24439 RHSA-2014:0380: flash-plugin security update
  MITRE:24718 RHSA-2014:0376: openssl security update

2014-04-10 REF000672 openSSL Vulnerability: Heartbleed - unix
  CVE-2014-0160 openSSL Vulnerability: Heartbleed

2014-04-05 CVE-2014-2144 Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.

2014-04-04 CVE-2014-2143 The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

2014-03-31 MITRE:22065 VBScript Memory Corruption Vulnerability () - MS14-010, MS14-011
  CVE-2013-6770 The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by...

2014-03-28 CVE-2014-2131 The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.

2014-03-27 CVE-2014-2109 The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
  CVE-2014-2112 The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
  CVE-2014-2111 The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.
  CVE-2014-2106 Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.
  CVE-2014-2113 Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet,...
  CVE-2014-2107 Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID...
  CVE-2014-2108 Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.

2014-03-24 MITRE:23928 RHSA-2014:0289: flash-plugin security update

2014-03-20 CVE-2014-2124 Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.

2014-03-14 CVE-2014-2292 Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via...
  CVE-2013-6835 TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a...
  CVE-2014-1286 SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.
  CVE-2014-1285 Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.
  CVE-2014-1281 Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a...
  CVE-2014-1276 IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.
  CVE-2014-1274 FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
  CVE-2014-2291 Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows...
  CVE-2013-5133 Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.

2014-03-07 MITRE:24162 RHSA-2014:0196: flash-plugin security update

2014-03-06 CVE-2014-0705 The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a...
  CVE-2014-0704 The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device...
  CVE-2014-0703 Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by...
  CVE-2014-0707 Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.
  CVE-2014-0706 Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
  CVE-2014-0701 Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high...

2014-03-03 MITRE:22096 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:21979 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22170 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22233 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22402 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22214 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22227 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22270 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22289 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22372 Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22200 Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  MITRE:22304 Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  MITRE:21384 Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE

2014-03-02 CVE-2013-4710 Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a...

2014-02-26 CVE-2014-0741 The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command,...
  CVE-2014-0743 The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID...
  CVE-2014-0742 The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors,...
  CVE-2014-0747 The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
  CVE-2014-0740 Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to...

2014-02-22 CVE-2014-0731 The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.

2014-02-20 CVE-2014-0732 The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct...
  CVE-2014-0733 The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a...
  CVE-2014-0734 SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka...
  CVE-2014-0735 Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug...
  CVE-2014-0736 Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary...

2014-02-18 CVE-2014-2019 The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this...

2014-02-15 REF000670 End of Windows XP support from Microsoft

2014-02-14 MITRE:22390 RHSA-2014:0137: flash-plugin security update
  MITRE:22092 RHSA-2014:0136: java-1.5.0-ibm security update
  MITRE:22560 RHSA-2014:0135: java-1.6.0-ibm security update
  MITRE:22292 RHSA-2014:0134: java-1.7.0-ibm security update

2014-02-13 CVE-2014-0722 The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka...
  CVE-2014-0724 The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
  CVE-2014-0728 SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
  CVE-2014-0726 SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
  CVE-2014-0729 SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.
  CVE-2014-0727 SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
  CVE-2014-0723 Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
  CVE-2014-0725 Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.

2014-02-04 CVE-2014-0686 Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

2014-01-28 MITRE:22499 RHSA-2014:0028: flash-plugin security update

2014-01-23 CVE-2013-7313 The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database,...

2014-01-22 CVE-2014-0661 The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a...
  CVE-2014-0677 The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.
  CVE-2014-0676 Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

2014-01-19 CVE-2013-3594 The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.
  CVE-2013-3595 The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL.
  CVE-2013-3606 The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username.

2014-01-15 CVE-2014-0613 The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before...
  MITRE:22006 RHSA-2011:0926: bind security update
  MITRE:21913 RHSA-2011:0918: curl security update
  MITRE:21435 RHSA-2011:0885: firefox security and bug fix update
  MITRE:21301 RHSA-2011:0862: subversion security update
  MITRE:21616 RHSA-2011:0859: cyrus-imapd security update
  MITRE:21740 RHSA-2011:0845: bind security update
  MITRE:21899 RHSA-2011:0843: postfix security update
  MITRE:21920 RHSA-2011:0506: rdesktop security update
  MITRE:21684 RHSA-2011:0472: nss security update
  MITRE:21758 RHSA-2011:0471: firefox security update
  MITRE:21165 RHSA-2011:0433: xorg-x11-server-utils security update
  MITRE:21712 RHSA-2011:0428: dhcp security update
  MITRE:21821 RHSA-2011:0391: libvirt security update
  MITRE:21426 RHSA-2011:0373: firefox security update
  MITRE:21856 RHSA-2011:0337: vsftpd security update
  MITRE:21847 RHSA-2011:0332: scsi-target-utils security update
  MITRE:21822 RHSA-2011:0324: logwatch security update
  MITRE:21627 RHSA-2011:0318: libtiff security update
  MITRE:21214 RHSA-2011:0310: firefox security and bug fix update
  MITRE:21898 RHSA-2011:0305: samba security update
  MITRE:21931 RHSA-2011:0281: java-1.6.0-openjdk security update
  MITRE:21713 RHSA-2011:0214: java-1.6.0-openjdk security update
  MITRE:21857 RHSA-2011:0206: flash-plugin security update
  MITRE:21138 RHSA-2011:0197: postgresql security update
  MITRE:21479 RHSA-2011:0180: pango security update
  MITRE:21813 RHSA-2011:0154: hplip security update
  CVE-2014-0617 Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet.
  CVE-2014-0615 Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...
  CVE-2014-0616 Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...

2014-01-14 MITRE:21501 RHSA-2012:1569: flash-plugin security update
  MITRE:21011 RHSA-2012:1466: java-1.6.0-ibm security update
  MITRE:21614 RHSA-2012:1465: java-1.5.0-ibm security update
  MITRE:21660 RHSA-2012:1431: flash-plugin security update
  MITRE:21594 RHSA-2012:1346: flash-plugin security update
  MITRE:21334 RHSA-2012:1245: java-1.5.0-ibm security update
  MITRE:21447 RHSA-2012:1238: java-1.6.0-ibm security update
  MITRE:21376 RHSA-2012:0722: flash-plugin security update
  MITRE:21162 RHSA-2012:0688: flash-plugin security update
  MITRE:21404 RHSA-2012:0514: java-1.6.0-ibm security update
  MITRE:21398 RHSA-2012:0508: java-1.5.0-ibm security update
  MITRE:20413 RHSA-2012:0144: flash-plugin security update

2014-01-10 CVE-2014-0618 Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote...

2014-01-09 MITRE:21081 RHSA-2013:1818: flash-plugin security update
  MITRE:20714 RHSA-2013:1518: flash-plugin security update
  MITRE:20642 RHSA-2013:1509: java-1.5.0-ibm security update
  MITRE:21240 RHSA-2013:1508: java-1.6.0-ibm security update
  MITRE:21151 RHSA-2013:1507: java-1.7.0-ibm security update
  MITRE:20796 RHSA-2013:1402: Adobe Reader - notification of end of updates
  MITRE:20919 RHSA-2013:1256: flash-plugin security update
  MITRE:21196 RHSA-2013:1081: java-1.5.0-ibm security update
  MITRE:21131 RHSA-2013:1060: java-1.7.0-ibm security update
  MITRE:21219 RHSA-2013:1059: java-1.6.0-ibm security update
  MITRE:20942 RHSA-2013:1035: flash-plugin security update
  MITRE:20910 RHSA-2013:0941: flash-plugin security update
  MITRE:21241 RHSA-2013:0855: java-1.5.0-ibm security update
  MITRE:20740 RHSA-2013:0826: acroread security update
  MITRE:21201 RHSA-2013:0825: flash-plugin security update
  MITRE:21111 RHSA-2013:0823: java-1.6.0-ibm security update
  MITRE:20254 RHSA-2013:0822: java-1.7.0-ibm security update
  MITRE:21078 RHSA-2013:0730: flash-plugin security update
  MITRE:20806 RHSA-2013:0643: flash-plugin security update
  MITRE:21040 RHSA-2013:0626: java-1.7.0-ibm security update
  MITRE:21077 RHSA-2013:0625: java-1.6.0-ibm security update
  MITRE:21109 RHSA-2013:0624: java-1.5.0-ibm security update
  MITRE:20438 RHSA-2013:0574: flash-plugin security update
  MITRE:21027 RHSA-2013:0551: acroread security update
  MITRE:20801 RHSA-2013:0254: flash-plugin security update
  MITRE:20926 RHSA-2013:0243: flash-plugin security update
  MITRE:20442 RHSA-2013:0150: acroread security update
  MITRE:21009 RHSA-2013:0149: flash-plugin security update

2014-01-08 CVE-2014-0653 The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.
  CVE-2014-0655 The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID...
  CVE-2013-6982 The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer...
  CVE-2014-0657 The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a...

2013-12-27 CVE-2013-6981 Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

2013-12-23 CVE-2013-6979 The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source...

2013-12-21 CVE-2013-6978 The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug...
  CVE-2012-4131 Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
  CVE-2012-4135 Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.

2013-12-18 CVE-2013-4775 NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware...
  CVE-2013-4776 NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.

2013-12-14 CVE-2013-6271 Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class...

2013-12-13 CVE-2013-6958 Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
  CVE-2013-6956 Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web...

2013-12-12 CVE-2013-2751 Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to...
  CVE-2013-2752 Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
  CVE-2013-7030 ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential...

2013-12-03 CVE-2013-6705 The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
  CVE-2013-6704 Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.

2013-12-02 CVE-2013-6696 Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.

2013-11-28 CVE-2013-6700 The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
  CVE-2013-6706 The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.

2013-11-26 MITRE:19002 Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19020 Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19032 Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18645 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19046 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19096 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19101 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19207 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:18874 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19188 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
  MITRE:18504 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18733 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18971 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18990 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19024 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18436 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19088 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19150 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19185 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19189 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18894 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19039 OpenSSL vulnerability before 1.0.0c in VisualSVN Server
  MITRE:19016 OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:19081 OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:18910 OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server
  MITRE:18868 OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:18985 OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server
  MITRE:19036 Denial of service vulnerability in Microsoft SharePoint () - MS13-067
  MITRE:18750 Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
  MITRE:19136 Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
  MITRE:18922 Apache Subversion vulnerability before 1.6.17 in VisualSVN Server
  MITRE:18967 Apache Subversion vulnerability before 1.6.16 in VisualSVN Server
  MITRE:18788 Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18973 Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18980 Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18772 Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server
  MITRE:18986 Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  MITRE:19057 Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  MITRE:19007 Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server
  MITRE:18999 Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  MITRE:18889 Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  MITRE:18790 Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server
  MITRE:18835 Apache HTTP vulnerability before 2.2.25 in VisualSVN Server
  MITRE:18827 Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server

2013-11-25 MITRE:18621 Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server
  MITRE:18554 Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server
  MITRE:18087 Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18538 Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18154 Apache HTTP vulnerability before 2.2.21 in VisualSVN Server

2013-11-22 CVE-2013-6698 The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,...
  CVE-2013-6694 The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
  CVE-2013-6699 The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,...

2013-11-21 CVE-2013-6693 The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID...
  CVE-2013-6692 Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka...

2013-11-17 CVE-2013-6686 The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
  CVE-2013-5556 The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches...
  CVE-2013-5193 The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous...
  CVE-2013-6688 Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted...
  CVE-2013-6689 Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

2013-11-13 CVE-2013-6684 The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
  CVE-2013-6683 The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
  CVE-2013-5552 Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID...

2013-11-11 MITRE:18997 The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site

2013-11-07 CVE-2013-5565 The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
  CVE-2013-5553 Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
  CVE-2013-5566 Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.

2013-11-05 CVE-2013-6618 jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

2013-10-31 CVE-2013-5546 The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,...
  CVE-2013-5545 The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
  CVE-2013-5548 The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
  CVE-2013-5555 Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
  CVE-2013-5547 Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
  CVE-2013-5543 Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by...

2013-10-28 CVE-2013-6012 Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote...
  CVE-2013-6014 Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when...

2013-10-24 CVE-2013-5549 Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6...
  CVE-2013-5522 Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.

2013-10-23 CVE-2013-5162 Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
  CVE-2013-5144 Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain...
  CVE-2013-5164 Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.

2013-10-19 CVE-2013-6027 Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to...

2013-10-17 CVE-2013-6015 Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a...
  CVE-2013-6170 Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing...
  CVE-2013-4689 J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site...
  CVE-2013-6013 Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might...

2013-10-14 MITRE:18318 Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066

2013-10-13 CVE-2012-4097 The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
  CVE-2012-4099 The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
  CVE-2012-4121 Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
  CVE-2012-4077 Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
  CVE-2012-4076 Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.

2013-10-10 CVE-2013-5499 The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
  CVE-2013-5527 The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
  CVE-2013-5528 Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug...

2013-10-05 CVE-2012-4091 The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
  CVE-2012-4090 The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
  CVE-2012-4122 The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
  CVE-2012-4098 The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
  CVE-2012-4141 Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
  CVE-2012-4075 Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

2013-10-03 CVE-2013-5519 Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

2013-10-02 CVE-2013-5503 The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.

2013-09-30 CVE-2013-5516 The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka...

2013-09-27 CVE-2013-5476 The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID...
  CVE-2013-5477 The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
  CVE-2013-5498 The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
  CVE-2013-5481 The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
  CVE-2013-5472 The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of...
  CVE-2013-5480 The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
  CVE-2013-5479 The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
  CVE-2013-5474 Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug...
  CVE-2013-5160 Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button...
  CVE-2013-5161 Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened...
  CVE-2013-5473 Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
  CVE-2013-5478 Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
  CVE-2013-5475 Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID...

2013-09-19 CVE-2013-1038 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1039 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1040 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1037 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1041 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1042 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1043 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1044 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1045 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1046 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1047 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5125 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5126 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5127 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5128 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5159 WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
  CVE-2013-5157 The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
  CVE-2013-5156 The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct...
  CVE-2013-5158 The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified...
  CVE-2013-5154 The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a...
  CVE-2013-5155 The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
  CVE-2013-1121 The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
  CVE-2013-5149 The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification...
  CVE-2013-5141 The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer...
  CVE-2013-5142 The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
  CVE-2013-5140 The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
  CVE-2011-2391 The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
  CVE-2013-5139 The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
  CVE-2013-5150 The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
  CVE-2013-5153 Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
  CVE-2013-1036 Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
  CVE-2013-5147 Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of...
  CVE-2013-5129 Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
  CVE-2013-5151 Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
  CVE-2013-5152 Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
  CVE-2013-5145 kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
  CVE-2013-5137 IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
  CVE-2013-5138 IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
  CVE-2013-0957 Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
  CVE-2013-5131 Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

2013-09-16 CVE-2013-1028 The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive...
  CVE-2013-5496 Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
  CVE-2013-1026 Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
  CVE-2013-1025 Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

2013-09-13 CVE-2013-5649 Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary...

2013-09-09 MITRE:16762 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17187 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17252 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17298 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17300 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17009 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17561 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17572 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17601 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17604 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17621 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17123 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17143 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17407 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16907 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17359 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17396 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17400 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17441 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17466 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16768 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16780 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17184 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17199 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17224 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17237 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17246 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17264 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17269 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17272 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17288 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16986 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17559 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17562 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17575 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17582 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16532 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16588 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16983 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17507 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17516 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17518 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17523 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17524 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17530 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17539 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17544 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17546 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17548 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16626 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16638 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17064 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17081 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17144 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17163 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16874 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16891 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17336 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17342 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17352 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17357 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17377 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17384 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17393 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17433 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17437 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17445 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17463 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17467 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17478 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17481 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17263 WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17068 WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17138 WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17365 WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17368 WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17469 WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17475 WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17212 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17203 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17207 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17208 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17211 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17317 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17020 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17051 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17483 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16714 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16724 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17076 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17084 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17133 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17170 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16865 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17340 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17355 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17362 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17370 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17383 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17401 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17444 WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17241 WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory...
  MITRE:17072 WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or...
  MITRE:16788 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17218 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17222 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16730 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17191 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17247 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17250 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17254 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17280 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17299 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17312 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16568 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16959 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17018 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17104 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17127 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17059 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17070 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17092 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17094 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17161 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17167 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17172 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17413 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16457 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16488 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16843 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16871 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16903 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16916 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16938 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17327 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17339 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17372 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17373 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17374 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17378 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17394 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17397 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17446 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17452 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17482 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17308 WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
  MITRE:16756 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16795 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16826 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17185 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17204 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17271 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17276 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17282 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17287 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17297 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17302 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17319 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16994 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16941 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16974 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16980 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17048 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17486 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17488 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16678 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16726 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17057 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17060 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17082 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17128 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17152 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17156 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17158 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17168 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17169 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17174 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17419 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17427 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17429 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17431 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16862 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16879 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17326 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17331 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17334 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17364 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17366 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17375 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17387 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17432 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17434 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17435 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17438 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17458 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17464 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17471 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17473 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17220 Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
  MITRE:17099 Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon
  MITRE:17367 Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium...
  MITRE:17303 Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file
  MITRE:17016 Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist
  MITRE:16919 CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)...
  MITRE:17228 Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding
  MITRE:16784 Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream
  MITRE:17304 Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file
  MITRE:17605 Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate
  MITRE:17136 Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning
  MITRE:16978 Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a...

2013-09-07 CVE-2013-3458 Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID...

2013-08-30 CVE-2013-3474 The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or...
  CVE-2013-5469 The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN...

2013-08-29 CVE-2013-3470 The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
  CVE-2013-3463 The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use...
  CVE-2013-3472 Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,...

2013-08-26 MITRE:17341 TrueType Font Parsing Vulnerability

2013-08-24 CVE-2013-3460 Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka...
  CVE-2013-3461 Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,...
  CVE-2013-3459 Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
  CVE-2013-3462 Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified...

2013-08-22 CVE-2013-3453 Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP...

2013-08-19 MITRE:16998 WMV Video Decoder remote code execution vulnerability - MS13-057
  MITRE:17253 Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058

2013-08-13 CVE-2013-3464 Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C...

2013-08-12 CVE-2013-4806 The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link...

2013-08-08 CVE-2013-3454 Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the...

2013-08-05 MITRE:17256 Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity...
  MITRE:16770 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17214 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16389 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16806 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17181 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17189 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17230 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17236 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17294 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16580 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17042 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16311 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17106 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16712 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17052 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17090 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17149 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17176 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16840 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17221 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect...
  MITRE:16545 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to...
  MITRE:16803 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:17206 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16982 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16887 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16617 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
  MITRE:17098 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
  MITRE:17195 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability...
  MITRE:17265 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and...
  MITRE:17180 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
  MITRE:16899 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
  MITRE:17257 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:17116 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:17192 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
  MITRE:17069 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to...
  MITRE:17202 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:17014 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors...
  CVE-2013-3442 The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
  CVE-2013-3451 Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug...
  CVE-2013-3450 Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.

2013-08-01 CVE-2012-5460 Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText...

2013-07-29 MITRE:16835 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  MITRE:17186 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated...
  MITRE:17266 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
  MITRE:16267 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to...
  MITRE:17175 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful...
  MITRE:16877 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network...
  MITRE:16395 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  MITRE:17077 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  MITRE:16960 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  MITRE:16947 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  MITRE:16825 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  MITRE:17268 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  MITRE:16758 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful...
  MITRE:16451 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  MITRE:17255 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  MITRE:16792 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
  MITRE:16632 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...

2013-07-25 CVE-2013-3414 Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.

2013-07-22 MITRE:16375 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to...

2013-07-19 CVE-2013-3436 The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy...

2013-07-18 CVE-2013-3433 Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
  CVE-2013-3434 Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
  CVE-2013-3412 SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
  CVE-2013-3404 SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging...
  CVE-2013-3403 Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged...
  CVE-2013-3402 An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.

2013-07-11 CVE-2013-4686 The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and...
  CVE-2013-4690 Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of...
  CVE-2013-4684 flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM...
  CVE-2013-4687 flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via...
  CVE-2013-4688 flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
  CVE-2013-4685 Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute...

2013-07-10 CVE-2013-3400 The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.

2013-07-09 CVE-2013-4787 Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does...

2013-07-06 CVE-2013-2341 Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to...
  CVE-2013-2340 Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute...

2013-06-26 CVE-2013-3382 The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device...
  CVE-2013-3397 Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified...

2013-06-21 CVE-2013-3377 Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.

2013-06-18 CVE-2013-4616 The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier...

2013-06-10 MITRE:16168 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Swing) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
  MITRE:16430 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality,...
  MITRE:15923 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
  MITRE:16519 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16581 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on...
  MITRE:16537 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
  MITRE:16013 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
  MITRE:15888 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16058 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16496 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16558 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:15832 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16550 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  MITRE:16530 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via...
  MITRE:16528 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16513 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
  MITRE:16259 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
  MITRE:15996 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
  MITRE:16312 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
  MITRE:16649 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  MITRE:16566 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16613 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16652 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16680 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  MITRE:16567 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16035 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16045 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16502 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier...
  MITRE:15733 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...

2013-06-05 CVE-2013-3954 The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is...
  CVE-2013-3953 The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory...
  CVE-2013-3950 Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR...
  CVE-2013-3948 Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary...

2013-06-03 MITRE:16549 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  MITRE:16564 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  MITRE:16697 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  MITRE:16527 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16578 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16314 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16688 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16702 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16446 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16297 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful...
  MITRE:16597 Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16684 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
  MITRE:16686 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16506 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16685 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity...
  MITRE:16227 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity,...
  MITRE:16546 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and...
  MITRE:16553 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16538 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16585 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16602 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16654 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16043 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16466 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16544 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and...

2013-05-29 CVE-2013-1212 The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,...
  CVE-2013-1209 The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable...
  CVE-2013-1208 The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by...
  CVE-2013-1211 Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a...
  CVE-2013-1213 Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability...
  CVE-2013-1210 Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by...

2013-05-27 MITRE:16598 Microsoft Windows Remote Desktop Client remote code execution vulnerability - MS13-029
  MITRE:16293 Elevation of privilege vulnerability in Windows Defender - MS13-034

2013-05-24 CVE-2013-1019 Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

2013-05-23 CVE-2013-1204 Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.

2013-05-22 CVE-2013-2842 Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

2013-05-20 CVE-2013-0999 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1000 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1001 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1002 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1003 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1006 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1007 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1008 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1010 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1004 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1005 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...

2013-05-15 CVE-2013-1188 Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.

2013-05-13 CVE-2013-1136 The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then...

2013-05-03 CVE-2013-1234 The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
  CVE-2013-1240 The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
  CVE-2013-1235 Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly...

2013-04-29 CVE-2013-1226 The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
  CVE-2013-1216 Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.

2013-04-25 CVE-2013-1215 The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
  CVE-2013-1192 The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp...
  CVE-2013-1178 Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices...
  CVE-2013-1179 Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to...
  CVE-2013-1181 Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by...
  CVE-2013-1180 Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted...

2013-04-24 CVE-2013-1217 The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.

2013-04-18 CVE-2013-1194 The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via...
  CVE-2013-1199 Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing...

2013-04-16 CVE-2012-5415 Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for...

2013-04-11 CVE-2013-1150 The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before...
  CVE-2013-2779 Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a...
  CVE-2013-1164 Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card...
  CVE-2013-1166 Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by...
  CVE-2013-1167 Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not...
  CVE-2013-1165 Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293.
  CVE-2013-1152 Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.
  CVE-2013-1149 Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall...

2013-03-28 CVE-2013-1146 The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.
  CVE-2013-1143 The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect...
  CVE-2013-1147 The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote...
  CVE-2013-1148 The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service...
  CVE-2013-1142 Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.
  CVE-2013-1144 Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055.
  CVE-2013-1145 Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP...
  CVE-2012-5216 Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of...

2013-03-25 CVE-2013-1162 The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000.

2013-03-20 CVE-2013-0980 The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call...
  CVE-2013-0979 lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that...

2013-02-28 CVE-2013-1141 The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS...

2013-02-27 CVE-2013-1134 The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct...
  CVE-2013-1133 Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused...

2013-02-25 CVE-2013-1138 The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.

2013-02-24 CVE-2013-0120 The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request.

2013-02-23 CVE-2013-0879 Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have...

2013-02-13 CVE-2013-1100 The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.
  CVE-2013-1122 Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.

2013-02-12 CVE-2011-5262 SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.

2013-02-05 CVE-2011-1350 The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
  CVE-2011-1352 The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.

2013-01-29 CVE-2013-0948 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0949 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0950 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0951 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0952 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0953 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0954 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0955 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0956 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0958 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0959 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0968 WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0974 StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript...
  CVE-2013-0963 Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an...
  CVE-2013-0962 Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.

2013-01-24 CVE-2013-1102 The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service...
  CVE-2013-1104 The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
  CVE-2013-1105 Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device...
  CVE-2013-1103 Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.

2013-01-19 CVE-2012-6396 Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces...

2013-01-18 CVE-2012-5717 Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID...
  CVE-2012-6395 Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors,...

2012-12-21 CVE-2012-0841 libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

2012-12-19 CVE-2012-5991 screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type...
  CVE-2012-5992 Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts...
  CVE-2012-6007 Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter,...

2012-12-10 CVE-2012-6301 The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.

2012-11-30 CVE-2012-4221 Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an...
  CVE-2012-4222 drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses...
  CVE-2012-4220 diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference)...

2012-11-27 CVE-2012-5134 Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or...

2012-11-26 MITRE:15395 Reflected XSS Vulnerability - MS12-070

2012-11-14 CVE-2012-2619 The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service...

2012-11-03 CVE-2012-3750 The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.
  CVE-2012-3749 The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a...
  CVE-2012-3748 Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

2012-10-29 CVE-2012-4660 The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5...
  CVE-2012-4643 The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before...
  CVE-2012-4662 The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before...
  CVE-2012-4663 The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before...
  CVE-2012-4659 The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before...
  CVE-2012-4661 Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before...

2012-10-11 CVE-2012-5112 Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

2012-10-07 CVE-2011-3918 The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.

2012-09-26 CVE-2012-3949 The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS,...
  CVE-2012-4618 The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.
  CVE-2012-4619 The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.
  CVE-2012-3950 The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS...
  CVE-2012-4623 The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a...
  CVE-2012-4621 The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
  CVE-2012-4617 The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed...
  CVE-2012-2889 Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
  CVE-2012-4622 Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error...
  CVE-2012-4620 Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug...

2012-09-20 CVE-2012-3747 WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
  CVE-2012-3746 UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
  CVE-2012-3743 The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
  CVE-2012-3722 The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service...
  CVE-2012-3741 The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step...
  CVE-2012-3737 The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.
  CVE-2012-3740 The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
  CVE-2012-3735 The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the...
  CVE-2012-3736 The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call.
  CVE-2012-3739 The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.
  CVE-2012-3728 The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.
  CVE-2012-3738 The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime...
  CVE-2012-3725 The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information...
  CVE-2012-3729 The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a...
  CVE-2012-3744 Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating...
  CVE-2012-3742 Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the...
  CVE-2012-3734 Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
  CVE-2012-3745 Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.
  CVE-2012-3733 Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain...
  CVE-2012-3732 Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
  CVE-2012-3731 Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
  CVE-2012-3730 Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a...
  CVE-2012-3726 Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
  CVE-2012-3724 CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived...
  CVE-2012-3727 Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

2012-09-17 CVE-2012-2993 Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an...

2012-09-16 CVE-2012-3924 The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a...
  CVE-2012-3923 The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a...
  CVE-2012-3893 The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
  CVE-2012-3915 The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.
  CVE-2012-3051 Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822.
  CVE-2012-3895 Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224.
  CVE-2012-3079 Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957.

2012-09-13 CVE-2012-3606 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3607 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3621 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3632 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3687 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3701 WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...

2012-08-31 CVE-2012-2870 libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not...
  CVE-2012-2871 libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or...

2012-08-20 MITRE:14783 ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045

2012-08-06 CVE-2012-2857 Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a...
  CVE-2012-1367 The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka...
  CVE-2012-1357 The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521.
  CVE-2012-2474 Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN...
  CVE-2012-2469 Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP)...
  CVE-2012-1361 Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750.
  CVE-2012-1344 Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka...
  CVE-2012-1338 Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.
  CVE-2012-1350 Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426.
  CVE-2012-2472 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU...

2012-06-27 CVE-2012-2824 Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
  CVE-2012-2807 Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via...

2012-06-25 MITRE:15621 GDI+ Record Type Vulnerability

2012-06-20 CVE-2012-3058 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause...

2012-05-31 CVE-2012-2488 Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.

2012-05-15 CVE-2011-3102 Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

2012-05-08 CVE-2012-0672 WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
  CVE-2012-0674 Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

2012-05-03 CVE-2012-0376 The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
  CVE-2012-1324 Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
  CVE-2011-4023 Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
  CVE-2011-4019 Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs...
  CVE-2012-1327 dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S,...
  CVE-2011-4231 Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
  CVE-2012-0378 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect...

2012-05-02 CVE-2011-4016 The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID...
  CVE-2011-3295 The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888.
  CVE-2011-2586 The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
  CVE-2012-0362 The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network...
  CVE-2011-4006 The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
  CVE-2011-2578 Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366.
  CVE-2011-3285 CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
  CVE-2011-4015 Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
  CVE-2011-4007 Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2)...
  CVE-2011-3289 Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640.
  CVE-2012-0339 Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client,...
  CVE-2012-0338 Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka...
  CVE-2011-4012 Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091.
  CVE-2011-3309 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE...
  CVE-2012-0335 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a...

2012-04-27 CVE-2012-2439 The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.

2012-04-02 MITRE:15075 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:15069 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
  MITRE:14878 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote...
  MITRE:14082 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
  MITRE:14900 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
  MITRE:14813 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
  MITRE:14942 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect...
  MITRE:13976 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...

2012-03-30 CVE-2011-3058 Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

2012-03-29 CVE-2012-1314 The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.
  CVE-2012-0386 The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse...
  CVE-2012-0385 The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.
  CVE-2012-1311 The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets,...
  CVE-2012-0382 The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote...
  CVE-2012-1312 The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.
  CVE-2012-0381 The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of...
  CVE-2012-1310 Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536.
  CVE-2012-1315 Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171.
  CVE-2012-0383 Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation...
  CVE-2012-0387 Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug...
  CVE-2012-0388 Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID...
  CVE-2012-0384 Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow...

2012-03-14 CVE-2012-0353 The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3...
  CVE-2012-0354 The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before...
  CVE-2012-0355 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service...
  CVE-2012-0356 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8),...
  CVE-2012-0358 Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before...

2012-03-08 CVE-2011-2833 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2867 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2868 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2869 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2870 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2871 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2872 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2873 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0611 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0612 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0616 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0617 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0591 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0592 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0593 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0594 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0595 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0596 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0597 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0598 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0599 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0600 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0601 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0602 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0603 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0604 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0605 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0606 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0607 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0608 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0609 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0610 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0613 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0614 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0615 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0618 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0619 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0620 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0621 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0622 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0623 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0624 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0625 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0626 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0627 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0628 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0629 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0630 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0631 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0632 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0633 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0635 WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0585 The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
  CVE-2012-0643 The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
  CVE-2012-0645 Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to...
  CVE-2012-0644 Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
  CVE-2012-0642 Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.
  CVE-2012-0646 Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
  CVE-2012-0590 Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
  CVE-2012-0586 Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588,...
  CVE-2012-0587 Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588,...
  CVE-2012-0588 Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,...
  CVE-2012-0589 Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,...
  CVE-2012-0641 CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

2012-02-29 CVE-2012-0368 The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device...
  CVE-2011-4487 SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and...
  CVE-2012-0369 Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID...
  CVE-2012-0371 Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709.
  CVE-2012-0370 Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2)...
  CVE-2011-4486 Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before...

2012-02-24 CVE-2012-0363 The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a...
  CVE-2012-0365 Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload...
  CVE-2012-0364 Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.

2012-02-16 CVE-2012-0352 Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote...

2012-01-30 MITRE:14309 Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.
  MITRE:14650 Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
  MITRE:14489 Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of...
  MITRE:13796 Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.
  MITRE:14634 Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka...
  MITRE:14725 IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
  MITRE:14203 Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR...
  MITRE:14238 Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are...
  MITRE:14822 Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party...
  MITRE:14348 Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share...

2012-01-27 CVE-2011-3874 Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand...

2012-01-25 CVE-2011-4276 The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.

2012-01-16 MITRE:14282 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:13357 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14092 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14101 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14276 Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
  MITRE:14340 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14354 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14208 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
  MITRE:13959 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and...
  MITRE:13662 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to...
  MITRE:14492 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14339 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14394 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14465 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown...
  MITRE:14316 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to...
  MITRE:14373 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to...
  MITRE:14524 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to...
  MITRE:14180 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to...
  MITRE:13885 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14210 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
  MITRE:14288 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:14105 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:13971 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:13492 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
  MITRE:14061 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
  MITRE:14321 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability...
  MITRE:13803 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability...
  MITRE:14351 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors....
  MITRE:13552 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java...
  MITRE:14417 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets...
  MITRE:14045 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and...
  MITRE:13639 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14233 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14034 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14403 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:13546 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
  MITRE:14039 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
  MITRE:14119 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
  MITRE:14271 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows...
  MITRE:13888 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:14011 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start...
  MITRE:14240 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14081 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14112 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14225 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14335 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14477 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:14174 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:14475 Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors....
  MITRE:13923 Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the...
  MITRE:13795 Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14453 Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14350 Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14144 Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. ...
  MITRE:14503 Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14521 Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
  MITRE:13934 Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:14328 The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other...
  MITRE:13317 Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality,...

2011-11-22 CVE-2011-4500 The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests.
  CVE-2011-4499 The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish...

2011-11-11 CVE-2011-3440 The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
  CVE-2011-3442 The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
  CVE-2011-3441 libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
  CVE-2011-3439 FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

2011-11-03 CVE-2011-4005 Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and...

2011-11-01 CVE-2011-0941 Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory...

2011-10-27 CVE-2011-3315 Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP...
  CVE-2011-2569 Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008,...

2011-10-21 CVE-2011-2060 The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description,...
  CVE-2011-2059 The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a...
  CVE-2011-1640 The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug...
  CVE-2011-2058 The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors...
  CVE-2011-2057 The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which...

2011-10-16 CVE-2010-4964 recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
  CVE-2010-4965 /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.

2011-10-14 CVE-2011-3434 The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
  CVE-2011-3432 The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
  CVE-2011-3430 The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by...
  CVE-2011-3429 The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
  CVE-2011-3245 The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
  CVE-2011-3259 The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many...
  CVE-2011-3431 The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
  CVE-2011-3427 The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or...
  CVE-2011-3257 The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances...
  CVE-2011-3256 FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
  CVE-2011-3261 Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
  CVE-2011-3243 Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
  CVE-2011-3426 Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
  CVE-2011-3254 Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
  CVE-2011-3246 CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a...
  CVE-2011-3255 CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
  CVE-2011-3253 CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
  CVE-2011-3260 Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.

2011-10-06 CVE-2011-3296 Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via...
  CVE-2011-3297 Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by...
  CVE-2011-3304 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before...
  CVE-2011-3303 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before...
  CVE-2011-3299 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3...
  CVE-2011-3300 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3...
  CVE-2011-3301 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3...
  CVE-2011-3302 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3...
  CVE-2011-3298 Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before...

2011-10-03 CVE-2011-3271 Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.
  CVE-2011-3278 Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka...
  CVE-2011-3277 Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka...
  CVE-2011-3276 Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port...
  CVE-2011-3281 Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID...
  CVE-2011-0939 Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022.
  CVE-2011-3282 Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related...
  CVE-2011-3274 Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet,...
  CVE-2011-3270 Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453.
  CVE-2011-3279 The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219.
  CVE-2011-0946 The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS)...
  CVE-2011-3272 The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073.
  CVE-2011-3280 Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port...
  CVE-2011-0945 Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to...
  CVE-2011-3273 Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka...
  CVE-2011-2072 Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of...
  CVE-2011-3275 Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504.
  CVE-2011-0944 Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.
  CVE-2011-3975 A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote...

2011-09-23 CVE-2011-2544 Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant...
  CVE-2011-2543 Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long...

2011-09-14 CVE-2011-2581 The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which...

2011-08-31 CVE-2011-2577 Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted...

2011-08-29 CVE-2011-2563 Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause...
  CVE-2011-2564 Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause...
  CVE-2011-2562 Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service...
  CVE-2011-2561 The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a...
  CVE-2011-2560 The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by...
  CVE-2011-0228 The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL...
  CVE-2011-1643 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by...

2011-08-18 CVE-2011-1625 Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing...
  CVE-2011-1624 Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631.

2011-08-15 MITRE:12441 Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability

2011-08-12 CVE-2011-2357 Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the...

2011-08-01 MITRE:12664 XML External Entities Resolution Vulnerability

2011-07-28 CVE-2011-2549 Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695.
  CVE-2011-2547 The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
  CVE-2011-2546 SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.

2011-07-19 CVE-2011-0227 The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
  CVE-2011-0226 Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial...

2011-07-11 CVE-2011-2064 Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577.

2011-07-08 CVE-2011-2344 Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums...

2011-06-09 CVE-2011-1823 The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that...
  CVE-2010-4804 The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

2011-06-08 CVE-2011-2395 The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is...

2011-05-31 CVE-2011-1651 Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095.
  CVE-2011-0943 Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147.
  CVE-2011-0949 Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.

2011-05-30 MITRE:12673 Scripting Memory Reallocation Vulnerability
  MITRE:12457 MFC Insecure Library Loading Vulnerability

2011-05-09 MITRE:12367 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions

2011-05-03 CVE-2011-1613 Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets,...
  CVE-2011-1605 Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process...
  CVE-2011-1606 Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process...
  CVE-2011-1609 SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL...
  CVE-2011-1610 Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2,...
  CVE-2011-1604 Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption...
  CVE-2011-1607 Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to...

2011-04-25 MITRE:12514 Vulnerability in Microsoft Internet Explorer Could Allow GUI Corruption
  MITRE:12519 Apple iTunes Webkit Vulnerability, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service

2011-04-21 CVE-2011-1149 Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to...

2011-04-15 CVE-2011-0195 The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.

2011-04-14 CVE-2011-0935 The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a...

2011-03-11 CVE-2011-0163 WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site...
  CVE-2011-0161 WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences...
  CVE-2011-0160 WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the...
  CVE-2011-0157 WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs...
  CVE-2011-0159 The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by...
  CVE-2011-0158 MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.
  CVE-2011-1417 Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory...

2011-03-10 CVE-2011-1344 Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary...

2011-02-25 CVE-2011-0390 The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534.
  CVE-2011-0378 The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.
  CVE-2011-0376 The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.
  CVE-2011-0383 The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative...
  CVE-2011-0384 The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary...
  CVE-2011-0375 The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
  CVE-2011-0373 The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.
  CVE-2011-0374 The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.
  CVE-2011-0372 The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.
  CVE-2011-0385 The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite...
  CVE-2011-0387 The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors...
  CVE-2011-0388 Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which...
  CVE-2011-0389 Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID...
  CVE-2011-0377 Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP...
  CVE-2011-0396 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read...
  CVE-2011-0395 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow...
  CVE-2011-0393 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances...
  CVE-2011-0394 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances...
  CVE-2011-0379 Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software...

2011-02-21 MITRE:12333 DSN Overflow Vulnerability
  MITRE:12411 ADO Record Memory Vulnerability

2011-01-31 CVE-2011-0680 data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in...

2011-01-28 CVE-2011-0349 Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID...
  CVE-2011-0350 Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID...
  CVE-2011-0348 Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass...

2011-01-24 MITRE:12289 TIFF Image Converter Memory Corruption Vulnerability
  MITRE:11827 TIFF Image Converter Heap Overflow Vulnerability
  MITRE:12387 TIFF Image Converter Buffer Overflow Vulnerability
  MITRE:11967 PICT Image Converter Integer Overflow Vulnerability
  MITRE:12235 Insecure Library Loading Vulnerability
  MITRE:12150 FlashPix Image Converter Heap Corruption Vulnerability
  MITRE:12350 FlashPix Image Converter Buffer Overflow Vulnerability
  MITRE:12249 CGM Image Converter Buffer Overrun Vulnerability
  CVE-2011-0352 Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request.

2011-01-07 CVE-2010-4691 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742.
  CVE-2010-4692 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka...
  CVE-2010-4676 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748.
  CVE-2010-4681 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901.
  CVE-2010-4674 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992.
  CVE-2010-4688 Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug...
  CVE-2010-4680 The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to...
  CVE-2010-4671 The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with...
  CVE-2010-4690 The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers...
  CVE-2010-4687 STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls...
  CVE-2010-4682 Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID...
  CVE-2009-5039 Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as...
  CVE-2010-4683 Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733.
  CVE-2010-4677 emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416.
  CVE-2010-4684 Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.
  CVE-2010-4685 Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug...
  CVE-2009-5038 Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server,...
  CVE-2010-4670 Cisco Adaptive Security Appliances (ASA) IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS
  CVE-2010-4689 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network...
  CVE-2010-4678 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network...
  CVE-2010-4679 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP...
  CVE-2010-4675 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access...
  CVE-2009-5037 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911.
  CVE-2010-4673 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316.
  CVE-2010-4672 Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269.
  CVE-2010-4686 CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending...
  CVE-2009-5040 CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.

2010-12-27 MITRE:11268 Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:11798 Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:11880 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:12240 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:12004 Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:12005 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:11330 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
  MITRE:11990 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
  MITRE:11871 Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:11619 Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
  MITRE:12226 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
  MITRE:12029 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
  MITRE:12173 Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
  MITRE:11320 Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:12181 Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:12200 Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
  MITRE:12189 Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:11714 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions
  MITRE:12225 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
  MITRE:12180 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
  MITRE:11893 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:12177 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:11815 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions

2010-12-20 MITRE:12219 Untrusted search path vulnerability in Microsoft Office PowerPoint 2007

2010-12-08 CVE-2010-4012 Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.

2010-12-06 MITRE:6653 Windows Media Player Memory Corruption Vulnerability
  MITRE:7360 Vulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software
  MITRE:6843 Untrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47

2010-11-30 CVE-2010-4354 The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only...

2010-11-29 MITRE:6645 Vulnerability in pl\php ADD-ON in PostgreSQL version less than or equal to 9.0
  MITRE:7291 Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0

2010-11-26 CVE-2010-3829 WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for...
  CVE-2010-3831 Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a...
  CVE-2010-3830 Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
  CVE-2010-3828 iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
  CVE-2010-3832 Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary...
  CVE-2010-3827 Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

2010-11-09 CVE-2010-3039 /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the...

2010-11-08 MITRE:6778 Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5

2010-11-01 MITRE:7221 Apple iTunes Webkit Unspecified Vulnerability
  MITRE:7604 Apple iTunes Log File Insecure File Operation Local Privilege Escalation Vulnerability
  MITRE:7061 Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability
  MITRE:7217 Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability
  MITRE:6988 Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
  MITRE:7178 Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability

2010-10-07 CISEC:1127 Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows

2010-09-27 MITRE:12011 Movie Maker Memory Corruption Vulnerability

2010-09-23 CVE-2010-2831 Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.
  CVE-2010-2832 Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.
  CVE-2010-2833 Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.
  CVE-2010-2829 Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via...
  CVE-2010-2828 Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323...
  CVE-2010-2830 The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.
  CVE-2010-2836 Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections...
  CVE-2010-2834 Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote...
  CVE-2010-2835 Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before...

2010-09-10 CVE-2010-1807 WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial...
  CVE-2010-2841 Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service...
  CVE-2010-0574 Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to...
  CVE-2010-3034 Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified...
  CVE-2010-0575 Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified...
  CVE-2010-3033 Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
  CVE-2010-2842 Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
  CVE-2010-2843 Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...

2010-09-09 CVE-2010-1814 WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving...
  CVE-2010-1813 WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
  CVE-2010-1812 Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors...
  CVE-2010-1815 Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors...
  CVE-2010-1809 The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
  CVE-2010-1811 ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
  CVE-2010-1810 FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
  CVE-2010-1781 Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an...
  CVE-2010-1817 Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

2010-08-30 CVE-2010-3035 Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the...

2010-08-26 CVE-2010-2837 The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to...
  CVE-2010-2838 The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process...

2010-08-17 CVE-2010-2825 Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series...
  CVE-2010-2822 Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710...
  CVE-2010-2823 Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets,...

2010-08-16 CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch...
  CVE-2010-2827 Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.

2010-08-10 CVE-2010-2983 The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an...
  CVE-2010-2976 The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4)...
  CVE-2010-2988 Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333.
  CVE-2010-2975 Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
  CVE-2010-2980 Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794.
  CVE-2010-2979 Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508.
  CVE-2010-2984 Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.
  CVE-2010-2978 Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions,...
  CVE-2010-2977 Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.
  CVE-2010-2982 Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037.
  CVE-2010-2981 Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.

2010-08-09 CVE-2010-2707 Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
  CVE-2010-2708 Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.
  CVE-2010-2705 Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via...
  CVE-2010-1581 Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
  CVE-2010-2814 Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
  CVE-2010-2815 Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
  CVE-2010-1578 Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
  CVE-2010-1579 Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
  CVE-2010-1580 Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
  CVE-2010-2816 Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of...
  CVE-2010-2706 Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.
  CVE-2010-2817 Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and...

2010-08-05 CVE-2010-2973 Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.

2010-07-08 CVE-2010-1574 IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the...

2010-07-06 CVE-2010-1576 The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence...
  CVE-2010-2629 The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which...
  CVE-2010-1575 The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via...

2010-06-29 CVE-2009-4922 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer...
  CVE-2009-4916 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka...
  CVE-2009-4915 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection...
  CVE-2009-4917 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901.
  CVE-2009-4911 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug...
  CVE-2009-4923 Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.
  CVE-2009-4920 Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412.
  CVE-2009-4913 The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6...
  CVE-2009-4914 Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID...
  CVE-2009-4910 Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug...
  CVE-2008-7257 CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack...
  CVE-2009-4912 Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions...
  CVE-2009-4921 Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.
  CVE-2009-4918 Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439.
  CVE-2009-4919 Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.

2010-06-28 CVE-2010-2506 Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.

2010-06-22 CVE-2010-1407 WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via...
  CVE-2010-1757 WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
  CVE-2010-1756 The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an...
  CVE-2010-1752 Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
  CVE-2010-1755 Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
  CVE-2010-1775 Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data,...
  CVE-2010-1754 Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to...
  CVE-2010-1753 ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
  CVE-2010-1751 Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.

2010-06-18 CVE-2010-1387 Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service...

2010-06-15 CVE-2010-2293 The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.
  CVE-2010-2292 Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.

2010-06-09 CVE-2010-1573 Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3)...
  CVE-2010-2261 Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.

2010-06-07 MITRE:7170 VBScript Help Keypress Vulnerability
  MITRE:7049 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
  MITRE:7561 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability
  MITRE:6741 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability
  MITRE:6901 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability
  MITRE:6885 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability
  MITRE:7427 Apple iTunes MP4 File Processing Denial of Service Vulnerability
  MITRE:7110 Apple iTunes Install or Update Privilege Escalation Vulnerability

2010-05-24 MITRE:8595 Movie Maker and Producer Buffer Overflow Vulnerability

2010-05-17 MITRE:7709 libpng buffer overflow

2010-04-27 CVE-2009-4821 The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi...

2010-04-01 CVE-2010-1226 The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV...

2010-03-29 CVE-2010-1181 Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.

2010-03-25 CVE-2010-1119 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause...
  CVE-2010-0581 Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
  CVE-2010-0580 Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."
  CVE-2010-0584 Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.
  CVE-2010-0576 Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers...
  CVE-2010-0579 The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."
  CVE-2010-0578 The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.
  CVE-2010-0583 Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.
  CVE-2010-0577 Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.
  CVE-2010-0585 Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny...
  CVE-2010-0586 Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny...
  CVE-2010-0582 Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.

2010-03-08 CVE-2010-0936 Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.

2010-03-05 CVE-2010-0592 The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of...
  CVE-2010-0590 The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register...
  CVE-2010-0591 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to...
  CVE-2010-0588 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines...
  CVE-2010-0587 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP...

2010-02-22 MITRE:7573 ATL Null String Vulnerability
  MITRE:7995 Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability

2010-02-19 CVE-2010-0149 Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a...
  CVE-2010-0565 Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device...
  CVE-2010-0568 Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote...
  CVE-2010-0150 Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows...
  CVE-2010-0569 Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows...
  CVE-2010-0567 Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows...
  CVE-2010-0566 Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service...

2010-02-08 MITRE:7581 ATL Uninitialized Object Vulnerability
  MITRE:6716 ATL COM Initialization Vulnerability

2010-02-03 CVE-2010-0038 Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that...

2010-01-25 MITRE:5846 WordPad and Office Text converter Memory Corruption Vulnerability

2010-01-21 CVE-2010-0137 Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.

2009-12-29 CVE-2009-4455 The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended...

2009-12-07 MITRE:6407 Windows Media Runtime Voice Sample Rate Vulnerability
  MITRE:6484 Windows Media Runtime Heap Corruption Vulnerability

2009-12-04 CVE-2009-2631 Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix...

2009-11-30 MITRE:5967 GDI+ WMF Integer Overflow Vulnerability
  MITRE:5898 GDI+ TIFF Buffer Overflow Vulnerability
  MITRE:6491 GDI+ TIFF Buffer Overflow Vulnerability
  MITRE:6134 GDI+ PNG Integer Overflow Vulnerability
  MITRE:6282 GDI+ .NET API Vulnerability
  MITRE:6290 Apple iTunes '.pls' File Buffer Overflow Vulnerability

2009-10-19 MITRE:6257 Windows Media Header Parsing Invalid Free Vulnerability
  MITRE:6316 JScript Remote Code Execution Vulnerability

2009-10-14 CVE-2009-2999 The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an...
  CVE-2009-3698 An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.

2009-09-30 CVE-2009-3486 Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the...
  CVE-2009-3487 Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the...
  CVE-2009-3485 Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.

2009-09-28 CVE-2009-2867 Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP...
  CVE-2009-2869 Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.
  CVE-2009-2870 Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880.
  CVE-2009-2868 Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.
  CVE-2009-2866 Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104.
  CVE-2009-2871 Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.
  CVE-2009-2862 The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114,...
  CVE-2009-2863 Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
  CVE-2009-2864 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP...
  CVE-2009-2873 Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889.
  CVE-2009-2872 Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from...
  CVE-2009-2865 Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a...

2009-09-24 CVE-2009-3341 Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this...
  CVE-2009-3347 Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this...

2009-09-21 CVE-2009-3273 iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
  CVE-2009-3271 Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

2009-09-10 CVE-2009-2797 The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive...
  CVE-2009-2796 The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
  CVE-2009-2815 The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted...
  CVE-2009-2207 The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these...
  CVE-2009-2794 The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended...
  CVE-2009-2206 Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial...
  CVE-2009-2795 Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related...

2009-09-08 CVE-2009-0627 Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation,"...

2009-08-27 CVE-2009-2861 The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of...
  CVE-2009-2050 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
  CVE-2009-2054 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and...
  CVE-2009-2053 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP...
  CVE-2009-2052 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote...
  CVE-2009-2051 Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote...
  CVE-2009-2976 Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by...

2009-08-21 CVE-2009-2056 Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
  CVE-2009-1154 Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

2009-08-19 CVE-2009-2055 Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

2009-08-12 CVE-2009-2199 Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and...

2009-08-03 CVE-2009-2204 Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory...
  CVE-2009-2656 Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and...

2009-07-30 CVE-2009-1168 Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through...
  CVE-2009-2049 Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t...

2009-07-29 CVE-2009-1167 Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules...
  CVE-2009-1166 The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services...
  CVE-2009-1164 The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services...
  CVE-2009-1165 Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless...

2009-07-17 CVE-2009-2348 Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and...

2009-07-09 CVE-2009-1725 WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle...
  CVE-2009-1724 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or...

2009-06-25 CVE-2009-1203 WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it...
  CVE-2009-1202 WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS)...
  CVE-2009-1201 Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct...

2009-06-19 CVE-2009-1692 WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via...
  CVE-2009-1683 The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an...
  CVE-2009-1679 The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password...
  CVE-2009-0959 The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input...
  CVE-2009-0960 The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device...
  CVE-2009-0961 The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a...
  CVE-2009-1680 Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to...
  CVE-2009-0958 Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in...

2009-06-10 CVE-2009-1698 WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical...
  CVE-2009-1690 Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to...
  CVE-2009-1701 Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or...
  CVE-2009-1700 The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from...
  CVE-2009-1699 The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read...
  CVE-2009-1702 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors...

2009-05-26 CVE-2009-1754 The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an...

2009-05-06 CVE-2009-1561 Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator...

2009-05-04 MITRE:5868 Microsoft Malformed BMP Filter Vulnerability
  MITRE:5336 Apple iTunes Information Disclosure Vulnerability
  MITRE:6001 Apple iTunes Denial of Service Vulnerability

2009-04-09 CVE-2009-1156 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload)...
  CVE-2009-1158 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote...
  CVE-2009-1159 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a...
  CVE-2009-1157 Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of...
  CVE-2009-1155 Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field,...
  CVE-2009-1160 Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote...

2009-04-01 CVE-2008-6576 Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion...
  CVE-2008-6577 Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
  CVE-2008-6579 Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."
  CVE-2008-6578 Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.

2009-03-27 CVE-2009-0636 Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.
  CVE-2009-0631 Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol...
  CVE-2009-0626 The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
  CVE-2009-0637 The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite...
  CVE-2009-0630 The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission...
  CVE-2009-0629 The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging...
  CVE-2009-0634 Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge...
  CVE-2009-0633 Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6...
  CVE-2009-0628 Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control...
  CVE-2009-0635 Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a...

2009-03-12 CVE-2009-0632 The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2)...

2009-02-26 CVE-2009-0624 Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote...
  CVE-2009-0623 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of...
  CVE-2009-0622 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute...
  CVE-2009-0625 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of...
  CVE-2009-0742 The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers...
  CVE-2009-0621 Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform...

2009-02-09 CVE-2008-6096 Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet...

2009-02-06 CVE-2009-0470 Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different...
  CVE-2009-0471 Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.

2009-02-04 CVE-2009-0061 Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before...
  CVE-2009-0062 Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain...
  CVE-2009-0058 The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial...
  CVE-2009-0059 The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a...

2009-01-22 CVE-2009-0057 The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a...

2009-01-16 CVE-2008-3821 Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
  CVE-2008-3818 Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session.

2008-12-08 MITRE:6075 HIS Command Execution Vulnerability

2008-11-25 CVE-2008-5230 The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which...
  CVE-2008-4230 The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain...
  CVE-2008-4228 The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an...
  CVE-2008-4232 Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a...
  CVE-2008-4231 Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2008-4233 Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone...
  CVE-2008-4229 Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the...
  CVE-2008-1586 ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
  CVE-2008-4227 Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain...

2008-11-17 REF000667 USB devices installed over time

2008-11-06 CVE-2008-4963 Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP...

2008-11-04 CVE-2008-4918 Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that...

2008-11-03 MITRE:6035 Apple iTunes Local Privilege Escalation Vulnerability

2008-10-23 CVE-2008-3816 Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.
  CVE-2008-3815 Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using...
  CVE-2008-3817 Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets,...

2008-10-20 CVE-2008-4609 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple...

2008-10-17 CVE-2008-4594 Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.

2008-10-14 CVE-2008-4441 The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of...

2008-10-10 CVE-2008-4211 Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service...

2008-10-06 MITRE:5995 Windows Messenger Information Disclosure Vulnerability

2008-10-03 CVE-2008-4383 Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01,...

2008-09-27 CVE-2008-4296 The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.

2008-09-26 CVE-2008-3802 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka...
  CVE-2008-3800 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service...
  CVE-2008-3801 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service...
  CVE-2008-3804 Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software...
  CVE-2008-3813 Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
  CVE-2008-3808 Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.
  CVE-2008-2739 The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a...
  CVE-2008-3799 Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP...
  CVE-2008-3812 Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
  CVE-2008-3798 Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.
  CVE-2008-3810 Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than...
  CVE-2008-3811 Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different...
  CVE-2008-3807 Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this...
  CVE-2008-3809 Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.
  CVE-2008-3805 Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of...
  CVE-2008-3806 Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of...
  CVE-2008-3803 A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from...

2008-09-22 MITRE:5997 Microsoft PICT Filter Parsing Vulnerability
  MITRE:6019 Microsoft Office WPG Image File Heap Corruption Vulnerability
  MITRE:5879 Microsoft Malformed PICT Filter Vulnerability
  MITRE:6122 Microsoft Malformed EPS Filter Vulnerability

2008-09-19 CVE-2008-4133 The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

2008-09-18 CVE-2008-4128 Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command...

2008-09-05 CVE-2008-1197 The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a...
  CVE-2008-1144 The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or...
  CVE-2007-5474 The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users...

2008-09-04 CVE-2008-2736 Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown...
  CVE-2008-2735 The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of...
  CVE-2008-2732 Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow...
  CVE-2008-2734 Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a...
  CVE-2008-2733 Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote...

2008-06-26 CVE-2008-2062 The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information...
  CVE-2008-2730 The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and...
  CVE-2008-2061 The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP...

2008-06-23 MITRE:5578 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

2008-06-09 CVE-2008-2636 The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many...

2008-06-04 CVE-2008-2057 The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a...
  CVE-2008-2056 Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the...
  CVE-2008-2059 Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.
  CVE-2008-2058 Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device.
  CVE-2008-2055 Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface.

2008-05-22 CVE-2008-1159 Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.

2008-05-16 CVE-2008-1747 Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via...
  CVE-2008-1746 The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and...
  CVE-2008-1744 The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via...
  CVE-2008-1743 Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service...
  CVE-2008-1742 Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of...
  CVE-2008-1748 Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service...
  CVE-2008-1745 Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.

2008-04-04 CVE-2008-1154 The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not...

2008-03-27 CVE-2008-1156 Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree...
  CVE-2008-1150 The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB)...
  CVE-2008-1152 The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
  CVE-2008-1151 Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated...
  CVE-2008-1153 Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.

2008-03-13 CVE-2007-6709 The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
  CVE-2007-6707 Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than...
  CVE-2007-6708 Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an...

2008-03-10 CVE-2008-1247 The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2)...
  CVE-2008-1263 The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.
  CVE-2008-1264 The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.
  CVE-2008-1265 The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.
  CVE-2008-1268 The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
  CVE-2008-1266 Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name...
  CVE-2008-1243 Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.
  CVE-2008-1258 Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
  CVE-2008-1253 Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the...

2008-02-14 CVE-2008-0026 SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and...

2008-02-04 MITRE:3622 Windows Media Format Remote Code Execution Vulnerability

2008-01-23 CVE-2008-0028 Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of...

2008-01-17 REF000657 IM installed: Yahoo! Messenger
  REF000661 IM installed: Windows Live Messenger
  REF000658 IM installed: Trillian
  REF000659 IM installed: Skype
  REF000662 IM installed: Pidgin
  REF000656 IM installed: ICQ
  REF000655 IM installed: Google Talk
  REF000660 IM installed: Gizmo

2008-01-16 CVE-2008-0027 Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows...

2008-01-11 CVE-2007-0588 SANS07C4:Apple QuickDraw on Mac OSX 10.4.8 and earlier allows remote denial of service
  CVE-2007-0466 SANS07C4: Telestream Flip4Mac WMV for Quicktime 2.1.0.33 remote code execution vulnerability

2008-01-10 CVE-2007-0731 SANS07S3: Samba module in Apple Mac OS X buffer overflow
  CVE-2006-6652 SANS07S3: Buffer overflow in libc used in FTP daemon and tnftpd in Apple Mac OS X
  CVE-2007-0776 SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8
  CVE-2008-0228 Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.

2008-01-08 CVE-2006-0994 SANS07S5: Sophos Anti-Virus products allow remote code execution via crafted CAB
  CVE-2006-6335 SANS07S5: Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40

2008-01-07 CVE-2007-3509 SANS07S4: Buffer overflow in Symantec/Veritas Backup Exec
  REF000618 IM installed: xchat installed
  REF000617 IM installed: konversation installed

2008-01-03 CVE-2007-2974 SANS07S5: Multiple Vulnerabilities in Avira AntiVir
  CVE-2007-3509 SANS07S4: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers
  REF000584 Config pam: no bruteforce protection configured

2007-12-21 CVE-2007-2139 SANS07S4: Multiple unspecified vulnerabilities in mediasvr and caloggerd in CA BrightStor ARCServe Backup

2007-12-20 REF000653 MP installed: VLC browser plug-in is installed
  REF000651 MP installed: MPlayer browser plug-in is installed
  REF000652 MP installed: HelixPlayer browser plug-in is installed
  REF000654 MP installed: GCJ java browser plug-in is installed
  REF000650 MP installed: Flash browser plug-in is installed

2007-12-17 CVE-2006-5339 SANS07S7: Multiple vulnerabilities in Oracle 8.1.7.4
  CVE-2007-1086 SANS07S7: Multiple vulnerabilities in IBM DB2

2007-12-14 CVE-2007-6372 Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping.
  CVE-2006-5332 SANS07S7: Multiple vulnerabilities in Oracle Database 9i
  CVE-2006-5332 SANS07S7: Multiple vulnerabilities in Oracle Database 10g
  CVE-2007-1680 SANS07A1: Stack-based buffer overflow in Yahoo! Messenger before 20070313
  CVE-2007-2418 SANS07A1: Multiple buffer overflow vulnerabilities in Trillian earlier than 3.1.7.0

2007-12-11 CVE-2007-0711 SANS07C4: Multiple vulnerabilities in Apple Quicktime 7.2 and earlier
  CVE-2007-3457 SANS07C4: Adobe Flash Player 8.0.34.0 and earlier vulnerable to CSRF attack

2007-12-10 CVE-2007-2497 SANS07C4: Multiple Vulnerabilities in RealPlayer 10, 10.5 and 11 Beta
  CVE-2007-3752 SANS07C4: Buffer overflow in Apple iTunes before 7.4
  REF000642 P2P installed: mldonkey installed

2007-12-07 CVE-2007-0044 SANS07C1: Multiple vulnerabilities in Adobe Reader earlier than 8.0.0

2007-12-06 REF000638 P2P installed: xmule installed
  REF000636 P2P installed: transmission installed
  REF000635 P2P installed: rtorrent installed
  REF000634 P2P installed: qtella installed
  REF000643 P2P installed: napster installed
  REF000646 P2P installed: nap installed
  REF000640 P2P installed: mutella installed
  REF000645 P2P installed: lopster instaled
  REF000632 P2P installed: ktorrent installed
  REF000633 P2P installed: kommute installed
  REF000641 P2P installed: knapster installed
  REF000647 P2P installed: gtk-gnutella installed
  REF000644 P2P installed: gnut installed
  REF000631 P2P installed: gnunet installed
  REF000630 P2P installed: deluge installed
  REF000637 P2P installed: dctc installed
  REF000629 P2P installed: ctorrent installed
  REF000628 P2P installed: bittorrent installed
  REF000627 P2P installed: bittornado installed
  REF000649 P2P installed: bitstormlite installed
  REF000626 P2P installed: azureus installed
  REF000639 P2P installed: apollon installed
  REF000648 P2P installed: amule installed
  REF000624 IM installed: ytalk installed
  REF000621 IM installed: yahoo messenger installed
  REF000622 IM installed: trebuchet installed
  REF000623 IM installed: talk installed
  REF000601 IM installed: skype installed
  REF000615 IM installed: sircd installed
  REF000614 IM installed: sim installed
  REF000613 IM installed: psi installed
  REF000612 IM installed: pidgin installed
  REF000611 IM installed: micq installed
  REF000610 IM installed: lostirc installed
  REF000609 IM installed: licq installed
  REF000608 IM installed: kxicq installed
  REF000620 IM installed: kopete installed
  REF000616 IM installed: kicq installed
  REF000607 IM installed: kadu installed
  REF000606 IM installed: jabbin installed
  REF000605 IM installed: jabber installed
  REF000604 IM installed: gossip installed
  REF000603 IM installed: gnu gadu installed
  REF000619 IM installed: gaim installed
  REF000625 IM installed: gabber installed
  REF000602 IM installed: epic installed

2007-12-05 REF000663 Config laptop: swap partition not encrypted
  REF000665 Config laptop: root partition not encypted
  REF000664 Config laptop: home partition not encrypted

2007-12-04 CVE-2007-2867 SANS07C3: Multiple Vulnerabilities in Mozilla Thunderbird 2.x earlier than 2.0.0.6
  CVE-2007-0777 SANS07C3: Multiple Vulnerabilities in Mozilla Thunderbird 1.5.x earlier than 1.5.0.13
  CVE-2007-0981 SANS07C1: Multiple Vulnerabilities in SeaMonkey earlier than 1.1.5
  CVE-2007-0776 SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8
  REF000578 Config yum-updatesd: auto-updating disabled
  REF000580 Config yum-updatesd: auto-resolving dependencies disabled
  REF000579 Config yum-updatesd: auto-downloading disabled
  REF000583 Config apt: update notification disabled
  REF000582 Config apt: daily job disabled
  REF000581 Config apt: auto-updating package lists disabled

2007-12-03 REF000577 Config yum-updatesd: start on boot disabled

2007-10-30 CVE-2007-5020 APSB07-18: Adobe Acrobat mailto: vulnerability

2007-10-23 CVE-2007-5651 Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and...

2007-10-18 CVE-2007-5549 Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as...
  CVE-2007-5550 Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no...
  CVE-2007-5551 Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information....
  CVE-2007-5548 Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory...
  CVE-2007-5552 Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known...
  CVE-2007-5547 Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague...
  CVE-2007-5569 Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.

2007-10-17 CVE-2007-5537 Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers...
  CVE-2007-5538 Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of...

2007-10-15 CVE-2007-5468 Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof...

2007-10-11 CVE-2007-5381 Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message...

2007-08-31 CVE-2007-4634 Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands...
  CVE-2007-4633 Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web...
  CVE-2007-4632 Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass...

2007-08-20 CVE-2007-4430 Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE:...

2007-08-09 CVE-2007-4294 Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
  CVE-2007-4285 Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or...
  CVE-2007-4295 Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
  CVE-2007-4292 Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007,...
  CVE-2007-4291 Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with...
  CVE-2007-4293 Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
  CVE-2007-4286 Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.

2007-08-08 CVE-2007-4263 Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.

2007-07-25 CVE-2007-4011 Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or...
  CVE-2007-4012 Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a...

2007-07-23 CVE-2007-3944 Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute...

2007-07-15 CVE-2007-3775 Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1)...
  CVE-2006-5277 Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that...
  CVE-2006-5278 Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets,...
  CVE-2007-3776 Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings,...

2007-07-10 MITRE:1670 CAPICOM.Certificates Vulnerability

2007-07-05 CVE-2007-3574 Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3)...

2007-06-22 CVE-2007-3348 The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
  CVE-2007-3347 The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.

2007-05-23 CVE-2007-2832 Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via...
  MITRE:2001 CMS Memory Corruption Vulnerability
  MITRE:1575 CMS Cross-Site Scripting and Spoofing Vulnerability

2007-05-22 CVE-2007-2813 Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.

2007-05-16 CVE-2007-2734 The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.

2007-05-15 CVE-2007-2688 The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

2007-05-10 REF000467 AutoRun is enabled

2007-05-09 CVE-2007-2587 The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
  CVE-2007-2586 The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that...

2007-05-03 CVE-2007-2502 Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015.

2007-05-02 CVE-2007-2462 Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via...
  CVE-2007-2463 Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination...
  CVE-2007-2461 The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP...
  CVE-2007-2464 Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions."

2007-04-27 CVE-2007-2332 Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.
  CVE-2007-2333 Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow...
  CVE-2007-2334 Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration...

2007-04-16 CVE-2007-2036 The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID...
  CVE-2007-2038 The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1)...
  CVE-2007-2039 The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1)...
  CVE-2007-2041 Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug...
  CVE-2007-2037 Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.
  CVE-2007-2040 Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.

2007-04-10 MITRE:746 Word Malformed Data Structures Vulnerability
  MITRE:1141 FTP Server Response Parsing Memory Corruption Vulnerability
  MITRE:257 COM Object Instantiation Memory Corruption Vulnerability
  MITRE:1120 COM Object Instantiation Memory Corruption Vulnerability

2007-04-02 CVE-2007-1826 Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster...
  CVE-2007-1833 The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of...
  CVE-2007-1834 Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.

2007-03-21 CVE-2007-1585 The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE:...

2007-03-16 CVE-2007-1467 Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace...

2007-03-03 CVE-2007-1258 Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a...

2007-03-02 REF000466 P2P Software: SoulSeek Installed
  REF000465 P2P Software: Shareaza Installed
  REF000464 P2P Software: Kazaa Installed
  REF000463 P2P Software: IMESH Installed
  REF000462 P2P Software: eMule Installed
  REF000461 P2P Software: eDonkey 2000 Installed
  REF000460 P2P Software: DC++ Installed
  REF000459 P2P Software: BitTorrent Installed

2007-02-20 MITRE:669 Windows Media Format ASX Parsing Vulnerability
  MITRE:536 Windows Media Format ASF Parsing Vulnerability
  MITRE:313 TIF Folder Information Disclosure Vulnerability
  MITRE:337 TIF Folder Information Disclosure Vulnerability
  MITRE:761 Script Error Handling Memory Corruption Vulnerability
  MITRE:116 DHTML Script Function Memory Corruption Vulnerability

2007-02-16 REF000454 Config shadow: incorrect file premissions
  REF000458 Config passwd: incorrect file permissions
  REF000456 Config LILO: no password configured
  REF000457 Config INIT: pasword-less single user mode
  REF000455 Config GRUB: no password configured

2007-02-15 REF000451 Config PAM: password strenght checking not configured
  REF000450 Config PAM: minimum password lenght less than 6
  REF000452 Config PAM: empty passwords enabled
  REF000453 Config PAM: difference between paswords less than 6
  REF000431 Config GDM: remote root login enabled
  REF000449 Config GDM: remote logins enabled
  REF000448 Config GDM: remote autologin enabled

2007-02-14 REF000403 Config VSFTPd: upload enabled
  REF000404 Config VSFTPd: anonymous upload enabled
  REF000402 Config VSFTPd: anonymous login enabled
  REF000428 Config SSHd: using default port
  REF000429 Config SSHd: protocol 1 enabled
  REF000427 Config SSHd: .rhosts and .shosts enabled
  REF000430 Config SSH: protocol 1 enabled
  REF000437 Config shadow: weak encryption detected
  REF000447 Config passwd: no shadow file detected
  REF000446 Config passwd: multiple root accounts
  REF000442 Config KDM: shutdown by everybody enabled
  REF000441 Config KDM: root login enabled
  REF000439 Config KDM: password-less login enabled
  REF000440 Config KDM: empty password login enabled
  REF000438 Config KDM: autologin enabled
  REF000445 Config GDM: shutdown by everbody enabled
  REF000444 Config GDM: root login enabled
  REF000443 Config GDM: autologin enabled

2007-02-13 CVE-2007-0917 The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
  CVE-2007-0918 The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations...
  REF000383 GFI EndPointSecurity Report
  REF000382 GFI EndPointSecurity agent missing

2007-02-12 CVE-2006-1249 SANS06C5: Multiple iTunes and QuickTime for Mac Vulnerabilities
  CVE-2006-5084 SANS06C4: Skype for Mac 1.5.*.79 and earlier vulnerable to DoS or remote code execution.

2007-02-09 CVE-2006-3505 SANS06M1: WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
  CVE-2006-3946 SANS06M1: WebCore in Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to cause a denial of service
  CVE-2006-3946 SANS06M1: WebCore in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
  CVE-2006-0848 SANS06M1: Vulnerability in Safari and LaunchServices can lead to remote code exencution.
  CVE-2006-4394 SANS06M1: Vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIDs to bypass service access controls.
  CVE-2006-0397 SANS06M1: Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5
  CVE-2005-2516 SANS06M1: Safari in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary commands.
  CVE-2006-1450 SANS06M1: Multiple vulnerabilities in Mail in Apple Mac OS X 10.3.9 and 10.4.6
  CVE-2005-3705 SANS06M1: Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, allows remote attackers to execute arbitrary code.
  CVE-2006-3498 SANS06M1: Buffer overflow in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 and earlier
  CVE-2005-2518 SANS06M1: Buffer overflow in servermgrd in Mac OS X Server 10.4.2 and earlier
  CVE-2006-1987 SANS06M1: Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag.

2007-02-08 CVE-2006-1469 SANS06M1: Multiple Vulnerabilities in ImageIO
  CVE-2006-0384 SANS06M1: automount in Mac OS X 10.4.5 and earlier vulnerable to denial of service or execution of arbitrary code.

2007-02-07 CVE-2006-3507 SANS06M1: Multiple vulnerabilities in AirPort wireless driver
  REF000409 Config SSHd: X11 forwarding enabled
  REF000408 Config SSHd: root login permited
  REF000410 Config SSHd: empty passwords permited
  REF000436 Config shadow: empty password detected
  REF000412 Config SElinux: not in strict mode
  REF000411 Config SElinux: not in enforcing mode

2007-02-06 REF000407 Service running: SSH

2007-02-05 REF000433 Config BIND: allow-update not specified
  REF000434 Config BIND: allow-transfer not specified
  REF000435 Config BIND: allow-recursion not specified
  REF000432 Config BIND: allow-query not specified

2007-01-31 REF000415 Service running: Telnet
  REF000422 Service running: SWAT
  REF000416 Service running: SMTP
  REF000425 Service running: SAMBA SMB
  REF000426 Service running: SAMBA NMB
  REF000424 Service running: PostgeSQL
  REF000420 Service running: POP3
  REF000423 Service running: MySQL
  REF000421 Service running: IMAP4
  REF000419 Service running: HTTPS
  REF000406 Service running: HTTP
  REF000414 Service running: FTP
  REF000413 Service running: Finger
  REF000417 Service running: DNS
  REF000418 Service running: CUPS
  CVE-2007-0648 Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.

2007-01-11 CVE-2007-0199 The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."

2006-12-20 CVE-2006-2313 SANS06C2: PostgreSQL 8.1 SQL injection vulnerability

2006-12-13 CVE-2006-6538 D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the...

2006-12-12 CVE-2006-2753 SANS06C2: SQL Injection vulnerability in MySQL 5.0.x
  CVE-2006-2753 SANS06C2: SQL Injection vulnerability in MySQL 4.1.x
  CVE-2006-2313 SANS06C2: PostgreSQL 8.0 SQL injection vulnerability
  CVE-2006-2313 SANC06C2: PostgreSQL 8.0 SQL injection vulnerability

2006-12-11 CVE-2005-3641 SANS06C2: Multiple vulnerabilities in Oracle Database 9i

2006-12-06 CVE-2005-3641 SANS06C2: Multiple vulnerabilities in Oracle Database 10g

2006-12-04 CVE-2006-5478 SANS07S6: Multiple vulnerabilities in Novell eDirectory 8.x

2006-12-01 CVE-2006-0992 SANS07S6: Stack-based buffer overflow in Novell GroupWise Messenger

2006-11-30 CVE-2005-1928 SANS07C6: Multiple vulnerabilities in Trend Micro ServerProtect EarthAgent 5.58 and earlier
  CVE-2006-0323 SANS06C5: Buffer overflow in swfformat.dll in Real Rhapsody 3

2006-11-28 CVE-2005-2628 SANS06C5: Multiple vulnerabilities in Macromedia Flash

2006-11-27 CVE-2006-1370 SANS06C5: Multiple Vulnerabilities in RealPlayer
  CVE-2006-1249 SANS06C5: Multiple iTunes and QuickTime Vulnerabilities
  CVE-2005-2310 SANS06C5: Multiple buffer overflows in NullSoft Winamp 5.13 and earlier

2006-11-21 CVE-2006-6055 Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).

2006-11-10 SFBID715 Sendmail 8-8-4

2006-10-31 MITRE:100 VML Buffer Overrun Vulnerability

2006-10-26 CVE-2006-5537 Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection...
  CVE-2006-5536 Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
  CVE-2006-5538 D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.
  CVE-2006-5553 Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan...

2006-10-25 CVE-2006-5382 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that...

2006-10-24 MITRE:376 Windows XP,SP2 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:256 Windows XP,SP2 Print Spooler Service Buffer Overflow
  MITRE:497 Windows XP,SP2 Plug and Play Buffer Overflow Vulnerability
  MITRE:618 Windows XP,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:267 Windows XP Plug and Play Buffer Overflow Vulnerability
  MITRE:346 Windows Server 2003,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:609 Windows Server 2003 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:160 Windows Server 2003 Plug and Play Buffer Overflow Vulnerability
  MITRE:783 Windows Server 2003 Plug and Play Buffer Overflow Vulnerability
  MITRE:180 Windows 2000,SP4 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:474 Windows 2000 Plug and Play Buffer Overflow Vulnerability

2006-10-17 REF000190 Webmin running
  REF000197 VNC server listening on port 5901
  REF000245 Upnp helper is running
  REF000188 Sub7 server passworded
  REF000185 Squid running
  REF000196 Some POP3 server banners providing information to attacker
  REF000252 Sasser worm
  REF000182 Oracle HTTP Server running
  REF000181 MySQL (open source database) running
  REF000180 Microsoft SQL server
  REF000192 List of modems installed
  REF000195 IMAP4 server banner provides information to attacker
  REF000161 Ftp Exposing Full Path
  REF000194 Finger service running
  REF000193 Citrix server running on this host
  REF000240 BugBear-B backdoor
  REF000177 Apache Tomcat running

2006-10-16 MITRE:171 Window Location Information Disclosure Vulnerability
  MITRE:694 Visual Basic for Applications Vulnerability
  MITRE:577 Source Element Cross-Domain Vulnerability
  MITRE:738 Redirect Cross-Domain Information Disclosure Vulnerability
  MITRE:502 HTML Rendering Memory Corruption Vulnerability
  MITRE:433 HTML Layout and Positioning Memory Corruption Vulnerability
  MITRE:462 FTP Server Command Injection Vulnerability
  MITRE:5 CSS Memory Corruption Vulnerability
  MITRE:719 COM Object Instantiation Memory Corruption Vulnerability

2006-10-10 CVE-2006-5202 Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout...

2006-10-07 MITRE:1922 Remote Code Execution Vulnerability in Flash Player 8
  MITRE:1987 Remote Code Execution Vulnerability in Flash Player 6 and 7

2006-09-23 CVE-2006-4950 Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting...

2006-09-13 CVE-2006-4775 The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a...
  CVE-2006-4774 The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.
  CVE-2006-4776 Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.

2006-09-12 CVE-2006-4662 SANS06C4: ICQ 2003b Buffer Overflow

2006-09-08 CVE-2006-4650 Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect...

2006-08-25 CVE-2006-4352 The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.

2006-08-24 CVE-2006-2113 The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not...
  CVE-2006-2112 Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP...

2006-08-23 CVE-2006-4312 Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user...

2006-08-14 CVE-2006-4143 Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.

2006-08-07 CVE-2006-4015 Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.

2006-07-27 CVE-2006-3906 Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the...

2006-07-21 CVE-2006-3687 Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows...

2006-07-18 CVE-2006-3592 Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI...
  CVE-2006-3593 The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.
  CVE-2006-3594 Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.

2006-07-11 CVE-2006-3529 Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed.

2006-06-28 CVE-2006-3291 The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all...

2006-06-20 CVE-2006-3109 Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in...

2006-06-07 CVE-2006-2901 The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.

2006-05-31 MITRE:1748 FPSE XSS Vulnerability

2006-05-30 CVE-2006-2653 Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.

2006-05-23 CVE-2006-2559 Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using...

2006-05-11 CVE-2006-2337 Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.

2006-04-21 CVE-2006-1973 Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.

2006-04-20 CVE-2006-1928 Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS...
  CVE-2006-1927 Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco...

2006-04-05 CVE-2006-1631 Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP...

2006-02-19 CVE-2006-0784 D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.

2006-01-31 CVE-2006-0485 The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may...
  CVE-2006-0486 Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user...

2006-01-22 CVE-2006-0367 Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative...
  CVE-2006-0354 Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large...
  CVE-2006-0368 Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000...

2006-01-20 CVE-2006-0340 Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang...

2006-01-18 CVE-2006-0309 Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.

2005-12-31 CVE-2005-4826 Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different...
  CVE-2005-4723 D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.

2005-12-22 CVE-2005-4499 The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password,...

2005-12-15 CVE-2005-4258 Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is...
  CVE-2005-4257 Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is...

2005-12-01 MITRE:1231 WinXP,SP2 DirectShow Malicious avi File Vulnerability
  MITRE:1434 WinXP,SP1 DirectShow Malicious avi File Vulnerability
  MITRE:1267 Win2k,SP4 DirectShow Malicious avi File Vulnerability
  MITRE:1149 Server 2003,SP1 DirectShow Malicious avi File Vulnerability
  MITRE:1424 Server 2003 DirectShow Malicious avi File Vulnerability

2005-11-30 CVE-2005-3921 Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of...

2005-11-22 CVE-2005-3774 Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system,...

2005-11-16 CVE-2003-1267 GuildFTPd FTP Server Can Be Crashed By Remote Users Requesting DOS Device Names
  MITRE:100110 Apache Listening Socket Starvation Vulnerability

2005-11-02 CVE-2005-3481 Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the...
  CVE-2005-3482 Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic...

2005-11-01 CVE-2005-3426 Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.

2005-10-20 CVE-2005-2973 Linux Kernel version prior to 2.6.14-rc5

2005-10-12 MITRE:989 Microsoft Outlook Express 6,SP1 News Reading Vulnerability

2005-09-15 CVE-2005-2799 Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.

2005-09-14 CVE-2005-2912 Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
  CVE-2005-2916 Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi...
  CVE-2005-2915 ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to...
  CVE-2005-2914 ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration...

2005-09-08 CVE-2005-2841 Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted...

2005-08-23 CVE-2005-2640 Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which...

2005-08-17 CVE-2005-2589 Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.

2005-08-03 CVE-2005-2434 Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.
  CVE-2005-2451 Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.

2005-07-12 CVE-2005-2244 The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger...
  CVE-2005-2243 Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory...
  CVE-2005-2241 Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows...

2005-07-05 CVE-2005-2105 Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.

2005-06-01 MITRE:3556 Microsoft .NET Framework v1.1 Security Bypass

2005-05-27 CVE-2005-1802 Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

2005-05-26 CVE-2005-1828 D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
  CVE-2005-1827 D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.

2005-05-20 CVE-2005-1680 D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes...

2005-05-02 CVE-2005-1133 The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
  CVE-2005-1025 The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.
  CVE-2005-1020 Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the...
  CVE-2005-1006 Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
  CVE-2005-1021 Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
  CVE-2005-1059 Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
  CVE-2005-1057 Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
  CVE-2005-1058 Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass...
  CVE-2005-0197 Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
  CVE-2005-0195 Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
  CVE-2005-0196 Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
  CVE-2005-1238 By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.

2005-03-29 REF000254 Possible Rootkit Detected : Hidden Processes
  REF000255 Possible Rootkit Detected : Hidden Processes
  REF000257 Possible Rootkit Detected : Altered system call table detected
  REF000253 Possible Rootkit Detected : Altered system call functions code

2005-01-19 CVE-2005-0186 Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed...

2005-01-17 CVE-2005-0290 NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
  CVE-2005-0291 Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.

2004-12-31 CVE-2004-2691 Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this...
  CVE-2004-1446 Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
  CVE-2004-2606 The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
  CVE-2004-2556 NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
  CVE-2004-2557 NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
  CVE-2004-0467 Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at...
  CVE-2004-2508 Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
  CVE-2004-1775 Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
  CVE-2004-1464 Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
  CVE-2004-1454 Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
  CVE-2004-2377 Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
  CVE-2004-2507 Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.

2004-12-09 MITRE:4392 Windows Server 2003 NNTP Component Buffer Overflow
  MITRE:5070 Windows NT NNTP Component Buffer Overflow
  MITRE:5926 Windows 2000 NNTP Component Buffer Overflow

2004-12-06 CVE-2004-0611 Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
  CVE-2004-0468 Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
  CVE-2004-0615 Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a...

2004-11-23 CVE-2004-0312 Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
  CVE-2004-0244 Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet,...
  CVE-2004-0352 Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.

2004-09-29 MITRE:188 MS Word Macro Security Bypass Vulnerability

2004-08-31 CVE-2004-1650 D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.

2004-08-06 CVE-2004-0661 Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid...
  CVE-2004-0580 DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
  CVE-2004-0589 Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
  CVE-2004-0551 Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the...

2004-07-27 CVE-2004-0710 IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of...

2004-07-21 MITRE:2705 Windows XP/Server 2003 DirectPlay Denial of Service
  MITRE:2413 Windows XP (64-Bit) DirectPlay Denial of Service
  MITRE:2190 Windows XP (32-Bit) DirectPlay Denial of Service
  MITRE:2516 Windows Server 2003 (32-Bit) DirectPlay Denial of Service

2004-07-16 CVE-2002-0082 mod_ssl is old

2004-07-14 CVE-2004-0595 PHP older than 4.3.8

2004-07-12 MITRE:1027 Windows 2000 DirectPlay Denial of Service

2004-06-16 MITRE:958 Windows XP RPCSS Service DCOM Activation Denial of Service
  MITRE:900 Windows XP RPCSS DCOM Buffer Overflow
  MITRE:925 MS IE HTML Directive Buffer Overflow
  MITRE:974 IE Frame Domain Verification Vulnerability
  MITRE:921 IE File Execution User-prompt Bypass Vulnerability
  MITRE:1014 IE File Download Dialog Deception Vulnerability

2004-06-11 CVE-2004-0413 Subversion version older than 1.0.5

2004-05-25 MITRE:886 Windows XP SSL Library Denial of Service
  MITRE:898 Windows XP LSASS Buffer Overflow
  MITRE:964 Windows XP H.323 Protocol Remote Code Execution Vulnerability
  MITRE:885 Windows Server 2003 SSL Library Denial of Service
  MITRE:919 Windows Server 2003 LSASS Buffer Overflow (Sasser Worm Vulnerability
  MITRE:946 Windows Server 2003 H.323 Protocol Remote Code Execution Vulnerability
  MITRE:968 MS Jet Database Buffer Overflow
  MITRE:990 Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability

2004-03-25 MITRE:586 MS Word 98 Macro Names Buffer Overflow
  MITRE:585 MS Word 97 Macro Names Buffer Overflow
  MITRE:675 MS Excel 97 Malicious Macro Security Bypass Vulnerability
  MITRE:141 Microsoft Internet Explorer MIME Hack

2004-02-17 CVE-2004-0054 Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the...

2004-02-03 CVE-2004-0129 phpMyAdmin mysql web administration tool vulnerability

2004-01-27 CVE-2003-0789 Apache is older than 2.0.48

2004-01-05 CVE-2003-1002 Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
  CVE-2003-1001 Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.

2003-12-31 CVE-2003-1132 The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to...
  CVE-2003-1264 TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img)...
  CVE-2003-1490 SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
  CVE-2003-1346 D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
  CVE-2003-1398 Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
  CVE-2003-1497 Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.

2003-11-12 CVE-2003-0795 zebra/Quagga versions older than 0.96.4

2003-08-27 CVE-2003-0511 The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
  CVE-2003-0512 Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password...
  CVE-2003-0647 Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.

2003-06-30 SFBID8062 Abyss Web server Bufferoverflow

2003-06-09 CVE-2003-0305 The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.

2003-05-12 CVE-2003-0216 Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.

2003-04-11 CVE-2002-1426 HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.

2003-03-31 CVE-2002-1547 Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different...

2003-03-29 CVE-2003-0161 Sendmail is older than 8.12.9

2003-03-03 CVE-2003-0100 Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.

2003-03-02 CVE-2002-1337 Remote Buffer Overflow in Sendmail

2002-12-31 CVE-2002-2053 The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is...
  CVE-2002-2239 The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.
  CVE-2002-1892 NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
  CVE-2002-2371 Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
  CVE-2002-2159 Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to...
  CVE-2002-2137 GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive...
  CVE-2002-2150 Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the...
  CVE-2002-2208 Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements,...
  CVE-2002-1810 D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and...
  CVE-2002-2341 Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.
  CVE-2002-1706 Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message...
  CVE-2002-2315 Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
  CVE-2002-1768 Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
  CVE-2002-2316 Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive...
  CVE-2002-2052 Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port...
  CVE-2002-1865 Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote...
  CVE-2002-2379 ** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be...

2002-12-23 CVE-2002-1360 Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code...
  CVE-2002-1357 Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder...
  CVE-2002-1358 Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
  CVE-2002-1359 Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder...

2002-12-13 CVE-2002-1354 TYPSoft FTP Server 0-99-8 Arbitrary Dir Listing

2002-12-11 CVE-2002-1272 Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.

2002-11-20 CVE-2002-1312 Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to...

2002-11-12 CVE-2002-1236 The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.

2002-10-28 CVE-2002-1222 Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.

2002-10-11 CVE-2002-1147 The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of...

2002-10-04 CVE-2002-1068 The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
  CVE-2002-0891 The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.
  CVE-2002-1069 The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device...
  CVE-2002-0954 The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
  CVE-2002-0886 Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to...

2002-09-05 CVE-2002-0870 The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL...

2002-08-12 CVE-2002-0426 VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
  CVE-2002-0792 The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
  CVE-2002-0505 Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via...
  CVE-2002-0813 Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.

2002-08-09 CVE-2002-0661 Apache: Apache 2.0.39 directory traversal and path disclosure bug

2002-08-08 CVE-2002-0826 Ipswitch WS_FTP Server 3-1-1 Buffer Overflow in SITE CPWD Command Processing

2002-08-01 REF000107 All Servers: Tomcat source.jsp directory listing and webroot location display

2002-07-30 CVE-2002-0655 OpenSSL versions older than 0.9.7e and 0.9.6m

2002-07-03 CVE-2002-0713 Multiple Squid vulnerabilities
  CVE-2002-0545 Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.

2002-06-25 CVE-2002-0350 HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service.
  CVE-2002-0339 Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.

2002-06-24 CVE-2002-0640 Remote OpenSSH Vulnerability

2002-06-17 CVE-2002-0392 Apache Chunked-Encoding Memory Corruption Vulnerability

2002-05-29 CVE-2002-0234 NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which...
  CVE-2002-1634 All Servers: Netware default programs display server information
  CVE-2002-1634 All Servers: Netware default programs display server information

2002-05-22 CVE-2002-0893 IIS: ServletExec 4.1 ISAPI File Reading

2002-05-10 CVE-2002-0379 IMAP4 server

2002-04-28 CVE-2002-0889 Qualcomm QPopper Bulletin Name Buffer Overflow Vulnerability

2002-04-19 CVE-2002-0575 AFS-Kerberos Support in OpenSSH Poses a Security Threat

2002-04-16 CVE-2002-1744 IIS: Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability

2002-03-25 CVE-2002-0109 Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the...

2002-03-21 CVE-2002-0061 Apache: Apache Win32 Batch File Remote Command Execution Vulnerability

2002-03-12 CVE-2002-0434 All Servers: Directory.php Allows Arbitrary Code Execution

2002-03-09 SFBID4261 Web server 404 path disclosure
  CVE-2000-1196 Netscape: Netscape PSCOErrPage
  CVE-2001-0461 All Servers: Free On-line Dictionary

2002-03-07 CVE-2002-0083 OpenSSH Channel Code Off-By-One Vulnerability

2002-02-27 CVE-2002-0082 Apache Mod_SSL-Apache-SSL Buffer Overflow Vulnerability

2002-02-26 CVE-2002-0081 PHP Post File Upload Buffer Overflow Vulnerabilities

2002-02-02 CVE-2002-0232 All Servers: MRTG CGI Arbitrary File Display Vulnerability
  CVE-2002-0232 All Servers: MRTG CGI Arbitrary File Display Vulnerability
  CVE-2002-0232 All Servers: MRTG CGI Arbitrary File Display Vulnerability
  CVE-2002-0232 All Servers: MRTG CGI Arbitrary File Display Vulnerability
  CVE-2002-0232 All Servers: MRTG CGI Arbitrary File Display Vulnerability

2002-01-29 CVE-2002-2113 All Servers: AHG's 'search.cgi' Search Engine Input Validation Flaw

2002-01-21 SFBID3915 All Servers: COWS CGI Online Worldweb Shopping Information Disclosure Vulnerability

2002-01-18 CVE-2002-2032 All Servers: Possible PHPNuke SQL_Debug Information Disclosure Vulnerability

2002-01-07 CVE-2002-2033 Apache: Faqmanager.cgi file read vulnerability

2002-01-04 CVE-2002-2029 Apache: Security Risk When Using the CGI Binary (PHP.EXE) Under Apache

2002-01-01 REF000323 yppasswdd service running
  REF000308 Windows AutoUpdate is not enabled
  REF000307 Windows AutoUpdate is enabled but requires user interaction to install patches
  REF000306 Windows AutoUpdate is enabled but require user intervention for both patch download and installation
  REF000322 walld message spoofing
  REF000256 Vulnerable Linux/Unix application package
  REF000319 This computer is a NIS server
  CVE-1999-0660 Telecomando trojan
  REF000189 Systems Management Server
  CVE-1999-0660 Syphillis 1-18 trojan
  CVE-1999-0660 Subseven 2-x trojan
  REF000187 SSL module running
  REF000186 SSL enabled
  REF000295 Shutdown without logon
  CVE-1999-0660 Psychward trojan
  CVE-1999-0660 Prosiak 0-70 trojan
  CVE-1999-0660 Priority BETA trojan
  REF000184 PHP module running
  REF000183 Perl module running
  REF000081 Netscape: Netscape Administration Server admin password
  CVE-1999-0660 NetbusPro2 trojan
  CVE-1999-0660 Ncw trojan
  REF000304 Nachi Worm
  REF000283 LM Hash
  REF000198 Linux/Unix application package(s) version check
  REF000282 Last logged-on username visible
  CVE-1999-0660 Kuang trojan
  CVE-1999-0660 Indoctrination trojan
  REF000124 IIS: Terminal Services
  REF000062 IIS: IIS Global.asa Retrieval
  REF000060 IIS: IIS ASP.NET Application Trace Enabled
  REF000275 Guest users have access to the system log
  REF000273 Guest users have access to the security log
  REF000271 Guest users have access to the application log
  REF000179 Frontpage extensions enabled
  REF000311 fam service running
  CVE-1999-0660 CrazyNet trojan
  REF000178 ClearCase running
  REF000265 Cached Logon Credentials
  REF000303 Blaster Worm
  CVE-1999-0660 Back Orifice 2000 (BO2K) trojan
  REF000262 AutoShareWKS
  REF000260 AutoShareServer
  REF000305 Auto Logon
  CVE-2000-0628 Apache: Apache source.asp
  REF000016 Apache: Apache server-status
  REF000015 Apache: Apache server-info
  REF000013 Apache: Apache manual
  REF000309 amd service running
  REF000090 All Servers: Perl.exe
  REF000040 All Servers: Directory Manager Execution bug
  REF000191 A modem is installed on this computer

2001-12-31 CVE-2001-1209 All Servers: Abe Timmerman zml.cgi File Disclosure Vulnerability

2001-12-30 CVE-2001-1210 Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary...

2001-12-21 CVE-2001-1221 D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
  CVE-2001-1220 D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.

2001-12-06 CVE-2001-0866 Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access...
  CVE-2001-0865 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
  CVE-2001-0864 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
  CVE-2001-0867 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
  CVE-2001-0863 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
  CVE-2001-0862 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
  CVE-2001-0861 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.

2001-11-28 CVE-2001-0929 Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.

2001-11-27 CVE-2001-0550 WU-FTPD glob() function error handling heap corruption

2001-11-15 CVE-2001-0895 Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the...

2001-11-07 REF000251 SSH server accepts Version 1.x connections

2001-10-22 CVE-2001-1503 Solaris Fingerd Discloses Complete User List

2001-10-18 CVE-2001-0751 Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
  CVE-2001-0750 Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
  CVE-2001-0753 Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.
  CVE-2001-0752 Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
  CVE-2001-0754 Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.
  CVE-2001-0757 Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.

2001-10-09 CVE-2001-1156 TYPSoft FTP Server 0-95-1 and possibly prior for Microsoft Windows Can Be Crashed by Remote Users
  CVE-2001-1071 Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.

2001-09-20 CVE-2001-0650 Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.

2001-09-18 REF000106 IIS: This computer seems to be infected with Nimda
  CVE-1999-0756 IIS: Cold Fusion check

2001-09-15 CVE-2001-1014 All Servers: (e)shop Online-Shop System

2001-09-06 CVE-2001-1137 D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.

2001-09-05 CVE-2001-0992 All Servers: ShopPlus Cart

2001-08-31 CVE-2001-1065 Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
  CVE-2001-0711 Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string.
  CVE-2001-1064 Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop...

2001-08-29 CVE-2001-1168 All Servers: PhpMyExplorer Vulnerable to Directory Traversal

2001-08-22 CVE-2001-0589 NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.

2001-08-14 CVE-2001-0622 The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating...
  CVE-2001-0621 The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
  CVE-2001-0566 Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.

2001-08-10 CVE-2001-1117 LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.

2001-07-26 CVE-2001-1021 Ipswitch WS_FTP Server 2-0-2 Will Execute Remotely-Supplied Arbitrary Code

2001-07-25 CVE-2001-1104 SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.

2001-07-24 CVE-2001-1097 Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.

2001-07-21 CVE-2001-0514 SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such...
  CVE-2001-0537 HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

2001-07-20 REF000105 IIS: This computer is infected with CodeRed

2001-07-15 CVE-2001-0804 All Servers: Directory traversal vulnerability in story.pl

2001-07-12 CVE-2001-1183 PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.

2001-07-02 CVE-2001-0444 Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
  CVE-2001-0429 Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.

2001-06-27 CVE-2001-0455 Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.

2001-06-19 CVE-2001-0698 SurgeFTP nlist directory traversal

2001-06-18 CVE-2001-0376 SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This...
  CVE-2001-0427 Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several...
  CVE-2001-0375 Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
  CVE-2001-0412 Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
  CVE-2001-0821 All Servers: DCShop vulnerability

2001-06-17 CVE-2001-0820 Possible Gaztek HTTP Daemon (ghttpd) buffer overflow

2001-06-10 CVE-2001-0688 Broker FTP server 5.9.5.0

2001-05-26 CVE-2001-0767 GuildFTPD FTP

2001-05-07 CVE-1999-0922 IIS: Cold Fusion check
  CVE-2001-0561 All Servers: A1Stats

2001-05-03 CVE-2001-0288 Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

2001-04-27 CVE-2001-0463 All Servers: PerlCal allows remote file retrieving

2001-04-04 CVE-2001-0272 All Servers: sendtemp.pl

2001-04-03 CVE-2001-0466 All Servers: uStorekeeper allows remote file retrieving

2001-03-15 CVE-2001-0236 Possible snmpXdmid SunOS buffer overflow

2001-03-12 CVE-2000-0368 Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

2001-03-11 CVE-2001-0360 All Servers: Ikonboard allows remote file retrieving

2001-02-28 CVE-2002-0558 TYPSoft FTP Server 0-97-1 and prior Discloses Listing of Directory Contents for Any Directory on the
  CVE-2001-0293 FtpXQ FTP Server
  CVE-2004-1776 Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
  CVE-2001-1434 Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.

2001-02-17 SFBID2698 Multiple WarFTPd (1-71) DoS

2001-02-16 CVE-2001-0058 The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.
  CVE-2001-0056 The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
  CVE-2001-0041 Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
  CVE-2001-0057 Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet.
  CVE-2001-0055 CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
  CVE-2001-0305 All Servers: Arts Store.cgi

2001-02-12 CVE-2001-0080 Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.
  CVE-2001-0211 All Servers: WebSPIRS
  CVE-2001-0214 All Servers: Way-board
  CVE-2001-0215 All Servers: Roads search system
  CVE-2001-0212 All Servers: HIS Aktion
  CVE-2001-0210 All Servers: Commerce.cgi
  CVE-2001-0212 All Servers: Auktion.cgi

2001-02-08 CVE-2001-0144 SSH1 CRC-32 compensation attack

2001-02-05 CVE-2001-0015 Network Dynamic Data Exchange (DDE) vulnerability

2001-01-29 CVE-2001-0010 BIND 8-2-1, 8-2-2
  CVE-2002-0400 BIND - Prior to Version 9

2001-01-28 CVE-2001-0253 All Servers: Hyperseek

2001-01-15 CVE-2001-0113 OmniHTTPd v2.07

2001-01-09 CVE-2000-1098 The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
  CVE-2000-1097 The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.

2001-01-01 CVE-2001-0163 Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
  CVE-2001-0161 Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.

2000-12-23 CVE-2001-0074 All Servers: Talkback vulnerability

2000-12-20 CVE-2001-0100 All Servers: Brian Stanback bslist.cgi
  CVE-2001-0099 All Servers: Brian Stanback bsguest.cgi

2000-12-19 CVE-2000-0945 The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
  CVE-2000-0984 The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

2000-12-13 CVE-2001-0065 bftpd 1.0.13
  CVE-2000-1092 All Servers: Alex Heiphetz Group EZShopper Directory Disclosure

2000-12-11 CVE-2001-0025 Leif M. Wright ad.cgi

2000-12-06 CVE-2001-0045 Windows 2000 SNMP parameters

2000-12-05 CVE-2001-0054 Serv-U FTP-Server v2.2 to 2.5

2000-11-20 CVE-2000-1161 All Servers: Adcycle - build.cgi

2000-11-01 SFBID1872 SWAT - Samba Web Administration Tool enabled

2000-10-20 CVE-2000-0700 Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or...

2000-09-21 CVE-2000-1016 Apache: Apache doc packages directory
  CVE-2000-1016 Apache: Apache doc directory

2000-08-29 CVE-1999-0511 IP forwarding enabled

2000-08-23 CVE-2000-0709 IIS: Frontpage check

2000-07-28 CVE-2000-0663 Windows 2000 Relative Shell Path

2000-07-27 CVE-2000-0673 NetBIOS Name Server Protocol Spoofing
  CVE-2000-0673 NetBIOS Name Server Protocol Spoofing

2000-07-16 CVE-2000-0666 Possible statd format string attack

2000-07-12 CVE-2000-0674 All Servers: Virtual Vision FTP Browser Vulnerability

2000-06-22 CVE-2000-0573 wu-ftpd SITE EXEC format

2000-05-03 CVE-2000-0345 The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.

2000-04-26 CVE-2000-0380 The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

2000-04-25 CVE-1999-0203 Sendmail 8-6
  CVE-1999-0203 Sendmail 8-5

2000-04-20 CVE-2000-0268 Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
  CVE-2000-0267 Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.

2000-03-20 CVE-2000-0613 Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.

2000-01-12 CVE-2000-0070 Spoofed LPC Port Request

1999-12-31 CVE-1999-1175 Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
  CVE-1999-1464 Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not...
  CVE-1999-1465 Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with...

1999-12-27 SFBID894 POP3 server might be vulnerable to a remote buffer overflow exploit

1999-12-10 CVE-1999-0977 sadmin service running

1999-11-08 SFBID789 Imail Pop3 5.0

1999-11-03 CVE-1999-0885 All Servers: get32.exe

1999-09-29 CVE-1999-0526 X server accepts connections from any host
  CVE-1999-0204 Sendmail 8-6-9 ident vulnerability
  CVE-1999-0626 rusers service running

1999-09-11 CVE-1999-0071 Apache 1-1-1

1999-09-01 CVE-1999-1129 Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.

1999-08-21 CVE-1999-0687 ttsession service running

1999-07-26 CVE-1999-0197 Finger service is running

1999-07-13 CVE-1999-0320 cmsd service running

1999-07-03 CVE-1999-0345 Fragmented IGMP Packet
  CVE-1999-0345 Fragmented ICMP Packet

1999-07-01 CVE-1999-0889 Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.

1999-06-23 CVE-1999-0721 Malformed LSA Request

1999-06-10 CVE-1999-0775 Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.

1999-06-07 CVE-1999-0616 Trivial FTP service running
  CVE-1999-0512 SMTP server allows relaying
  CVE-1999-0651 RSH service enabled
  CVE-1999-0651 RLOGIN service enabled
  CVE-1999-0618 REXEC service enabled
  CVE-1999-0253 IIS: ASP source using $2e trick
  CVE-1999-0497 Ftp Anonymous Upload
  CVE-1999-0531 EXPN,VRFY commands enabled on mail server

1999-04-20 CVE-1999-0605 All Servers: Merchant Order Form 1.2 Order Log Permissions

1999-04-01 CVE-1999-0445 In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.

1999-03-12 CVE-1999-0382 NT Screen Saver Vulnerability

1999-03-11 CVE-1999-0416 Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.
  CVE-1999-0415 The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.

1999-02-20 CVE-1999-0376 KnownDLLs List Vulnerability

1999-02-11 CVE-1999-0800 IIS: Cold Fusion check

1999-02-04 CVE-1999-0362 WS FTP Server 1-0-2

1999-01-14 CVE-1999-1538 IIS: iisadmin is accesible

1999-01-11 CVE-1999-0063 Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.

1998-09-01 CVE-1999-0162 The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.

1998-08-31 CVE-1999-0003 ttdbserver service running

1998-08-28 CVE-1999-0002 Linux mountd running

1998-08-12 CVE-1999-0159 Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.

1998-07-15 CVE-1999-1582 By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive...

1998-06-27 CVE-1999-0006 QPOP 2-2 to 2.4

1998-02-09 CVE-2002-0421 IIS: Microsoft IIS 4.0 IISADMPWD Proxied Password Attack

1998-01-06 CVE-1999-1293 Apache 1-2-5

1998-01-01 CVE-1999-0293 AAA authentication on Cisco systems allows attackers to execute commands without authorization.

1997-12-15 CVE-1999-0230 Buffer overflow in Cisco 7xx routers through the telnet service.

1997-12-01 CVE-1999-0016 Land IP denial of service.
  REF000326 Alerter service enabled

1997-10-04 CVE-1999-1061 HP JetDirect password is not set

1997-10-01 CVE-1999-0160 Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.

1997-02-07 SFBID688 Denial of service on port 135

1997-01-20 CVE-1999-0047 Sendmail privilege escalation

1996-07-03 SFBID2026 All Servers: Aglimpse

1995-12-19 SFBID1749 ypupdated service running

1995-07-31 CVE-1999-0161 In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.

1992-12-10 CVE-1999-1466 Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
  CVE-1999-1306 Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.

CVE-2023-4581 XLL file extensions were downloadable without warnings
  CVE-2023-4387 use-after-free in vmxnet3_rq_alloc_rx_buf
  CVE-2023-4563 Use-after-free in nft_verdict_dump due to a race between set GC and transaction
  CVE-2023-4133 use-after-free in ch_flower_stats_cb
  CVE-2023-4273 stack overflow in exfat_get_uniname_from_ext_entry
  CVE-2023-4155 SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
  CVE-2023-4580 Push notifications saved to disk unencrypted
  CVE-2023-41358 processes invalid NLRIs if attribute length is zero
  CVE-2023-41175 potential integer overflow in raw2tiff.c
  CVE-2023-4641 possible password leak during passwd
  CVE-2023-41359 out of bounds read in bgp_attr_aigp_valid
  CVE-2023-41080 Open Redirect vulnerability in FORM authentication
  CVE-2023-4459 NULL pointer dereference in vmxnet3_rq_cleanup
  CVE-2023-4147 nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free
  CVE-2023-4585 Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
  CVE-2023-4584 Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
  CVE-2023-4577 Memory corruption in JIT UpdateRegExpStatics
  CVE-2023-4575 Memory corruption in IPC FilePickerShownCallback
  CVE-2023-4574 Memory corruption in IPC ColorPickerShownCallback
  CVE-2023-4573 Memory corruption in IPC CanvasTranslator
  CVE-2023-40745 integer overflow in tiffcp.c
  CVE-2023-4569 information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c
  CVE-2023-4156 heap out of bound read in builtin.c
  CVE-2023-4051 Full screen notification obscured by file open dialog
  CVE-2023-4053 Full screen notification obscured by external program
  CVE-2023-41105 file path truncation at \0 characters
  CVE-2023-4578 Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
  CVE-2023-4511 DoS
  CVE-2023-4512 DoS
  CVE-2023-4513 DoS
  CVE-2023-41361 does not check for an overly large length of the rcv software version
  CVE-2023-4194 correctly initialize socket uid next fix of i_uid to current_fsuid
  CVE-2023-4128 cls_fw, cls_u32 and cls_route
  CVE-2023-40857 buffer overflow that allows a remote attacker to execute arbtirary code via the yr_execute_cod function
  CVE-2023-4583 Browsing Context potentially not cleared when closing Private Window
  CVE-2023-41360 ahead-of-stream read of ORF header