| Date | Bulletin ID | Title |
| 2024-04-17 | CVE-2024-3834 | Use after free in Downloads in Google Chrome prior to 124.0.6367.60 |
| CVE-2024-3839 | Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 | |
| CVE-2024-3838 | Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 | |
| 2024-04-06 | CVE-2024-3158 | Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 |
| CVE-2024-3159 | Out of bounds memory access in V8 in Google Chrome | |
| CVE-2024-3156 | Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 | |
| 2024-03-20 | CVE-2024-2627 | Use after free in Canvas |
| CVE-2024-2626 | Out of bounds read in Swiftshader | |
| CVE-2024-2625 | Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 | |
| CVE-2024-2630 | Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 | |
| CVE-2024-2628 | Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 | |
| 2024-03-13 | CVE-2024-2400 | Use after free in Performance Manager |
| 2024-01-30 | CVE-2024-1059 | Use after free in Peer Connection |
| CVE-2024-1077 | Use after free in Network in Google Chrome prior to 121.0.6167.139 | |
| 2024-01-24 | CVE-2024-0807 | Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 |
| CVE-2024-0813 | Use after free in Reading Mode | |
| CVE-2024-0806 | Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. | |
| CVE-2024-0804 | Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 | |
| CVE-2024-0810 | Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | |
| CVE-2024-0814 | Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 | |
| CVE-2024-0805 | Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed domain spoofing | |
| CVE-2024-0809 | Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 | |
| CVE-2024-0812 | Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 | |
| 2024-01-23 | CVE-2024-0743 | Unchecked Return Value in TLS Handshake Code |
| CVE-2024-0745 | Stack Buffer Overflow in WebAudio OscillatorNode | |
| CVE-2024-0754 | Some WASM source files could have caused a crash when loaded in devtools | |
| CVE-2024-0751 | Privilege Escalation via Malicious Devtools Extension | |
| CVE-2024-0750 | Popup Notifications Delay Calculation Vulnerability | |
| CVE-2024-0749 | Phishing site could repurpose about: dialog to show incorrect origin in address bar | |
| CVE-2024-0741 | Out of Bounds Write in ANGLE | |
| CVE-2024-0755 | Memory safety bugs in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 | |
| CVE-2024-0746 | Linux User Print Preview Dialog Crash | |
| CVE-2024-0744 | JIT Compiled Code Dereference Wild Pointer Crash Vulnerability | |
| CVE-2024-0742 | Incorrect Timestamp Handling in Browser Prompts | |
| CVE-2024-0753 | Bypass of HSTS on Subdomain in Specific Configurations | |
| 2024-01-16 | CVE-2024-0517 | Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 2024-01-04 | CVE-2024-0222 | Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 |
| 2023-12-19 | CVE-2023-6858 | Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
| 2023-12-14 | CVE-2023-6702 | Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 2023-11-29 | CVE-2023-6346 | Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 2023-11-21 | CVE-2023-6207 | Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. |
| CVE-2023-6213 | Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. | |
| CVE-2023-6205 | It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | |
| 2023-10-25 | CVE-2023-5722 | Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. |
| CVE-2023-5721 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |
| CVE-2023-5728 | During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |
| CVE-2023-5724 | Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |
| CVE-2023-5723 | An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | |
| CVE-2023-5732 | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |
| CVE-2023-5729 | A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. | |
| CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |
| 2023-10-05 | CVE-2023-5346 | Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 2023-09-28 | CVE-2023-5186 | Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. |
| CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| 2023-09-12 | CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
| 2023-09-11 | CVE-2023-4580 | Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. |
| 2023-09-05 | CVE-2023-4762 | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
| CVE-2023-4761 | Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. | |
| 2023-08-29 | CVE-2023-4572 | Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 2023-08-25 | CVE-2022-4452 | Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
| CVE-2019-13689 | Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. | |
| 2023-08-23 | CVE-2023-4430 | Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2023-4429 | Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4427 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2023-4431 | Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2023-4428 | Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| 2023-08-15 | CVE-2023-2312 | Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2023-4351 | Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4366 | Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4358 | Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4349 | Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4356 | Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4352 | Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4355 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4357 | Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. | |
| CVE-2023-4363 | Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. | |
| CVE-2023-4364 | Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | |
| CVE-2023-4365 | Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | |
| CVE-2023-4350 | Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox | |
| CVE-2023-4360 | Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | |
| CVE-2023-4361 | Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. | |
| CVE-2023-4359 | Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. | |
| CVE-2023-4354 | Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-4353 | Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| 2023-08-01 | CVE-2023-32681 | RHSA-2023:4350: python-requests security update |
| CVE-2023-28484,CVE-2023-29469 | RHSA-2023:4349: libxml2 security update | |
| 2023-07-31 | CVE-2023-30581,CVE-2023-30588,CVE-2023-30589,CVE-2023-30590 | RHSA-2023:4331: nodejs security, bug fix, and enhancement update |
| CVE-2023-3347 | RHSA-2023:4325: samba security and bug fix update | |
| 2023-07-20 | CVE-2023-22045,CVE-2023-22049 | RHSA-2023:4178: java-1.8.0-openjdk security and bug fix update |
| CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 | RHSA-2023:4177: java-17-openjdk security and bug fix update | |
| CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 | RHSA-2023:4158: java-11-openjdk security and bug fix update | |
| 2023-07-18 | CVE-2023-32435,CVE-2023-32439,CVE-2023-37450 | RHSA-2023:4201: webkit2gtk3 security update |
| 2023-07-17 | CVE-2023-2828 | RHSA-2023:4099: bind security update |
| 2023-07-13 | CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211 | RHSA-2023:4071: firefox security update |
| CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211 | RHSA-2023:4064: thunderbird security update | |
| CVE-2023-33170 | RHSA-2023:4060: .NET 6.0 security, bug fix, and enhancement update | |
| CVE-2023-33170 | RHSA-2023:4057: .NET 7.0 security, bug fix, and enhancement update | |
| 2023-07-12 | CVE-2023-3128 | RHSA-2023:4030: grafana security update |
| 2023-05-16 | CVE-2023-2721 | Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2023-2725 | Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-2723 | Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-2722 | Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-2724 | Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-2726 | Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. | |
| 2023-05-03 | CVE-2023-2466 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. |
| CVE-2023-2462 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. | |
| CVE-2023-2459 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. | |
| CVE-2023-2467 | Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. | |
| CVE-2023-2468 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. | |
| CVE-2023-2463 | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox | |
| 2023-04-19 | CVE-2023-2135 | Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2023-2134 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-2137 | Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| 2023-04-14 | CVE-2023-2033 | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 2023-04-04 | CVE-2023-1818 | Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2023-1811 | Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-1393 | RHSA-2023:1594: tigervnc and xorg-x11-server security update | |
| CVE-2023-25690 | RHSA-2023:1593: httpd security update | |
| CVE-2023-1393 | RHSA-2023:1592: tigervnc security update | |
| CVE-2023-28154 | RHSA-2023:1591: pcs security update | |
| CVE-2023-1819 | Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2023-1812 | Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2023-1814 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. | |
| CVE-2023-1817 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2023-1816 | Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. | |
| CVE-2023-1822 | Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2023-1821 | Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox | |
| CVE-2023-1823 | Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2023-1813 | Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. | |
| CVE-2023-1810 | Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| 2023-03-21 | CVE-2023-1533 | Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2023-1530 | Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-1528 | Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-1531 | Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-1532 | Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-1534 | Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| 2023-03-02 | CISEC:9468 | Multiple vulnerabilities on Adobe Animate 2022, Adobe Animate 2023 |
| CISEC:9470 | Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. | |
| 2023-03-01 | CISEC:9466 | Multiple vulnerabilities on Adobe Media Encoder |
| CISEC:9469 | Multiple vulnerabilities on Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 | |
| CISEC:9471 | Multiple vulnerabilites on Photoshop version 23.5.3 | |
| CISEC:9467 | Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. | |
| CISEC:9472 | Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. | |
| 2023-02-22 | CVE-2023-0927 | Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2023-0929 | Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-0931 | Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-0928 | Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-0941 | Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-0933 | Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2023-0930 | Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| 2023-02-07 | CVE-2023-0699 | Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. |
| CVE-2023-0696 | Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-0703 | Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. | |
| CVE-2023-0698 | Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2023-0705 | Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2023-0704 | Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. | |
| CVE-2023-0697 | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. | |
| CVE-2023-0700 | Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox | |
| CVE-2023-0701 | Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . | |
| 2022-11-01 | CVE-2022-3661 | Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. |
| 2022-07-22 | CISEC:9448 | Windows SMB Denial of Service Vulnerability |
| CISEC:9439 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9462 | Windows Network File System Remote Code Execution Vulnerability | |
| CISEC:9454 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | |
| CISEC:9440 | Windows Media Center Elevation of Privilege Vulnerability | |
| CISEC:9458 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| CISEC:9436 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| CISEC:9438 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| CISEC:9441 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| CISEC:9442 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| CISEC:9445 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| CISEC:9453 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| CISEC:9461 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:9437 | Windows Kernel Denial of Service Vulnerability | |
| CISEC:9456 | Windows Kerberos Elevation of Privilege Vulnerability | |
| CISEC:9446 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | |
| CISEC:9455 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:9465 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:9457 | Windows File History Remote Code Execution Vulnerability | |
| CISEC:9452 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | |
| CISEC:9443 | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | |
| CISEC:9449 | Windows Container Manager Service Elevation of Privilege Vulnerability | |
| CISEC:9463 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:9451 | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | |
| CISEC:9447 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |
| CISEC:9450 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | |
| CISEC:9459 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | |
| CISEC:9460 | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | |
| CISEC:9444 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |
| CISEC:9464 | Kerberos AppContainer Security Feature Bypass Vulnerability | |
| 2022-06-17 | CISEC:9390 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
| CISEC:9414 | Windows WLAN AutoConfig Service Denial of Service Vulnerability | |
| CISEC:9378 | Windows Server Service Information Disclosure Vulnerability | |
| CISEC:9406 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |
| CISEC:9376 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | |
| CISEC:9396 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:9393 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | |
| CISEC:9409 | Windows Print Spooler Information Disclosure Vulnerability | |
| CISEC:9375 | Windows Print Spooler Information Disclosure Vulnerability | |
| CISEC:9413 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9425 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9387 | Windows PlayToManager Elevation of Privilege Vulnerability | |
| CISEC:9386 | Windows NTFS Information Disclosure Vulnerability | |
| CISEC:9417 | Windows Network File System Remote Code Execution Vulnerability | |
| CISEC:9397 | Windows LSA Spoofing Vulnerability | |
| CISEC:9410 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9381 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9398 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9400 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9402 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9422 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9423 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9424 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9432 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9433 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9434 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:9427 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:9430 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:9431 | Windows Kerberos Elevation of Privilege Vulnerability | |
| CISEC:9389 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | |
| CISEC:9421 | Windows Hyper-V Security Feature Bypass Vulnerability | |
| CISEC:9426 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:9374 | Windows Graphics Component Remote Code Execution Vulnerability | |
| CISEC:9412 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:9394 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:9418 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:9416 | Windows Fax Service Remote Code Execution Vulnerability | |
| CISEC:9405 | Windows Failover Cluster Information Disclosure Vulnerability | |
| CISEC:9382 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | |
| CISEC:9404 | Windows Clustered Shared Volume Information Disclosure Vulnerability | |
| CISEC:9419 | Windows Clustered Shared Volume Information Disclosure Vulnerability | |
| CISEC:9428 | Windows Clustered Shared Volume Information Disclosure Vulnerability | |
| CISEC:9429 | Windows Clustered Shared Volume Information Disclosure Vulnerability | |
| CISEC:9379 | Windows Clustered Shared Volume Elevation of Privilege Vulnerability | |
| CISEC:9383 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | |
| CISEC:9401 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | |
| CISEC:9420 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | |
| CISEC:9403 | Windows Authentication Security Feature Bypass Vulnerability | |
| CISEC:9377 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:9388 | Windows Address Book Remote Code Execution Vulnerability | |
| CISEC:9435 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | |
| CISEC:9384 | Storage Spaces Direct Elevation of Privilege Vulnerability | |
| CISEC:9385 | Storage Spaces Direct Elevation of Privilege Vulnerability | |
| CISEC:9407 | Storage Spaces Direct Elevation of Privilege Vulnerability | |
| CISEC:9380 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:9391 | Remote Desktop Protocol Client Information Disclosure Vulnerability | |
| CISEC:9411 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:9392 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |
| CISEC:9395 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |
| CISEC:9415 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:9399 | BitLocker Security Feature Bypass Vulnerability | |
| CISEC:9408 | Active Directory Domain Services Elevation of Privilege Vulnerability | |
| 2022-05-27 | CISEC:9302 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| CISEC:9327 | Windows Win32k Elevation of Privilege Vulnerability | |
| CISEC:9309 | Windows Win32k Elevation of Privilege Vulnerability | |
| CISEC:9303 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CISEC:9360 | Windows Telephony Server Elevation of Privilege Vulnerability | |
| CISEC:9328 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:9316 | Windows Server Service Remote Code Execution Vulnerability | |
| CISEC:9279 | Windows Secure Channel Denial of Service Vulnerability | |
| CISEC:9369 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9373 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9282 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9322 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9323 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9329 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9280 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9292 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9296 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9298 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9304 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9306 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9342 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9343 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9368 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9355 | Windows Network File System Remote Code Execution Vulnerability | |
| CISEC:9278 | Windows Network File System Remote Code Execution Vulnerability | |
| CISEC:9308 | Windows Local Security Authority (LSA) Remote Code Execution Vulnerability | |
| CISEC:9281 | Windows LDAP Remote Code Execution Vulnerability | |
| CISEC:9365 | Windows LDAP Denial of Service Vulnerability | |
| CISEC:9325 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:9276 | Windows Kerberos Remote Code Execution Vulnerability | |
| CISEC:9354 | Windows Kerberos Elevation of Privilege Vulnerability | |
| CISEC:9334 | Windows Kerberos Elevation of Privilege Vulnerability | |
| CISEC:9351 | Windows iSCSI Target Service Information Disclosure Vulnerability | |
| CISEC:9312 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:9361 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:9370 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |
| CISEC:9324 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |
| CISEC:9314 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |
| CISEC:9340 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |
| CISEC:9277 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:9286 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:9295 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:9358 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:9336 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:9362 | Windows Graphics Component Remote Code Execution Vulnerability | |
| CISEC:9359 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:9284 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |
| CISEC:9363 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |
| CISEC:9357 | Windows File Explorer Elevation of Privilege Vulnerability | |
| CISEC:9294 | Windows Fax Compose Form Remote Code Execution Vulnerability | |
| CISEC:9345 | Windows Fax Compose Form Remote Code Execution Vulnerability | |
| CISEC:9367 | Windows Fax Compose Form Remote Code Execution Vulnerability | |
| CISEC:9349 | Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability | |
| CISEC:9310 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:9372 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9289 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9326 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9290 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9297 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9301 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9315 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9318 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9319 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9320 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9330 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9333 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9337 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9338 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9341 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9347 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9364 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9344 | Windows DNS Server Information Disclosure Vulnerability | |
| CISEC:9331 | Windows Direct Show - Remote Code Execution Vulnerability | |
| CISEC:9288 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | |
| CISEC:9285 | Windows Desktop Bridge Elevation of Privilege Vulnerability | |
| CISEC:9287 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9348 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9307 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | |
| CISEC:9313 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | |
| CISEC:9317 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | |
| CISEC:9300 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | |
| CISEC:9335 | Windows AppX Package Manager Elevation of Privilege Vulnerability | |
| CISEC:9371 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |
| CISEC:9353 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:9356 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:9311 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:9283 | Win32 Stream Enumeration Remote Code Execution Vulnerability | |
| CISEC:9291 | Win32 Stream Enumeration Remote Code Execution Vulnerability | |
| CISEC:9366 | Win32 File Enumeration Remote Code Execution Vulnerability | |
| CISEC:9321 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:9352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:9305 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:9332 | Remote Desktop Protocol Remote Code Execution Vulnerability | |
| CISEC:9299 | PowerShell Elevation of Privilege Vulnerability | |
| CISEC:9293 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | |
| CISEC:9350 | Local Security Authority (LSA) Elevation of Privilege Vulnerability | |
| CISEC:9275 | DiskUsage.exe Remote Code Execution Vulnerability | |
| CISEC:9346 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | |
| CISEC:9339 | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | |
| 2022-05-18 | CVE-2022-22965 | Spring4Shell - Windows |
| CVE-2022-22965 | Spring4Shell - Unix | |
| 2022-04-15 | CISEC:9258 | Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability |
| CISEC:9273 | Windows Update Stack Elevation of Privilege Vulnerability | |
| CISEC:9246 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability | |
| CISEC:9271 | Windows Security Support Provider Interface Elevation of Privilege Vulnerability | |
| CISEC:9250 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9256 | Windows PDEV Elevation of Privilege Vulnerability | |
| CISEC:9263 | Windows NT OS Kernel Elevation of Privilege Vulnerability | |
| CISEC:9267 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | |
| CISEC:9266 | Windows Media Center Update Denial of Service Vulnerability | |
| CISEC:9268 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:9247 | Windows Inking COM Elevation of Privilege Vulnerability | |
| CISEC:9272 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:9270 | Windows HTML Platforms Security Feature Bypass Vulnerability | |
| CISEC:9251 | Windows Fax and Scan Service Elevation of Privilege Vulnerability | |
| CISEC:9265 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9253 | Windows Event Tracing Remote Code Execution Vulnerability | |
| CISEC:9243 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:9261 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:9245 | Windows Common Log File System Driver Information Disclosure Vulnerability | |
| CISEC:9255 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:9252 | Windows CD-ROM Driver Elevation of Privilege Vulnerability | |
| CISEC:9260 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |
| CISEC:9244 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:9254 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:9257 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:9264 | Tablet Windows User Interface Application Elevation of Privilege Vulnerability | |
| CISEC:9274 | Remote Desktop Protocol Client Information Disclosure Vulnerability | |
| CISEC:9262 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:9269 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:9248 | Point-to-Point Tunneling Protocol Denial of Service Vulnerability | |
| CISEC:9249 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:9259 | Media Foundation Information Disclosure Vulnerability | |
| 2022-03-18 | CISEC:9229 | Windows User Account Profile Picture Denial of Service Vulnerability |
| CISEC:9241 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |
| CISEC:9227 | Windows Runtime Remote Code Execution Vulnerability | |
| CISEC:9226 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | |
| CISEC:9214 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:9209 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9230 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9231 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9235 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9221 | Windows Mobile Device Management Remote Code Execution Vulnerability | |
| CISEC:9234 | Windows Mobile Device Management Elevation of Privilege Vulnerability | |
| CISEC:9239 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:9215 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:9236 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:9240 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:9213 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:9223 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:9220 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:9225 | Windows Common Log File System Driver Information Disclosure Vulnerability | |
| CISEC:9212 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9238 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9222 | Windows Common Log File System Driver Denial of Service Vulnerability | |
| CISEC:9232 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:9233 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:9237 | Roaming Security Rights Management Services Remote Code Execution Vulnerability | |
| CISEC:9228 | Named Pipe File System Elevation of Privilege Vulnerability | |
| 2022-03-04 | CISEC:9137 | Workstation Service Remote Protocol Security Feature Bypass Vulnerability |
| CISEC:9129 | Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability | |
| CISEC:9190 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CISEC:9155 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CISEC:9142 | Windows UI Immersive Server API Elevation of Privilege Vulnerability | |
| CISEC:9157 | Windows System Launcher Elevation of Privilege Vulnerability | |
| CISEC:9161 | Windows Storage Elevation of Privilege Vulnerability | |
| CISEC:9187 | Windows StateRepository API Server file Elevation of Privilege Vulnerability | |
| CISEC:9189 | Windows Security Center API Remote Code Execution Vulnerability | |
| CISEC:9184 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |
| CISEC:9186 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |
| CISEC:9198 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |
| CISEC:9144 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |
| CISEC:9136 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |
| CISEC:9149 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |
| CISEC:9162 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |
| CISEC:9176 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |
| CISEC:9191 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:9131 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:9207 | Windows Push Notifications Apps Elevation Of Privilege Vulnerability | |
| CISEC:9183 | Windows Modern Execution Server Remote Code Execution Vulnerability | |
| CISEC:9196 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:9126 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:9173 | Windows Kerberos Elevation of Privilege Vulnerability | |
| CISEC:9166 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:9192 | Windows IKE Extension Remote Code Execution Vulnerability | |
| CISEC:9185 | Windows IKE Extension Denial of Service Vulnerability | |
| CISEC:9193 | Windows IKE Extension Denial of Service Vulnerability | |
| CISEC:9160 | Windows IKE Extension Denial of Service Vulnerability | |
| CISEC:9168 | Windows IKE Extension Denial of Service Vulnerability | |
| CISEC:9178 | Windows IKE Extension Denial of Service Vulnerability | |
| CISEC:9140 | Windows Hyper-V Security Feature Bypass Vulnerability | |
| CISEC:9177 | Windows Hyper-V Security Feature Bypass Vulnerability | |
| CISEC:9143 | Windows Hyper-V Elevation of Privilege Vulnerability | |
| CISEC:9201 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:9188 | Windows Geolocation Service Remote Code Execution Vulnerability | |
| CISEC:9133 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:9169 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:9204 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:9146 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:9154 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | |
| CISEC:9174 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:9171 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability | |
| CISEC:9147 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:9158 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:9175 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:9167 | Windows Devices Human Interface Elevation of Privilege Vulnerability | |
| CISEC:9199 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9203 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9159 | Windows Cleanup Manager Elevation of Privilege Vulnerability | |
| CISEC:9151 | Windows Certificate Spoofing Vulnerability | |
| CISEC:9163 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:9200 | Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability | |
| CISEC:9170 | Windows Application Model Core API Elevation of Privilege Vulnerability | |
| CISEC:9197 | Windows AppContracts API Server Elevation of Privilege Vulnerability | |
| CISEC:9152 | Windows Accounts Control Elevation of Privilege Vulnerability | |
| CISEC:9132 | Win32k Information Disclosure Vulnerability | |
| CISEC:9127 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:9179 | Virtual Machine IDE Drive Elevation of Privilege Vulnerability | |
| CISEC:9134 | Tile Data Repository Elevation of Privilege Vulnerability | |
| CISEC:9181 | Task Flow Data Engine Elevation of Privilege Vulnerability | |
| CISEC:9180 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | |
| CISEC:9206 | Storage Spaces Controller Information Disclosure Vulnerability | |
| CISEC:9156 | Secure Boot Security Feature Bypass Vulnerability | |
| CISEC:9139 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:9153 | Remote Desktop Protocol Remote Code Execution Vulnerability | |
| CISEC:9135 | Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | |
| CISEC:9208 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:9145 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:9172 | Open Source Curl Remote Code Execution Vulnerability | |
| CISEC:9164 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability | |
| CISEC:9195 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | |
| CISEC:9205 | Microsoft Cluster Port Driver Elevation of Privilege Vulnerability | |
| CISEC:9148 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |
| CISEC:9182 | Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass | |
| CISEC:9165 | Libarchive Remote Code Execution Vulnerability | |
| CISEC:9141 | HTTP Protocol Stack Remote Code Execution Vulnerability | |
| CISEC:9128 | DirectX Graphics Kernel Remote Code Execution Vulnerability | |
| CISEC:9150 | DirectX Graphics Kernel Remote Code Execution Vulnerability | |
| CISEC:9138 | DirectX Graphics Kernel File Denial of Service Vulnerability | |
| CISEC:9130 | Connected Devices Platform Service Elevation of Privilege Vulnerability | |
| CISEC:9202 | Clipboard User Service Elevation of Privilege Vulnerability | |
| CISEC:9194 | Active Directory Domain Services Elevation of Privilege Vulnerability | |
| 2022-01-14 | CISEC:9100 | Windows TCP/IP Driver Elevation of Privilege Vulnerability |
| CISEC:9110 | Windows Setup Elevation of Privilege Vulnerability | |
| CISEC:9096 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:9098 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:9107 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |
| CISEC:9105 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:9097 | Windows NTFS Elevation of Privilege Vulnerability | |
| CISEC:9112 | Windows NTFS Elevation of Privilege Vulnerability | |
| CISEC:9122 | Windows NTFS Elevation of Privilege Vulnerability | |
| CISEC:9123 | Windows Media Center Elevation of Privilege Vulnerability | |
| CISEC:9101 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:9103 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:9104 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:9099 | Windows Fax Service Remote Code Execution Vulnerability | |
| CISEC:9117 | Windows Event Tracing Remote Code Execution Vulnerability | |
| CISEC:9115 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | |
| CISEC:9094 | Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | |
| CISEC:9121 | Windows Digital TV Tuner Elevation of Privilege Vulnerability | |
| CISEC:9118 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | |
| CISEC:9109 | Windows Common Log File System Driver Information Disclosure Vulnerability | |
| CISEC:9106 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9108 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9120 | SymCrypt Denial of Service Vulnerability | |
| CISEC:9102 | Storage Spaces Controller Information Disclosure Vulnerability | |
| CISEC:9116 | Storage Spaces Controller Information Disclosure Vulnerability | |
| CISEC:9125 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:9095 | NTFS Set Short Name Elevation of Privilege Vulnerability | |
| CISEC:9119 | Microsoft Message Queuing Information Disclosure Vulnerability | |
| CISEC:9124 | Microsoft Message Queuing Information Disclosure Vulnerability | |
| CISEC:9113 | Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability | |
| CISEC:9111 | iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | |
| CISEC:9114 | DirectX Graphics Kernel File Denial of Service Vulnerability | |
| 2021-12-21 | CVE-2021-45105 | Log4j: multiple vulnerabilities - Windows |
| 2021-12-20 | CVE-2021-45105 | Log4j: multiple vulnerabilities - Linux |
| 2021-12-10 | CISEC:9071 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CISEC:9090 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |
| CISEC:9092 | Windows NTFS Remote Code Execution Vulnerability | |
| CISEC:9068 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:9081 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:9077 | Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | |
| CISEC:9079 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:9083 | Windows Hello Security Feature Bypass Vulnerability | |
| CISEC:9093 | Windows Feedback Hub Elevation of Privilege Vulnerability | |
| CISEC:9080 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9063 | Windows Desktop Bridge Elevation of Privilege Vulnerability | |
| CISEC:9076 | Windows Denial of Service Vulnerability | |
| CISEC:9074 | Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | |
| CISEC:9067 | Remote Desktop Protocol Client Information Disclosure Vulnerability | |
| CISEC:9088 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:9062 | NTFS Elevation of Privilege Vulnerability | |
| CISEC:9078 | NTFS Elevation of Privilege Vulnerability | |
| CISEC:9084 | NTFS Elevation of Privilege Vulnerability | |
| CISEC:9086 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:9066 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |
| CISEC:9061 | Microsoft COM for Windows Remote Code Execution Vulnerability | |
| CISEC:9089 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | |
| CISEC:9069 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:9065 | Active Directory Domain Services Elevation of Privilege Vulnerability | |
| CISEC:9070 | Active Directory Domain Services Elevation of Privilege Vulnerability | |
| CISEC:9072 | Active Directory Domain Services Elevation of Privilege Vulnerability | |
| CISEC:9087 | Active Directory Domain Services Elevation of Privilege Vulnerability | |
| 2021-11-19 | CISEC:9023 | Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 21.007.20095 (and earlier), Acrobat 2020 and Acrobat Reader 2020 version 20.004.30015 (and earlier), Acrobat 2017 and Acrobat Reader 2017 version... |
| CISEC:9022 | Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 21.005.20060 (and earlier), Acrobat 2020 and Acrobat Reader 2020 version 20.004.30006 (and earlier), Acrobat 2017 and Acrobat Reader 2017 version... | |
| 2021-11-12 | CISEC:8988 | Windows Text Shaping Remote Code Execution Vulnerability |
| CISEC:9018 | Windows TCP/IP Denial of Service Vulnerability | |
| CISEC:9006 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | |
| CISEC:9014 | Windows Print Spooler Spoofing Vulnerability | |
| CISEC:8994 | Windows Print Spooler Information Disclosure Vulnerability | |
| CISEC:8979 | Windows Nearby Sharing Elevation of Privilege Vulnerability | |
| CISEC:9012 | Windows NAT Denial of Service Vulnerability | |
| CISEC:8992 | Windows MSHTML Platform Remote Code Execution Vulnerability | |
| CISEC:8995 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | |
| CISEC:9007 | Windows Media Audio Decoder Remote Code Execution Vulnerability | |
| CISEC:8996 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8984 | Windows Installer Spoofing Vulnerability | |
| CISEC:9004 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:8985 | Windows HTTP.sys Elevation of Privilege Vulnerability | |
| CISEC:8986 | Windows Graphics Component Remote Code Execution Vulnerability | |
| CISEC:9021 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | |
| CISEC:8980 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | |
| CISEC:9017 | Windows exFAT File System Information Disclosure Vulnerability | |
| CISEC:9008 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:9002 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8989 | Windows Desktop Bridge Elevation of Privilege Vulnerability | |
| CISEC:9001 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9015 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9016 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:9011 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | |
| CISEC:8999 | Windows Bind Filter Driver Information Disclosure Vulnerability | |
| CISEC:8982 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | |
| CISEC:9013 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | |
| CISEC:8993 | Windows AppContainer Elevation Of Privilege Vulnerability | |
| CISEC:8981 | Windows AD FS Security Feature Bypass Vulnerability | |
| CISEC:8998 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:9000 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8983 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:9003 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:9010 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:9020 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8978 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8987 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8991 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:9005 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:8990 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| CISEC:8997 | Console Window Host Security Feature Bypass Vulnerability | |
| CISEC:9009 | Active Directory Security Feature Bypass Vulnerability | |
| CISEC:9019 | Active Directory Federation Server Spoofing Vulnerability | |
| 2021-10-22 | CISEC:8975 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability |
| CISEC:8949 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | |
| CISEC:8948 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:8976 | Windows Storage Information Disclosure Vulnerability | |
| CISEC:8968 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:8973 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:8965 | Windows SMB Elevation of Privilege Vulnerability | |
| CISEC:8977 | Windows Scripting Engine Memory Corruption Vulnerability | |
| CISEC:8962 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | |
| CISEC:8963 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | |
| CISEC:8969 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | |
| CISEC:8971 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | |
| CISEC:8956 | Windows Print Spooler Remote Code Execution Vulnerability | |
| CISEC:8942 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8964 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8974 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8966 | Windows Key Storage Provider Security Feature Bypass Vulnerability | |
| CISEC:8945 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8959 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8960 | Windows Installer Information Disclosure Vulnerability | |
| CISEC:8967 | Windows Installer Denial of Service Vulnerability | |
| CISEC:8947 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8958 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8961 | Windows DNS Elevation of Privilege Vulnerability | |
| CISEC:8943 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:8944 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:8951 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:8952 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8950 | Windows Authenticode Spoofing Vulnerability | |
| CISEC:8953 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | |
| CISEC:8954 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |
| CISEC:8972 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |
| CISEC:8946 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8970 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8957 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | |
| CISEC:8941 | Microsoft MSHTML Remote Code Execution Vulnerability | |
| CISEC:8955 | BitLocker Security Feature Bypass Vulnerability | |
| 2021-10-08 | CISEC:8937 | Multiple vulnerabilities on Creative Cloud Desktop Application versions 4.6.1 and earlier |
| CISEC:8938 | Multiple vulnerabilities on Adobe Media Encoder versions 13.1 and earlier | |
| CISEC:8939 | Multiple vulnerabilities on Adobe Digital Editions versions 4.5.10 and below | |
| CISEC:8940 | Creative Cloud Desktop Application | |
| 2021-09-24 | CISEC:8935 | Multiple vulnerabilities on Creative Cloud Desktop Application versions 5.1 and earlier |
| CISEC:8934 | Multiple vulnerabilities on Adobe Media Encoder versions 14.2 and earlier | |
| CISEC:8933 | Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration | |
| 2021-09-17 | CISEC:8929 | Multiple vulnerabilities on Creative Cloud Desktop Application version 5.3 |
| CISEC:8931 | Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2020.009.20074?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.001.30002, Acrobat 2017 and Acrobat Reader 2017 version... | |
| CISEC:8922 | InCopy version 15.1.1 | |
| CISEC:8925 | Adobe Prelude version 9.0.1 | |
| CISEC:8924 | Adobe Lightroom Classic version 10.0 | |
| CISEC:8927 | Adobe Illustrator version 25.0 | |
| 2021-09-10 | CISEC:8903 | Windows User Profile Service Elevation of Privilege Vulnerability |
| CISEC:8915 | Windows User Account Profile Picture Elevation of Privilege Vulnerability | |
| CISEC:8899 | Windows Update Medic Service Elevation of Privilege Vulnerability | |
| CISEC:8909 | Windows TCP/IP Remote Code Execution Vulnerability | |
| CISEC:8894 | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | |
| CISEC:8895 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |
| CISEC:8902 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |
| CISEC:8911 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |
| CISEC:8914 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |
| CISEC:8908 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |
| CISEC:8898 | Windows Print Spooler Remote Code Execution Vulnerability | |
| CISEC:8900 | Windows Print Spooler Remote Code Execution Vulnerability | |
| CISEC:8913 | Windows Print Spooler Remote Code Execution Vulnerability | |
| CISEC:8916 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8912 | Windows MSHTML Platform Remote Code Execution Vulnerability | |
| CISEC:8897 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | |
| CISEC:8906 | Windows LSA Spoofing Vulnerability | |
| CISEC:8920 | Windows Graphics Component Remote Code Execution Vulnerability | |
| CISEC:8907 | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | |
| CISEC:8893 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8905 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8921 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8917 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8919 | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | |
| CISEC:8896 | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | |
| CISEC:8918 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | |
| CISEC:8904 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8910 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:8901 | Remote Desktop Client Remote Code Execution Vulnerability | |
| 2021-08-27 | CISEC:8885 | Multiple vulnerabilities on Illustrator 2021 version 25.2.3 and?earlier?versions |
| CISEC:8890 | Multiple vulnerabilities on Adobe Bridge version 11.0.2 and earlier versions | |
| CISEC:8888 | Multiple vulnerabilities on Adobe Animate version 21.0.6 and?earlier versions | |
| CISEC:8891 | Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2021.005.20054?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.004.30005 and earlier versions, Acrobat 2017 and Acrobat Reader... | |
| CISEC:8892 | Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2021.001.20155?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.001.30025 and earlier versions, Acrobat 2017 and Acrobat Reader... | |
| CISEC:8887 | Adobe Robohelp version 2020.0.3 | |
| CISEC:8889 | Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file (CVE-2021-28548, CVE-2021-28549). | |
| 2021-08-13 | CISEC:8815 | Windows TCP/IP Driver Denial of Service Vulnerability |
| CISEC:8817 | Windows TCP/IP Driver Denial of Service Vulnerability | |
| CISEC:8837 | Windows TCP/IP Driver Denial of Service Vulnerability | |
| CISEC:8791 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:8826 | Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | |
| CISEC:8806 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | |
| CISEC:8824 | Windows Remote Assistance Information Disclosure Vulnerability | |
| CISEC:8839 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | |
| CISEC:8840 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | |
| CISEC:8858 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | |
| CISEC:8866 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:8823 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:8827 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:8836 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |
| CISEC:8844 | Windows Projected File System Elevation of Privilege Vulnerability | |
| CISEC:8860 | Windows Print Spooler Remote Code Execution Vulnerability | |
| CISEC:8796 | Windows Partition Management Driver Elevation of Privilege Vulnerability | |
| CISEC:8868 | Windows MSHTML Platform Remote Code Execution Vulnerability | |
| CISEC:8789 | Windows MSHTML Platform Remote Code Execution Vulnerability | |
| CISEC:8813 | Windows Media Remote Code Execution Vulnerability | |
| CISEC:8829 | Windows LSA Security Feature Bypass Vulnerability | |
| CISEC:8838 | Windows LSA Denial of Service Vulnerability | |
| CISEC:8797 | Windows Key Distribution Center Information Disclosure Vulnerability | |
| CISEC:8853 | Windows Kernel Remote Code Execution Vulnerability | |
| CISEC:8870 | Windows Kernel Remote Code Execution Vulnerability | |
| CISEC:8825 | Windows Kernel Memory Information Disclosure Vulnerability | |
| CISEC:8816 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8828 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8833 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8846 | Windows InstallService Elevation of Privilege Vulnerability | |
| CISEC:8834 | Windows Installer Spoofing Vulnerability | |
| CISEC:8805 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:8848 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:8832 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:8798 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:8831 | Windows HTML Platforms Security Feature Bypass Vulnerability | |
| CISEC:8859 | Windows Hello Security Feature Bypass Vulnerability | |
| CISEC:8863 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:8862 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:8793 | Windows Font Driver Host Remote Code Execution Vulnerability | |
| CISEC:8812 | Windows File History Service Elevation of Privilege Vulnerability | |
| CISEC:8865 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8807 | Windows DNS Snap-in Remote Code Execution Vulnerability | |
| CISEC:8822 | Windows DNS Snap-in Remote Code Execution Vulnerability | |
| CISEC:8842 | Windows DNS Snap-in Remote Code Execution Vulnerability | |
| CISEC:8787 | Windows DNS Snap-in Remote Code Execution Vulnerability | |
| CISEC:8864 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8820 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8850 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8856 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8794 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8819 | Windows DNS Server Denial of Service Vulnerability | |
| CISEC:8857 | Windows DNS Server Denial of Service Vulnerability | |
| CISEC:8800 | Windows DNS Server Denial of Service Vulnerability | |
| CISEC:8799 | Windows DNS Server Denial of Service Vulnerability | |
| CISEC:8803 | Windows Desktop Bridge Elevation of Privilege Vulnerability | |
| CISEC:8808 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8810 | Windows Console Driver Elevation of Privilege Vulnerability | |
| CISEC:8854 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8861 | Windows Certificate Spoofing Vulnerability | |
| CISEC:8801 | Windows Authenticode Spoofing Vulnerability | |
| CISEC:8811 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |
| CISEC:8821 | Windows AppContainer Elevation Of Privilege Vulnerability | |
| CISEC:8843 | Windows AF_UNIX Socket Provider Denial of Service Vulnerability | |
| CISEC:8788 | Windows ADFS Security Feature Bypass Vulnerability | |
| CISEC:8852 | Windows Address Book Remote Code Execution Vulnerability | |
| CISEC:8835 | Win32k Information Disclosure Vulnerability | |
| CISEC:8841 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8851 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8855 | Storage Spaces Controller Information Disclosure Vulnerability | |
| CISEC:8809 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8814 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8830 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8790 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8795 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8792 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:8802 | Raw Image Extension Remote Code Execution Vulnerability | |
| CISEC:8867 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:8847 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:8786 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:8818 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:8849 | GDI+ Information Disclosure Vulnerability | |
| CISEC:8804 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:8869 | Bowser.sys Denial of Service Vulnerability | |
| CISEC:8845 | Active Directory Security Feature Bypass Vulnerability | |
| 2021-08-03 | CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 2021-07-23 | CISEC:8779 | Out-of-Bounds Read vulnerability on Adobe Media Encoder 15.1 and earlier versions |
| CISEC:8773 | Multiple vulnerabilities on Illustrator 2021 version 25.2 and earlier versions | |
| CISEC:8778 | Multiple vulnerabilities on Adobe InDesign 16.0 and earlier versions | |
| CISEC:8774 | Multiple vulnerabilities on Adobe Animate 21.0.5 and earlier versions | |
| CISEC:8777 | Multiple vulnerabilities on Acrobat DC Continuous and Acrobat Reader DC Continuous versions 2021.001.20150 and earlier, Acrobat 2020 and Acrobat Reader 2020 versions 2020.001.30020 and earlier versions, Acrobat 2017 and... | |
| 2021-07-09 | CISEC:8754 | Windows TCP/IP Driver Security Feature Bypass Vulnerability |
| CISEC:8762 | Windows Remote Desktop Services Denial of Service Vulnerability | |
| CISEC:8760 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8771 | Windows NTLM Elevation of Privilege Vulnerability | |
| CISEC:8769 | Windows NTFS Elevation of Privilege Vulnerability | |
| CISEC:8745 | Windows MSHTML Platform Remote Code Execution Vulnerability | |
| CISEC:8751 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |
| CISEC:8750 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8757 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8755 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:8756 | Windows HTML Platform Security Feature Bypass Vulnerability | |
| CISEC:8763 | Windows GPSVC Elevation of Privilege Vulnerability | |
| CISEC:8752 | Windows Filter Manager Elevation of Privilege Vulnerability | |
| CISEC:8766 | Windows DCOM Server Security Feature Bypass | |
| CISEC:8746 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:8761 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8748 | Windows Bind Filter Driver Information Disclosure Vulnerability | |
| CISEC:8753 | Server for NFS Information Disclosure Vulnerability | |
| CISEC:8768 | Server for NFS Information Disclosure Vulnerability | |
| CISEC:8758 | Server for NFS Denial of Service Vulnerability | |
| CISEC:8749 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:8747 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | |
| CISEC:8764 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | |
| CISEC:8765 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | |
| CISEC:8767 | Kerberos AppContainer Security Feature Bypass Vulnerability | |
| CISEC:8770 | Event Tracing for Windows Information Disclosure Vulnerability | |
| 2021-07-02 | CISEC:8740 | Multiple vulnerabilities in Adobe Acrobat and Reader versions 2020.013.20074 and earlier, 2020.001.30018 and earlier, and 2017.011.30188 and earlier |
| CISEC:8741 | Multiple vulnerabilities in Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier | |
| 2021-06-11 | CISEC:8723 | Windows Wireless Networking Spoofing Vulnerability |
| CISEC:8725 | Windows Wireless Networking Spoofing Vulnerability | |
| CISEC:8721 | Windows Wireless Networking Information Disclosure Vulnerability | |
| CISEC:8730 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8734 | Windows SSDP Service Elevation of Privilege Vulnerability | |
| CISEC:8715 | Windows SMB Client Security Feature Bypass Vulnerability | |
| CISEC:8724 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |
| CISEC:8726 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |
| CISEC:8728 | Windows Media Foundation Core Remote Code Execution Vulnerability | |
| CISEC:8722 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:8732 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:8718 | Windows Desktop Bridge Denial of Service Vulnerability | |
| CISEC:8719 | Windows CSC Service Information Disclosure Vulnerability | |
| CISEC:8717 | Windows Container Manager Service Elevation of Privilege Vulnerability | |
| CISEC:8720 | Windows Container Manager Service Elevation of Privilege Vulnerability | |
| CISEC:8727 | Windows Container Manager Service Elevation of Privilege Vulnerability | |
| CISEC:8729 | Windows Container Manager Service Elevation of Privilege Vulnerability | |
| CISEC:8737 | Windows Container Manager Service Elevation of Privilege Vulnerability | |
| CISEC:8735 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8733 | OLE Automation Remote Code Execution Vulnerability | |
| CISEC:8731 | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | |
| CISEC:8716 | Microsoft Bluetooth Driver Spoofing Vulnerability | |
| CISEC:8736 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:8738 | HTTP Protocol Stack Remote Code Execution Vulnerability | |
| 2021-05-14 | CISEC:8691 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability |
| CISEC:8677 | Windows TCP/IP Information Disclosure Vulnerability | |
| CISEC:8684 | Windows TCP/IP Driver Denial of Service Vulnerability | |
| CISEC:8709 | Windows TCP/IP Driver Denial of Service Vulnerability | |
| CISEC:8665 | Windows Speech Runtime Elevation of Privilege Vulnerability | |
| CISEC:8700 | Windows Speech Runtime Elevation of Privilege Vulnerability | |
| CISEC:8706 | Windows Speech Runtime Elevation of Privilege Vulnerability | |
| CISEC:8644 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:8701 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:8687 | Windows Services and Controller App Elevation of Privilege Vulnerability | |
| CISEC:8663 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | |
| CISEC:8678 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | |
| CISEC:8688 | Windows Portmapping Information Disclosure Vulnerability | |
| CISEC:8692 | Windows Overlay Filter Information Disclosure Vulnerability | |
| CISEC:8651 | Windows NTFS Denial of Service Vulnerability | |
| CISEC:8649 | Windows Network File System Remote Code Execution Vulnerability | |
| CISEC:8696 | Windows Media Video Decoder Remote Code Execution Vulnerability | |
| CISEC:8705 | Windows Media Video Decoder Remote Code Execution Vulnerability | |
| CISEC:8680 | Windows Media Photo Codec Information Disclosure Vulnerability | |
| CISEC:8645 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8661 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8671 | Windows Installer Spoofing Vulnerability | |
| CISEC:8652 | Windows Installer Information Disclosure Vulnerability | |
| CISEC:8682 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:8699 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:8693 | Windows Hyper-V Security Feature Bypass Vulnerability | |
| CISEC:8657 | Windows Hyper-V Information Disclosure Vulnerability | |
| CISEC:8676 | Windows Hyper-V Elevation of Privilege Vulnerability | |
| CISEC:8640 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:8666 | Windows GDI+ Remote Code Execution Vulnerability | |
| CISEC:8702 | Windows GDI+ Remote Code Execution Vulnerability | |
| CISEC:8707 | Windows GDI+ Remote Code Execution Vulnerability | |
| CISEC:8675 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:8660 | Windows Event Tracing Information Disclosure Vulnerability | |
| CISEC:8642 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8653 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | |
| CISEC:8697 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | |
| CISEC:8674 | Windows DNS Information Disclosure Vulnerability | |
| CISEC:8683 | Windows DNS Information Disclosure Vulnerability | |
| CISEC:8638 | Windows Console Driver Denial of Service Vulnerability | |
| CISEC:8690 | Windows Console Driver Denial of Service Vulnerability | |
| CISEC:8712 | Windows AppX Deployment Server Denial of Service Vulnerability | |
| CISEC:8670 | Windows Application Compatibility Cache Denial of Service Vulnerability | |
| CISEC:8641 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8668 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8639 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | |
| CISEC:8643 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8646 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8647 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8648 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8650 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8655 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8656 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8658 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8659 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8662 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8667 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8669 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8672 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8679 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8681 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8685 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8686 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8689 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8694 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8695 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8698 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8703 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8704 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8711 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8713 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8714 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8654 | NTFS Elevation of Privilege Vulnerability | |
| CISEC:8673 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | |
| CISEC:8710 | Microsoft Internet Messaging API Remote Code Execution Vulnerability | |
| CISEC:8664 | Azure AD Web Sign-in Security Feature Bypass Vulnerability | |
| 2021-04-16 | CISEC:8621 | Windows Win32k Elevation of Privilege Vulnerability |
| CISEC:8623 | Windows Win32k Elevation of Privilege Vulnerability | |
| CISEC:8603 | Windows Win32k Elevation of Privilege Vulnerability | |
| CISEC:8610 | Windows Win32k Elevation of Privilege Vulnerability | |
| CISEC:8629 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8600 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8636 | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | |
| CISEC:8616 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CISEC:8611 | Windows UPnP Device Host Elevation of Privilege Vulnerability | |
| CISEC:8635 | Windows Update Stack Setup Elevation of Privilege Vulnerability | |
| CISEC:8615 | Windows Update Stack Elevation of Privilege Vulnerability | |
| CISEC:8628 | Windows Update Service Elevation of Privilege Vulnerability | |
| CISEC:8612 | Windows Projected File System Elevation of Privilege Vulnerability | |
| CISEC:8627 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8631 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8595 | Windows Overlay Filter Elevation of Privilege Vulnerability | |
| CISEC:8591 | Windows NAT Denial of Service Vulnerability | |
| CISEC:8607 | Windows Media Photo Codec Information Disclosure Vulnerability | |
| CISEC:8626 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:8604 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:8625 | Windows Graphics Component Remote Code Execution Vulnerability | |
| CISEC:8594 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:8633 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | |
| CISEC:8613 | Windows Event Tracing Information Disclosure Vulnerability | |
| CISEC:8637 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8597 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8609 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8632 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:8614 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8624 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8592 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8598 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8605 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8617 | Windows DNS Server Denial of Service Vulnerability | |
| CISEC:8602 | Windows DNS Server Denial of Service Vulnerability | |
| CISEC:8618 | Windows Container Execution Agent Elevation of Privilege Vulnerability | |
| CISEC:8630 | Windows Container Execution Agent Elevation of Privilege Vulnerability | |
| CISEC:8608 | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | |
| CISEC:8599 | Windows ActiveX Installer Service Information Disclosure Vulnerability | |
| CISEC:8606 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | |
| CISEC:8601 | User Profile Service Denial of Service Vulnerability | |
| CISEC:8622 | Storage Spaces Controller Elevation of Privilege Vulnerability | |
| CISEC:8590 | Remote Access API Elevation of Privilege Vulnerability | |
| CISEC:8634 | OpenType Font Parsing Remote Code Execution Vulnerability | |
| CISEC:8596 | Microsoft Windows Security Feature Bypass Vulnerability | |
| CISEC:8620 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:8619 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:8593 | Application Virtualization Remote Code Execution Vulnerability | |
| 2021-03-17 | CISEC:8562 | Windows Win32k Elevation of Privilege Vulnerability |
| CISEC:8589 | Windows Win32k Elevation of Privilege Vulnerability | |
| CISEC:8580 | Windows Trust Verification API Denial of Service Vulnerability | |
| CISEC:8576 | Windows TCP/IP Remote Code Execution Vulnerability | |
| CISEC:8579 | Windows TCP/IP Remote Code Execution Vulnerability | |
| CISEC:8577 | Windows TCP/IP Denial of Service Vulnerability | |
| CISEC:8586 | Windows Remote Procedure Call Information Disclosure Vulnerability | |
| CISEC:8574 | Windows PKU2U Elevation of Privilege Vulnerability | |
| CISEC:8584 | Windows Network File System Denial of Service Vulnerability | |
| CISEC:8569 | Windows Mobile Device Management Information Disclosure Vulnerability | |
| CISEC:8563 | Windows Local Spooler Remote Code Execution Vulnerability | |
| CISEC:8582 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8566 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:8585 | Windows Graphics Component Remote Code Execution Vulnerability | |
| CISEC:8573 | Windows Fax Service Remote Code Execution Vulnerability | |
| CISEC:8581 | Windows Fax Service Remote Code Execution Vulnerability | |
| CISEC:8570 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8583 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8567 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8564 | Windows DirectX Information Disclosure Vulnerability | |
| CISEC:8571 | Windows Console Driver Denial of Service Vulnerability | |
| CISEC:8565 | Windows Camera Codec Pack Remote Code Execution Vulnerability | |
| CISEC:8575 | Windows Backup Engine Information Disclosure Vulnerability | |
| CISEC:8588 | Windows Address Book Remote Code Execution Vulnerability | |
| CISEC:8572 | PFX Encryption Security Feature Bypass Vulnerability | |
| CISEC:8587 | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | |
| CISEC:8578 | Microsoft Windows VMSwitch Information Disclosure Vulnerability | |
| CISEC:8568 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | |
| 2021-02-12 | CISEC:8545 | Windows WLAN Service Elevation of Privilege Vulnerability |
| CISEC:8516 | Windows Win32k Elevation of Privilege Vulnerability | |
| CISEC:8505 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8528 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8550 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8559 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8537 | Windows Update Stack Elevation of Privilege Vulnerability | |
| CISEC:8529 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | |
| CISEC:8532 | Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | |
| CISEC:8542 | Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | |
| CISEC:8503 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |
| CISEC:8513 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |
| CISEC:8523 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |
| CISEC:8522 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8555 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | |
| CISEC:8515 | Windows Multipoint Management Elevation of Privilege Vulnerability | |
| CISEC:8548 | Windows LUAFV Elevation of Privilege Vulnerability | |
| CISEC:8534 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8560 | Windows InstallService Elevation of Privilege Vulnerability | |
| CISEC:8506 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:8538 | Windows Hyper-V Elevation of Privilege Vulnerability | |
| CISEC:8527 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:8554 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:8518 | Windows Fax Compose Form Remote Code Execution Vulnerability | |
| CISEC:8543 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CISEC:8541 | Windows Event Logging Service Elevation of Privilege Vulnerability | |
| CISEC:8552 | Windows Docker Information Disclosure Vulnerability | |
| CISEC:8540 | Windows DNS Query Information Disclosure Vulnerability | |
| CISEC:8504 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8510 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8519 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8535 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8553 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8556 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8561 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8520 | Windows CryptoAPI Denial of Service Vulnerability | |
| CISEC:8536 | Windows Bluetooth Security Feature Bypass Vulnerability | |
| CISEC:8530 | Windows Bluetooth Security Feature Bypass Vulnerability | |
| CISEC:8557 | Windows Bluetooth Security Feature Bypass Vulnerability | |
| CISEC:8512 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |
| CISEC:8524 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |
| CISEC:8511 | Windows (modem.sys) Information Disclosure Vulnerability | |
| CISEC:8507 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8539 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8517 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8521 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8525 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8526 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8533 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8546 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8547 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | |
| CISEC:8549 | NTLM Security Feature Bypass Vulnerability | |
| CISEC:8531 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:8558 | Microsoft splwow64 Elevation of Privilege Vulnerability | |
| CISEC:8514 | Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | |
| CISEC:8508 | Hyper-V Denial of Service Vulnerability | |
| CISEC:8551 | Hyper-V Denial of Service Vulnerability | |
| CISEC:8509 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:8544 | Active Template Library Elevation of Privilege Vulnerability | |
| 2021-01-08 | CISEC:8502 | Windows SMB Information Disclosure Vulnerability |
| CISEC:8482 | Windows Overlay Filter Security Feature Bypass Vulnerability | |
| CISEC:8487 | Windows NTFS Remote Code Execution Vulnerability | |
| CISEC:8498 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:8492 | Windows Lock Screen Security Feature Bypass Vulnerability | |
| CISEC:8489 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:8481 | Windows Error Reporting Information Disclosure Vulnerability | |
| CISEC:8500 | Windows Error Reporting Information Disclosure Vulnerability | |
| CISEC:8483 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | |
| CISEC:8488 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8490 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8501 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8484 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8485 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8491 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8493 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8495 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8497 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8499 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8494 | Kerberos Security Feature Bypass Vulnerability | |
| CISEC:8496 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:8486 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| 2020-12-23 | CVE-2020-10148 | Solarwinds Orion SUNBURST infection |
| 2020-12-11 | CISEC:8473 | Windows Win32k Elevation of Privilege Vulnerability |
| CISEC:8437 | Windows WalletService Information Disclosure Vulnerability | |
| CISEC:8451 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8425 | Windows USO Core Worker Elevation of Privilege Vulnerability | |
| CISEC:8472 | Windows Update Stack Elevation of Privilege Vulnerability | |
| CISEC:8450 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |
| CISEC:8431 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |
| CISEC:8433 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |
| CISEC:8440 | Windows Update Medic Service Elevation of Privilege Vulnerability | |
| CISEC:8463 | Windows Spoofing Vulnerability | |
| CISEC:8454 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8467 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8469 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8475 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8428 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8429 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8439 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8462 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8464 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8478 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8480 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8474 | Windows Print Spooler Remote Code Execution Vulnerability | |
| CISEC:8446 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8426 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8471 | Windows Print Configuration Elevation of Privilege Vulnerability | |
| CISEC:8455 | Windows Port Class Library Elevation of Privilege Vulnerability | |
| CISEC:8479 | Windows Network File System Remote Code Execution Vulnerability | |
| CISEC:8476 | Windows Network File System Information Disclosure Vulnerability | |
| CISEC:8448 | Windows Network File System Denial of Service Vulnerability | |
| CISEC:8424 | Windows NDIS Information Disclosure Vulnerability | |
| CISEC:8435 | Windows MSCTF Server Information Disclosure Vulnerability | |
| CISEC:8423 | Windows KernelStream Information Disclosure Vulnerability | |
| CISEC:8444 | Windows Kernel Local Elevation of Privilege Vulnerability | |
| CISEC:8434 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8436 | Windows Hyper-V Security Feature Bypass Vulnerability | |
| CISEC:8427 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:8438 | Windows GDI+ Remote Code Execution Vulnerability | |
| CISEC:8456 | Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | |
| CISEC:8432 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:8461 | Windows Error Reporting Denial of Service Vulnerability | |
| CISEC:8458 | Windows Delivery Optimization Information Disclosure Vulnerability | |
| CISEC:8453 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:8468 | Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | |
| CISEC:8466 | Windows Canonical Display Driver Information Disclosure Vulnerability | |
| CISEC:8470 | Windows Camera Codec Information Disclosure Vulnerability | |
| CISEC:8445 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | |
| CISEC:8442 | Win32k Information Disclosure Vulnerability | |
| CISEC:8449 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8460 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8441 | Remote Desktop Protocol Server Information Disclosure Vulnerability | |
| CISEC:8443 | Remote Desktop Protocol Client Information Disclosure Vulnerability | |
| CISEC:8459 | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | |
| CISEC:8430 | Kerberos Security Feature Bypass Vulnerability | |
| CISEC:8465 | DirectX Elevation of Privilege Vulnerability | |
| 2020-11-13 | CISEC:8381 | Windows Text Services Framework Information Disclosure Vulnerability |
| CISEC:8386 | Windows TCP/IP Remote Code Execution Vulnerability | |
| CISEC:8413 | Windows TCP/IP Denial of Service Vulnerability | |
| CISEC:8392 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:8414 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | |
| CISEC:8397 | Windows Storage Services Elevation of Privilege Vulnerability | |
| CISEC:8376 | Windows Spoofing Vulnerability | |
| CISEC:8419 | Windows SMBv3 Client/Server Denial of Service Vulnerability | |
| CISEC:8374 | Windows Shell Infrastructure Component Elevation of Privilege Vulnerability | |
| CISEC:8373 | Windows Security Feature Bypass Vulnerability | |
| CISEC:8415 | Windows Remote Desktop Service Denial of Service Vulnerability | |
| CISEC:8385 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |
| CISEC:8398 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |
| CISEC:8363 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:8369 | Windows NAT Remote Code Execution Vulnerability | |
| CISEC:8402 | Windows KernelStream Information Disclosure Vulnerability | |
| CISEC:8379 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8407 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8404 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8411 | Windows iSCSI Target Service Elevation of Privilege Vulnerability | |
| CISEC:8420 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:8391 | Windows Image Elevation of Privilege Vulnerability | |
| CISEC:8377 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:8370 | Windows Hyper-V Elevation of Privilege Vulnerability | |
| CISEC:8401 | Windows Hyper-V Elevation of Privilege Vulnerability | |
| CISEC:8395 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:8393 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:8410 | Windows Event System Elevation of Privilege Vulnerability | |
| CISEC:8368 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | |
| CISEC:8418 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:8405 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:8421 | Windows Enterprise App Management Service Information Disclosure Vulnerability | |
| CISEC:8390 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8365 | Windows COM Server Elevation of Privilege Vulnerability | |
| CISEC:8387 | Windows COM Server Elevation of Privilege Vulnerability | |
| CISEC:8384 | Windows Camera Codec Pack Remote Code Execution Vulnerability | |
| CISEC:8406 | Windows Camera Codec Pack Remote Code Execution Vulnerability | |
| CISEC:8412 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:8416 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:8367 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:8380 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:8382 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:8383 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:8388 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:8364 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | |
| CISEC:8366 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | |
| CISEC:8409 | Windows - User Profile Service Elevation of Privilege Vulnerability | |
| CISEC:8378 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8389 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8417 | Projected Filesystem Security Feature Bypass Vulnerability | |
| CISEC:8394 | NetBT Information Disclosure Vulnerability | |
| CISEC:8371 | Microsoft Graphics Components Remote Code Execution Vulnerability | |
| CISEC:8400 | Microsoft Graphics Components Remote Code Execution Vulnerability | |
| CISEC:8372 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:8396 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8408 | Group Policy Elevation of Privilege Vulnerability | |
| CISEC:8403 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:8422 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | |
| 2020-10-09 | CISEC:8314 | Windows Win32k Elevation of Privilege Vulnerability |
| CISEC:8344 | Windows UPnP Service Elevation of Privilege Vulnerability | |
| CISEC:8353 | Windows Text Service Module Remote Code Execution Vulnerability | |
| CISEC:8329 | Windows Storage Services Elevation of Privilege Vulnerability | |
| CISEC:8341 | Windows Storage Services Elevation of Privilege Vulnerability | |
| CISEC:8326 | Windows State Repository Service Information Disclosure Vulnerability | |
| CISEC:8292 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:8350 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:8288 | Windows RSoP Service Application Elevation of Privilege Vulnerability | |
| CISEC:8340 | Windows Routing Utilities Denial of Service | |
| CISEC:8317 | Windows Remote Code Execution Vulnerability | |
| CISEC:8318 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8320 | Windows Modules Installer Elevation of Privilege Vulnerability | |
| CISEC:8304 | Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability | |
| CISEC:8325 | Windows Media Audio Decoder Remote Code Execution Vulnerability | |
| CISEC:8349 | Windows Media Audio Decoder Remote Code Execution Vulnerability | |
| CISEC:8293 | Windows Language Pack Installer Elevation of Privilege Vulnerability | |
| CISEC:8290 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8309 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8310 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8319 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8345 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8298 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8301 | Windows InstallService Elevation of Privilege Vulnerability | |
| CISEC:8335 | Windows Information Disclosure Vulnerability | |
| CISEC:8308 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:8322 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:8352 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:8354 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:8303 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:8315 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:8332 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability | |
| CISEC:8295 | Windows Function Discovery Service Elevation of Privilege Vulnerability | |
| CISEC:8327 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8333 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8334 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8302 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability | |
| CISEC:8342 | Windows DNS Denial of Service Vulnerability | |
| CISEC:8359 | Windows DNS Denial of Service Vulnerability | |
| CISEC:8328 | Windows DHCP Server Information Disclosure Vulnerability | |
| CISEC:8312 | Windows Defender Application Control Security Feature Bypass Vulnerability | |
| CISEC:8307 | Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability | |
| CISEC:8296 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:8357 | Windows CloudExperienceHost Elevation of Privilege Vulnerability | |
| CISEC:8336 | Windows Camera Codec Pack Remote Code Execution Vulnerability | |
| CISEC:8299 | Win32k Information Disclosure Vulnerability | |
| CISEC:8316 | Win32k Information Disclosure Vulnerability | |
| CISEC:8291 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:8348 | TLS Information Disclosure Vulnerability | |
| CISEC:8323 | Shell infrastructure component Elevation of Privilege Vulnerability | |
| CISEC:8311 | Projected Filesystem Information Disclosure Vulnerability | |
| CISEC:8300 | NTFS Elevation of Privilege Vulnerability | |
| CISEC:8346 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | |
| CISEC:8356 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | |
| CISEC:8297 | Microsoft Store Runtime Elevation of Privilege Vulnerability | |
| CISEC:8358 | Microsoft Store Runtime Elevation of Privilege Vulnerability | |
| CISEC:8324 | Microsoft splwow64 Information Disclosure Vulnerability | |
| CISEC:8339 | Microsoft splwow64 Elevation of Privilege Vulnerability | |
| CISEC:8313 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:8338 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:8305 | Microsoft COM for Windows Remote Code Execution Vulnerability | |
| CISEC:8294 | Microsoft COM for Windows Elevation of Privilege Vulnerability | |
| CISEC:8289 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8306 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8330 | Group Policy Elevation of Privilege Vulnerability | |
| CISEC:8355 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:8343 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:8347 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:8351 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | |
| CISEC:8331 | ADFS Spoofing Vulnerability | |
| CISEC:8321 | Active Directory Remote Code Execution Vulnerability | |
| CISEC:8337 | Active Directory Remote Code Execution Vulnerability | |
| CISEC:8286 | Active Directory Information Disclosure Vulnerability | |
| CISEC:8287 | Active Directory Information Disclosure Vulnerability | |
| 2020-09-18 | CISEC:8248 | Vulnerability in the MySQL Server component of Oracle MySQL |
| CISEC:8262 | Vulnerability in the MySQL Server component of Oracle MySQL | |
| CISEC:8284 | Vulnerability in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB before 5.5.52, and 10.0.x before 10.0.28, and 10.1.x before 10.1.18 | |
| CISEC:8260 | Vulnerability in Oracle MySQL before 5.7.3 and MariaDB before 5.5.44 | |
| CISEC:8267 | Vulnerability in Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier | |
| CISEC:8279 | Vulnerability in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6 | |
| CISEC:8258 | Vulnerability in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier | |
| CISEC:8265 | Vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions | |
| CISEC:8257 | Vulnerability in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8264 | Vulnerability in MariaDB before 10.1.30 and 10.2.x before 10.2.10 | |
| CISEC:8285 | Vulnerability in MariaDB 10.4.7 through 10.4.11 | |
| CISEC:8276 | Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14 | |
| CISEC:8263 | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 | |
| CISEC:8256 | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier | |
| CISEC:8268 | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier | |
| CISEC:8255 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14 | |
| CISEC:8271 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14 | |
| CISEC:8275 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14 | |
| CISEC:8246 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12 | |
| CISEC:8250 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12 | |
| CISEC:8254 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12 | |
| CISEC:8259 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12 | |
| CISEC:8273 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12 | |
| CISEC:8277 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12 | |
| CISEC:8249 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8251 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8252 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8261 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8269 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8274 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8278 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8280 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8282 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8253 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 | |
| CISEC:8247 | Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 | |
| CISEC:8283 | Multiple SQL injection vulnerabilities in Oracle MySQL | |
| CISEC:8270 | Buffer overflow in Oracle MySQL and MariaDB before 5.5.35 | |
| 2020-09-11 | CISEC:8123 | Windows Work Folders Service Elevation of Privilege Vulnerability |
| CISEC:8143 | Windows Work Folders Service Elevation of Privilege Vulnerability | |
| CISEC:8171 | Windows Work Folders Service Elevation of Privilege Vulnerability | |
| CISEC:8133 | Windows Work Folder Service Elevation of Privilege Vulnerability | |
| CISEC:8166 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8167 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8155 | Windows WaasMedic Service Information Disclosure Vulnerability | |
| CISEC:8161 | Windows UPnP Device Host Elevation of Privilege Vulnerability | |
| CISEC:8168 | Windows UPnP Device Host Elevation of Privilege Vulnerability | |
| CISEC:8163 | Windows Telephony Server Elevation of Privilege Vulnerability | |
| CISEC:8165 | Windows Storage Service Elevation of Privilege Vulnerability | |
| CISEC:8100 | Windows State Repository Service Information Disclosure Vulnerability | |
| CISEC:8147 | Windows Spoofing Vulnerability | |
| CISEC:8119 | Windows Speech Shell Components Elevation of Privilege Vulnerability | |
| CISEC:8095 | Windows Speech Runtime Elevation of Privilege Vulnerability | |
| CISEC:8134 | Windows Speech Runtime Elevation of Privilege Vulnerability | |
| CISEC:8141 | Windows Server Resource Management Service Elevation of Privilege Vulnerability | |
| CISEC:8160 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:8136 | Windows RRAS Service Information Disclosure Vulnerability | |
| CISEC:8137 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | |
| CISEC:8117 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8125 | Windows Remote Access Elevation of Privilege Vulnerability | |
| CISEC:8108 | Windows Registry Elevation of Privilege Vulnerability | |
| CISEC:8142 | Windows Registry Elevation of Privilege Vulnerability | |
| CISEC:8132 | Windows Radio Manager API Elevation of Privilege Vulnerability | |
| CISEC:8130 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:8102 | Windows Network Connection Broker Elevation of Privilege Vulnerability | |
| CISEC:8154 | Windows Media Remote Code Execution Vulnerability | |
| CISEC:8099 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8101 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8145 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8175 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8104 | Windows Image Acquisition Service Information Disclosure Vulnerability | |
| CISEC:8109 | Windows Image Acquisition Service Information Disclosure Vulnerability | |
| CISEC:8094 | Windows Hard Link Elevation of Privilege Vulnerability | |
| CISEC:8111 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:8146 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:8162 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability | |
| CISEC:8170 | Windows Font Driver Host Remote Code Execution Vulnerability | |
| CISEC:8105 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |
| CISEC:8116 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |
| CISEC:8126 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8097 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability | |
| CISEC:8153 | Windows Custom Protocol Engine Elevation of Privilege Vulnerability | |
| CISEC:8113 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8120 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:8144 | Windows CDP User Components Elevation of Privilege Vulnerability | |
| CISEC:8150 | Windows CDP User Components Elevation of Privilege Vulnerability | |
| CISEC:8149 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:8093 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8098 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8115 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8122 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8135 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8139 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8140 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8148 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8151 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8152 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8169 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8173 | Windows Backup Engine Elevation of Privilege Vulnerability | |
| CISEC:8157 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |
| CISEC:8138 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |
| CISEC:8159 | Windows Accounts Control Elevation of Privilege Vulnerability | |
| CISEC:8103 | Win32k Information Disclosure Vulnerability | |
| CISEC:8206 | Vulnerability PostgreSQL before 12.2, before 11.7, before 10.12 and before 9.6.17. | |
| CISEC:8216 | Vulnerability insufficiently random numbers | |
| CISEC:8185 | Vulnerability in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 | |
| CISEC:8227 | Vulnerability in Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 | |
| CISEC:8211 | Vulnerability in PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 | |
| CISEC:8218 | Vulnerability in PostgreSQL before 9.5.x before 9.5.2 | |
| CISEC:8240 | Vulnerability in PostgreSQL before 9.5.x before 9.5.2 | |
| CISEC:8242 | Vulnerability in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 | |
| CISEC:8225 | Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4 | |
| CISEC:8219 | Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4 | |
| CISEC:8202 | Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4 | |
| CISEC:8224 | Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 | |
| CISEC:8236 | Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 | |
| CISEC:8190 | Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 | |
| CISEC:8222 | Vulnerability in PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 | |
| CISEC:8207 | Vulnerability in PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 | |
| CISEC:8234 | Vulnerability in PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 | |
| CISEC:8210 | Vulnerability in PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 | |
| CISEC:8208 | Vulnerability in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 | |
| CISEC:8179 | Vulnerability in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 | |
| CISEC:8180 | Vulnerability in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 | |
| CISEC:8237 | Vulnerability in PostgreSQL before 11.1, 10.6 | |
| CISEC:8193 | Vulnerability in PostgreSQL 9.3.x before 9.3.22, 9.4.x before 9.4.17, 9.5.x before 9.5.12, 9.6.x before 9.6.8 and 10.x before 10.3 | |
| CISEC:8198 | Vulnerability in PostgreSQL 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2 | |
| CISEC:8199 | Vulnerability in PostgreSQL 9.3.3 and earlier | |
| CISEC:8197 | Vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 | |
| CISEC:8177 | Vulnerability in PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 | |
| CISEC:8200 | Vulnerability in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 | |
| CISEC:8205 | Vulnerability in PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 | |
| CISEC:8183 | Vulnerability in PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 | |
| CISEC:8232 | Vulnerability in PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 | |
| CISEC:8184 | Vulnerability in PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 | |
| CISEC:8189 | Vulnerability in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 | |
| CISEC:8220 | Vulnerability in PostgreSQL 11.x prior to 11.3 | |
| CISEC:8192 | Vulnerability in PostgreSQL 11.x before 11.5, 10.x before 10.10, 9.6.x before 9.6.15, 9.5.x before 9.5.19, 9.4.x before 9.4.24 | |
| CISEC:8212 | Vulnerability in PostgreSQL 11.x before 11.5 | |
| CISEC:8196 | Vulnerability in PostgreSQL 11.x before 11.3, 10.xbefore 10.8, 9.6.x before 9.6.13, 9.5.x before 9.5.17 | |
| CISEC:8181 | Vulnerability in PostgreSQL 10.x before 10.4, 9.6.x before 9.6.9 | |
| CISEC:8187 | Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 | |
| CISEC:8204 | Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 | |
| CISEC:8223 | Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 | |
| CISEC:8221 | Vulnerability in PostgreSQL | |
| CISEC:8229 | Vulnerability in PostgreSQL | |
| CISEC:8186 | Vulnerability in PostgreSQL | |
| CISEC:8194 | Vulnerability in PostgreSQL | |
| CISEC:8195 | Vulnerability in PostgreSQL | |
| CISEC:8203 | Vulnerability in PHP through 5.3.13, PostgreSQL 8.4 before 8.4.12, PostgreSQL 9.0 before 9.0.8, PostgreSQL 9.1 before 9.1.4 | |
| CISEC:8213 | Vulnerability in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 | |
| CISEC:8182 | Unanticipated errors from the standard library in PostgreSQL | |
| CISEC:8226 | Race condition INDEX and | |
| CISEC:8201 | pgcrypto has multiple error messages for decryption with an incorrect key in PostgreSQL | |
| CISEC:8114 | Netlogon Elevation of Privilege Vulnerability | |
| CISEC:8176 | Multiple stack-based buffer overflows in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 | |
| CISEC:8188 | Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 | |
| CISEC:8191 | Multiple integer overflows in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 | |
| CISEC:8245 | Multiple integer overflows in PostgreSQL | |
| CISEC:8241 | Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 | |
| CISEC:8106 | Microsoft Graphics Components Remote Code Execution Vulnerability | |
| CISEC:8110 | Microsoft Graphics Components Remote Code Execution Vulnerability | |
| CISEC:8244 | Memory errors in the pgcrypto extension in PostgreSQL | |
| CISEC:8178 | Memory disclosure vulnerability in PostgreSQL 10.x before 10.2 | |
| CISEC:8096 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:8129 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:8131 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:8156 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:8158 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:8174 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:8112 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:8172 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |
| CISEC:8118 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8121 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8127 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8128 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8215 | Integer overflow in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2 | |
| CISEC:8243 | EnterpriseDB Windows installer bundled OpenSSL executes code from unprotected directory | |
| CISEC:8235 | Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 | |
| CISEC:8164 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:8107 | DirectWrite Information Disclosure Vulnerability | |
| CISEC:8217 | CRLF injection vulnerability in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 | |
| CISEC:8228 | CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 | |
| CISEC:8238 | Constraint violation errors in PostgreSQL | |
| CISEC:8124 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | |
| CISEC:8209 | Buffer overruns in PostgreSQL | |
| CISEC:8239 | Buffer overrun in PostgreSQL | |
| CISEC:8230 | Buffer overflow intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 | |
| CISEC:8214 | Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 | |
| CISEC:8231 | Arbitrary code execution vulnerability in PostgreSQL 9.3 through 11.2 | |
| CISEC:8233 | An error in PostgreSQL | |
| 2020-08-21 | CISEC:8065 | Vulnerability in JetBrains Hub versions earlier than 2019.1.11738 |
| CISEC:8064 | Vulnerability in JetBrains Hub before 2020.1.12099 | |
| CISEC:8062 | Vulnerability in JetBrains Hub before 2018.4.11436 | |
| CISEC:8066 | Vulnerability in JetBrains Hub before 2018.4.11298 | |
| CISEC:8061 | Vulnerability in Bitdefender Total Security 21.0.24.62 | |
| CISEC:8058 | Vulnerability in Bitdefender Total Security 2020 prior to 24.9 | |
| CISEC:8048 | Vulnerability in Bitdefender Total Security 2020 prior to 24.0.20.116 | |
| CISEC:8052 | Vulnerability in Bitdefender Total Security 2020 prior to 24.0.12.69 | |
| CISEC:8050 | Vulnerability in Bitdefender Safepay before 23.0.10.34 | |
| CISEC:8057 | Vulnerability in Bitdefender Safepay before 23.0.10.34 | |
| CISEC:8060 | Vulnerability in Bitdefender Safepay before 23.0.10.34 | |
| CISEC:8053 | Vulnerability in Bitdefender products | |
| CISEC:8059 | Vulnerability in Bitdefender Endpoint Security Tools prior to 6.6.11.163 | |
| CISEC:8051 | Vulnerability in Bitdefender Antivirus Free prior to 1.0.17.178 | |
| CISEC:8045 | Vulnerability in Bitdefender Antivirus Free prior to 1.0.17 | |
| CISEC:8054 | Vulnerability in Bitdefender Antivirus Free prior to 1.0.15.138 | |
| CISEC:8047 | Code injection vulnerability in Bitdefender | |
| 2020-08-13 | CISEC:7959 | Windows WalletService Information Disclosure Vulnerability |
| CISEC:8022 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8037 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:7997 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:8010 | Windows WalletService Denial of Service Vulnerability | |
| CISEC:7996 | Windows USO Core Worker Elevation of Privilege Vulnerability | |
| CISEC:8033 | Windows UPnP Device Host Elevation of Privilege Vulnerability | |
| CISEC:7968 | Windows UPnP Device Host Elevation of Privilege Vulnerability | |
| CISEC:7958 | Windows Update Stack Elevation of Privilege Vulnerability | |
| CISEC:7974 | Windows System Events Broker Elevation of Privilege Vulnerability | |
| CISEC:8025 | Windows Sync Host Service Elevation of Privilege Vulnerability | |
| CISEC:7976 | Windows Storage Services Elevation of Privilege Vulnerability | |
| CISEC:7993 | Windows Spatial Data Service Elevation of Privilege Vulnerability | |
| CISEC:7970 | Windows SharedStream Library Elevation of Privilege Vulnerability | |
| CISEC:8015 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:8017 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:8021 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:8039 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7960 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7975 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7987 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7990 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7991 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:8028 | Windows Resource Policy Information Disclosure Vulnerability | |
| CISEC:7988 | Windows Push Notification Service Elevation of Privilege Vulnerability | |
| CISEC:8006 | Windows Profile Service Elevation of Privilege Vulnerability | |
| CISEC:7963 | Windows Print Workflow Service Elevation of Privilege Vulnerability | |
| CISEC:8018 | Windows Picker Platform Elevation of Privilege Vulnerability | |
| CISEC:8029 | Windows Network Location Awareness Service Elevation of Privilege Vulnerability | |
| CISEC:8042 | Windows Network List Service Elevation of Privilege Vulnerability | |
| CISEC:8008 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:8011 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7995 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7979 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7981 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7986 | Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability | |
| CISEC:7973 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | |
| CISEC:7983 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | |
| CISEC:8041 | Windows Lockscreen Elevation of Privilege Vulnerability | |
| CISEC:8016 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8026 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:8036 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:7964 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:7961 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7966 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:8027 | Windows iSCSI Target Service Elevation of Privilege Vulnerability | |
| CISEC:7977 | Windows Imaging Component Information Disclosure Vulnerability | |
| CISEC:8007 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:8013 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:7998 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7962 | Windows Function Discovery Service Elevation of Privilege Vulnerability | |
| CISEC:7985 | Windows Font Library Remote Code Execution Vulnerability | |
| CISEC:8012 | Windows Font Driver Host Remote Code Execution Vulnerability | |
| CISEC:8032 | Windows Event Logging Service Elevation of Privilege Vulnerability | |
| CISEC:7980 | Windows Event Logging Service Elevation of Privilege Vulnerability | |
| CISEC:8019 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | |
| CISEC:7972 | Windows Error Reporting Information Disclosure Vulnerability | |
| CISEC:8002 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8009 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8023 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8000 | Windows Elevation of Privilege Vulnerability | |
| CISEC:8030 | Windows DNS Server Remote Code Execution Vulnerability | |
| CISEC:8040 | Windows Diagnostics Hub Elevation of Privilege Vulnerability | |
| CISEC:8001 | Windows Credential Picker Elevation of Privilege Vulnerability | |
| CISEC:7994 | Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability | |
| CISEC:7969 | Windows COM Server Elevation of Privilege Vulnerability | |
| CISEC:7989 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | |
| CISEC:7992 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | |
| CISEC:7967 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |
| CISEC:8035 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:8034 | Windows Agent Activation Runtime Information Disclosure Vulnerability | |
| CISEC:8004 | Windows Address Book Remote Code Execution Vulnerability | |
| CISEC:7971 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability | |
| CISEC:8003 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:8005 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:7982 | Microsoft Graphics Components Remote Code Execution Vulnerability | |
| CISEC:8020 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:7965 | Local Security Authority Subsystem Service Denial of Service Vulnerability | |
| CISEC:8031 | LNK Remote Code Execution Vulnerability | |
| CISEC:8014 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8024 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:8038 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7999 | Group Policy Services Policy Processing Elevation of Privilege Vulnerability | |
| CISEC:7984 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:7978 | Connected User Experiences and Telemetry Service Information Disclosure Vulnerability | |
| 2020-07-31 | CISEC:7936 | Vulnerability in Avira Antivirus through 15.0.2005.1866 |
| CISEC:7935 | Vulnerability in Avira Antivirus before 8.3.54.138 | |
| CISEC:7933 | Vulnerability in Avira Antivirus before 15.0.2004.1825 | |
| CISEC:7934 | Vulnerability in Avira Antivirus before 15.0.2003.1821 | |
| CISEC:7932 | Vulnerability in Avira Antivirus | |
| CISEC:7937 | Vulnerability in Avira Antivirus | |
| CISEC:7939 | Vulnerability in Avira Antivirus | |
| 2020-07-24 | CISEC:7925 | Vulnerability in Kaspersky products |
| CISEC:7904 | Vulnerability in Kaspersky Password Manager before 8.0.6.538 | |
| CISEC:7921 | Vulnerability in Kaspersky Embedded Systems Security 1.2.0.300 and 2.0.0.385 | |
| CISEC:7905 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7906 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7908 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7912 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7916 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7919 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7923 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7927 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7928 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7929 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7930 | Vulnerability in Kaspersky Anti-Virus products | |
| CISEC:7924 | Vulnerability in AhnLab V3 Internet Security 2011.01.18.00, avast! Antivirus 4.8.1351.0 and 5.0.677.0, Kaspersky Anti-Virus 7.0.0.125, ClamAV 0.96.4, Emsisoft Anti-Malware 5.1.0.1 | |
| 2020-07-17 | CISEC:7856 | Vulnerability index error in Google Chrome before 41.0.2272.76 |
| CISEC:7825 | Vulnerability in Skia, as used in Google Chrome before 41.0.2272.76 | |
| CISEC:7896 | Vulnerability in Skia, as used in Google Chrome before 41.0.2272.76 | |
| CISEC:7822 | Vulnerability in Google Chrome before 45.0.2454.85 | |
| CISEC:7839 | Vulnerability in Google Chrome before 45.0.2454.85 | |
| CISEC:7848 | Vulnerability in Google Chrome before 45.0.2454.85 | |
| CISEC:7854 | Vulnerability in Google Chrome before 45.0.2454.85 | |
| CISEC:7881 | Vulnerability in Google Chrome before 45.0.2454.85 | |
| CISEC:7866 | Vulnerability in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings | |
| CISEC:7819 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7837 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7838 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7844 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7847 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7863 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7867 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7869 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7898 | Vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7864 | Vulnerability in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute | |
| CISEC:7872 | Vulnerability in Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value | |
| CISEC:7821 | Vulnerability in Google Chrome before 43.0.2357.65 | |
| CISEC:7855 | Vulnerability in Google Chrome before 43.0.2357.65 | |
| CISEC:7901 | Vulnerability in Google Chrome before 43.0.2357.65 | |
| CISEC:7824 | Vulnerability in Google Chrome before 43.0.2357.130 | |
| CISEC:7829 | Vulnerability in Google Chrome before 43.0.2357.130 | |
| CISEC:7841 | Vulnerability in Google Chrome before 43.0.2357.130 | |
| CISEC:7885 | Vulnerability in Google Chrome before 43.0.2357.130 | |
| CISEC:7812 | Vulnerability in Google Chrome before 42.0.2311.90 | |
| CISEC:7818 | Vulnerability in Google Chrome before 42.0.2311.90 | |
| CISEC:7826 | Vulnerability in Google Chrome before 42.0.2311.90 | |
| CISEC:7832 | Vulnerability in Google Chrome before 42.0.2311.90 | |
| CISEC:7840 | Vulnerability in Google Chrome before 42.0.2311.90 | |
| CISEC:7874 | Vulnerability in Google Chrome before 42.0.2311.90 | |
| CISEC:7891 | Vulnerability in Google Chrome before 42.0.2311.90 | |
| CISEC:7813 | Vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7817 | Vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7853 | Vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7859 | Vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7861 | Vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7884 | Vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7897 | Vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7902 | Vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7845 | Vulnerability in Google Chrome before 41.0.2272.118 | |
| CISEC:7870 | Vulnerability in Google Chrome before 40.0.2214.91 | |
| CISEC:7889 | Vulnerability in Google Chrome before 40.0.2214.111 | |
| CISEC:7890 | Vulnerability in Blink, as used initialize a certain width field | |
| CISEC:7852 | Vulnerability in Blink, as used in Google Chrome before 45.0.2454.85 | |
| CISEC:7830 | Vulnerability in Blink, as used in Google Chrome before 43.0.2357.65 | |
| CISEC:7892 | Vulnerability in Blink, as used in Google Chrome before 43.0.2357.65 | |
| CISEC:7873 | Vulnerability in Blink, as used in Google Chrome before 42.0.2311.90 | |
| CISEC:7883 | Vulnerability in Blink, as used in Google Chrome before 42.0.2311.90 | |
| CISEC:7835 | Vulnerability in Blink, as used in Google Chrome before 40.0.2214.111 | |
| CISEC:7882 | Use-after-free vulnerability IndexedDB implementation in Google Chrome before 44.0.2403.89 | |
| CISEC:7880 | Use-after-free vulnerability in the Speech subsystem in Google Chrome before 43.0.2357.65 | |
| CISEC:7879 | Use-after-free vulnerability in Google Chrome before 45.0.2454.85 | |
| CISEC:7850 | Use-after-free vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7886 | Use-after-free vulnerability in Google Chrome before 44.0.2403.89 | |
| CISEC:7851 | Use-after-free vulnerability in Google Chrome before 43.0.2357.65 | |
| CISEC:7816 | Use-after-free vulnerability in Google Chrome before 42.0.2311.90 | |
| CISEC:7820 | Use-after-free vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7878 | Use-after-free vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7900 | Use-after-free vulnerability in Google Chrome before 41.0.2272.76 | |
| CISEC:7831 | Use-after-free vulnerability in Blink, as used in Google Chrome before 45.0.2454.85 | |
| CISEC:7877 | Use-after-free vulnerability in Blink, as used in Google Chrome before 43.0.2357.65 | |
| CISEC:7828 | Use-after-free vulnerability in Blink, as used in Google Chrome before 42.0.2311.135 | |
| CISEC:7893 | Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76 | |
| CISEC:7815 | Use-after-free vulnerability in Blink, as used in Google Chrome before 40.0.2214.111 | |
| CISEC:7868 | Race condition in Google Chrome before 41.0.2272.118 | |
| CISEC:7875 | Multiple use-after-free vulnerabilities in Google Chrome before 45.0.2454.85 | |
| CISEC:7899 | Multiple use-after-free vulnerabilities in Google Chrome before 44.0.2403.89 | |
| CISEC:7827 | Multiple use-after-free vulnerabilities in Google Chrome before 43.0.2357.65 | |
| CISEC:7849 | Multiple use-after-free vulnerabilities in Google Chrome before 41.0.2272.76 | |
| CISEC:7894 | Multiple use-after-free vulnerabilities in Blink, as used in Google Chrome before 41.0.2272.76 | |
| CISEC:7895 | Multiple use-after-free vulnerabilities in Blink, as used in Google Chrome before 41.0.2272.76 | |
| CISEC:7871 | Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 | |
| CISEC:7836 | Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 | |
| CISEC:7903 | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 | |
| CISEC:7860 | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 | |
| CISEC:7865 | Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 | |
| CISEC:7876 | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 | |
| CISEC:7823 | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 | |
| CISEC:7814 | Multiple integer overflows in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products | |
| CISEC:7887 | Memory corruption in V8 in Google Chrome before 44.0.2403.89 | |
| CISEC:7842 | Integer overflow in Skia, as used in Google Chrome before 41.0.2272.76 | |
| CISEC:7843 | Integer overflow in Google Chrome before 44.0.2403.89 | |
| CISEC:7888 | Integer overflow in Google Chrome before 41.0.2272.76 | |
| CISEC:7834 | Heap-based buffer overflow in PDFium in Google Chrome before 44.0.2403.89 | |
| CISEC:7862 | Double-free vulnerability in Google Chrome 41.0.2251.0 | |
| CISEC:7846 | Cross-site scripting | |
| CISEC:7857 | Cross-site scripting | |
| 2020-07-10 | CISEC:7785 | Windows WLAN Service Elevation of Privilege Vulnerability |
| CISEC:7782 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:7719 | Windows WalletService Elevation of Privilege Vulnerability | |
| CISEC:7776 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |
| CISEC:7777 | Windows Text Service Framework Elevation of Privilege Vulnerability | |
| CISEC:7766 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7718 | Windows SMBv3 Client/Server Information Disclosure Vulnerability | |
| CISEC:7727 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:7778 | Windows Shell Remote Code Execution Vulnerability | |
| CISEC:7757 | Windows Service Information Disclosure Vulnerability | |
| CISEC:7763 | Windows Runtime Information Disclosure Vulnerability | |
| CISEC:7797 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7758 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7715 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7731 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7738 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7746 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7750 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7779 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7752 | Windows Remote Code Execution Vulnerability | |
| CISEC:7760 | Windows Registry Denial of Service Vulnerability | |
| CISEC:7795 | Windows Print Configuration Elevation of Privilege Vulnerability | |
| CISEC:7717 | Windows OLE Remote Code Execution Vulnerability | |
| CISEC:7787 | Windows Now Playing Session Manager Elevation of Privilege Vulnerability | |
| CISEC:7774 | Windows Network List Service Elevation of Privilege Vulnerability | |
| CISEC:7728 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7780 | Windows Modules Installer Service Elevation of Privilege Vulnerability | |
| CISEC:7720 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | |
| CISEC:7764 | Windows Lockscreen Elevation of Privilege Vulnerability | |
| CISEC:7722 | Windows Kernel Security Feature Bypass Vulnerability | |
| CISEC:7789 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7790 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7791 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7723 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7724 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7725 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7726 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7730 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7734 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7735 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7736 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7742 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7769 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7796 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7748 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7751 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7762 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7793 | Windows Host Guardian Service Security Feature Bypass Vulnerability | |
| CISEC:7786 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7714 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:7744 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:7747 | Windows Feedback Hub Elevation of Privilege Vulnerability | |
| CISEC:7775 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | |
| CISEC:7792 | Windows Error Reporting Information Disclosure Vulnerability | |
| CISEC:7759 | Windows Error Reporting Information Disclosure Vulnerability | |
| CISEC:7773 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:7799 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7756 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7741 | Windows Diagnostics & feedback Information Disclosure Vulnerability | |
| CISEC:7765 | Windows Denial of Service Vulnerability | |
| CISEC:7767 | Windows Bluetooth Service Elevation of Privilege Vulnerability | |
| CISEC:7753 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:7716 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | |
| CISEC:7743 | Win32k Information Disclosure Vulnerability | |
| CISEC:7732 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7737 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7739 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7740 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7770 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7749 | OpenSSH for Windows Elevation of Privilege Vulnerability | |
| CISEC:7772 | OLE Automation Elevation of Privilege Vulnerability | |
| CISEC:7781 | Microsoft Store Runtime Elevation of Privilege Vulnerability | |
| CISEC:7798 | Microsoft Store Runtime Elevation of Privilege Vulnerability | |
| CISEC:7794 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:7783 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7771 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7755 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:7729 | LNK Remote Code Execution Vulnerability | |
| CISEC:7745 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7768 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7754 | Group Policy Elevation of Privilege Vulnerability | |
| CISEC:7733 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:7721 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:7784 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | |
| CISEC:7788 | Connected Devices Platform Service Elevation of Privilege Vulnerability | |
| CISEC:7761 | Component Object Model Elevation of Privilege Vulnerability | |
| 2020-07-03 | CISEC:7663 | Vulnerability in Acronis True Image up to and including version 2017 Build 8053 |
| CISEC:7666 | Untrusted search path vulnerability in Amazon Kindle before 1.19 | |
| CISEC:7653 | Microsoft Office Remote Code Execution Vulnerability | |
| 2020-06-12 | CISEC:7576 | Windows Update Stack Elevation of Privilege Vulnerability |
| CISEC:7585 | Windows Update Stack Elevation of Privilege Vulnerability | |
| CISEC:7590 | Windows Task Scheduler Security Feature Bypass Vulnerability | |
| CISEC:7609 | Windows Subsystem for Linux Information Disclosure Vulnerability | |
| CISEC:7619 | Windows Storage Service Elevation of Privilege Vulnerability | |
| CISEC:7564 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7584 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7596 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7599 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7600 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7602 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7603 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7604 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7606 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7617 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7618 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7558 | Windows State Repository Service Elevation of Privilege Vulnerability | |
| CISEC:7569 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7578 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7591 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7594 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7605 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7611 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7613 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7623 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7560 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7561 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7552 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7555 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:7550 | Windows Remote Code Execution Vulnerability | |
| CISEC:7620 | Windows Remote Access Common Dialog Elevation of Privilege Vulnerability | |
| CISEC:7551 | Windows Push Notification Service Elevation of Privilege Vulnerability | |
| CISEC:7597 | Windows Printer Service Elevation of Privilege Vulnerability | |
| CISEC:7607 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:7546 | Windows Print Spooler Elevation of Privilege Vulnerability | |
| CISEC:7579 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:7573 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7595 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7574 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7622 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:7554 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:7588 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7601 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7548 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7549 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7570 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:7562 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | |
| CISEC:7587 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:7589 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:7621 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:7553 | Windows Denial of Service Vulnerability | |
| CISEC:7608 | Windows CSRSS Information Disclosure Vulnerability | |
| CISEC:7571 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:7565 | Windows Clipboard Service Elevation of Privilege Vulnerability | |
| CISEC:7568 | Windows Clipboard Service Elevation of Privilege Vulnerability | |
| CISEC:7556 | Windows Clipboard Service Elevation of Privilege Vulnerability | |
| CISEC:7559 | Windows Clipboard Service Elevation of Privilege Vulnerability | |
| CISEC:7592 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | |
| CISEC:7598 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7612 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7580 | Microsoft Windows Transport Layer Security Denial of Service Vulnerability | |
| CISEC:7567 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:7610 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:7547 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:7581 | Microsoft Script Runtime Remote Code Execution Vulnerability | |
| CISEC:7582 | Microsoft Graphics Components Remote Code Execution Vulnerability | |
| CISEC:7615 | Microsoft Color Management Remote Code Execution Vulnerability | |
| CISEC:7577 | Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability | |
| CISEC:7572 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7583 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7614 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7557 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7566 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7575 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7586 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7563 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7616 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:7593 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | |
| CISEC:7545 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | |
| 2020-05-29 | CISEC:7516 | Windows VBScript Engine Remote Code Execution Vulnerability |
| CISEC:7515 | VBScript Remote Code Execution Vulnerability | |
| CISEC:7513 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7518 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7519 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7506 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7507 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7508 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7512 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7509 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:7517 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:7514 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7510 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7511 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| 2020-05-22 | CISEC:7427 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| CISEC:7443 | Windows Update Stack Elevation of Privilege Vulnerability | |
| CISEC:7487 | Windows Update Stack Elevation of Privilege Vulnerability | |
| CISEC:7488 | Windows Token Security Feature Bypass Vulnerability | |
| CISEC:7455 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability | |
| CISEC:7480 | Windows Scheduled Task Elevation of Privilege Vulnerability | |
| CISEC:7454 | Windows Push Notification Service Information Disclosure Vulnerability | |
| CISEC:7436 | Windows Push Notification Service Elevation of Privilege Vulnerability | |
| CISEC:7469 | Windows Push Notification Service Elevation of Privilege Vulnerability | |
| CISEC:7482 | Windows Push Notification Service Elevation of Privilege Vulnerability | |
| CISEC:7486 | Windows Push Notification Service Elevation of Privilege Vulnerability | |
| CISEC:7426 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:7493 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:7477 | Windows Kernel Information Disclosure in CPU Memory Access | |
| CISEC:7430 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7466 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7472 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7490 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7438 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:7428 | Windows Hyper-V Elevation of Privilege Vulnerability | |
| CISEC:7464 | Windows Hyper-V Elevation of Privilege Vulnerability | |
| CISEC:7424 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:7437 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7433 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7440 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7444 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7449 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7450 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7489 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7475 | Windows DNS Denial of Service Vulnerability | |
| CISEC:7432 | Windows Denial of Service Vulnerability | |
| CISEC:7452 | Win32k Information Disclosure Vulnerability | |
| CISEC:7481 | Win32k Information Disclosure Vulnerability | |
| CISEC:7445 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7484 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7491 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7448 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:7483 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | |
| CISEC:7470 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | |
| CISEC:7447 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:7457 | Microsoft Graphics Components Remote Code Execution Vulnerability | |
| CISEC:7429 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:7456 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:7468 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:7434 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7446 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7459 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7431 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:7453 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:7461 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:7465 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:7471 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:7425 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7439 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7458 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7460 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7463 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7473 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7474 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7476 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7479 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7492 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:7451 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:7467 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:7478 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:7435 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | |
| CISEC:7442 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | |
| CISEC:7462 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | |
| CISEC:7441 | Adobe Font Manager Library Remote Code Execution Vulnerability | |
| CISEC:7485 | Adobe Font Manager Library Remote Code Execution Vulnerability | |
| 2020-04-17 | CISEC:7340 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| CISEC:7370 | Windows Work Folder Service Elevation of Privilege Vulnerability | |
| CISEC:7387 | Windows Work Folder Service Elevation of Privilege Vulnerability | |
| CISEC:7398 | Windows Work Folder Service Elevation of Privilege Vulnerability | |
| CISEC:7402 | Windows Work Folder Service Elevation of Privilege Vulnerability | |
| CISEC:7328 | Windows Work Folder Service Elevation of Privilege Vulnerability | |
| CISEC:7330 | Windows Work Folder Service Elevation of Privilege Vulnerability | |
| CISEC:7374 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CISEC:7347 | Windows UPnP Service Elevation of Privilege Vulnerability | |
| CISEC:7359 | Windows UPnP Service Elevation of Privilege Vulnerability | |
| CISEC:7365 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |
| CISEC:7329 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |
| CISEC:7384 | Windows Tile Object Service Denial of Service Vulnerability | |
| CISEC:7339 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7334 | Windows Network List Service Elevation of Privilege Vulnerability | |
| CISEC:7364 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | |
| CISEC:7350 | Windows Network Connections Service Information Disclosure Vulnerability | |
| CISEC:7343 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7366 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7367 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7368 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7375 | Windows Network Connections Service Elevation of Privilege Vulnerability | |
| CISEC:7338 | Windows Modules Installer Service Information Disclosure Vulnerability | |
| CISEC:7381 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | |
| CISEC:7344 | Windows Language Pack Installer Elevation of Privilege Vulnerability | |
| CISEC:7327 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7361 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7377 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7395 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7400 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7333 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7385 | Windows Imaging Component Information Disclosure Vulnerability | |
| CISEC:7341 | Windows Hard Link Elevation of Privilege Vulnerability | |
| CISEC:7355 | Windows Hard Link Elevation of Privilege Vulnerability | |
| CISEC:7358 | Windows Hard Link Elevation of Privilege Vulnerability | |
| CISEC:7331 | Windows Hard Link Elevation of Privilege Vulnerability | |
| CISEC:7372 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:7342 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:7383 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:7369 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7382 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7389 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7393 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7337 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:7376 | Windows Error Reporting Information Disclosure Vulnerability | |
| CISEC:7360 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:7399 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:7352 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7388 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7351 | Windows Device Setup Manager Elevation of Privilege Vulnerability | |
| CISEC:7378 | Windows Defender Security Center Elevation of Privilege Vulnerability | |
| CISEC:7379 | Windows Defender Security Center Elevation of Privilege Vulnerability | |
| CISEC:7348 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:7401 | Windows CSC Service Elevation of Privilege Vulnerability | |
| CISEC:7363 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | |
| CISEC:7332 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:7357 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability | |
| CISEC:7362 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability | |
| CISEC:7391 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability | |
| CISEC:7354 | Win32k Information Disclosure Vulnerability | |
| CISEC:7349 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7371 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7336 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7386 | Provisioning Runtime Elevation of Privilege Vulnerability | |
| CISEC:7373 | Microsoft IIS Server Tampering Vulnerability | |
| CISEC:7380 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7392 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7394 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7335 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7353 | Media Foundation Information Disclosure Vulnerability | |
| CISEC:7346 | LNK Remote Code Execution Vulnerability | |
| CISEC:7396 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:7397 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:7390 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:7356 | Connected User Experiences and Telemetry Service Information Disclosure Vulnerability | |
| CISEC:7345 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | |
| 2020-04-05 | CVE-2019-20781 | oval:com.altx-soft.win:def:68524: Vulnerability in LG Bridge before 1.2.54 |
| 2020-03-27 | CISEC:7274 | Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a heap corruption vulnerability |
| 2020-03-20 | CISEC:7273 | Multiple vulnerabilities on Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier |
| CISEC:7271 | Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier. | |
| CISEC:7270 | Internet Explorer Memory Corruption Vulnerability | |
| 2020-03-13 | CISEC:7212 | Windows Wireless Network Manager Elevation of Privilege Vulnerability |
| CISEC:7253 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CISEC:7243 | Windows SSH Elevation of Privilege Vulnerability | |
| CISEC:7193 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7217 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7247 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7264 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7219 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |
| CISEC:7203 | Windows Remote Code Execution Vulnerability | |
| CISEC:7258 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | |
| CISEC:7210 | Windows Modules Installer Service Information Disclosure Vulnerability | |
| CISEC:7194 | Windows Key Isolation Service Information Disclosure Vulnerability | |
| CISEC:7202 | Windows Key Isolation Service Information Disclosure Vulnerability | |
| CISEC:7205 | Windows Key Isolation Service Information Disclosure Vulnerability | |
| CISEC:7228 | Windows Key Isolation Service Information Disclosure Vulnerability | |
| CISEC:7239 | Windows Key Isolation Service Information Disclosure Vulnerability | |
| CISEC:7251 | Windows Key Isolation Service Information Disclosure Vulnerability | |
| CISEC:7265 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:7192 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7215 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7245 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7249 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7261 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:7197 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7263 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:7240 | Windows Information Disclosure Vulnerability | |
| CISEC:7188 | Windows IME Elevation of Privilege Vulnerability | |
| CISEC:7241 | Windows Imaging Library Remote Code Execution Vulnerability | |
| CISEC:7196 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:7227 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:7201 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:7222 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:7250 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:7208 | Windows Function Discovery Service Elevation of Privilege Vulnerability | |
| CISEC:7254 | Windows Function Discovery Service Elevation of Privilege Vulnerability | |
| CISEC:7257 | Windows Function Discovery Service Elevation of Privilege Vulnerability | |
| CISEC:7237 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | |
| CISEC:7252 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:7260 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:7207 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7226 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7191 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:7214 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:7231 | Windows Common Log File System Driver Information Disclosure Vulnerability | |
| CISEC:7259 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:7262 | Windows COM Server Elevation of Privilege Vulnerability | |
| CISEC:7195 | Windows Client License Service Elevation of Privilege Vulnerability | |
| CISEC:7206 | Windows Backup Service Elevation of Privilege Vulnerability | |
| CISEC:7233 | Win32k Information Disclosure Vulnerability | |
| CISEC:7235 | Win32k Information Disclosure Vulnerability | |
| CISEC:7198 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7199 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7204 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7211 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7218 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7221 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7223 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7225 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7242 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7244 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7216 | Remote Desktop Services Remote Code Execution Vulnerability | |
| CISEC:7232 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:7255 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:7229 | Microsoft Secure Boot Security Feature Bypass Vulnerability | |
| CISEC:7234 | Microsoft Graphics Components Information Disclosure Vulnerability | |
| CISEC:7213 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:7236 | LNK Remote Code Execution Vulnerability | |
| CISEC:7190 | DirectX Information Disclosure Vulnerability | |
| CISEC:7189 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:7209 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:7266 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | |
| CISEC:7200 | Connected Devices Platform Service Elevation of Privilege Vulnerability | |
| CISEC:7224 | Connected Devices Platform Service Elevation of Privilege Vulnerability | |
| CISEC:7238 | Connected Devices Platform Service Elevation of Privilege Vulnerability | |
| CISEC:7246 | Connected Devices Platform Service Elevation of Privilege Vulnerability | |
| CISEC:7248 | Connected Devices Platform Service Elevation of Privilege Vulnerability | |
| CISEC:7256 | Connected Devices Platform Service Elevation of Privilege Vulnerability | |
| CISEC:7220 | Active Directory Elevation of Privilege Vulnerability | |
| 2020-03-06 | CISEC:7174 | Brackets versions 1.14 and earlier have a command injection vulnerability |
| 2020-02-28 | CISEC:7173 | Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability |
| 2020-02-21 | CISEC:7160 | VBScript Remote Code Execution Vulnerability |
| CISEC:7164 | Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier. | |
| CISEC:7162 | Microsoft Browser Spoofing Vulnerability | |
| CISEC:7163 | Microsoft Browser Security Feature Bypass Vulnerability | |
| CISEC:7161 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:7158 | Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability | |
| CISEC:7157 | Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability | |
| 2020-02-14 | CISEC:7138 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CISEC:7128 | Windows Security Feature Bypass Vulnerability | |
| CISEC:7122 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7124 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7135 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7136 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7137 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7139 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7142 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7146 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7148 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7149 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7154 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7155 | Windows Search Indexer Elevation of Privilege Vulnerability | |
| CISEC:7133 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability | |
| CISEC:7134 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability | |
| CISEC:7151 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | |
| CISEC:7145 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:7125 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7152 | Windows Elevation of Privilege Vulnerability | |
| CISEC:7156 | Windows CryptoAPI Spoofing Vulnerability | |
| CISEC:7143 | Windows Common Log File System Driver Information Disclosure Vulnerability | |
| CISEC:7144 | Windows Common Log File System Driver Information Disclosure Vulnerability | |
| CISEC:7132 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:7121 | Win32k Information Disclosure Vulnerability | |
| CISEC:7123 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7130 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:7147 | Update Notification Manager Elevation of Privilege Vulnerability | |
| CISEC:7126 | Remote Desktop Web Access Information Disclosure Vulnerability | |
| CISEC:7140 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:7150 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:7129 | Microsoft Windows Denial of Service Vulnerability | |
| CISEC:7153 | Microsoft Graphics Components Information Disclosure Vulnerability | |
| CISEC:7141 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:7127 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | |
| CISEC:7131 | Hyper-V Denial of Service Vulnerability | |
| 2020-01-17 | CISEC:6833 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
| CISEC:6830 | Windows Printer Service Elevation of Privilege Vulnerability | |
| CISEC:6836 | Windows OLE Remote Code Execution Vulnerability | |
| CISEC:6828 | Windows Media Player Information Disclosure Vulnerability | |
| CISEC:6829 | Windows Media Player Information Disclosure Vulnerability | |
| CISEC:6840 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6842 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6844 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6839 | Windows Hyper-V Information Disclosure Vulnerability | |
| CISEC:6826 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6831 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6834 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6832 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6835 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6838 | Windows COM Server Elevation of Privilege Vulnerability | |
| CISEC:6827 | Win32k Information Disclosure Vulnerability | |
| CISEC:6843 | Win32k Graphics Remote Code Execution Vulnerability | |
| CISEC:6841 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6837 | Microsoft Defender Security Feature Bypass Vulnerability | |
| 2019-12-20 | CISEC:6767 | Windows User Profile Service Elevation of Privilege Vulnerability |
| CISEC:6770 | Windows UPnP Service Elevation of Privilege Vulnerability | |
| CISEC:6778 | Windows TCP/IP Information Disclosure Vulnerability | |
| CISEC:6788 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:6780 | Windows Remote Procedure Call Information Disclosure Vulnerability | |
| CISEC:6781 | Windows Modules Installer Service Information Disclosure Vulnerability | |
| CISEC:6760 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6758 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:6763 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:6739 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6743 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6772 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6750 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6786 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6793 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6794 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6755 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:6746 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:6756 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:6773 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:6789 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:6792 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6764 | Windows Error Reporting Information Disclosure Vulnerability | |
| CISEC:6740 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6748 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6759 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6742 | Windows Denial of Service Vulnerability | |
| CISEC:6768 | Windows Denial of Service Vulnerability | |
| CISEC:6745 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:6757 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:6782 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:6777 | Windows Certificate Dialog Elevation of Privilege Vulnerability | |
| CISEC:6741 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |
| CISEC:6752 | Win32k Information Disclosure Vulnerability | |
| CISEC:6754 | Win32k Information Disclosure Vulnerability | |
| CISEC:6747 | Win32k Graphics Remote Code Execution Vulnerability | |
| CISEC:6753 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6744 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6761 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6762 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6769 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6790 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6749 | OpenType Font Parsing Remote Code Execution Vulnerability | |
| CISEC:6784 | OpenType Font Parsing Remote Code Execution Vulnerability | |
| CISEC:6771 | OpenType Font Driver Information Disclosure Vulnerability | |
| CISEC:6785 | NetLogon Security Feature Bypass Vulnerability | |
| CISEC:6812 | Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497... | |
| CISEC:6815 | Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and... | |
| CISEC:6814 | Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier. | |
| CISEC:6810 | Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier. | |
| CISEC:6791 | Microsoft Windows Security Feature Bypass Vulnerability | |
| CISEC:6774 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |
| CISEC:6775 | Microsoft Windows Information Disclosure Vulnerability | |
| CISEC:6783 | Microsoft splwow64 Elevation of Privilege Vulnerability | |
| CISEC:6779 | Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability | |
| CISEC:6776 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6751 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6787 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6765 | DirectWrite Information Disclosure Vulnerability | |
| CISEC:6766 | DirectWrite Information Disclosure Vulnerability | |
| 2019-12-06 | CISEC:6648 | XmlLite Runtime Denial of Service Vulnerability |
| CISEC:6534 | Winlogon Elevation of Privilege Vulnerability | |
| CISEC:6505 | Windows WLAN Service Elevation of Privilege Vulnerability | |
| CISEC:6523 | Windows VBScript Engine Remote Code Execution Vulnerability | |
| CISEC:6524 | Windows VBScript Engine Remote Code Execution Vulnerability | |
| CISEC:6641 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CISEC:6392 | Windows Update Delivery Optimization Elevation of Privilege Vulnerability | |
| CISEC:6611 | Windows Update Client Information Disclosure Vulnerability | |
| CISEC:6513 | Windows Transaction Manager Information Disclosure Vulnerability | |
| CISEC:6649 | Windows Text Service Framework Elevation of Privilege Vulnerability | |
| CISEC:6607 | Windows TCP/IP Information Disclosure Vulnerability | |
| CISEC:6516 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:6553 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:6558 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:6408 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:6581 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:6637 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:6554 | Windows Storage Service Elevation of Privilege Vulnerability | |
| CISEC:6664 | Windows Storage Service Elevation of Privilege Vulnerability | |
| CISEC:6450 | Windows Storage Service Elevation of Privilege Vulnerability | |
| CISEC:6565 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:6667 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:6631 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:6633 | Windows SMB Client Driver Information Disclosure Vulnerability | |
| CISEC:6466 | Windows Shell Elevation of Privilege Vulnerability | |
| CISEC:6477 | Windows Security Feature Bypass Vulnerability | |
| CISEC:6418 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | |
| CISEC:6374 | Windows Secure Boot Security Feature Bypass Vulnerability | |
| CISEC:6398 | Windows Secure Boot Security Feature Bypass Vulnerability | |
| CISEC:6635 | Windows RPCSS Elevation of Privilege Vulnerability | |
| CISEC:6416 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |
| CISEC:6645 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |
| CISEC:6679 | Windows Remote Code Execution Vulnerability | |
| CISEC:6675 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | |
| CISEC:6356 | Windows Print Spooler Information Disclosure Vulnerability | |
| CISEC:6445 | Windows Power Service Elevation of Privilege Vulnerability | |
| CISEC:6414 | Windows OLE Remote Code Execution Vulnerability | |
| CISEC:6542 | Windows NTLM Tampering Vulnerability | |
| CISEC:6455 | Windows NTLM Tampering Vulnerability | |
| CISEC:6647 | Windows NTLM Security Feature Bypass Vulnerability | |
| CISEC:6357 | Windows NTFS Elevation of Privilege Vulnerability | |
| CISEC:6629 | Windows Network File System Elevation of Privilege Vulnerability | |
| CISEC:6555 | Windows Network Connectivity Assistant Elevation of Privilege Vulnerability | |
| CISEC:6578 | Windows NDIS Elevation of Privilege Vulnerability | |
| CISEC:6351 | Windows Media Elevation of Privilege Vulnerability | |
| CISEC:6529 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6559 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6564 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6697 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6346 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6349 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6375 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6684 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6688 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6402 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6425 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6470 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6473 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6573 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6574 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6626 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6651 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6541 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:6545 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:6696 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:6662 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:6478 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:6602 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:6660 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:6652 | Windows IOleCvt Interface Remote Code Execution Vulnerability | |
| CISEC:6381 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:6501 | Windows Information Disclosure Vulnerability | |
| CISEC:6400 | Windows Information Disclosure Vulnerability | |
| CISEC:6597 | Windows Information Disclosure Vulnerability | |
| CISEC:6487 | Windows Imaging API Remote Code Execution Vulnerability | |
| CISEC:6539 | Windows Image Elevation of Privilege Vulnerability | |
| CISEC:6405 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6439 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6440 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6615 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6517 | Windows Hyper-V Information Disclosure Vulnerability | |
| CISEC:6677 | Windows Hyper-V Information Disclosure Vulnerability | |
| CISEC:6590 | Windows Hyper-V Information Disclosure Vulnerability | |
| CISEC:6494 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6480 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6515 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6531 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6543 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6666 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6436 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6458 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6606 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6571 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6625 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6636 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:6486 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:6444 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:6658 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:6481 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6511 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6532 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6546 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6548 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6557 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6693 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6342 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6343 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6347 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6348 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6358 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6360 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6370 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6371 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6377 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6383 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6661 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6678 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6399 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6394 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6419 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6427 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6446 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6467 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6476 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6604 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6579 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6585 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6598 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6601 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:6475 | Windows File Signature Security Feature Bypass Vulnerability | |
| CISEC:6685 | Windows Event Viewer Information Disclosure Vulnerability | |
| CISEC:6484 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | |
| CISEC:6376 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | |
| CISEC:6397 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | |
| CISEC:6550 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:6412 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:6420 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:6492 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6485 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6504 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6525 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6535 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6552 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6563 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6568 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6698 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6350 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6355 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6422 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6429 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6431 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6432 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6452 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6462 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6468 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6474 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6582 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6583 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6612 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6627 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6654 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6655 | Windows Elevation of Privilege Vulnerability | |
| CISEC:6407 | Windows dnsrlvr.dll Elevation of Privilege Vulnerability | |
| CISEC:6691 | Windows DNS Server Denial of Service Vulnerability | |
| CISEC:6561 | Windows DHCP Server Remote Code Execution Vulnerability | |
| CISEC:6417 | Windows DHCP Server Remote Code Execution Vulnerability | |
| CISEC:6457 | Windows DHCP Server Remote Code Execution Vulnerability | |
| CISEC:6521 | Windows DHCP Server Denial of Service Vulnerability | |
| CISEC:6442 | Windows DHCP Server Denial of Service Vulnerability | |
| CISEC:6522 | Windows DHCP Client Remote Code Execution Vulnerability | |
| CISEC:6361 | Windows DHCP Client Remote Code Execution Vulnerability | |
| CISEC:6384 | Windows DHCP Client Remote Code Execution Vulnerability | |
| CISEC:6593 | Windows DHCP Client Remote Code Execution Vulnerability | |
| CISEC:6368 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | |
| CISEC:6490 | Windows Denial of Service Vulnerability | |
| CISEC:6530 | Windows Denial of Service Vulnerability | |
| CISEC:6676 | Windows Denial of Service Vulnerability | |
| CISEC:6409 | Windows Denial of Service Vulnerability | |
| CISEC:6646 | Windows Denial of Service Vulnerability | |
| CISEC:6656 | Windows Denial of Service Vulnerability | |
| CISEC:6586 | Windows CSRSS Elevation of Privilege Vulnerability | |
| CISEC:6639 | Windows Common Log File System Driver Information Disclosure Vulnerability | |
| CISEC:6533 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:6682 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:6464 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:6617 | Windows Code Integrity Module Information Disclosure Vulnerability | |
| CISEC:6488 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6506 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6556 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6672 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6438 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6471 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6589 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6592 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6596 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6616 | Windows Audio Service Elevation of Privilege Vulnerability | |
| CISEC:6495 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:6472 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:6584 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:6650 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:6387 | Windows ActiveX Remote Code Execution Vulnerability | |
| CISEC:6500 | Win32k Information Disclosure Vulnerability | |
| CISEC:6518 | Win32k Information Disclosure Vulnerability | |
| CISEC:6372 | Win32k Information Disclosure Vulnerability | |
| CISEC:6603 | Win32k Information Disclosure Vulnerability | |
| CISEC:6498 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6537 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6544 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6547 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6369 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6388 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6663 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6683 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6396 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6390 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6428 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6461 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6594 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6618 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6624 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6332 | VBScript Remote Code Execution Vulnerability | |
| CISEC:6327 | VBScript Remote Code Execution Vulnerability | |
| CISEC:6344 | Unified Write Filter Elevation of Privilege Vulnerability | |
| CISEC:6680 | Task Scheduler Elevation of Privilege Vulnerability | |
| CISEC:6634 | SymCrypt Information Disclosure Vulnerability | |
| CISEC:6395 | SymCrypt Denial of Service Vulnerability | |
| CISEC:6512 | Remote Desktop Services Remote Code Execution Vulnerability | |
| CISEC:6671 | Remote Desktop Services Remote Code Execution Vulnerability | |
| CISEC:6674 | Remote Desktop Services Remote Code Execution Vulnerability | |
| CISEC:6435 | Remote Desktop Services Remote Code Execution Vulnerability | |
| CISEC:6572 | Remote Desktop Services Remote Code Execution Vulnerability | |
| CISEC:6580 | Remote Desktop Services Remote Code Execution Vulnerability | |
| CISEC:6441 | Remote Desktop Protocol Server Information Disclosure Vulnerability | |
| CISEC:6642 | Remote Desktop Protocol Server Information Disclosure Vulnerability | |
| CISEC:6577 | Remote Desktop Protocol Client Information Disclosure Vulnerability | |
| CISEC:6378 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:6690 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:6595 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:6628 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:6643 | Remote Desktop Client Remote Code Execution Vulnerability | |
| CISEC:6367 | OLE Automation Remote Code Execution Vulnerability | |
| CISEC:6493 | MS XML Remote Code Execution Vulnerability | |
| CISEC:6527 | MS XML Remote Code Execution Vulnerability | |
| CISEC:6694 | MS XML Remote Code Execution Vulnerability | |
| CISEC:6665 | MS XML Remote Code Execution Vulnerability | |
| CISEC:6668 | MS XML Remote Code Execution Vulnerability | |
| CISEC:6411 | MS XML Remote Code Execution Vulnerability | |
| CISEC:6469 | MS XML Remote Code Execution Vulnerability | |
| CISEC:6576 | MS XML Remote Code Execution Vulnerability | |
| CISEC:6502 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | |
| CISEC:6519 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | |
| CISEC:6386 | Microsoft Windows Transport Layer Security Spoofing Vulnerability | |
| CISEC:6352 | Microsoft Windows Store Installer Elevation of Privilege Vulnerability | |
| CISEC:6423 | Microsoft Windows Security Feature Bypass Vulnerability | |
| CISEC:6456 | Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability | |
| CISEC:6497 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:6499 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:6669 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:6591 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:6614 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:6653 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:6659 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:6562 | Microsoft Windows Denial of Service Vulnerability | |
| CISEC:6608 | Microsoft Windows CloudStore Elevation of Privilege Vulnerability | |
| CISEC:6569 | Microsoft unistore.dll Information Disclosure Vulnerability | |
| CISEC:6620 | Microsoft splwow64 Elevation of Privilege Vulnerability | |
| CISEC:6587 | Microsoft Speech API Remote Code Execution Vulnerability | |
| CISEC:6599 | Microsoft IIS Server Elevation of Privilege Vulnerability | |
| CISEC:6345 | Microsoft IIS Server Denial of Service Vulnerability | |
| CISEC:6538 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:6540 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:6363 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:6403 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:6373 | Microsoft Graphics Components Information Disclosure Vulnerability | |
| CISEC:6681 | Microsoft Graphics Components Information Disclosure Vulnerability | |
| CISEC:6453 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:6382 | Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability | |
| CISEC:6424 | Local Security Authority Subsystem Service Denial of Service Vulnerability | |
| CISEC:6508 | LNK Remote Code Execution Vulnerability | |
| CISEC:6401 | LNK Remote Code Execution Vulnerability | |
| CISEC:6496 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6482 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6503 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6507 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6520 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6536 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6560 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6695 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6353 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6364 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6379 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6380 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6670 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6673 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6687 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6692 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6391 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6393 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6404 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6413 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6426 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6433 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6434 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6437 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6448 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6449 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6451 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6465 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6479 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6605 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6575 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6588 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6600 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6613 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6619 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6621 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6630 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6632 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6640 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6644 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6329 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:6389 | Hyper-V vSMB Remote Code Execution Vulnerability | |
| CISEC:6354 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6489 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:6514 | HTTP/2 Server Denial of Service Vulnerability | |
| CISEC:6366 | HTTP/2 Server Denial of Service Vulnerability | |
| CISEC:6430 | HTTP/2 Server Denial of Service Vulnerability | |
| CISEC:6460 | HTTP/2 Server Denial of Service Vulnerability | |
| CISEC:6610 | HTTP/2 Server Denial of Service Vulnerability | |
| CISEC:6362 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:6447 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:6609 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:6567 | DirectX Information Disclosure Vulnerability | |
| CISEC:6463 | DirectX Information Disclosure Vulnerability | |
| CISEC:6406 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:6443 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:6459 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:6638 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:6491 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6526 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6551 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6686 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6410 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6415 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6421 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6454 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6623 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6657 | DirectWrite Remote Code Execution Vulnerability | |
| CISEC:6528 | DirectWrite Information Disclosure Vulnerability | |
| CISEC:6549 | DirectWrite Information Disclosure Vulnerability | |
| CISEC:6566 | DirectWrite Information Disclosure Vulnerability | |
| CISEC:6570 | DirectWrite Information Disclosure Vulnerability | |
| CISEC:6622 | DirectWrite Information Disclosure Vulnerability | |
| CISEC:6483 | ADFS Security Feature Bypass Vulnerability | |
| CISEC:6359 | ADFS Security Feature Bypass Vulnerability | |
| CISEC:6689 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability | |
| CISEC:6510 | Active Directory Federation Services XSS Vulnerability | |
| CISEC:6385 | Active Directory Elevation of Privilege Vulnerability | |
| 2019-07-26 | CVE-2019-13962 | VLC avcodec picture copy heap-buffer-overflow |
| 2019-03-29 | CISEC:5972 | Windows VBScript Engine Remote Code Execution Vulnerability |
| CISEC:5996 | Windows Theme API Remote Code Execution Vulnerability | |
| CISEC:5926 | Windows TCP/IP Information Disclosure Vulnerability | |
| CISEC:5968 | Windows Subsystem for Linux Information Disclosure Vulnerability | |
| CISEC:5986 | Windows Storage Services Elevation of Privilege Vulnerability | |
| CISEC:5935 | Windows Storage Service Elevation of Privilege Vulnerability | |
| CISEC:5980 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:5920 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:6005 | Windows Shell Remote Code Execution Vulnerability | |
| CISEC:5994 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5997 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5919 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5924 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5923 | Windows Search Remote Code Execution Vulnerability | |
| CISEC:5984 | Windows Runtime Elevation of Privilege Vulnerability | |
| CISEC:5948 | Windows Remote Code Execution Vulnerability | |
| CISEC:5918 | Windows Registry Elevation of Privilege Vulnerability | |
| CISEC:5929 | Windows Media Player Information Disclosure Vulnerability | |
| CISEC:5932 | Windows Media Player Information Disclosure Vulnerability | |
| CISEC:5946 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5947 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5965 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5981 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5992 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6015 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6020 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5917 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5921 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5930 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5944 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:6016 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:5928 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:5937 | Windows Information Disclosure Vulnerability | |
| CISEC:5950 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:5956 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:5958 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:6004 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:5931 | Windows Hyper-V Information Disclosure Vulnerability | |
| CISEC:5961 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:5951 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5964 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5974 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5975 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5976 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5998 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5940 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5941 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5973 | Windows Elevation of Privilege Vulnerability | |
| CISEC:5991 | Windows Elevation Of Privilege Vulnerability | |
| CISEC:5988 | Windows DNS Server Heap Overflow Vulnerability | |
| CISEC:5957 | Windows DHCP Server Remote Code Execution Vulnerability | |
| CISEC:6011 | Windows DHCP Client Remote Code Execution Vulnerability | |
| CISEC:5915 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | |
| CISEC:5967 | Windows Denial of Service Vulnerability | |
| CISEC:5916 | Windows Denial of Service Vulnerability | |
| CISEC:5970 | Windows Defender Firewall Security Feature Bypass Vulnerability | |
| CISEC:5977 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:6009 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:6014 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:5938 | Windows Data Sharing Service Elevation of Privilege Vulnerability | |
| CISEC:5966 | Windows COM Elevation of Privilege Vulnerability | |
| CISEC:5922 | Windows COM Elevation of Privilege Vulnerability | |
| CISEC:5983 | Windows Code Integrity Module Denial of Service Vulnerability | |
| CISEC:5979 | Win32k Information Disclosure Vulnerability | |
| CISEC:5993 | Win32k Information Disclosure Vulnerability | |
| CISEC:6003 | Win32k Information Disclosure Vulnerability | |
| CISEC:5989 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5990 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6008 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6021 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5934 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:6012 | Remote Procedure Call runtime Information Disclosure Vulnerability | |
| CISEC:5927 | Remote Procedure Call runtime Information Disclosure Vulnerability | |
| CISEC:5995 | MS XML Remote Code Execution Vulnerability | |
| CISEC:5969 | Microsoft XmlDocument Elevation of Privilege Vulnerability | |
| CISEC:5943 | Microsoft Windows Elevation of Privilege Vulnerability | |
| CISEC:5982 | Microsoft Text-To-Speech Remote Code Execution Vulnerability | |
| CISEC:5999 | Microsoft JScript Security Feature Bypass Vulnerability | |
| CISEC:5945 | Microsoft JET Database Engine Remote Code Execution Vulnerability | |
| CISEC:5978 | Microsoft Graphics Components Remote Code Execution Vulnerability | |
| CISEC:6013 | Microsoft Filter Manager Elevation Of Privilege Vulnerability | |
| CISEC:6007 | Microsoft Cortana Elevation of Privilege Vulnerability | |
| CISEC:5952 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5953 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5955 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5959 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5960 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5963 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5985 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6000 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6001 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6006 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:6010 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5914 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5925 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5939 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5942 | Jet Database Engine Remote Code Execution Vulnerability | |
| CISEC:5954 | HID Information Disclosure Vulnerability | |
| CISEC:5987 | HID Information Disclosure Vulnerability | |
| CISEC:6018 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:6019 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:6002 | DirectX Information Disclosure Vulnerability | |
| CISEC:5949 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:5962 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:6017 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5936 | Cortana Elevation of Privilege Vulnerability | |
| CISEC:5971 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | |
| CISEC:5933 | Active Directory Federation Services XSS Vulnerability | |
| 2019-01-11 | CISEC:5860 | Vulnerability |
| 2018-12-21 | CISEC:5856 | Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows 81, Windows 7, Windows Server 2019 |
| CISEC:5858 | Microsoft Outlook Remote Code Execution Vulnerability This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576 | |
| CISEC:5854 | DirectX Information Disclosure Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows 81, Windows Server 2008 R2 | |
| CISEC:5853 | DirectX Elevation of Privilege Vulnerability This affects Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 81, Windows 10, Windows 10 Servers This CVE ID is... | |
| CISEC:5855 | Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557,... | |
| 2018-12-14 | CISEC:5838 | Windows Win32k Elevation of Privilege Vulnerability This affects Windows Server 2008, Windows 7, Windows Server 2008 R2 |
| CISEC:5840 | Windows Audio Service Information Disclosure Vulnerability This affects Windows 10 Servers, Windows 10, Windows Server 2019 | |
| CISEC:5841 | Windows ALPC Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers | |
| CISEC:5835 | Vulnerability | |
| CISEC:5837 | MS XML Remote Code Execution Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 81, Windows Server 2016, Windows Server... | |
| CISEC:5836 | Microsoft Edge Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8509 | |
| CISEC:5839 | Microsoft Edge Elevation of Privilege Vulnerability This affects Microsoft Edge | |
| CISEC:5842 | Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556,... | |
| 2018-12-07 | CISEC:5823 | Windows GDI Information Disclosure Vulnerability |
| CISEC:5825 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5826 | NTFS Elevation of Privilege Vulnerability | |
| CISEC:5833 | Linux On Windows Elevation Of Privilege Vulnerability | |
| CISEC:5832 | DirectX Information Disclosure Vulnerability | |
| CISEC:5834 | DirectX Information Disclosure Vulnerability | |
| CISEC:5822 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| CISEC:5827 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5828 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5829 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5830 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5831 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| 2018-11-30 | CISEC:5764 | Vulnerability |
| CISEC:5765 | Vulnerability | |
| CISEC:5767 | Vulnerability | |
| CISEC:5768 | Vulnerability | |
| CISEC:5769 | Vulnerability | |
| CISEC:5770 | Vulnerability | |
| CISEC:5771 | Vulnerability | |
| CISEC:5772 | Vulnerability | |
| 2018-11-26 | CISEC:5751 | Vulnerability |
| CISEC:5752 | Vulnerability | |
| CISEC:5749 | Microsoft JET Database Engine Remote Code Execution Vulnerability | |
| CISEC:5750 | Microsoft JET Database Engine Remote Code Execution Vulnerability | |
| CISEC:5757 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability | |
| CISEC:5753 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability | |
| CISEC:5754 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability | |
| CISEC:5755 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability | |
| CISEC:5756 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability | |
| CISEC:5758 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability | |
| CISEC:5759 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability | |
| 2018-11-16 | CISEC:5746 | Windows Information Disclosure Vulnerability |
| CISEC:5747 | Win32k Graphics Remote Code Execution Vulnerability | |
| CISEC:5748 | .NET Framework Remote Code Execution Vulnerability | |
| 2018-11-02 | CISEC:5722 | Windows SMB Information Disclosure Vulnerability |
| CISEC:5721 | Windows SMB Denial of Service Vulnerability | |
| CISEC:5736 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:5733 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:5734 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:5735 | Microsoft Office SharePoint XSS Vulnerability | |
| CISEC:5723 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| CISEC:5724 | Device Guard Security Feature Bypass Vulnerability | |
| 2018-10-26 | CISEC:5702 | Windows Subsystem for Linux Security Feature Bypass Vulnerability |
| CISEC:5703 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | |
| CISEC:5685 | Windows Hyper-V Information Disclosure Vulnerability | |
| CISEC:5697 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5699 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5693 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5694 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5695 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5696 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5701 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5700 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:5720 | Microsoft Scripting Engine Information Disclosure Vulnerability | |
| CISEC:5698 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:5719 | Microsoft Edge PDF Remote Code Execution Vulnerability | |
| 2018-10-19 | CISEC:5668 | Windows Kernel Information Disclosure Vulnerability |
| CISEC:5669 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5670 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5671 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5672 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5673 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5674 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5684 | Windows Hyper-V Security Feature Bypass Vulnerability | |
| CISEC:5683 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:5688 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:5686 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:5687 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:5675 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:5677 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5678 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:5676 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:5690 | Internet Explorer Security Feature Bypass Vulnerability | |
| CISEC:5691 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:5692 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:5679 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5680 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5681 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5682 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| 2018-10-05 | CISEC:5615 | Windows PDF Remote Code Execution Vulnerability |
| CISEC:5610 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5611 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5613 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5616 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5617 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5618 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5619 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5620 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5621 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5622 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5623 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5624 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5607 | OpenType Font Driver Elevation of Privilege Vulnerability | |
| CISEC:5656 | Microsoft SQL Server Remote Code Execution Vulnerability | |
| CISEC:5638 | Microsoft PowerPoint Remote Code Execution Vulnerability | |
| CISEC:5639 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:5654 | Microsoft Exchange Server Tampering Vulnerability | |
| CISEC:5651 | Microsoft Exchange Memory Corruption Vulnerability | |
| CISEC:5625 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:5627 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:5626 | Microsoft Excel Information Disclosure Vulnerability | |
| CISEC:5614 | Microsoft COM for Windows Remote Code Execution Vulnerability | |
| CISEC:5609 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:5606 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:5608 | Microsoft Browser Elevation of Privilege Vulnerability | |
| CISEC:5612 | GDI+ Remote Code Execution Vulnerability | |
| CISEC:5629 | Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability | |
| CISEC:5628 | Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability | |
| CISEC:5632 | .NET Framework Information Disclosure Vulnerability | |
| 2018-09-28 | CISEC:5588 | Internet Explorer Remote Code Execution Vulnerability |
| CISEC:5602 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| CISEC:5603 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| CISEC:5604 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| CISEC:5605 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| 2018-09-21 | CISEC:5582 | Windows NDIS Elevation of Privilege Vulnerability |
| CISEC:5583 | Windows NDIS Elevation of Privilege Vulnerability | |
| CISEC:5572 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:5575 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:5578 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:5579 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5581 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5580 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5586 | LNK Remote Code Execution Vulnerability | |
| CISEC:5587 | LNK Remote Code Execution Vulnerability | |
| CISEC:5573 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5574 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5576 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5577 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5584 | AD FS Security Feature Bypass Vulnerability | |
| 2018-09-14 | CISEC:5569 | Windows Shell Remote Code Execution Vulnerability |
| CISEC:5516 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5517 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5518 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:5566 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:5571 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5568 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5489 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5490 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5491 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5492 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5493 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5494 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5495 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5496 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5497 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5498 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5499 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5500 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5501 | Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5419 | Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5421 | Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5418 | Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5420 | Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5422 | Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5415 | Security Bypass Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5473 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5474 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5475 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5476 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5478 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5479 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5480 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5481 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5484 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5485 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5486 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5488 | Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5423 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5424 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5425 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5426 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5427 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5428 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5429 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5430 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5431 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5432 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5433 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5434 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5435 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5436 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5437 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5438 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5439 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5440 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5441 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5442 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5443 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5444 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5445 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5446 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5447 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5448 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5449 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5450 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5451 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5452 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5453 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5454 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5455 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5456 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5457 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5458 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5459 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5460 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5461 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5462 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5463 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5464 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5465 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5466 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5467 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5468 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5469 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5470 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5471 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5472 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5477 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5482 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5483 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5487 | Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5508 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5509 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5510 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5511 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5512 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5502 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5503 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5504 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5505 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5506 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5507 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5513 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5514 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5515 | Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5414 | Double Free Vulnerability in Adobe Acrobat Reader 2018.011.20055 and earlier versions, 2017.011.30096 and earlier versions, and 2015.006.30434 and earlier versions | |
| CISEC:5570 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5567 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5411 | Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5412 | Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5413 | Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5416 | Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions | |
| CISEC:5553 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability | |
| CISEC:5538 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability | |
| CISEC:5519 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5524 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5529 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5531 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5534 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5539 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5541 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5542 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5544 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5547 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5549 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5552 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5556 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5558 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5560 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5561 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5562 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5563 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5564 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability | |
| CISEC:5545 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability | |
| CISEC:5522 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5527 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5528 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5530 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5532 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5533 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5535 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5536 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5548 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5551 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5554 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5555 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5557 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability | |
| CISEC:5550 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability | |
| CISEC:5525 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability | |
| CISEC:5537 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability | |
| CISEC:5520 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability | |
| CISEC:5521 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability | |
| CISEC:5523 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability | |
| CISEC:5526 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability | |
| CISEC:5546 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability | |
| CISEC:5559 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability | |
| CISEC:5565 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability | |
| CISEC:5417 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability | |
| CISEC:5543 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability | |
| CISEC:5540 | Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability | |
| 2018-09-11 | MITRE:61 | Windows NT Remote Access Service Phonebook Buffer Overflow |
| MITRE:158 | Windows NT Process Handle Duplication Privilege Escalation | |
| MITRE:94 | Solaris 8 mibiisa Remote Buffer Overflow Vulnerability | |
| MITRE:179 | Solaris 7 LBXProxy Display Name Buffer Overflow | |
| MITRE:10 | Heap Overflow in Solaris 8 xlock | |
| 2018-09-07 | CISEC:5394 | Windows Denial of Service Vulnerability |
| CISEC:5368 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client | |
| CISEC:5356 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles | |
| CISEC:5364 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges | |
| CISEC:5371 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges | |
| CISEC:5379 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges | |
| CISEC:5372 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption | |
| CISEC:5333 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication | |
| CISEC:5360 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication | |
| CISEC:5361 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options | |
| CISEC:5337 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:5380 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:5374 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached | |
| CISEC:5359 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML | |
| CISEC:5369 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML | |
| CISEC:5339 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:5346 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:5357 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:5358 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:5363 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:5370 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:5375 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:5341 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges | |
| CISEC:5345 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges | |
| CISEC:5373 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM | |
| CISEC:5334 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5335 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5338 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5342 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5347 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5366 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5367 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5376 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5340 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension | |
| CISEC:5336 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs | |
| CISEC:5343 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs | |
| CISEC:5365 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump | |
| CISEC:5381 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log | |
| CISEC:5362 | Vulnerability in the MySQL Server 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior | |
| CISEC:5344 | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin | |
| CISEC:5378 | Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs | |
| CISEC:5350 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency | |
| CISEC:5353 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries | |
| CISEC:5351 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE | |
| CISEC:5354 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL | |
| CISEC:5349 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security | |
| CISEC:5348 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX | |
| CISEC:5355 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB | |
| CISEC:5352 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment | |
| CISEC:5382 | Skype for Business and Lync Security Feature Bypass Vulnerability | |
| 2018-08-31 | CISEC:5290 | WordPad Security Feature Bypass Vulnerability |
| CISEC:5332 | Windows Firewall Denial of Service Vulnerability | |
| CISEC:5330 | Windows Elevation of Privilege Vulnerability | |
| CISEC:5327 | Windows DNSAPI Denial of Service Vulnerability | |
| CISEC:5328 | Windows Denial of Service Vulnerability | |
| CISEC:5331 | Windows Denial of Service Vulnerability | |
| CISEC:5326 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth | |
| CISEC:5311 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema | |
| CISEC:5302 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:5306 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:5313 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:5315 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:5317 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:5324 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:5320 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking | |
| CISEC:5325 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML | |
| CISEC:5299 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection | |
| CISEC:5298 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5300 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5308 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5309 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:5307 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS | |
| CISEC:5303 | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security | |
| CISEC:5314 | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI | |
| CISEC:5312 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization | |
| CISEC:5316 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security | |
| CISEC:5321 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security | |
| CISEC:5301 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX | |
| CISEC:5310 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP | |
| CISEC:5304 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency | |
| CISEC:5297 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT | |
| CISEC:5305 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security | |
| CISEC:5319 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot | |
| CISEC:5322 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries | |
| CISEC:5323 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries | |
| CISEC:5318 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install | |
| CISEC:5329 | Remote Code Execution Vulnerability in Skype For Business and Lync | |
| CISEC:5294 | Microsoft SharePoint Remote Code Execution Vulnerability | |
| CISEC:5292 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:5293 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:5289 | Microsoft Office Tampering Vulnerability | |
| CISEC:5291 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| 2018-08-24 | CISEC:5284 | Windows Kernel Elevation of Privilege Vulnerability |
| CISEC:5278 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5281 | Scripting Engine Security Feature Bypass Vulnerability | |
| CISEC:5286 | Python Integer Overflow vulnerability | |
| CISEC:5288 | Python Heap-Buffer-Overflow vulnerability | |
| CISEC:5279 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5280 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5282 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5283 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5285 | Buffer overflow vulnerability in os.symlink on Windows | |
| 2018-08-17 | CISEC:5236 | Microsoft Excel Remote Code Execution Vulnerability |
| CISEC:5253 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:5237 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5238 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5239 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5240 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5241 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5242 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5244 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5245 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5246 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5247 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5248 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5249 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5250 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5251 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5252 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5254 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5255 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5257 | Internet Explorer Security Feature Bypass Vulnerability | |
| CISEC:5275 | .NET Framework Security Feature Bypass Vulnerability | |
| CISEC:5274 | .NET Framework Remote Code Injection Vulnerability | |
| CISEC:5277 | .NET Framework Remote Code Execution Vulnerability | |
| CISEC:5276 | .NET Framework Elevation of Privilege Vulnerability | |
| 2018-08-10 | CISEC:5235 | Microsoft Excel Remote Code Execution Vulnerability |
| 2018-08-03 | CISEC:5234 | Windows Wireless Network Profile Information Disclosure Vulnerability |
| CISEC:5228 | Windows Remote Code Execution Vulnerability | |
| CISEC:5229 | Windows Remote Code Execution Vulnerability | |
| CISEC:5232 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:5224 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:5231 | Windows DNSAPI Remote Code Execution Vulnerability | |
| CISEC:5222 | Windows Desktop Bridge Elevation of Privilege Vulnerability | |
| CISEC:5223 | Windows Desktop Bridge Elevation of Privilege Vulnerability | |
| CISEC:5217 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5227 | WEBDAV Denial of Service Vulnerability | |
| CISEC:5219 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:5220 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:5226 | Microsoft Publisher Remote Code Execution Vulnerability | |
| CISEC:5225 | Microsoft Office Elevation of Privilege Vulnerability | |
| CISEC:5233 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:5230 | Hypervisor Code Integrity Elevation of Privilege Vulnerability | |
| CISEC:5218 | HTTP.sys Denial of Service Vulnerability | |
| CISEC:5216 | HTTP Protocol Stack Remote Code Execution Vulnerability | |
| CISEC:5221 | HIDParser Elevation of Privilege Vulnerability | |
| 2018-07-27 | CISEC:5183 | Windows Kernel Information Disclosure Vulnerability |
| CISEC:5194 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:5184 | Windows Elevation of Privilege Vulnerability | |
| CISEC:5185 | Windows Elevation of Privilege Vulnerability | |
| CISEC:5187 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5188 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5198 | NTFS Elevation of Privilege Vulnerability | |
| CISEC:5173 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:5178 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5180 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5174 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5181 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5176 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5177 | Internet Explorer Security Feature Bypass Vulnerability | |
| CISEC:5179 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:5175 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:5190 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5191 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5192 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5193 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5195 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5196 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5197 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:5186 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5189 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| 2018-07-20 | CISEC:5133 | Microsoft Office Remote Code Execution Vulnerability |
| CISEC:5132 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:5138 | Git OS Command Injection Vulnerability | |
| CISEC:5141 | Git OS Command Injection Vulnerability | |
| CISEC:5139 | Git Input Validation Error Vulnerability | |
| CISEC:5140 | Git Input Validation Error Vulnerability | |
| 2018-07-13 | CISEC:5128 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| CISEC:5129 | Microsoft SharePoint Elevation of Privilege Vulnerabilit | |
| CISEC:5130 | Microsoft SharePoint Elevation of Privilege Vulnerabilit | |
| CISEC:5131 | Microsoft SharePoint Elevation of Privilege Vulnerabilit | |
| CISEC:5110 | .NET and .NET Core Denial Of Service Vulnerability | |
| 2018-07-06 | CISEC:5102 | Scripting Engine Memory Corruption Vulnerability |
| CISEC:5103 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5104 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5105 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5106 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5107 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5108 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5109 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5124 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:5125 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:5127 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:5126 | Microsoft Excel Information Disclosure Vulnerability | |
| CISEC:5114 | Git Arbitrary Code Execution Vulnerability | |
| CISEC:5112 | .NET and .NET Core Denial Of Service Vulnerability | |
| 2018-06-29 | CISEC:5057 | Windows Kernel Elevation of Privilege Vulnerability |
| CISEC:5097 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5098 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5099 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5101 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5055 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:5054 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:5053 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5094 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:5095 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:5093 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:5096 | Internet Explorer Security Feature Bypass Vulnerability | |
| CISEC:5050 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5051 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5052 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5056 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:5100 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| 2018-06-22 | CISEC:5024 | Windows Security Feature Bypass Vulnerability |
| CISEC:5025 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5026 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5027 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5033 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5035 | Windows Security Feature Bypass Vulnerability | |
| CISEC:5034 | Windows Remote Code Execution Vulnerability | |
| CISEC:5048 | Windows Image Elevation of Privilege Vulnerability | |
| CISEC:5032 | Windows Elevation of Privilege Vulnerability | |
| CISEC:5049 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:5030 | Microsoft COM for Windows Remote Code Execution Vulnerability | |
| CISEC:5029 | Hyper-V vSMB Remote Code Execution Vulnerability | |
| CISEC:5028 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:5036 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | |
| 2018-06-15 | CISEC:5020 | Windows VBScript Engine Remote Code Execution Vulnerability |
| CISEC:5022 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:5023 | Windows Kernel Information Disclosure Vulnerability | |
| 2018-06-08 | CISEC:4997 | Windows VBScript Engine Remote Code Execution Vulnerability |
| CISEC:5015 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5017 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5018 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:5019 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:4994 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:4995 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:4992 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:4993 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:4998 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | |
| CISEC:4996 | Microsoft Excel Remote Code Execution Vulnerability | |
| 2018-06-01 | CISEC:4978 | Scripting Engine Memory Corruption Vulnerability |
| CISEC:4980 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4982 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4983 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:4977 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:4979 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:4981 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:4984 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4985 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4986 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4987 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4973 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:4974 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:4975 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:4964 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:4965 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:4926 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability | |
| CISEC:4976 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:4988 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:4929 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:4930 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:4931 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:4927 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:4928 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:4966 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4967 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4968 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4969 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4970 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4971 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4972 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| 2018-05-25 | CISEC:4909 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
| CISEC:4910 | Microsoft JET Database Engine Remote Code Execution Vulnerability | |
| CISEC:4924 | Microsoft JET Database Engine Remote Code Execution Vulnerability | |
| CISEC:4905 | Microsoft Graphics Component Denial of Service Vulnerability | |
| CISEC:4906 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:4907 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:4908 | Active Directory Security Feature Bypass Vulnerability | |
| 2018-05-18 | CISEC:4899 | Windows SNMP Service Denial of Service Vulnerability |
| CISEC:4859 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4860 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4861 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4862 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4863 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4864 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4865 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4867 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4868 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4869 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4866 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:4870 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:4900 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:4901 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:4902 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:4903 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:4904 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:4898 | HTTP.sys Denial of Service Vulnerability | |
| CISEC:4897 | Device Guard Security Feature Bypass Vulnerability | |
| 2018-05-11 | CISEC:4858 | XSS in interstitials |
| CISEC:4853 | Use after free in Flash | |
| CISEC:4852 | Use after free in Flash | |
| CISEC:4854 | URL Spoof in OmniBox | |
| CISEC:4855 | Timing attack using SVG filters | |
| CISEC:4856 | Information disclosure via texture data in WebGL | |
| CISEC:4857 | Information disclosure in IPC call | |
| CISEC:4850 | Incorrect processing of AppManifests | |
| CISEC:4851 | Circumvention of port blocking | |
| 2018-05-04 | CISEC:4751 | Microsoft Office Memory Corruption Vulnerability |
| CISEC:4753 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:4755 | Microsoft Office Excel Security Feature Bypass | |
| CISEC:4749 | Microsoft Exchange Information Disclosure Vulnerability | |
| CISEC:4756 | Microsoft Exchange Elevation of Privilege Vulnerability | |
| CISEC:4757 | Microsoft Exchange Elevation of Privilege Vulnerability | |
| CISEC:4752 | Microsoft Access Remote Code Execution Vulnerability | |
| 2018-05-02 | CVE-2013-6272 | The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi... |
| 2018-04-27 | CISEC:4727 | Windows Kernel Information Disclosure Vulnerability |
| CISEC:4729 | Use after free in Blink | |
| CISEC:4731 | Type confusion in V8 | |
| CISEC:4732 | Same Origin Bypass via canvas | |
| CISEC:4737 | Race condition in V8 | |
| CISEC:4723 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:4724 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:4726 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:4725 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:4722 | Internet Explorer Elevation of Privilege Vulnerability | |
| CISEC:4735 | Integer overflow in V8 | |
| CISEC:4730 | Incorrect permissions on shared memory | |
| CISEC:4733 | Incorrect permissions on shared memory | |
| CISEC:4736 | Heap buffer overflow in Skia | |
| CISEC:4734 | Buffer overflow in Skia | |
| 2018-04-20 | CISEC:4707 | Windows Security Feature Bypass Vulnerability |
| CISEC:4706 | Windows Remote Assistance Information Disclosure Vulnerability | |
| CISEC:4639 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4641 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4642 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4643 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4644 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4645 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4647 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4648 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4649 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4650 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4651 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4653 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4654 | Windows Installer Elevation of Privilege Vulnerability | |
| CISEC:4640 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:4646 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:4652 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:4688 | Windows Desktop Bridge VFS Elevation of Privilege Vulnerability | |
| CISEC:4687 | Windows Desktop Bridge Elevation of Privilege Vulnerability | |
| CISEC:4689 | Windows Desktop Bridge Elevation of Privilege Vulnerability | |
| CISEC:4678 | Use-after-free write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4662 | Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4682 | Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4686 | Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4670 | Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CVE-2014-0900 | The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure. | |
| CISEC:4665 | Security Mitigation Bypass vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4720 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4690 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4694 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4699 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4719 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4721 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:4702 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:4660 | Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4669 | Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4676 | Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4677 | Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4655 | Microsoft Video Control Elevation of Privilege Vulnerability | |
| CISEC:4705 | Microsoft Video Control Elevation of Privilege Vulnerability | |
| CISEC:4661 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4663 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4683 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4685 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4664 | Microsoft Sharepoint Elevation of Privilege Vulnerability | |
| CISEC:4667 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4668 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4671 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4672 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4673 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4674 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4675 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4680 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4703 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:4704 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:4684 | Heap Overflow write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4659 | Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4681 | Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4679 | Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions | |
| CISEC:4709 | CNG Security Feature Bypass Vulnerability | |
| CISEC:4691 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4692 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4693 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4695 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4696 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4697 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4698 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4700 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4701 | Chakra Scripting Engine Memory Corruption Vulnerability | |
| 2018-04-06 | CISEC:4618 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
| CISEC:4619 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4620 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4621 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4622 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4599 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4600 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4601 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4602 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4603 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4604 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4616 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4617 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4624 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4625 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4626 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| 2018-04-05 | CVE-2015-9016 | In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege.... |
| 2018-04-04 | CVE-2015-9011 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882. |
| CVE-2014-9953 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. | |
| CVE-2015-9015 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120. | |
| CVE-2015-9014 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750. | |
| CVE-2015-9009 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600. | |
| CVE-2015-9013 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251. | |
| CVE-2015-9010 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101. | |
| CVE-2014-9956 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611. | |
| CVE-2014-9954 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559. | |
| CVE-2014-9957 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564. | |
| CVE-2014-9958 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774. | |
| CVE-2015-9012 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691. | |
| CVE-2015-9008 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689. | |
| CVE-2014-9955 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686. | |
| CVE-2014-9959 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694. | |
| 2018-03-30 | CISEC:4169 | Windows Storage Services Elevation of Privilege Vulnerability |
| CISEC:4170 | Windows Security Feature Bypass Vulnerability | |
| CISEC:4163 | Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability | |
| CISEC:4165 | Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability | |
| CISEC:4172 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:4173 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:4174 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:4164 | Windows Elevation of Privilege Vulnerability | |
| CISEC:4166 | Windows Elevation of Privilege Vulnerability | |
| CISEC:4167 | Windows Elevation of Privilege Vulnerability | |
| CISEC:4161 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:4162 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:4160 | Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4168 | StructuredQuery Remote Code Execution Vulnerability | |
| CISEC:4171 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4588 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4589 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4590 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4591 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4592 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4593 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4594 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4595 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4596 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4597 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier | |
| CISEC:4154 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4147 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:4146 | Microsoft Outlook Memory Corruption Vulnerability | |
| CISEC:4155 | Microsoft Outlook Elevation of Privilege Vulnerability | |
| CISEC:4152 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:4153 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:4156 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:4149 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:4150 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:4148 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:4151 | Microsoft Excel Remote Code Execution Vulnerability | |
| 2018-03-27 | CVE-2014-4959 | **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. |
| 2018-03-23 | CISEC:4127 | Windows Kernel Information Disclosure Vulnerability |
| CISEC:4133 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4135 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4136 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4137 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4139 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:4125 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:4134 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:4138 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:4142 | Windows EOT Font Engine Information Disclosure Vulnerability | |
| CISEC:4143 | Windows EOT Font Engine Information Disclosure Vulnerability | |
| CISEC:4144 | Windows EOT Font Engine Information Disclosure Vulnerability | |
| CISEC:4145 | Windows EOT Font Engine Information Disclosure Vulnerability | |
| CISEC:4140 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4141 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4121 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4122 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4123 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4124 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4126 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4128 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4129 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4130 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4131 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4132 | Scripting Engine Memory Corruption Vulnerability | |
| 2018-03-16 | CISEC:4088 | XSS in DevTools |
| CISEC:4066 | WCP dissector crash | |
| CISEC:4077 | Use after free in WebUI | |
| CISEC:4089 | Use after free in PDFium | |
| CISEC:4076 | URL spoof in OmniBox | |
| CISEC:4078 | URL spoof in OmniBox | |
| CISEC:4091 | URL spoof in Navigation | |
| CISEC:4072 | UI spoof in Permissions | |
| CISEC:4106 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:4086 | Same origin bypass in Shared Worker | |
| CISEC:4073 | Referrer policy bypass in Blink | |
| CISEC:4087 | Referrer leak in XSS Auditor | |
| CISEC:4070 | Race when opening downloaded files | |
| CISEC:4065 | Multiple dissectors could crash | |
| CISEC:4107 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:4108 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:4109 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:4075 | Leak of page thumbnails in New Tab Page | |
| CISEC:4064 | IxVeriWave file parser crash | |
| CISEC:4074 | Integer underflow in WebAssembly | |
| CISEC:4069 | Integer overflow in Blink | |
| CISEC:4079 | Insufficient user gesture requirements in autofill | |
| CISEC:4081 | Insufficient isolation of devtools from extensions | |
| CISEC:4082 | Insufficient isolation of devtools from extensions | |
| CISEC:4084 | Insufficient isolation of devtools from extensions | |
| CISEC:4085 | Insufficient escaping with external URL handlers | |
| CISEC:4071 | Incomplete no-referrer policy implementation | |
| CISEC:4068 | ImageMagick memory leaks in MontageImageCommand in MagickWand/montage | |
| CISEC:4103 | ImageMagick memory leak vulnerability | |
| CISEC:4105 | ImageMagick memory exhaustion vulnerability | |
| CISEC:4067 | ImageMagick CPU exhaustion vulnerability | |
| CISEC:4104 | ImageMagick CPU exhaustion vulnerability | |
| CISEC:4096 | IBM WebSphere MQ is affected by a privilege escalation vulnerability | |
| CISEC:4095 | IBM MQ is affected by a potential denial of service to channel processes | |
| CISEC:4092 | IBM MQ could allow an authenticated user to insert messages with malformed data into the channel, which would cause it to restart | |
| CISEC:4093 | IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed | |
| CISEC:4094 | IBM MQ and IBM MQ Appliance could allow a local user to crash the queue manager agent thread and expose some sensitive information | |
| CISEC:4090 | Heap buffer overflow in WebGL | |
| CISEC:4083 | Cross origin URL leak in WebGL | |
| CISEC:4080 | Content security policy bypass | |
| 2018-03-09 | CISEC:4040 | Stack overflow in V8 |
| CISEC:4025 | OpenSSL Security Bypass Vulnerability | |
| CISEC:4026 | OpenSSL Security Bypass Vulnerability | |
| CISEC:4027 | OpenSSL Security Bypass Vulnerability | |
| CISEC:4059 | ImageMagick Memory Leaks Vulnerability | |
| CISEC:4060 | ImageMagick memory leaks in ReadPWPImage | |
| CISEC:4063 | ImageMagick Memory Leaks | |
| CISEC:4058 | ImageMagick Information Disclosure Vulnerability | |
| CISEC:4061 | ImageMagick Information Disclosure Vulnerability | |
| CISEC:4062 | ImageMagick heap buffer overflow in sixel_decode | |
| 2018-03-02 | CISEC:4019 | Use after free in V8 |
| CISEC:4010 | Universal Cross-Site Scripting in V8 | |
| CISEC:4018 | Stack buffer overflow in QUIC | |
| CISEC:4011 | Out of bounds read in V8 | |
| 2018-02-23 | CISEC:3921 | Windows IPSec Denial of Service Vulnerability |
| CISEC:3913 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:3914 | Windows Elevation of Privilege Vulnerability | |
| CISEC:3920 | Windows Elevation of Privilege Vulnerability | |
| CISEC:3982 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure | |
| CISEC:3993 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication | |
| CISEC:3987 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema | |
| CISEC:3998 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema | |
| CISEC:4001 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging (OpenSSL | |
| CISEC:3988 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3991 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3992 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3995 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3996 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3985 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB | |
| CISEC:3990 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS | |
| CISEC:3983 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML | |
| CISEC:3986 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML | |
| CISEC:4000 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML | |
| CISEC:3989 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:3981 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges | |
| CISEC:3984 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges | |
| CISEC:3997 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition | |
| CISEC:3999 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition | |
| CISEC:3994 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB | |
| CISEC:3960 | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization | |
| CISEC:3908 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3909 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3910 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3911 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3912 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3903 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3904 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3905 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3906 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3907 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE | |
| CISEC:3958 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS | |
| CISEC:3954 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n | |
| CISEC:3953 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot | |
| CISEC:3957 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT | |
| CISEC:3951 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT | |
| CISEC:3955 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX | |
| CISEC:3952 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer | |
| CISEC:3956 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment | |
| CISEC:3959 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment | |
| CISEC:3947 | Use of uninitialized value in Skia | |
| CISEC:3937 | Use after free in PDFium | |
| CISEC:3949 | Use after free in PDFium | |
| CISEC:3930 | Use after free in libXML | |
| CISEC:3942 | URL spoofing in Omnibox | |
| CISEC:3933 | URL Spoof in Omnibox | |
| CISEC:3935 | URL Spoof in Omnibox | |
| CISEC:3946 | URL Spoof in Omnibox | |
| CISEC:3939 | Unsafe navigation in Chromecast Plugin | |
| CISEC:3936 | Type confusion in WebAssembly | |
| CISEC:3902 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:3925 | Rogue Data Cache Load Vulnerability | |
| CISEC:3941 | Pointer information disclosure in IPC call | |
| CISEC:3940 | Out of bounds write in Skia | |
| CISEC:3934 | Out of bounds write in QUIC | |
| CISEC:3931 | Out of bounds read in Blink | |
| CISEC:3918 | OpenType Font Driver Information Disclosure Vulnerability | |
| CISEC:3919 | OpenType Font Driver Elevation of Privilege Vulnerability | |
| CISEC:3932 | Issue with SPAKE implementation in BoringSSL | |
| CISEC:3948 | Integer overflow in ICU | |
| CISEC:3938 | Insufficient blocking of JavaScript in Omnibox | |
| CISEC:3945 | Heap buffer overflow in PDFium | |
| CISEC:3915 | Guidance to mitigate speculative execution side-channel vulnerabilities | |
| CISEC:3950 | Cross origin leak of redirect URL in Blink | |
| CISEC:3944 | Cross origin information disclosure in Skia | |
| CISEC:3924 | Branch Target Injection Vulnerability | |
| CISEC:3928 | .NET Security Feature Bypass Vulnerability | |
| CISEC:3927 | .NET and .NET Core Denial Of Service Vulnerability | |
| 2018-02-16 | CISEC:3900 | Windows Elevation of Privilege Vulnerability |
| CISEC:3890 | Microsoft Word Remote Code Execution Vulnerability | |
| CISEC:3891 | Microsoft Word Remote Code Execution Vulnerability | |
| CISEC:3892 | Microsoft Word Remote Code Execution Vulnerability | |
| CISEC:3896 | Microsoft Word Remote Code Execution Vulnerability | |
| CISEC:3893 | Microsoft Word Memory Corruption Vulnerability | |
| CISEC:3901 | Microsoft Word Memory Corruption Vulnerability | |
| CISEC:3889 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:3898 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:3894 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3895 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3899 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:3897 | Microsoft Access Tampering Vulnerability | |
| 2018-02-09 | CISEC:3872 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CISEC:3883 | Windows Information Disclosure Vulnerability | |
| CISEC:3884 | Windows Information Disclosure Vulnerability | |
| CISEC:3886 | Windows Information Disclosure Vulnerability | |
| CISEC:3882 | Windows Elevation of Privilege Vulnerability | |
| CISEC:3885 | Windows Elevation of Privilege Vulnerability | |
| CISEC:3860 | Scripting Engine Security Feature Bypass | |
| CISEC:3853 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3855 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3856 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3857 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3858 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3859 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3862 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3863 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3864 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3865 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3866 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3867 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3869 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3870 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3854 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:3887 | Microsoft Word Remote Code Execution Vulnerability | |
| CISEC:3888 | Microsoft Word Remote Code Execution Vulnerability | |
| CISEC:3850 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:3849 | Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability | |
| CISEC:3851 | Microsoft Outlook Remote Code Execution Vulnerability | |
| CISEC:3852 | Microsoft Outlook Remote Code Execution Vulnerability | |
| CISEC:3861 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3868 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:3871 | Microsoft Color Management Information Disclosure Vulnerability | |
| 2018-02-02 | CISEC:3833 | Cumulative Security Update for Internet Explorer |
| 2018-01-26 | CISEC:3808 | Windows RRAS Service Remote Code Execution Vulnerability |
| CISEC:3811 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3812 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3813 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3814 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3816 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3818 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3819 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3820 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3821 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3815 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:3817 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:3807 | Microsoft SharePoint Elevation of Privilege Vulnerability | |
| CISEC:3822 | Microsoft PowerPoint Information Disclosure Vulnerability | |
| CISEC:3806 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:3810 | Microsoft Exchange Spoofing Vulnerability | |
| 2018-01-19 | CISEC:3789 | Scripting Engine Memory Corruption Vulnerability |
| CISEC:3790 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3791 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3792 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3794 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3795 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3796 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3797 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3798 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3799 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3793 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:3802 | Microsoft Windows Security Feature Bypass Vulnerability | |
| CISEC:3801 | Microsoft Windows Information Disclosure Vulnerability | |
| CISEC:3803 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | |
| CISEC:3804 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | |
| CISEC:3805 | Microsoft Excel Remote Code Execution Vulnerability | |
| CISEC:3800 | Microsoft Edge Memory Corruption Vulnerability | |
| 2018-01-12 | CVE-2014-7952 | The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. |
| CISEC:3772 | Scripting Engine Memory Corruption Vulnerability | |
| 2018-01-05 | CISEC:3734 | Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
| CISEC:3736 | Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3742 | Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3738 | Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3739 | Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3740 | Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3733 | Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3743 | Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3735 | Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3737 | Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3744 | Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3741 | Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3762 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability | |
| CISEC:3766 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability | |
| CISEC:3758 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability | |
| CISEC:3759 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability | |
| CISEC:3746 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability | |
| CISEC:3747 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability | |
| CISEC:3750 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability | |
| CISEC:3752 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability | |
| CISEC:3753 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability | |
| CISEC:3755 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability | |
| CISEC:3763 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability | |
| CISEC:3764 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability | |
| CISEC:3751 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability | |
| CISEC:3760 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability | |
| CISEC:3761 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability | |
| CISEC:3756 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability | |
| CISEC:3765 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability | |
| CISEC:3767 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability | |
| CISEC:3745 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability | |
| CISEC:3748 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability | |
| CISEC:3749 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability | |
| CISEC:3754 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability | |
| CISEC:3757 | Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability | |
| 2017-12-29 | CISEC:3713 | Windows Wireless WPA Group Key Reinstallation Vulnerability |
| CISEC:3721 | Vulnerability in the MySQL Serverk component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3709 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication | |
| CISEC:3718 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth | |
| CISEC:3719 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema | |
| CISEC:3710 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3707 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3717 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:3722 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached | |
| CISEC:3720 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB | |
| CISEC:3723 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS | |
| CISEC:3708 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:3706 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs | |
| CISEC:3711 | Vulnerability in MySQL Server 5.6.35 and earlier, 5.7.18 and earlier | |
| CISEC:3724 | Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3725 | Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3727 | Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3726 | Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3675 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3714 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3705 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3716 | Microsoft Excel Security Feature Bypass Vulnerability | |
| CISEC:3715 | Microsoft Excel Memory Corruption Vulnerability | |
| 2017-12-27 | CVE-2015-7889 | The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote... |
| 2017-12-22 | CISEC:3654 | Windows Search Denial of Service Vulnerability |
| CISEC:3648 | Windows Media Player Information Disclosure Vulnerability | |
| CISEC:3653 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3655 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3656 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3657 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3658 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3642 | Windows Information Disclosure Vulnerability | |
| CISEC:3644 | Windows Information Disclosure Vulnerability | |
| CISEC:3652 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:3641 | Windows EOT Font Engine Information Disclosure Vulnerability | |
| CISEC:3643 | Windows EOT Font Engine Information Disclosure Vulnerability | |
| CISEC:3635 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS | |
| CISEC:3637 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc | |
| CISEC:3638 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment | |
| CISEC:3636 | Vulnerability in Java SE: 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 | |
| CISEC:3639 | Stack overflow in V8 | |
| CISEC:3669 | Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3674 | Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3684 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3682 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3683 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3685 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:3677 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3678 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3679 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3680 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3681 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3659 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3660 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3665 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3666 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3667 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3668 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3661 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3662 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3663 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3664 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3670 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3671 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3672 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3673 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3676 | Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier | |
| CISEC:3704 | Microsoft Word Memory Corruption Vulnerability | |
| CISEC:3650 | Microsoft Project Server Elevation of Privilege Vulnerability | |
| CISEC:3651 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:3649 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:3646 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:3647 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:3645 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:3640 | Device Guard Security Feature Bypass Vulnerability | |
| 2017-12-15 | CISEC:3634 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO |
| CISEC:3613 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3614 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3615 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3616 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3617 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3618 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3619 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3620 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3621 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3622 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3623 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3624 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3626 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3625 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:3627 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:3630 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:3632 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:3629 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:3628 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3631 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3633 | Microsoft Edge Information Disclosure Vulnerability | |
| 2017-12-08 | CISEC:3579 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
| CISEC:3577 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS | |
| CISEC:3576 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS | |
| CISEC:3578 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS | |
| CISEC:3553 | Vulnerability in the MySQL Server component of Oracle MySQL | |
| CISEC:3554 | Vulnerability in the MySQL Server component of Oracle MySQL | |
| CISEC:3555 | Vulnerability in the MySQL Server component of Oracle MySQL | |
| CISEC:3575 | Vulnerability in the MySQL Server component of Oracle MySQL | |
| CISEC:3573 | Vulnerability in Java SE: 6u161, 7u151, 8u144; Java SE Embedded: 8u144 | |
| CISEC:3562 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 | |
| CISEC:3563 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 | |
| CISEC:3565 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 | |
| CISEC:3567 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 | |
| CISEC:3574 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 | |
| CISEC:3564 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 | |
| CISEC:3566 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 | |
| CISEC:3568 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 | |
| CISEC:3569 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 | |
| CISEC:3570 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 | |
| CISEC:3571 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 | |
| CISEC:3572 | Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 | |
| CISEC:3559 | URL spoofing in OmniBox | |
| CISEC:3558 | URL spoofing in extensions UI | |
| CISEC:3560 | Referrer leak in Devtools | |
| CISEC:3557 | Null pointer dereference in ImageCapture | |
| CISEC:3561 | Incorrect registry key handling in PlatformIntegration | |
| CISEC:3544 | Incorrect handling of picture ID in WebRTC | |
| CISEC:3556 | Extension limitation bypass in Extensions | |
| CISEC:3550 | Blink in Google Chrome | |
| CISEC:3545 | An out-of-bounds read in V8 | |
| CISEC:3547 | An out-of-bounds read in V8 | |
| CISEC:3546 | An incorrect assumption about block structure in Blink | |
| CISEC:3543 | Address spoofing in Omnibox | |
| CISEC:3548 | A use after free in printing | |
| CISEC:3549 | A use after free in Blink | |
| 2017-12-01 | CISEC:3518 | URL spoofing in OmniBox |
| CISEC:3519 | UI spoofing in Blink | |
| CISEC:3523 | The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY... | |
| CISEC:3525 | The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange | |
| CISEC:3520 | Out of bounds write in Skia | |
| CISEC:3522 | Out of bounds write in Skia | |
| CISEC:3521 | Out of bounds read in Skia | |
| CISEC:3516 | Heap overflow in libxml2 | |
| CISEC:3517 | Content security bypass | |
| CISEC:3524 | An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites... | |
| 2017-11-24 | CISEC:3502 | UXSS with MHTML |
| CISEC:3498 | Use after free in WebAudio | |
| CISEC:3495 | Use after free in PDFium | |
| CISEC:3503 | Use after free in PDFium | |
| CISEC:3492 | Use after free in Chrome Apps | |
| CISEC:3485 | URL spoofing in OmniBox | |
| CISEC:3490 | URL spoofing in OmniBox | |
| CISEC:3493 | URL spoofing in OmniBox | |
| CISEC:3488 | Uninitialized use in Skia | |
| CISEC:3489 | Uninitialized use in Skia | |
| CISEC:3491 | UI spoofing in payments dialog | |
| CISEC:3494 | UI spoofing in browser | |
| CISEC:3486 | Type confusion in PDFium | |
| CISEC:3512 | The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message | |
| CISEC:3513 | The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times | |
| CISEC:3514 | The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths | |
| CISEC:3496 | Out of bounds read in V8 | |
| CISEC:3515 | Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service | |
| CISEC:3511 | Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service | |
| CISEC:3497 | Incorrect stack manipulation in WebAssembly | |
| CISEC:3504 | Heap overflow in WebGL | |
| CISEC:3501 | Heap overflow in Skia | |
| 2017-11-17 | CISEC:3426 | Windows Update Delivery Optimization Elevation of Privilege Vulnerability |
| CISEC:3421 | Windows Subsystem for Linux Denial of Service Vulnerability | |
| CISEC:3465 | Windows Storage Security Feature Bypass Vulnerability | |
| CISEC:3410 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:3416 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:3466 | Windows SMB Elevation of Privilege Vulnerability | |
| CISEC:3413 | Windows SMB Denial of Service Vulnerability | |
| CISEC:3429 | Windows Shell Remote Code Execution Vulnerability | |
| CISEC:3427 | Windows Shell Memory Corruption Vulnerability | |
| CISEC:3432 | Windows Security Feature Bypass Vulnerability | |
| CISEC:3431 | Windows Search Remote Code Execution Vulnerability | |
| CISEC:3411 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3412 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3414 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3415 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3422 | Windows Information Disclosure Vulnerability | |
| CISEC:3474 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:3424 | Windows Elevation of Privilege Vulnerability | |
| CISEC:3428 | Windows DNSAPI Remote Code Execution Vulnerability | |
| CISEC:3484 | User information leak via SVG | |
| CISEC:3470 | Use after free in V8 | |
| CISEC:3441 | Use after free in print preview | |
| CISEC:3445 | Use after free in credit card autofill | |
| CISEC:3439 | Use after free in Apps Bluetooth | |
| CISEC:3436 | UI spoofing in Blink | |
| CISEC:3440 | UI spoofing in Blink | |
| CISEC:3434 | Type confusion in V8 | |
| CISEC:3430 | TRIE Remote Code Execution Vulnerability | |
| CISEC:3460 | Skype for Business Elevation of Privilege Vulnerability | |
| CISEC:3447 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3448 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3449 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3450 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3451 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3452 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3453 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3454 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3455 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3456 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3457 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3417 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3418 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3419 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3420 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3438 | Possible command injection in mailto handling | |
| CISEC:3444 | Out of bounds read in V8 | |
| CISEC:3425 | Microsoft Windows Security Feature Bypass | |
| CISEC:3423 | Microsoft Search Information Disclosure Vulnerability | |
| CISEC:3464 | Microsoft Outlook Security Feature Bypass Vulnerability | |
| CISEC:3459 | Microsoft Outlook Information Disclosure Vulnerability | |
| CISEC:3461 | Microsoft Office SharePoint XSS Vulnerability | |
| CISEC:3462 | Microsoft Office SharePoint XSS Vulnerability | |
| CISEC:3463 | Microsoft Office SharePoint XSS Vulnerability | |
| CISEC:3467 | Microsoft JET Database Engine Remote Code Execution Vulnerability | |
| CISEC:3468 | Microsoft JET Database Engine Remote Code Execution Vulnerability | |
| CISEC:3472 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3473 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3446 | Information leak in CSP reporting | |
| CISEC:3442 | Heap buffer overflow in Skia | |
| CISEC:3435 | Extension verification bypass | |
| CISEC:3437 | Address spoofing in Omnibox | |
| 2017-11-10 | CISEC:3397 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CISEC:3390 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:3391 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:3378 | Use after free in PPAPI | |
| CISEC:3379 | Use after free in IndexedDB | |
| CISEC:3384 | UI spoofing in Blink | |
| CISEC:3386 | Type confusion in extensions | |
| CISEC:3408 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3409 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3385 | Out-of-bounds write in PDFium | |
| CISEC:3377 | OpenSSL Security Bypass Vulnerability | |
| CISEC:3394 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:3395 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3392 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:3396 | Microsoft Graphics Remote Code Execution Vulnerability | |
| CISEC:3393 | Microsoft Graphics Information Disclosure Vulnerability | |
| CISEC:3387 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:3388 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:3389 | Internet Explorer Information Disclosure Vulnerability | |
| 2017-11-03 | CISEC:3353 | Remote Code Execution Vulnerability in Apache Tomcat 7.0.0 to 7.0.79 |
| CISEC:3358 | RAR decompression memory corruption | |
| CISEC:3357 | RAR Decompression Denial Of Service Vulnerability | |
| CISEC:3355 | Out-of-bounds access in V8 | |
| CISEC:3356 | Out-of-bounds access in V8 | |
| CISEC:3354 | Information Disclosure Vulnerability in Apache Tomcat 7.0.0 to 7.0.80 | |
| CISEC:3351 | IBM WebSphere MQ and IBM MQ Appliance proliferation of channel agents causes denial of service | |
| CISEC:3352 | IBM MQ Java clients might send a password in clear text | |
| CISEC:3311 | IBM MQ cluster channel definition causes denial of service to cluster | |
| CISEC:3350 | IBM MQ and IBM WebSphere MQ Trace enablement could cause denial of service | |
| CISEC:3310 | IBM MQ administration command could cause denial of service | |
| 2017-10-27 | CISEC:3264 | Windows Shell Remote Code Execution Vulnerability |
| CISEC:3267 | Windows Security Feature Bypass Vulnerability | |
| CISEC:3257 | Windows Information Disclosure Vulnerability | |
| CISEC:3256 | Windows Elevation of Privilege Vulnerability | |
| CISEC:3270 | Windows DHCP Server Remote Code Execution Vulnerability | |
| CISEC:3268 | Uniscribe Remote Code Execution Vulnerability | |
| CISEC:3259 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3260 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3261 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3262 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3263 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3269 | Remote Desktop Virtual Host Remote Code Execution Vulnerability | |
| CISEC:3286 | Plaintext Credentials Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 | |
| CISEC:3251 | Microsoft Office Publisher Remote Code Execution | |
| CISEC:3252 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3258 | Microsoft Bluetooth Driver Spoofing Vulnerability | |
| CISEC:3280 | Local Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 | |
| CISEC:3254 | Internet Explorer Spoofing Vulnerability | |
| CISEC:3253 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:3255 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:3309 | IBM MQ Invalid channel protocol flows cause denial of service on HP-UX | |
| CISEC:3307 | IBM MQ Channel data conversion denial of service | |
| CISEC:3308 | IBM MQ and IBM WebSphere MQ invalid requests could cause denial of service to MQXR listener | |
| CISEC:3266 | Device Guard Security Feature Bypass Vulnerability | |
| CISEC:3276 | Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 | |
| CISEC:3281 | Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 | |
| CISEC:3271 | Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x | |
| CISEC:3278 | Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 | |
| CISEC:3265 | .NET Framework Remote Code Execution Vulnerability | |
| 2017-10-20 | CISEC:3221 | Windows GDI+ Information Disclosure Vulnerability |
| CISEC:3236 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3240 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3241 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3242 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3245 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3247 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3248 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3246 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:3222 | PowerPoint Remote Code Execution Vulnerability | |
| CISEC:3228 | PowerPoint Remote Code Execution Vulnerability | |
| CISEC:3237 | NetBIOS Remote Code Execution Vulnerability | |
| CISEC:3226 | Microsoft PDF Remote Code Execution Vulnerability | |
| CISEC:3229 | Microsoft PDF Remote Code Execution Vulnerability | |
| CISEC:3233 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3234 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3235 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:3219 | Microsoft Graphics Component Remote Code Execution | |
| CISEC:3216 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:3215 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:3244 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:3214 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3243 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:3213 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:3223 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:3224 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:3230 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:3231 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:3232 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:3227 | Hyper-V Denial of Service Vulnerability | |
| CISEC:3220 | Graphics Component Information Disclosure Vulnerability | |
| CISEC:3238 | Broadcom BCM43xx Remote Code Execution Vulnerability | |
| 2017-10-18 | CVE-2014-3164 | cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder... |
| 2017-10-13 | CISEC:3203 | Windows Kernel Information Disclosure Vulnerability |
| CISEC:3205 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3197 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3200 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:3210 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:3211 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:3212 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:3204 | Win32k Information Disclosure Vulnerability | |
| CISEC:3192 | Win32k Information Disclosure Vulnerability | |
| CISEC:3196 | Win32k Information Disclosure Vulnerability | |
| CISEC:3198 | Win32k Information Disclosure Vulnerability | |
| CISEC:3199 | Win32k Information Disclosure Vulnerability | |
| CISEC:3191 | Win32k Graphics Remote Code Execution Vulnerability | |
| CISEC:3194 | Win32k Graphics Information Disclosure Vulnerability | |
| CISEC:3193 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:3201 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:3159 | Vulnerability in ImageMagick 7.0.5-8 | |
| CISEC:3169 | Vulnerability in ImageMagick 7.0.5-7 | |
| CISEC:3175 | Vulnerability in ImageMagick 7.0.5-7 | |
| CISEC:3158 | Vulnerability in ImageMagick 7.0.5-5 | |
| CISEC:3160 | Vulnerability in ImageMagick 7.0.5-5 | |
| CISEC:3168 | Vulnerability in ImageMagick 7.0.5-5 | |
| CISEC:3172 | Vulnerability in ImageMagick 7.0.5-5 | |
| CISEC:3174 | Vulnerability in ImageMagick 7.0.5-5 | |
| CISEC:3163 | Use of uninitialized value in Skia | |
| CISEC:3171 | Use of uninitialized value in Skia | |
| CISEC:3162 | Use after free in PDFium | |
| CISEC:3166 | Type confusion in V8 | |
| CISEC:3167 | Type confusion in V8 | |
| CISEC:3181 | The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file | |
| CISEC:3186 | The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file | |
| CISEC:3161 | Potential HTTPS downgrade during redirect navigation | |
| CISEC:3202 | Microsoft SharePoint XSS Vulnerability | |
| CISEC:3195 | Microsoft SharePoint Cross Site Scripting Vulnerability | |
| CISEC:3189 | Microsoft Exchange Information Disclosure Vulnerability | |
| CISEC:3187 | Microsoft Exchange Cross-Site Scripting Vulnerability | |
| CISEC:3176 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:3208 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:3179 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:3207 | Microsoft Edge Remote Code Execution Vulnerability | |
| CISEC:3206 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:3178 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:3209 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3177 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3173 | Memory lifecycle issue in PDFium | |
| CISEC:3131 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3132 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3133 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3156 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3157 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3129 | In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3121 | In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3122 | In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3123 | In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3183 | In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3124 | In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3127 | In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3180 | In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3125 | In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3128 | In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3184 | In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3126 | In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3185 | In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3130 | In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3182 | In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak | |
| CISEC:3155 | Heap buffer overflow vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3170 | Heap buffer overflow in WebGL | |
| CISEC:3165 | Heap buffer overflow in Skia | |
| CISEC:3164 | Bypass of Content Security Policy in Blink | |
| 2017-10-06 | CISEC:3105 | Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
| CISEC:3098 | Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3113 | Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3109 | Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3107 | Office Remote Code Execution Vulnerability | |
| CISEC:3099 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3106 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3108 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3111 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3112 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3114 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3110 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3117 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3116 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3115 | Information disclosure vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| 2017-09-29 | CISEC:3081 | Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
| CISEC:3079 | Vulnerability in Oracle Java SE: 7u141 and 8u131 | |
| CISEC:3080 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | |
| CISEC:3083 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | |
| CISEC:3084 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | |
| CISEC:3082 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | |
| CISEC:3054 | RPCoRDMA dissector infinite loop | |
| CISEC:3075 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability | |
| CISEC:3055 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability | |
| CISEC:3058 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability | |
| CISEC:3068 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability | |
| CISEC:3077 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability | |
| CISEC:3057 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability | |
| CISEC:3069 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3070 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3071 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3073 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3074 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3056 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3059 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3061 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3064 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3065 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3066 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3067 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3078 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability | |
| CISEC:3060 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability | |
| CISEC:3062 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability | |
| CISEC:3063 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability | |
| CISEC:3076 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability | |
| 2017-09-27 | CVE-2015-1526 | The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. |
| CVE-2015-1537 | Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | |
| 2017-09-25 | CVE-2014-0997 | WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android... |
| CVE-2011-4667 | The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6),... | |
| CVE-2010-3050 | Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | |
| CVE-2010-3049 | Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | |
| 2017-09-22 | CISEC:3008 | Windows NetBIOS Denial of Service Vulnerability |
| CISEC:3010 | Vulnerability in the MySQL Server | |
| CISEC:3047 | Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | |
| CISEC:3025 | Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3037 | Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3026 | Type Confusion vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3000 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3001 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3002 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3009 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3013 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3019 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3046 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3048 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:3018 | Microsoft SQL Server Analysis Services Information Disclosure Vulnerability | |
| CISEC:3007 | Microsoft JET Database Engine Remote Code Execution Vulnerability | |
| CISEC:3016 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:3011 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:3012 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3014 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3015 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:3003 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:3004 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:3020 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3021 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3022 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3023 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3024 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3027 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3028 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3029 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3030 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3032 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3033 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3034 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3035 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3036 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3038 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3039 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3040 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3042 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3043 | Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3044 | Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier | |
| CISEC:3005 | Internet Explorer Security Feature Bypass Vulnerability | |
| CISEC:3006 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:3052 | IMAP dissector crash | |
| CISEC:3053 | DOF dissector infinite loop | |
| 2017-09-15 | CISEC:2987 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CISEC:2988 | Windows Subsystem for Linux Denial of Service Vulnerability | |
| CISEC:2959 | Windows Search Remote Code Execution Vulnerability | |
| CISEC:2968 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |
| CISEC:2980 | Windows PDF Remote Code Execution Vulnerability | |
| CISEC:2985 | Windows IME Remote Code Execution Vulnerability | |
| CISEC:2958 | Windows Hyper-V Remote Code Execution Vulnerability | |
| CISEC:2956 | Windows Hyper-V Denial of Service Vulnerability | |
| CISEC:2974 | Windows Error Reporting Elevation of Privilege Vulnerability | |
| CISEC:2986 | Windows CLFS Elevation of Privilege Vulnerability | |
| CISEC:2957 | Win32k Information Disclosure Vulnerability | |
| CISEC:2955 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2983 | Vulnerability in the MySQL Server | |
| CISEC:2972 | Volume Manager Extension Driver Information Disclosure Vulnerability | |
| CISEC:2984 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2989 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2982 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2960 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2961 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2962 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2963 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2964 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2975 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2978 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2979 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2981 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:2971 | Microsoft Office SharePoint XSS Vulnerability | |
| CISEC:2969 | Microsoft Office Outlook Security Feature Bypass Vulnerability | |
| CISEC:2967 | Microsoft Office Outlook Memory Corruption Vulnerability | |
| CISEC:2973 | Microsoft Office Outlook Information Disclosure Vulnerability | |
| CISEC:2976 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:2977 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CVE-2015-1527 | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | |
| CISEC:2970 | Express Compressed Fonts Remote Code Execution Vulnerability | |
| 2017-09-08 | CISEC:2923 | Vulnerability in MySQL Server 5.7.18 and earlier |
| CISEC:2924 | Vulnerability in MySQL Server 5.7.18 and earlier | |
| CISEC:2926 | Vulnerability in MySQL Server 5.7.18 and earlier | |
| CISEC:2927 | Vulnerability in MySQL Server 5.7.18 and earlier | |
| CISEC:2932 | Vulnerability in MySQL Server 5.7.18 and earlier | |
| CISEC:2925 | Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier | |
| CISEC:2928 | Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier | |
| CISEC:2929 | Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier | |
| CISEC:2931 | Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier | |
| CISEC:2930 | Vulnerability in MySQL Cluster 7.3.5 and earlier | |
| CISEC:2938 | Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131 | |
| CISEC:2935 | Vulnerability in Java SE: 7u141, 8u131 | |
| CISEC:2933 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | |
| CISEC:2934 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | |
| CISEC:2936 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | |
| CISEC:2937 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | |
| CISEC:2940 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | |
| CISEC:2941 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | |
| CISEC:2939 | Vulnerability in Java SE: 6u151, 7u141, 8u131 | |
| CISEC:2942 | Vulnerability in Java SE: 6u151, 7u141, 8u131 | |
| CISEC:2843 | Unspecified vulnerability in Oracle Java SE 8u131 | |
| CISEC:2847 | Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131 | |
| CISEC:2838 | Unspecified vulnerability in Oracle Java SE 7u141, and 8u131 | |
| CISEC:2839 | Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14 | |
| CISEC:2841 | Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 | |
| CISEC:2842 | Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 | |
| CISEC:2845 | Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 | |
| CISEC:2846 | Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 | |
| CISEC:2840 | Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131 | |
| CISEC:2844 | Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131 | |
| 2017-09-01 | CISEC:2867 | WBXML dissector infinite loop |
| CISEC:2850 | Vulnerability in the MySQL Server | |
| CISEC:2853 | Vulnerability in Oracle MySQL 5.7.18 and earlier | |
| CISEC:2857 | Vulnerability in Oracle MySQL 5.7.18 and earlier | |
| CISEC:2859 | Vulnerability in Oracle MySQL 5.7.18 and earlier | |
| CISEC:2861 | Vulnerability in Oracle MySQL 5.7.18 and earlier | |
| CISEC:2862 | Vulnerability in Oracle MySQL 5.7.18 and earlier | |
| CISEC:2858 | Vulnerability in Oracle MySQL 5.7.16 and earlier | |
| CISEC:2854 | Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier | |
| CISEC:2860 | Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier | |
| CISEC:2855 | Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier | |
| CISEC:2856 | Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier | |
| CISEC:2852 | Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | |
| CISEC:2848 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2849 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2864 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2865 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2866 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2863 | NetScaler file parser infinite loop | |
| CISEC:2851 | Microsoft Browser Security Feature Bypass | |
| 2017-08-25 | CISEC:2816 | Windows PowerShell Remote Code Execution Vulnerability |
| CISEC:2802 | Windows IME Elevation of Privilege Vulnerability | |
| CISEC:2795 | Windows Explorer Remote Code Execution Vulnerability | |
| CISEC:2796 | Windows Elevation of Privilege Vulnerability | |
| CISEC:2803 | Windows CLFS Elevation of Privilege Vulnerability | |
| CISEC:2799 | Windows ALPC Elevation of Privilege Vulnerability | |
| CISEC:2827 | Use after free in Blink | |
| CISEC:2798 | SharePoint Server XSS Vulnerability | |
| CISEC:2837 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2805 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2806 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2817 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2818 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2819 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2820 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2801 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | |
| CISEC:2813 | Local Information Disclosure Vulnerability in ImageMagick before 7.0.5-2 | |
| CISEC:2809 | Local Denial of Service Vulnerability in ImageMagick 7.0.5-7 | |
| CISEC:2825 | Incorrect UI in Blink | |
| CISEC:2824 | Incorrect signature handing in Networking | |
| CISEC:2797 | Https.sys Information Disclosure Vulnerability | |
| CISEC:2804 | HoloLens Remote Code Execution Vulnerability | |
| CISEC:2828 | Heap overflow in Skia | |
| CISEC:2800 | DirectX Elevation of Privilege Vulnerability | |
| CISEC:2812 | Denial of Service Vulnerability in ImageMagick 7.0.5-7 | |
| CISEC:2808 | Denial of Service Vulnerability in ImageMagick 7.0.5-6 | |
| CISEC:2811 | Denial of Service Vulnerability in ImageMagick 7.0.5-6 | |
| CISEC:2815 | Denial of Service Vulnerability in ImageMagick 7.0.5-6 | |
| CISEC:2807 | Denial of Service Vulnerability in ImageMagick 7.0.5-5 | |
| CISEC:2810 | Denial of Service Vulnerability in ImageMagick 7.0.5-5 | |
| CISEC:2814 | Denial of Service Vulnerability in ImageMagick 7.0.5-5 | |
| CISEC:2826 | Cross-origin bypass in Blink | |
| 2017-08-18 | CISEC:2781 | WordPad Remote Code Execution Vulnerability |
| CISEC:2757 | Windows System Information Console Information Disclosure Vulnerability | |
| CISEC:2782 | Windows Search Remote Code Execution Vulnerability | |
| CISEC:2756 | Windows Performance Monitor Information Disclosure Vulnerability | |
| CISEC:2751 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2749 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:2742 | Windows Explorer Denial of Service Vulnerability | |
| CISEC:2745 | Win32k Information Disclosure Vulnerability | |
| CISEC:2747 | Win32k Information Disclosure Vulnerability | |
| CISEC:2743 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2744 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2746 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2748 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2750 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2775 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2779 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2729 | Office Remote Code Execution Vulnerability | |
| CISEC:2730 | Office Remote Code Execution Vulnerability | |
| CISEC:2731 | Office Remote Code Execution Vulnerability | |
| CISEC:2732 | Office Remote Code Execution Vulnerability | |
| CISEC:2738 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:2739 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:2740 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2741 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2761 | Microsoft Graphics Component Information Disclosure Vulnerability | |
| CISEC:2758 | Microsoft Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:2759 | Microsoft Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:2760 | Microsoft Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:2762 | Microsoft Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:2733 | Microsoft Exchange Open Redirect Vulnerability | |
| CISEC:2734 | Microsoft Exchange Cross-Site Scripting Vulnerability | |
| CISEC:2736 | Microsoft Exchange Cross-Site Scripting Vulnerability | |
| CISEC:2776 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:2777 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:2778 | Microsoft Edge Remote Code Execution Vulnerability | |
| CISEC:2752 | Microsoft Browser Security Feature Bypass | |
| CISEC:2755 | Kerberos SNAME Security Feature Bypass Vulnerability | |
| CISEC:2780 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:2763 | In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference | |
| CISEC:2772 | In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash | |
| CISEC:2768 | In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer | |
| CISEC:2769 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop | |
| CISEC:2773 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash | |
| CISEC:2764 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory | |
| CISEC:2765 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer | |
| CISEC:2774 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop | |
| CISEC:2767 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop | |
| CISEC:2766 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer | |
| CISEC:2771 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero | |
| CISEC:2770 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop | |
| CISEC:2754 | .NET Denial of Service Vulnerability | |
| 2017-08-11 | CISEC:2719 | WSP infinite loop in Wireshark |
| CISEC:2718 | RTMPT dissector infinite loop in Wireshark | |
| CISEC:2722 | NetScaler file parser infinite loop in Wireshark | |
| CISEC:2727 | Netscaler file parser infinite loop in Wireshark | |
| CISEC:2723 | NetScaler file parser crash in Wireshark | |
| CISEC:2713 | NCP dissector crash in Wireshark | |
| CISEC:2725 | LDSS dissector crash in Wireshark | |
| CISEC:2716 | K12 file parser crash in Wireshark | |
| CISEC:2720 | IAX2 infinite loop in Wireshark | |
| CISEC:2726 | DHCPv6 large loop in Wireshark | |
| CISEC:2715 | Denial of Service Vulnerability in Wireshark 2.2.7 | |
| CISEC:2721 | Denial of Service Vulnerability in Wireshark 2.2.7 | |
| CISEC:2724 | Denial of Service Vulnerability in Wireshark 2.2.7 | |
| CISEC:2714 | Denial of Service Vulnerability in Wireshark | |
| CISEC:2728 | Bluetooth L2CAP dissector crash in Wireshark | |
| CISEC:2717 | ASTERIX infinite loop in Wireshark | |
| 2017-08-07 | CISEC:2697 | Windows VAD Cloning Denial of Service Vulnerability |
| CISEC:2687 | Windows Security Feature Bypass Vulnerability | |
| CISEC:2677 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2678 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2684 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2690 | Windows Elevation of Privilege Vulnerability | |
| CISEC:2694 | Windows Default Folder Tampering Vulnerability | |
| CISEC:2691 | Windows Cursor Elevation of Privilege Vulnerability | |
| CISEC:2692 | Windows COM Session Elevation of Privilege Vulnerability | |
| CVE-2015-3839 | The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). | |
| CISEC:2686 | Sandbox Escape in IndexedDB vulnerability in Google Chrome versions | |
| CISEC:2698 | Microsoft SharePoint Reflective XSS Vulnerability | |
| CISEC:2683 | Hypervisor Code Integrity Elevation of Privilege Vulnerability | |
| CISEC:2685 | GDI Information Disclosure Vulnerablity | |
| CISEC:2688 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:2689 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:2693 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:2695 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| CISEC:2696 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |
| 2017-08-02 | CVE-2012-5030 | Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects. |
| 2017-07-28 | CISEC:2665 | Windows Uniscribe Remote Code Execution Vulnerability |
| CISEC:2667 | Windows Uniscribe Remote Code Execution Vulnerability | |
| CISEC:2662 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:2666 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:2668 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:2670 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:2671 | Windows TDX Elevation of Privilege Vulnerability | |
| CISEC:2674 | Windows Remote Code Execution Vulnerability | |
| CISEC:2669 | Windows PDF Remote Code Execution Vulnerability | |
| CISEC:2672 | Windows PDF Remote Code Execution Vulnerability | |
| CISEC:2664 | Windows PDF Information Disclosure Vulnerability | |
| CISEC:2629 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2631 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2632 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2633 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2634 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2635 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2636 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2637 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2638 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2639 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2640 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2641 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2642 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2643 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2644 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2630 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:2604 | Win32k Information Disclosure Vulnerability | |
| CISEC:2605 | Win32k Information Disclosure Vulnerability | |
| CISEC:2606 | Win32k Information Disclosure Vulnerability | |
| CISEC:2608 | Win32k Information Disclosure Vulnerability | |
| CISEC:2609 | Win32k Information Disclosure Vulnerability | |
| CISEC:2610 | Win32k Information Disclosure Vulnerability | |
| CISEC:2611 | Win32k Information Disclosure Vulnerability | |
| CISEC:2603 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2607 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2628 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2663 | Skype for Business Remote Code Execution Vulnerability | |
| CISEC:2675 | Microsoft SharePoint XSS vulnerability | |
| CISEC:2673 | Microsoft PowerPoint Remote Code Execution Vulnerability | |
| 2017-07-21 | CISEC:2538 | Windows Search Remote Code Execution Vulnerability |
| CISEC:2543 | Windows Search Remote Code Execution Vulnerability | |
| CISEC:2542 | Windows Search Information Disclosure Vulnerability | |
| CISEC:2573 | Windows Graphics Remote Code Execution Vulnerability | |
| CISEC:2571 | Windows Graphics Information Disclosure Vulnerability | |
| CISEC:2572 | Windows Graphics Information Disclosure Vulnerability | |
| CISEC:2574 | Windows Graphics Information Disclosure Vulnerability | |
| CISEC:2575 | Windows Graphics Information Disclosure Vulnerability | |
| CISEC:2576 | Windows Graphics Information Disclosure Vulnerability | |
| CISEC:2577 | Windows Graphics Information Disclosure Vulnerability | |
| CISEC:2578 | Windows Graphics Information Disclosure Vulnerability | |
| CISEC:2541 | Use after free in Chrome Apps | |
| CISEC:2535 | URL spoofing in Omnibox | |
| CISEC:2536 | URL spoofing in Omnibox | |
| CISEC:2544 | URL spoofing in Omnibox | |
| CISEC:2540 | Type confusion in PDFium | |
| CISEC:2537 | Type confusion in Blink | |
| CISEC:2525 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:2528 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:2530 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:2531 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:2532 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:2526 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:2527 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:2529 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:2533 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:2534 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:2539 | Heap use after free in Print Preview | |
| 2017-07-18 | CISEC:2753 | RHSA-2016:2098 -- kernel security update |
| 2017-07-14 | CISEC:2508 | Scripting Engine Memory Corruption Vulnerability |
| CISEC:2509 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2510 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2511 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2512 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2513 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2506 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2507 | Scripting Engine Memory Corruption Vulnerability | |
| 2017-07-07 | CISEC:2425 | XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
| CISEC:2429 | V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux | |
| CVE-2014-7953 | Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target... | |
| CISEC:2432 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | |
| CISEC:2417 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | |
| CISEC:2431 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | |
| CISEC:2416 | Microsoft Malware Protection Engine Denial of Service Vulnerability | |
| CISEC:2418 | Microsoft Malware Protection Engine Denial of Service Vulnerability | |
| CISEC:2419 | Microsoft Malware Protection Engine Denial of Service Vulnerability | |
| CISEC:2424 | Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux | |
| CISEC:2427 | Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation | |
| CVE-2014-7954 | Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files... | |
| CISEC:2423 | Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView | |
| CISEC:2428 | Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux | |
| CISEC:2420 | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux | |
| CISEC:2421 | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux | |
| CISEC:2422 | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux | |
| CISEC:2426 | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux | |
| CISEC:2430 | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux | |
| 2017-06-30 | CISEC:2406 | Use after free in PDFium |
| CISEC:2408 | Use after free in PDFium | |
| CISEC:2409 | Use after free in PDFium | |
| CISEC:2414 | Use after free in GuestView | |
| CISEC:2404 | Use after free in ANGLE | |
| CISEC:2411 | Out of bounds write in PDFium | |
| CISEC:2413 | Multiple out of bounds writes in ChunkDemuxer | |
| CISEC:2401 | Microsoft Malware Protection Engine Denial of Service Vulnerability | |
| CISEC:2402 | Microsoft Malware Protection Engine Denial of Service Vulnerability | |
| CISEC:2399 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:2407 | Memory corruption in V8 | |
| CISEC:2412 | Integer overflow in libxslt | |
| CISEC:2405 | Information disclosure in V8 | |
| CISEC:2410 | Incorrect security UI in Omnibox | |
| CISEC:2403 | Bypass of Content Security Policy in Blink | |
| 2017-06-28 | CISEC:2627 | Security Update for Windows Vista, Windows Server 2008 |
| CISEC:2621 | Security Update for Windows Server 2008, Windows Vista for x64-based Systems | |
| CISEC:2612 | Security Update for Microsoft Office 2007 | |
| CISEC:2616 | April, 2017 Security Only Quality Update for Windows Server 2012 | |
| CISEC:2620 | April, 2017 Security Only Quality Update for Windows 7 for x64-based Systems | |
| CISEC:2625 | April, 2017 Security Only Quality Update for Windows 7 | |
| CISEC:2622 | April, 2017 Security Monthly Quality Rollup for Windows Server 2012 | |
| CISEC:2615 | April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems | |
| CISEC:2617 | April, 2017 Security Monthly Quality Rollup for Windows 7 | |
| 2017-06-27 | CVE-2015-3840 | The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. |
| 2017-06-23 | CISEC:2377 | Windows Kernel Information Disclosure Vulnerability |
| CISEC:2378 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2379 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2384 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2380 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:2373 | Windows Hyper-V vSMB Elevation of Privilege Vulnerability | |
| CISEC:2385 | Windows GDI Information Disclosure Vulnerability | |
| CISEC:2390 | Windows DNS Server Denial of Service Vulnerability | |
| CISEC:2375 | Windows COM Elevation of Privilege Vulnerability | |
| CISEC:2376 | Windows COM Elevation of Privilege Vulnerability | |
| CISEC:2383 | Win32k Information Disclosure Vulnerability | |
| CISEC:2381 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2382 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2389 | Microsoft SharePoint XSS Vulnerability | |
| CISEC:2394 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:2392 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2372 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | |
| CISEC:2391 | Microsoft ActiveX Information Disclosure Vulnerability | |
| CISEC:2374 | Dxgkrnl.sys Elevation of Privilege Vulnerability | |
| CISEC:2393 | .Net Security Feature Bypass Vulnerability | |
| 2017-06-16 | CISEC:2338 | Windows SMB Remote Code Execution Vulnerability |
| CISEC:2342 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:2344 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:2347 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:2337 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:2339 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:2340 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:2343 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:2334 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:2336 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:2346 | Windows SMB Information Disclosure Vulnerability | |
| CISEC:2341 | Windows SMB Denial of Service Vulnerability | |
| CISEC:2345 | Windows SMB Denial of Service Vulnerability | |
| CISEC:2335 | Windows SMB Denial of Service Vulnerability | |
| CISEC:2352 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2353 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2354 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2355 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2357 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2359 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2360 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2361 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2365 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2332 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:2333 | Microsoft Office Remote Code Execution Vulnerability | |
| CISEC:2362 | Microsoft Edge Remote Code Execution Vulnerability | |
| CISEC:2351 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:2363 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:2364 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:2350 | Microsoft Browser Spoofing Vulnerability | |
| CISEC:2366 | Internet Explorer Security Feature Bypass Vulnerability | |
| CISEC:2356 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:2358 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:2349 | Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege | |
| 2017-06-14 | CISEC:2505 | Vulnerable version of JetBrains TeamCity |
| 2017-06-09 | CISEC:2269 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
| CISEC:2270 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2271 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2272 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2273 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2274 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2275 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2276 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2277 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2278 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2279 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2280 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2281 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2282 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2283 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2284 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2285 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2286 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2287 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| CISEC:2288 | Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier | |
| 2017-06-08 | CVE-2014-7919 | b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). |
| 2017-06-06 | CVE-2015-3830 | The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. |
| CVE-2014-9929 | In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist. | |
| CVE-2014-9930 | In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |
| CVE-2014-9927 | In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |
| CVE-2014-9949 | In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist. | |
| CVE-2015-9005 | In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | |
| CVE-2014-9947 | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | |
| CVE-2014-9951 | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. | |
| CVE-2014-9948 | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist. | |
| CVE-2014-9945 | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | |
| CVE-2015-9007 | In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. | |
| CVE-2014-9944 | In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | |
| CVE-2014-9952 | In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | |
| CVE-2014-9941 | In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | |
| CVE-2015-9006 | In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. | |
| CVE-2014-9923 | In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |
| CVE-2014-9925 | In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |
| CVE-2014-9926 | In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |
| CVE-2014-9928 | In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |
| CVE-2014-9950 | In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | |
| CVE-2014-9946 | In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |
| CVE-2014-9943 | In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist. | |
| CVE-2014-9942 | In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. | |
| CVE-2014-9924 | In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. | |
| 2017-06-02 | CISEC:2235 | Scripting Engine Memory Corruption Vulnerability |
| CISEC:2222 | libjpeg Information Disclosure Vulnerability | |
| CISEC:2232 | LDAP Elevation of Privilege Vulnerability | |
| CISEC:2224 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:2226 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:2229 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:2239 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:2225 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:2231 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:2227 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2228 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2230 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2233 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2234 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2236 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2237 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2250 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability | |
| CISEC:2256 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability | |
| CISEC:2242 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability | |
| CISEC:2251 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2252 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2255 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2264 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2266 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2257 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2260 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2261 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2267 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2240 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2243 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2244 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:2258 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability | |
| CISEC:2246 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability | |
| CISEC:2248 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability | |
| CISEC:2265 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability | |
| CISEC:2245 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability | |
| CISEC:2247 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability | |
| CISEC:2249 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability | |
| CISEC:2253 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability | |
| CISEC:2254 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability | |
| CISEC:2262 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability | |
| CISEC:2263 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability | |
| CISEC:2241 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability | |
| CISEC:2223 | ADFS Security Feature Bypass Vulnerability | |
| CISEC:2238 | Active Directory Denial of Service Vulnerability | |
| 2017-05-26 | CISEC:2195 | Windows Elevation of Privilege Vulnerability |
| CISEC:2194 | Windows Denial of Service Vulnerability | |
| CISEC:2215 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges | |
| CISEC:2216 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges | |
| CISEC:2217 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges | |
| CISEC:2211 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption | |
| CISEC:2209 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth | |
| CISEC:2212 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:2210 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API | |
| CISEC:2218 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump | |
| CISEC:2179 | Vulnerability in the MySQL Cluster 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier – CVE-2016-3304 | |
| CISEC:2176 | Vulnerability in Oracle MySQL 5.7.17 and earlier | |
| CISEC:2177 | Vulnerability in Oracle MySQL 5.7.17 and earlier | |
| CISEC:2182 | Vulnerability in Oracle MySQL 5.7.17 and earlier | |
| CISEC:2189 | Vulnerability in Oracle MySQL 5.7.17 and earlier | |
| CISEC:2191 | Vulnerability in Oracle MySQL 5.7.17 and earlier | |
| CISEC:2193 | Vulnerability in Oracle MySQL 5.7.17 and earlier | |
| CISEC:2190 | Vulnerability in Oracle MySQL 5.7.11 to 5.7.17 | |
| CISEC:2183 | Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier | |
| CISEC:2192 | Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier | |
| CISEC:2184 | Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 | |
| CISEC:2185 | Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 | |
| CISEC:2186 | Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 | |
| CISEC:2187 | Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 | |
| CISEC:2178 | Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier | |
| CISEC:2188 | Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier | |
| CISEC:2180 | Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier | |
| CISEC:2181 | Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.20 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 | |
| CISEC:2206 | Vulnerability in Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JCE | |
| CISEC:2221 | Vulnerability in Java SE: 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT | |
| CISEC:2214 | Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking | |
| CISEC:2220 | Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking | |
| CISEC:2219 | Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JAXP | |
| CISEC:2208 | Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Security | |
| CISEC:2207 | Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Networking | |
| CISEC:2213 | Vulnerability in Java SE: 6u141, 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT | |
| CISEC:2174 | Microsoft Office XSS Elevation of Privilege Vulnerability | |
| CISEC:2175 | Microsoft Office XSS Elevation of Privilege Vulnerability | |
| CISEC:2204 | ATMFD.dll Information Disclosure Vulnerability | |
| CISEC:2205 | .NET Remote Code Execution Vulnerability | |
| 2017-05-19 | CISEC:2171 | Windows OLE Elevation of Privilege Vulnerability |
| CISEC:2161 | Windows Kernel Information Disclosure Vulnerability | |
| CISEC:2130 | Windows HelpPane Elevation of Privilege Vulnerability | |
| CISEC:2163 | Windows Graphics Elevation of Privilege Vulnerability | |
| CISEC:2165 | Windows Graphics Component Elevation of Privilege Vulnerability | |
| CISEC:2126 | Windows DNS Query Information Disclosure Vulnerability | |
| CISEC:2128 | Windows DLL Loading Remote Code Execution Vulnerability | |
| CISEC:2170 | Win32k Information Disclosure Vulnerability | |
| CISEC:2162 | Win32k Information Disclosure Vulnerability | |
| CISEC:2169 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2127 | SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability | |
| CISEC:2155 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2156 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2158 | Scripting Engine Information Disclosure Vulnerability | |
| CISEC:2164 | Microsoft Outlook Remote Code Execution Vulnerability | |
| CISEC:2160 | Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API | |
| CISEC:2168 | Microsoft Office Security Feature Bypass Vulnerability | |
| CISEC:2173 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2135 | Microsoft Exchange Server Elevation of Privilege Vulnerability | |
| CISEC:2159 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:2152 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:2154 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:2131 | iSNS Server Memory Corruption Vulnerability | |
| CISEC:2153 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:2157 | Internet Explorer Elevation of Privilege Vulnerability | |
| CISEC:2129 | Device Guard Security Feature Bypass Vulnerability | |
| 2017-05-16 | CVE-2014-9932 | In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. |
| CVE-2014-9933 | Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. | |
| CVE-2014-9934 | A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | |
| CVE-2014-9931 | A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. | |
| 2017-05-14 | CISEC:2367 | Security Update for Windows XP |
| CISEC:2369 | Security Update for Windows Server 2003 for x64-based Systems | |
| CISEC:2370 | Security Update for Windows Server 2003 | |
| CISEC:2371 | Security Update for Windows 8 for x64-based Systems | |
| CISEC:2368 | Security Update for Windows 8 | |
| 2017-05-12 | CISEC:2089 | Windows SMB Remote Code Execution Vulnerability |
| CISEC:2094 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:2095 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:2096 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:2099 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:2101 | Windows SMB Remote Code Execution Vulnerability | |
| CISEC:2090 | Windows Graphics Component Remote Code Execution Vulnerability | |
| CISEC:2106 | Windows Graphics Component Remote Code Execution Vulnerability | |
| CISEC:2100 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:2098 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:2103 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:2105 | Windows GDI+ Information Disclosure Vulnerability | |
| CISEC:2093 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:2097 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:2104 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:2107 | Windows DVD Maker Cross-Site Request Forgery Vulnerability | |
| CISEC:2081 | Windows DirectShow Information Disclosure Vulnerability | |
| CISEC:2125 | Microsoft SharePoint XSS Vulnerability | |
| CISEC:2115 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2116 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2117 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2118 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2120 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2123 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2124 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:2119 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:2121 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:2122 | Microsoft Office Denial of Service Vulnerability | |
| CISEC:2114 | Microsoft IIS Server XSS Elevation of Privilege Vulnerability | |
| CISEC:2074 | Microsoft Hyper-V Network Switch Denial of Service Vulnerability | |
| CISEC:2091 | Microsoft Color Management Information Disclosure Vulnerability | |
| CISEC:2092 | Microsoft Color Management Information Disclosure Vulnerability | |
| CISEC:2080 | Microsoft Active Directory Federation Services Information Disclosure Vulnerability | |
| CISEC:2075 | Hyper-V vSMB Remote Code Execution Vulnerability | |
| CISEC:2078 | Hyper-V vSMB Remote Code Execution Vulnerability | |
| CISEC:2069 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:2076 | Hyper-V Remote Code Execution Vulnerability | |
| CISEC:2071 | Hyper-V Information Disclosure Vulnerability | |
| CISEC:2070 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2072 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2073 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2077 | Hyper-V Denial of Service Vulnerability | |
| CISEC:2079 | Hyper-V Denial of Service Vulnerability | |
| 2017-05-05 | CISEC:2061 | Win32k Elevation of Privilege Vulnerability |
| CISEC:2062 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2063 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2064 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2065 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2066 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2067 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:2068 | Win32k Elevation of Privilege Vulnerability | |
| 2017-05-02 | CVE-2014-9940 | The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. |
| CVE-2015-9004 | kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. | |
| 2017-04-28 | CISEC:2059 | Windows Registry Elevation of Privilege Vulnerability |
| CISEC:2057 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:2060 | Windows GDI Elevation of Privilege Vulnerability | |
| CISEC:2056 | Windows Elevation of Privilege Vulnerability | |
| CISEC:2058 | Windows Elevation of Privilege Vulnerability | |
| 2017-04-24 | CVE-2010-1776 | Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe... |
| 2017-04-21 | CISEC:1970 | Windows Uniscribe Remote Code Execution Vulnerability |
| CISEC:1972 | Windows Uniscribe Remote Code Execution Vulnerability | |
| CISEC:1976 | Windows Uniscribe Remote Code Execution Vulnerability | |
| CISEC:1977 | Windows Uniscribe Remote Code Execution Vulnerability | |
| CISEC:1980 | Windows Uniscribe Remote Code Execution Vulnerability | |
| CISEC:1988 | Windows Uniscribe Remote Code Execution Vulnerability | |
| CISEC:1989 | Windows Uniscribe Remote Code Execution Vulnerability | |
| CISEC:1991 | Windows Uniscribe Remote Code Execution Vulnerability | |
| CISEC:1969 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1971 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1973 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1974 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1975 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1978 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1979 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1981 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1982 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1983 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1984 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1985 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1986 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1987 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1990 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1992 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1993 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1994 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1995 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1996 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:1997 | Windows Uniscribe Information Disclosure Vulnerability | |
| CISEC:2006 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2011 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2012 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2013 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2014 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2016 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2017 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2018 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2020 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2021 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2023 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2024 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2027 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2031 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2033 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2036 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2038 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2001 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2004 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:2005 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1998 | Microsoft XML Core Services Information Disclosure Vulnerability | |
| CISEC:2010 | Microsoft PDF Memory Corruption Vulnerability | |
| CISEC:2015 | Microsoft Internet Explorer Memory Corruption Vulnerability | |
| CISEC:2022 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:2025 | Microsoft Edge Security Feature Bypass Vulnerability | |
| CISEC:2029 | Microsoft Edge Security Feature Bypass | |
| CISEC:2030 | Microsoft Edge Security Feature Bypass | |
| CISEC:2039 | Microsoft Edge Security Feature Bypass | |
| CISEC:2028 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:2008 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:2009 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:2037 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:2035 | Microsoft Browser Spoofing Vulnerability | |
| CISEC:2000 | Microsoft Browser Spoofing Vulnerability | |
| CISEC:2026 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:2019 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:2034 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:2032 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:1999 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:2002 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:2003 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:2007 | Internet Explorer Elevation of Privilege Vulnerability | |
| 2017-04-13 | CVE-2014-7921 | mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. |
| CVE-2014-7920 | mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. | |
| 2017-04-07 | CISEC:1950 | Vulnerability in OpenSSL 1.1.0 before 1.1.0d and OpenSSL 1.0.2 before 1.0.2k |
| CISEC:1949 | Vulnerability in OpenSSL 1.1.0 before 1.1.0d | |
| CISEC:1942 | UI spoofing | |
| CISEC:1943 | Truncated packet could crash via OOB read in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0d | |
| CISEC:1948 | statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length | |
| CISEC:1952 | PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux | |
| CISEC:1944 | Montgomery multiplication may produce incorrect results in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0c | |
| CISEC:1947 | Encrypt-Then-Mac renegotiation crash in OpenSSL 1.1.0 before 1.1.0e | |
| CISEC:1945 | CMS Null dereference vulnerability in OpenSSL 1.1.0 before 1.1.0c | |
| CISEC:1946 | ChaCha20/Poly1305 heap-buffer-overflow in OpenSSL 1.1.0 before 1.1.0c | |
| CISEC:1951 | Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux | |
| CISEC:1953 | Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux | |
| CISEC:1954 | A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux | |
| 2017-04-04 | CVE-2014-9922 | The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. |
| 2017-03-31 | CISEC:1927 | Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a |
| CISEC:1926 | Vulnerability in the ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a | |
| CISEC:1930 | Vulnerability in statem/statem.c in OpenSSL 1.1.0a | |
| CISEC:1931 | Vulnerability in crypto/x509/x509_vfy.c in OpenSSL 1.0.2i | |
| CISEC:1928 | Vulnerability in certificate parser in OpenSSL 1.0.1 before 1.0.1u, and 1.0.2 before 1.0.2i | |
| CISEC:1905 | The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service -... | |
| CISEC:1903 | The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length | |
| CISEC:1900 | The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages | |
| CISEC:1902 | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations | |
| CISEC:1901 | The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results | |
| CISEC:1906 | The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number | |
| CISEC:1907 | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks | |
| CISEC:1929 | Multiple memory leaks in OpenSSL 1.0.1 before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a | |
| CISEC:1904 | Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service | |
| 2017-03-24 | CISEC:1884 | UI spoofing |
| CISEC:1885 | Heap overflow in FFmpeg | |
| CISEC:1865 | Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android | |
| CISEC:1867 | Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs | |
| CISEC:1866 | Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android | |
| CISEC:1863 | Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs | |
| CISEC:1868 | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android | |
| CISEC:1864 | A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android | |
| 2017-03-17 | CISEC:1852 | WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking |
| CISEC:1833 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication | |
| CISEC:1830 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging | |
| CISEC:1831 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging | |
| CISEC:1829 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:1832 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer | |
| CISEC:1846 | Vulnerability in the MySQL Cluster 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier | |
| CISEC:1850 | Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3323 | |
| CISEC:1844 | Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3322 | |
| CISEC:1847 | Vulnerability in the MySQL Cluster 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier – CVE-2016-3321 | |
| CISEC:1827 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control | |
| CISEC:1826 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment | |
| CISEC:1851 | Vulnerability in Java SE 6u131, 7u121 and 8u112; and Java SE Embedded 8u111 | |
| CISEC:1835 | Vulnerability in IBM WebSphere MQ 7.0.1 before 7.0.1.13 | |
| CISEC:1856 | Use after free in Renderer | |
| CISEC:1860 | Use after free in Extensions | |
| CISEC:1855 | Universal XSS in chrome://downloads | |
| CISEC:1862 | Universal XSS in chrome://apps | |
| CISEC:1859 | Type confusion in metrics | |
| CISEC:1858 | Heap overflow in FFmpeg | |
| CISEC:1840 | Directory traversal vulnerability in Atlassian JIRA before 6.0.5 | |
| CISEC:1842 | Directory traversal vulnerability in Atlassian JIRA before 6.0.4 | |
| CISEC:1839 | Cross-site scripting | |
| CISEC:1841 | Cross-site scripting | |
| CISEC:1857 | Bypass of Content Security Policy in Blink | |
| CISEC:1853 | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context | |
| CISEC:1836 | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page | |
| CISEC:1837 | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships | |
| CISEC:1854 | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method | |
| 2017-03-10 | CISEC:1813 | Vulnerability in MySQL Server 5.6.34 and earlier. and 5.7.16 and earlier |
| CISEC:1815 | Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier | |
| CISEC:1818 | Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier | |
| CISEC:1819 | Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier | |
| CISEC:1814 | Vulnerability in MySQL Server 5.5.53 and earlier | |
| CISEC:1816 | Vulnerability in MySQL Server 5.5.53 and earlier | |
| CISEC:1817 | Vulnerability in MySQL Server 5.5.53 and earlier | |
| CISEC:1825 | Vulnerability in MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 | |
| CISEC:1822 | Vulnerability in MQ Explorer in IBM WebSphere MQ before 8.0.0.3 | |
| CISEC:1823 | Vulnerability in cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2 | |
| CISEC:1824 | Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2 | |
| 2017-03-03 | CISEC:1796 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB |
| CISEC:1795 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML | |
| CISEC:1797 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:1789 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking | |
| CISEC:1790 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking | |
| CISEC:1791 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking | |
| CISEC:1777 | Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111 | |
| CISEC:1802 | Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111 | |
| CISEC:1778 | Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12 | |
| CISEC:1779 | Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12 | |
| CISEC:1800 | Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12 | |
| CISEC:1801 | Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; and Java SE Embedded 8u111 | |
| CISEC:1798 | Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5 | |
| CISEC:1799 | Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5 | |
| CISEC:1780 | Vulnerability in IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 | |
| 2017-02-24 | CISEC:1774 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption |
| CISEC:1772 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging | |
| CISEC:1773 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL | |
| CISEC:1770 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries | |
| CISEC:1769 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS | |
| CISEC:1771 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control | |
| CISEC:1765 | Vulnerability in SSL 3.0 as used in OpenSSL through 1.0.1i | |
| CISEC:1776 | Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111 | |
| CISEC:1775 | Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111 | |
| CISEC:1749 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1750 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1751 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1744 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1745 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1746 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1747 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1748 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1739 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability | |
| CISEC:1740 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability | |
| CISEC:1734 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:1738 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:1742 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:1735 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability | |
| CISEC:1741 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability | |
| CISEC:1743 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability | |
| CISEC:1733 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability | |
| CISEC:1736 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability | |
| CISEC:1737 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability | |
| 2017-02-17 | CISEC:1727 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
| CISEC:1728 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1729 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1730 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1731 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1732 | Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier | |
| CISEC:1719 | EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 | |
| CISEC:1720 | EPHEMERAL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 | |
| CISEC:1717 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:1718 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability | |
| CISEC:1716 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability | |
| 2017-02-10 | CISEC:1703 | Vulnerability in Samsung Security Manager |
| CISEC:1707 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1706 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:1705 | Local Security Authority Subsystem Service Denial of Service Vulnerability | |
| CISEC:1715 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability | |
| 2017-02-07 | CVE-2014-9914 | Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations... |
| 2017-02-03 | CISEC:1681 | Windows Kernel Memory Address Information Disclosure Vulnerability |
| CISEC:1680 | Windows Common Log File System Driver Information Disclosure Vulnerability | |
| CISEC:1691 | Vulnerability in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18 | |
| CISEC:1688 | Microsoft Office Security Feature Bypass Vulnerability | |
| CISEC:1684 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1687 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:1689 | Microsoft Office Information Disclosure Vulnerability | |
| 2017-01-27 | CISEC:1651 | Windows Uniscribe Remote Code Execution Vulnerability |
| CISEC:1645 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:1646 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:1676 | Vulnerability in NVIDIA Graphics Driver | |
| CISEC:1653 | Secure Kernel Mode Elevation of Privilege Vulnerability | |
| CISEC:1648 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1643 | Microsoft Office Security Feature Bypass Vulnerability | |
| CISEC:1644 | Microsoft Office Security Feature Bypass Vulnerability | |
| CISEC:1639 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1640 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:1641 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:1642 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:1647 | Microsoft Browser – Memory Corruption Vulnerability | |
| CISEC:1650 | Microsoft Browser Security Feature Bypass | |
| CISEC:1649 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:1652 | .NET Information Disclosure Vulnerability | |
| 2017-01-20 | CISEC:1627 | Windows Hyperlink Object Library Information Disclosure Vulnerability |
| CISEC:1626 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1628 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1629 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1631 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1633 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1638 | Microsoft Office OLE DLL Side Loading Vulnerability | |
| CISEC:1636 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1637 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:1630 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:1625 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:1635 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:1634 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:1632 | Internet Explorer Information Disclosure Vulnerability | |
| 2017-01-18 | CVE-2014-9909 | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires... |
| CVE-2014-9910 | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires... | |
| 2017-01-13 | CISEC:1614 | Windows Installer Elevation of Privilege Vulnerability |
| CISEC:1603 | Windows Graphics Remote Code Execution Vulnerability | |
| CISEC:1604 | Windows Graphics Remote Code Execution Vulnerability | |
| CISEC:1613 | Windows Crypto Driver Information Disclosure Vulnerability | |
| CISEC:1602 | GDI Information Disclosure Vulnerability | |
| 2017-01-08 | CISEC:1704 | Remove OneDrive option located in the navigation panel of File Explorer on Windows 10. |
| 2017-01-06 | CISEC:1516 | Windows Kernel Elevation of Privilege Vulnerability |
| CISEC:1558 | Vulnerability in Google Chrome before 55.0.2883.75 | |
| CISEC:1498 | VHD Driver Elevation of Privilege Vulnerability | |
| CISEC:1499 | VHD Driver Elevation of Privilege Vulnerability | |
| CISEC:1500 | VHD Driver Elevation of Privilege Vulnerability | |
| CISEC:1501 | VHD Driver Elevation of Privilege Vulnerability | |
| CISEC:1564 | Use after free in V8 | |
| CISEC:1555 | Use after free in PDFium | |
| CISEC:1566 | Use after free in PDFium | |
| CISEC:1554 | Universal XSS in Blink | |
| CISEC:1557 | Universal XSS in Blink | |
| CISEC:1561 | Universal XSS in Blink | |
| CISEC:1563 | Universal XSS in Blink | |
| CISEC:1580 | Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1570 | The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1574 | The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1514 | SQL Server Agent Elevation of Privilege Vulnerability | |
| CISEC:1513 | SQL RDBMS Engine EoP vulnerability | |
| CISEC:1517 | Secure Boot Component Vulnerability | |
| CISEC:1560 | Same-origin bypass in PDFium | |
| CISEC:1562 | Private property access in V8 | |
| CISEC:1575 | PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1565 | Out of bounds write in PDFium | |
| CISEC:1567 | Out of bounds write in Blink | |
| CISEC:1551 | MSL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 | |
| CISEC:1556 | Local file disclosure in DevTools | |
| CISEC:1552 | LABEL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 | |
| CISEC:1568 | Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1577 | Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1573 | Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files | |
| CISEC:1559 | CSP Referrer disclosure | |
| CISEC:1553 | Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service | |
| CISEC:1569 | Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1571 | Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows | |
| CISEC:1579 | A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux | |
| CISEC:1578 | A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1576 | A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| CISEC:1572 | A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows | |
| 2016-12-30 | CISEC:1496 | Windows NTLM Elevation of Privilege Vulnerability |
| CISEC:1483 | Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218 | |
| CISEC:1482 | Windows Animation Manager Memory Corruption Vulnerability | |
| CISEC:1486 | Win32k Information Disclosure Vulnerability | |
| CISEC:1484 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:1485 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:1487 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:1480 | Virtual Secure Mode Information Disclosure Vulnerability | |
| CISEC:1491 | SQL RDBMS Engine EoP vulnerability | |
| CISEC:1492 | SQL RDBMS Engine EoP vulnerability | |
| CISEC:1490 | SQL Analysis Services Information Disclosure Vulnerability | |
| CISEC:1478 | Open Type Font Remote Code Execution Vulnerability | |
| CISEC:1479 | Open Type Font Information Disclosure Vulnerability | |
| CISEC:1477 | Microsoft Video Control Remote Code Execution Vulnerability | |
| CISEC:1481 | Media Foundation Memory Corruption Vulnerability | |
| CISEC:1488 | MDS API XSS Vulnerability | |
| CISEC:1497 | Local Security Authority Subsystem Service Denial of Service Vulnerability | |
| 2016-12-23 | CISEC:1474 | Windows Remote Code Execution Vulnerability |
| CISEC:1407 | Windows Journal RCE Vulnerability | |
| CISEC:1409 | Windows Journal RCE Vulnerability | |
| CISEC:1408 | Windows Journal Integer Overflow RCE Vulnerability | |
| CISEC:1475 | Windows IME Elevation of Privilege Vulnerability | |
| CISEC:1455 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1456 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1457 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1458 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1459 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1460 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1461 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1462 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1463 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1464 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CISEC:1404 | Vulnerability in Symantec Anti-Virus Engine | |
| CISEC:1476 | Task Scheduler Elevation of Privilege Vulnerability | |
| CISEC:1427 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1428 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1429 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1430 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1470 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1471 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1472 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1473 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:1425 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1426 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1445 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1446 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1447 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1448 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1449 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1450 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1453 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1454 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1451 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:1452 | Microsoft Office Denial of Service Vulnerability | |
| CISEC:1465 | Microsoft Edge Spoofing Vulnerability | |
| CISEC:1467 | Microsoft Edge Information Disclosure Vulnerability | |
| CISEC:1420 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:1421 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:1422 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:1423 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:1468 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:1466 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:1469 | Microsoft Browser Information Disclosure Vulnerability | |
| CISEC:1405 | Graphics Component Buffer Overflow Vulnerability | |
| 2016-12-09 | CISEC:1393 | Windows Graphics Component RCE Vulnerability |
| CISEC:1378 | Scripting Engine Remote Code Execution Vulnerability | |
| CISEC:1374 | Microsoft Office RCE Vulnerability | |
| CISEC:1375 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:1380 | Memory Corruption Vulnerability | |
| CISEC:1381 | Memory Corruption Vulnerability | |
| CISEC:1382 | Memory Corruption Vulnerability | |
| CISEC:1383 | Memory Corruption Vulnerability | |
| CISEC:1384 | Memory Corruption Vulnerability | |
| CISEC:1385 | Memory Corruption Vulnerability | |
| CISEC:1386 | Memory Corruption Vulnerability | |
| CISEC:1387 | Memory Corruption Vulnerability | |
| CISEC:1388 | Memory Corruption Vulnerability | |
| CISEC:1389 | Memory Corruption Vulnerability | |
| CISEC:1390 | Memory Corruption Vulnerability | |
| CISEC:1391 | Memory Corruption Vulnerability | |
| CISEC:1392 | Memory Corruption Vulnerability | |
| CISEC:1394 | Internet Explorer Information Disclosure Vulnerability | |
| 2016-12-08 | CVE-2015-8967 | arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. |
| 2016-11-25 | CISEC:1285 | Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 |
| CISEC:1288 | Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 | |
| CISEC:1286 | Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 | |
| CISEC:1312 | Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier | |
| CISEC:1268 | Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security | |
| CISEC:1283 | Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 | |
| CISEC:1293 | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier | |
| CISEC:1301 | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier | |
| CISEC:1304 | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier | |
| CISEC:1306 | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier | |
| CISEC:1307 | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier | |
| CISEC:1308 | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier | |
| CISEC:1309 | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier | |
| CISEC:1310 | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier | |
| CISEC:1295 | Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier | |
| CISEC:1292 | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 | |
| CISEC:1290 | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier | |
| CISEC:1291 | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier | |
| CISEC:1303 | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier | |
| CISEC:1315 | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier | |
| CISEC:1311 | Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 | |
| CISEC:1289 | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 | |
| CISEC:1305 | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 | |
| CISEC:1314 | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 | |
| CISEC:1316 | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 | |
| CISEC:1302 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 | |
| CISEC:1313 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 | |
| CISEC:1294 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 | |
| CISEC:1296 | Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier | |
| CISEC:1299 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files | |
| CISEC:1300 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges | |
| CISEC:1298 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication | |
| CISEC:1284 | SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 | |
| CISEC:1287 | Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 | |
| CISEC:1297 | An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files | |
| 2016-11-11 | CISEC:1250 | Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 |
| CISEC:1264 | Untrusted search path vulnerability in python.exe in Python through 3.5.0 | |
| CISEC:1238 | Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 | |
| CISEC:1239 | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 | |
| CISEC:1263 | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 | |
| CISEC:1241 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 | |
| CISEC:1258 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 | |
| CISEC:1259 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 | |
| CISEC:1260 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 | |
| CISEC:1261 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 | |
| CISEC:1262 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 | |
| CISEC:1257 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 | |
| CISEC:1240 | Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 | |
| CISEC:1242 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 | |
| CISEC:1256 | The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails | |
| CISEC:1255 | The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3 | |
| CISEC:1265 | The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products | |
| CISEC:1249 | SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 | |
| CISEC:1266 | Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 | |
| CISEC:1248 | Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 | |
| CISEC:1267 | CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 | |
| 2016-11-10 | CISEC:1219 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
| CISEC:1218 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1230 | Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65 | |
| CISEC:1231 | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 | |
| CISEC:1229 | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 | |
| CISEC:1233 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 | |
| CISEC:1234 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 | |
| CISEC:1237 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 | |
| CISEC:1235 | Unspecified vulnerability in Oracle Java SE 8u92 | |
| CISEC:1232 | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 | |
| CISEC:1236 | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 | |
| 2016-10-28 | CISEC:1199 | Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17 |
| CISEC:1180 | Use after free in Blink | |
| CISEC:1181 | Use after free in Blink | |
| CISEC:1197 | The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype | |
| CISEC:1198 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service | |
| CISEC:1196 | browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests | |
| CISEC:1182 | Arbitrary Memory Read in v8 | |
| 2016-10-21 | CISEC:1179 | Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257 |
| CISEC:1163 | Microsoft Browser Information Disclosure Vulnerability | |
| 2016-10-14 | CISEC:1132 | Use after free in PDFium |
| CISEC:1133 | Use after free in event bindings | |
| CISEC:1129 | Use after free in Blink | |
| CISEC:1131 | Use after destruction in Blink | |
| CISEC:1128 | Universal XSS in Blink | |
| CISEC:1130 | Universal XSS in Blink | |
| CISEC:1141 | The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1138 | The download implementation in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1139 | The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1145 | The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1147 | The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1137 | Script injection in extensions | |
| CISEC:1143 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1142 | Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1146 | Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1134 | Heap overflow in PDFium | |
| CISEC:1135 | Heap overflow in PDFium | |
| CISEC:1144 | Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1140 | Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows | |
| CISEC:1136 | Address bar spoofing | |
| 2016-10-10 | CVE-2015-8956 | The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind... |
| CVE-2015-8951 | Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a... | |
| CVE-2015-8955 | arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during... | |
| 2016-10-06 | CVE-2015-6393 | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay... |
| CVE-2015-0721 | Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access... | |
| 2016-10-05 | CVE-2015-6392 | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or... |
| 2016-09-23 | CISEC:1097 | WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82 |
| CISEC:1057 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1058 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1059 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1060 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1061 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1062 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1063 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1064 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1065 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1066 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1067 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1068 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1069 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1070 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1074 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1075 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1076 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1077 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1078 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1079 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1080 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1081 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1082 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1083 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1086 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1088 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1094 | Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82 | |
| CISEC:1087 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1053 | The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116 | |
| CISEC:1089 | The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process | |
| CISEC:1096 | The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82 | |
| CISEC:1092 | The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 | |
| CISEC:1090 | objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82 | |
| CISEC:1095 | Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 | |
| CISEC:1055 | Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116 | |
| CISEC:1085 | Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1054 | Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116 | |
| CISEC:1093 | Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82 | |
| CISEC:1084 | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 | |
| CISEC:1091 | Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82 | |
| CISEC:1056 | Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar | |
| 2016-09-22 | CVE-2014-2146 | The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access... |
| 2016-09-16 | CISEC:1026 | Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
| CISEC:987 | Various fixes from internal audits, fuzzing and other initiatives | |
| CISEC:995 | Use-after-free in libxml | |
| CISEC:992 | Use after free in extensions | |
| CISEC:997 | URL spoofing | |
| CISEC:996 | URL leakage via PAC script | |
| CISEC:986 | Same origin bypass for images in Blink | |
| CISEC:989 | Parameter sanitization failure in DevTools | |
| CISEC:994 | Parameter sanitization failure in DevTools | |
| CISEC:988 | Origin confusion in proxy authentication | |
| CISEC:993 | Limited same-origin bypass in Service Workers | |
| CISEC:990 | History sniffing with HSTS and CSP | |
| CISEC:991 | Content-Security-Policy bypass | |
| 2016-09-02 | CISEC:982 | ZIP decompression memory access violation |
| CISEC:984 | TNEF integer overflow | |
| CISEC:983 | MIME message modification memory corruption | |
| 2016-08-26 | CISEC:978 | Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 |
| CISEC:979 | Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 | |
| CISEC:963 | SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka... | |
| CISEC:981 | Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 | |
| CISEC:980 | Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 | |
| 2016-08-12 | CISEC:940 | Windows Virtual PCI Information Disclosure Vulnerability |
| CISEC:946 | Windows OLE Memory Remote Code Execution Vulnerability | |
| CISEC:947 | Windows OLE Memory Remote Code Execution Vulnerability | |
| CISEC:945 | Windows Media Parsing Remote Code Execution Vulnerability | |
| CISEC:929 | Windows Media Parsing Remote Code Execution Vulnerability | |
| CISEC:959 | Windows Kerberos Security Feature Bypass | |
| CISEC:942 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:948 | Windows DLL Loading Denial of Service Vulnerability | |
| CISEC:941 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:939 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:943 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:960 | WebDAV Elevation of Privilege Vulnerability | |
| CISEC:930 | Silverlight Runtime Remote Code Execution Vulnerability | |
| CISEC:961 | Remote Desktop Protocol | |
| CISEC:944 | ATMFD.DLL Elevation of Privilege Vulnerability | |
| 2016-08-07 | CVE-2015-3854 | packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug... |
| 2016-08-06 | CVE-2014-9892 | The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which... |
| CVE-2015-8938 | The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug... | |
| CVE-2014-9879 | The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221... | |
| CVE-2014-9870 | The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges... | |
| CVE-2015-8944 | The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain... | |
| CVE-2014-9900 | The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to... | |
| CVE-2014-9872 | The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android... | |
| CVE-2014-9897 | sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted... | |
| CVE-2014-9890 | Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that... | |
| CVE-2014-9871 | Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted... | |
| CVE-2014-9863 | Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android... | |
| CVE-2014-9873 | Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,... | |
| CVE-2015-8940 | Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and... | |
| CVE-2014-9883 | Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,... | |
| CVE-2014-9885 | Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string... | |
| CVE-2014-9880 | drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a... | |
| CVE-2015-8943 | drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain... | |
| CVE-2014-9893 | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a... | |
| CVE-2015-8939 | drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted... | |
| CVE-2014-9899 | drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted... | |
| CVE-2014-9878 | drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka... | |
| CVE-2014-9894 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a... | |
| CVE-2014-9891 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl... | |
| CVE-2014-9864 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal... | |
| CVE-2014-9884 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android... | |
| CVE-2014-9887 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android... | |
| CVE-2014-9865 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka... | |
| CVE-2014-9881 | drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer... | |
| CVE-2014-9868 | drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted... | |
| CVE-2014-9866 | drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via... | |
| CVE-2014-9877 | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges... | |
| CVE-2015-8942 | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted... | |
| CVE-2014-9889 | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted... | |
| CVE-2014-9869 | drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges... | |
| CVE-2015-8941 | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges... | |
| CVE-2014-9867 | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges... | |
| CVE-2014-9895 | drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive... | |
| CVE-2014-9876 | drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,... | |
| CVE-2015-8937 | drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka... | |
| CVE-2014-9875 | drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal... | |
| CVE-2014-9896 | drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a... | |
| CVE-2014-9874 | Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and... | |
| CVE-2014-9882 | Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546... | |
| CVE-2014-9898 | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information... | |
| CVE-2014-9886 | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted... | |
| 2016-08-05 | CVE-2014-9901 | The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android... |
| CVE-2014-9902 | Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in... | |
| 2016-07-29 | CISEC:861 | WPAD Elevation of Privilege Vulnerability |
| CISEC:866 | Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability | |
| CISEC:881 | Windows SMB Server Elevation of Privilege Vulnerability | |
| CISEC:884 | Windows Search Component Denial of Service Vulnerability | |
| CISEC:860 | Windows PDF Remote Code Execution Vulnerability | |
| CISEC:868 | Windows PDF Information Disclosure Vulnerability | |
| CISEC:870 | Windows PDF Information Disclosure Vulnerability | |
| CISEC:883 | Windows Netlogon Memory Corruption Remote Code Execution Vulnerability | |
| CISEC:871 | Windows DNS Server Use After Free Vulnerability | |
| CISEC:880 | Windows Diagnostics Hub Elevation of Privilege Vulnerability | |
| CISEC:826 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:827 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:828 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:829 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:830 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:862 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:863 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:872 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:907 | Oracle Outside In Libraries Elevation of Privilege Vulnerabilities | |
| CISEC:909 | Oracle Outside In Libraries Elevation of Privilege Vulnerabilities | |
| CISEC:894 | Oracle Outside In Libraries Elevation of Privilege Vulnerabilities | |
| CISEC:879 | Microsoft Office OLE DLL Side Loading Vulnerability | |
| CISEC:874 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:876 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:877 | Microsoft Office Information Disclosure Vulnerability | |
| CISEC:885 | Microsoft Exchange Information Disclosure Vulnerability | |
| CISEC:864 | Microsoft Edge Security Feature Bypass | |
| CISEC:869 | Internet Explorer XSS Filter Vulnerability | |
| CISEC:865 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:867 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:858 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:859 | Group Policy Elevation of Privilege Vulnerability | |
| CISEC:882 | Active Directory Denial of Service Vulnerability | |
| 2016-07-15 | CISEC:776 | Windows Media Center Remote Code Execution Vulnerability |
| CISEC:775 | Windows Kernel Elevation of Privilege Vulnerability | |
| CISEC:781 | Windows Graphics Component RCE Vulnerability | |
| CISEC:779 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:780 | Windows Graphics Component Information Disclosure Vulnerability | |
| CISEC:774 | Windows DLL Loading Remote Code Execution Vulnerability | |
| CISEC:791 | Use-after-free in Extensions | |
| CISEC:787 | Use-after-free in Autofill | |
| CISEC:784 | Secondary Logon Elevation of Privilege Vulnerability | |
| CISEC:817 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:818 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:819 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:771 | RPC Network Data Representation Engine Remote Code Execution Vulnerability | |
| CISEC:788 | Parameter sanitization failure in DevTools | |
| CISEC:820 | Padding oracle in AES-NI CBC MAC check | |
| CISEC:785 | Out-of-bounds read in Skia | |
| CISEC:786 | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 | |
| CISEC:782 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:773 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:772 | Microsoft Office Malformed EPS File Vulnerability | |
| CISEC:821 | Memory corruption in the ASN.1 encoder | |
| CISEC:789 | Information leak in Extension bindings | |
| CISEC:824 | EVP_EncryptUpdate overflow | |
| CISEC:825 | EVP_EncodeUpdate overflow | |
| CISEC:823 | EBCDIC overread | |
| CISEC:783 | Cross-origin bypass in extension bindings | |
| CISEC:792 | Cross-origin bypass in extension bindings | |
| CISEC:790 | Cross-origin bypass in Blink | |
| CISEC:822 | ASN.1 BIO excessive memory allocation | |
| 2016-07-10 | CVE-2013-7457 | Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application. |
| CVE-2014-9777 | The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers... | |
| CVE-2014-9778 | The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows... | |
| CVE-2014-9799 | The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that... | |
| CVE-2015-8889 | The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm... | |
| CVE-2014-9789 | The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a... | |
| CVE-2015-8890 | platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended... | |
| CVE-2014-9793 | platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka... | |
| CVE-2014-9798 | platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service... | |
| CVE-2015-8892 | platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug... | |
| CVE-2014-9801 | Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm... | |
| CVE-2014-9802 | Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965... | |
| CVE-2015-8891 | Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal... | |
| CVE-2014-9788 | Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm... | |
| CVE-2014-9784 | Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal... | |
| CVE-2014-9800 | Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm... | |
| CVE-2014-9787 | Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and... | |
| CVE-2015-8888 | Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka... | |
| CVE-2014-9786 | Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a... | |
| CVE-2014-9780 | drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,... | |
| CVE-2014-9790 | drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted... | |
| CVE-2014-9785 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka... | |
| CVE-2014-9783 | drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted... | |
| CVE-2014-9782 | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to... | |
| CVE-2014-9781 | Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm... | |
| CVE-2014-9803 | arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a... | |
| CVE-2014-9779 | arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug... | |
| CVE-2014-9792 | arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal... | |
| CVE-2014-9795 | app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size... | |
| CVE-2014-9796 | app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a... | |
| CVE-2015-8893 | app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal... | |
| 2016-07-01 | CISEC:520 | Windows Shell Remote Code Execution Vulnerability |
| CISEC:740 | Windows Journal Memory Corruption Vulnerability | |
| CISEC:745 | Windows Imaging Component Memory Corruption Vulnerability | |
| CISEC:762 | Win32k Information Disclosure Vulnerability | |
| CISEC:760 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:761 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:763 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:764 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:604 | Vulnerability in Google Chrome before 50.0.2661.102 | |
| CISEC:605 | Vulnerability in Google Chrome before 50.0.2661.102 | |
| CISEC:606 | Vulnerability in Google Chrome before 50.0.2661.102 | |
| CISEC:607 | Vulnerability in Google Chrome before 50.0.2661.102 | |
| CISEC:649 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:650 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:608 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:648 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:652 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:653 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:654 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:655 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:656 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:657 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:670 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:633 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:634 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:629 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:631 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:632 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:635 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:636 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:637 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:667 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:668 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:669 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:672 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:676 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:640 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:639 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:641 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:644 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:645 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:646 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:647 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:678 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:680 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:683 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:686 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:688 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:689 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:690 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:692 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:693 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:661 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:609 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:611 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:612 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:616 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:619 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:621 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:623 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:626 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:658 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:659 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:660 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:663 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:666 | Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:651 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:675 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:628 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:638 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:671 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:673 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:674 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:642 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:643 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:679 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:681 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:685 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:691 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:694 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:610 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:613 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:615 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:617 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:618 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:620 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:662 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:665 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:630 | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:682 | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:624 | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:733 | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 | |
| CISEC:710 | Unspecified vulnerability in Oracle Virtualization VirtualBox before 5.0.18 | |
| CISEC:705 | Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier | |
| CISEC:727 | Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier | |
| CISEC:730 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier | |
| CISEC:715 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier | |
| CISEC:724 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier | |
| CISEC:729 | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier | |
| CISEC:717 | Unspecified vulnerability in Oracle Java SE 8u77 | |
| CISEC:703 | Unspecified vulnerability in Oracle Java SE 8u77 | |
| CISEC:711 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:712 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:713 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:718 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:716 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:720 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:721 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:722 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:735 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:736 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:737 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:700 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:701 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:709 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:723 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:732 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 | |
| CISEC:739 | TLS/SSL Information Disclosure Vulnerability | |
| CISEC:768 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:769 | Microsoft Office Graphics RCE Vulnerability | |
| CISEC:766 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability | |
| CISEC:767 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability | |
| CISEC:742 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:741 | Internet Explorer Security Feature Bypass | |
| CISEC:743 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:625 | Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:695 | Hypervisor Code Integrity Security Feature Bypass | |
| CISEC:614 | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:664 | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 | |
| CISEC:731 | Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g | |
| CISEC:622 | Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 | |
| CISEC:744 | Direct3D Use After Free Vulnerability | |
| 2016-06-22 | CVE-2015-6289 | Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. |
| 2016-06-13 | CISEC:501 | Windows OLE Remote Code Execution Vulnerability |
| CISEC:497 | Windows CSRSS Security Feature Bypass Vulnerability | |
| CISEC:512 | Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 | |
| CISEC:507 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:509 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:510 | Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability | |
| CISEC:498 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:502 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:503 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:504 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:519 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:508 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:511 | Microsoft Edge Memory Corruption Vulnerability | |
| CISEC:505 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:515 | Microsoft Edge Elevation of Privilege Vulnerability | |
| CISEC:514 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:500 | Graphics Memory Corruption Vulnerability | |
| CISEC:499 | .NET Framework Remote Code Execution Vulnerability | |
| 2016-05-27 | CISEC:475 | Windows SAM and LSAD Downgrade Vulnerability |
| CISEC:476 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:479 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:480 | Win32k Elevation of Privilege Vulnerability | |
| CISEC:468 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:477 | MSXML Remote Code Execution Vulnerability | |
| CISEC:463 | Microsoft Office Memory Corruption Vulnerability | |
| CISEC:474 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:466 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:470 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:472 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:464 | DLL Loading Remote Code Execution Vulnerability | |
| 2016-05-14 | CISEC:452 | Windows Journal DoS Vulnerability |
| CISEC:454 | Windows Journal DoS Vulnerability | |
| CISEC:447 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:450 | OpenType Font Parsing Vulnerability | |
| CISEC:448 | Internet Explorer Elevation of Privilege Vulnerability | |
| 2016-04-29 | CISEC:409 | Windows Kernel Memory Information Disclosure Vulnerability |
| CISEC:411 | Scripting Engine Memory Corruption Vulnerability | |
| CISEC:418 | Microsoft Browser Spoofing Vulnerability | |
| CISEC:422 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:413 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:414 | Microsoft Browser Memory Corruption Vulnerability | |
| CISEC:451 | Memory Corruption Vulnerability | |
| CISEC:416 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:420 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:421 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:417 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:412 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:424 | Internet Explorer Information Disclosure Vulnerability | |
| CISEC:415 | Internet Explorer Elevation of Privilege Vulnerability | |
| CISEC:419 | Internet Explorer Elevation of Privilege Vulnerability | |
| CISEC:423 | DLL Loading Remote Code Execution Vulnerability | |
| 2016-04-15 | CISEC:410 | Windows Kernel Memory Information Disclosure Vulnerability |
| CISEC:433 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:425 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:426 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:427 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:428 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:429 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:430 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:431 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:432 | Internet Explorer Memory Corruption Vulnerability | |
| 2016-03-11 | CISEC:391 | Windows Kernel Memory Elevation of Privilege Vulnerability |
| CISEC:392 | Windows Kernel Memory Elevation of Privilege Vulnerability | |
| CISEC:389 | Windows Graphics Memory Remote Code Execution Vulnerability | |
| CISEC:390 | Windows Graphics Memory Remote Code Execution Vulnerability | |
| CISEC:376 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:381 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:383 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:384 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:385 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:386 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:387 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:388 | Internet Explorer Memory Corruption Vulnerability | |
| 2016-03-03 | CVE-2015-6260 | Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. |
| 2016-02-08 | MITRE:103 | Windows RPC Locator Service Buffer Overflow |
| MITRE:159 | Windows NT Trusted Domain Loophole | |
| MITRE:161 | Windows NT SNMPv1 Trap Handling DoS and Privilege Escalation | |
| MITRE:145 | Windows NT MUP UNC Request Buffer Overflow | |
| MITRE:37 | Windows NT IIS Directory Traversal Command Execution | |
| MITRE:14 | Sun Solaris 8 XSun Color Database File Heap Overflow | |
| MITRE:33 | Sun Solaris 7 XSun Color Database File Heap Overflow | |
| MITRE:11 | String Format Vulnerability in Solaris 8 snmpdx | |
| MITRE:114 | String Format Vulnerability in Solaris 7 snmpdx | |
| MITRE:56 | Solaris 8 rpc.yppasswdd Buffer Overrun Vulnerability | |
| MITRE:86 | Solaris 8 LBXProxy Display Name Buffer Overflow | |
| MITRE:7 | Solaris 8 kcms_configure Command-Line Buffer Overflow | |
| MITRE:102 | Solaris 7 rpc.yppasswdd Buffer Overrun Vulnerability | |
| MITRE:62 | Solaris 7 mibiisa Remote Buffer Overflow Vulnerability | |
| MITRE:65 | Solaris 7 kcms_configure Command-Line Buffer Overflow | |
| MITRE:87 | SNMPv1 Request Handling DoS and Privilege Escalation | |
| CISEC:311 | Internet Explorer Memory Corruption Vulnerability | |
| CISEC:333 | Internet Explorer Memory Corruption Vulnerability | |
| MITRE:131 | Heap Overflow in Solaris 7 xlock | |
| 2016-02-07 | CVE-2015-6398 | Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. |
| 2016-01-14 | CVE-2015-6314 | Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. |
| 2016-01-08 | CVE-2015-7754 | Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. |
| 2016-01-07 | CVE-2015-6433 | SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. |
| 2016-01-06 | CVE-2015-5310 | The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or... |
| CVE-2015-6639 | The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | |
| CVE-2015-6647 | The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. | |
| CVE-2015-6646 | The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and... | |
| CVE-2015-6640 | The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or... | |
| CVE-2015-6637 | The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. | |
| CVE-2015-6642 | The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining... | |
| CVE-2015-6638 | The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. | |
| CVE-2015-6645 | SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. | |
| CVE-2015-6643 | Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. | |
| CVE-2015-6636 | mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. | |
| CVE-2015-6644 | Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. | |
| CVE-2015-6641 | Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | |
| 2016-01-04 | CVE-2015-6432 | Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service... |
| 2015-12-22 | MITRE:29327 | Windows RPC elevation of privilege vulnerability |
| MITRE:29431 | Windows installer EoP vulnerability | |
| MITRE:29280 | Windows DLL remote code execution vulnerability | |
| MITRE:29388 | Win32k information disclosure vulnerability | |
| MITRE:28743 | Win32k information disclosure vulnerability | |
| MITRE:29132 | Win32k information disclosure vulnerability | |
| MITRE:29436 | Win32k Elevation of privilege vulnerability | |
| MITRE:29128 | Win32k elevation of privilege vulnerability | |
| MITRE:29156 | Win32k elevation of privilege vulnerability | |
| MITRE:28938 | VBScript Memory corruption vulnerability | |
| MITRE:29485 | SQL Server remote code execution vulnerability | |
| MITRE:29315 | SQL Server remote code execution vulnerability | |
| MITRE:29452 | SQL Server elevation of privilege vulnerability | |
| MITRE:29392 | Remote Desktop Protocol | |
| MITRE:29493 | OpenType font driver vulnerability | |
| MITRE:28990 | OLE Elevation of privilege vulnerability | |
| MITRE:29198 | OLE Elevation of privilege vulnerability | |
| MITRE:28805 | Microsoft Office memory corruption vulnerability | |
| MITRE:28544 | Microsoft Office memory corruption vulnerability | |
| MITRE:29449 | Microsoft Office memory corruption vulnerability | |
| MITRE:29517 | Microsoft Office memory corruption vulnerability | |
| MITRE:29139 | Microsoft Office memory corruption vulnerability | |
| MITRE:29245 | Microsoft Office memory corruption vulnerability | |
| MITRE:29284 | Microsoft Office memory corruption vulnerability | |
| MITRE:29525 | Microsoft Excel DLL remote code execution vulnerability | |
| MITRE:29316 | Jscript9 Memory corruption vulnerability | |
| MITRE:29075 | Internet Explorer XSS filter bypass vulnerability | |
| MITRE:28804 | Internet Explorer memory corruption vulnerability | |
| MITRE:28818 | Internet Explorer memory corruption vulnerability | |
| MITRE:28834 | Internet Explorer memory corruption vulnerability | |
| MITRE:28529 | Internet Explorer memory corruption vulnerability | |
| MITRE:28614 | Internet Explorer memory corruption vulnerability | |
| MITRE:29357 | Internet Explorer memory corruption vulnerability | |
| MITRE:29360 | Internet Explorer memory corruption vulnerability | |
| MITRE:29395 | Internet Explorer memory corruption vulnerability | |
| MITRE:29414 | Internet Explorer memory corruption vulnerability | |
| MITRE:29470 | Internet Explorer memory corruption vulnerability | |
| MITRE:29487 | Internet Explorer memory corruption vulnerability | |
| MITRE:29010 | Internet Explorer memory corruption vulnerability | |
| MITRE:29015 | Internet Explorer memory corruption vulnerability | |
| MITRE:29087 | Internet Explorer memory corruption vulnerability | |
| MITRE:29159 | Internet Explorer memory corruption vulnerability | |
| MITRE:29164 | Internet Explorer memory corruption vulnerability | |
| MITRE:29219 | Internet Explorer memory corruption vulnerability | |
| MITRE:29247 | Internet Explorer memory corruption vulnerability | |
| MITRE:29278 | Internet Explorer memory corruption vulnerability | |
| MITRE:29292 | Internet Explorer memory corruption vulnerability | |
| MITRE:29295 | Internet Explorer memory corruption vulnerability | |
| MITRE:29296 | Internet Explorer memory corruption vulnerability | |
| MITRE:29324 | Internet Explorer memory corruption vulnerability | |
| MITRE:29422 | Internet Explorer information disclosure vulnerability | |
| MITRE:29454 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:29355 | Internet Explorer ASLR bypass vulnerability | |
| MITRE:29406 | Hyper-V system data structure vulnerability | |
| MITRE:29391 | Hyper-V buffer overflow vulnerability | |
| MITRE:28708 | Graphics component EOP vulnerability | |
| MITRE:28968 | Elevation of privilege vulnerability in Netlogon | |
| MITRE:29149 | DLL planting remote code execution vulnerability | |
| CVE-2015-6431 | Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | |
| MITRE:29418 | Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 | |
| MITRE:29332 | ATMFD.DLL Memory corruption vulnerability | |
| MITRE:29480 | Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code | |
| 2015-12-19 | CVE-2015-6429 | The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236. |
| CVE-2015-7756 | The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18... | |
| CVE-2015-7755 | Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before... | |
| 2015-12-16 | CVE-2015-6425 | The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. |
| 2015-12-15 | CVE-2015-6359 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of... |
| CVE-2015-4206 | Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | |
| 2015-12-11 | CVE-2015-7050 | WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. |
| CVE-2015-7110 | The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. | |
| CVE-2015-7080 | Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |
| CVE-2015-7107 | QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |
| CVE-2015-7069 | Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. | |
| CVE-2015-7070 | Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069. | |
| CVE-2015-7109 | IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |
| CVE-2015-7081 | iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML... | |
| CVE-2015-7037 | Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | |
| CVE-2015-7094 | CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. | |
| CVE-2015-7062 | Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. | |
| 2015-12-08 | CVE-2015-6623 | Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703. |
| CVE-2015-6629 | Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667. | |
| CVE-2015-6622 | The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as... | |
| CVE-2015-6619 | The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. | |
| CVE-2015-6633 | The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. | |
| CVE-2015-6634 | The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261. | |
| CVE-2015-6627 | The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka... | |
| CVE-2015-6630 | SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797. | |
| CVE-2015-6621 | SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438. | |
| CVE-2015-6624 | System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740. | |
| CVE-2015-6625 | System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840. | |
| CVE-2015-6617 | Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. | |
| CVE-2015-6616 | mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and... | |
| CVE-2015-8506 | mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different... | |
| CVE-2015-8505 | mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than... | |
| CVE-2015-8507 | mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than... | |
| CVE-2015-6628 | Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining... | |
| CVE-2015-6626 | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by... | |
| CVE-2015-6631 | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by... | |
| CVE-2015-6632 | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by... | |
| CVE-2015-6620 | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and... | |
| CVE-2015-6618 | Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992. | |
| 2015-12-05 | CVE-2015-6783 | The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows... |
| 2015-12-04 | CVE-2015-6394 | The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. |
| 2015-12-02 | CVE-2015-6383 | Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130. |
| 2015-12-01 | CVE-2015-6385 | The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment... |
| 2015-11-21 | CVE-2015-5787 | The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. |
| CVE-2015-7036 | The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API... | |
| CVE-2015-6375 | The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | |
| CVE-2015-5859 | The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain... | |
| 2015-11-13 | CVE-2015-6365 | Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID... |
| 2015-11-12 | CVE-2015-6366 | Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. |
| 2015-11-03 | CVE-2015-6614 | Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage... |
| CVE-2015-6611 | mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs... | |
| CVE-2015-8074 | mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a... | |
| CVE-2015-6608 | mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574,... | |
| CVE-2015-8072 | mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug... | |
| CVE-2015-8073 | mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability... | |
| CVE-2015-6609 | libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. | |
| CVE-2015-6610 | libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. | |
| CVE-2015-6612 | libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. | |
| CVE-2015-6613 | Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or... | |
| 2015-10-31 | CVE-2015-6343 | The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. |
| 2015-10-24 | CVE-2015-6341 | The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. |
| 2015-10-23 | CVE-2015-7013 | WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
| CVE-2015-5928 | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... | |
| CVE-2015-5929 | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... | |
| CVE-2015-5930 | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... | |
| CVE-2015-7002 | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... | |
| CVE-2015-7012 | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... | |
| CVE-2015-7014 | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... | |
| CVE-2015-6981 | WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2015-6982 | WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2015-7005 | WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2015-7022 | The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. | |
| CVE-2015-5924 | The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |
| CVE-2015-6999 | The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | |
| CVE-2015-6994 | The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. | |
| CVE-2015-6988 | The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. | |
| CVE-2015-7004 | The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. | |
| CVE-2015-6995 | The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | |
| CVE-2015-5940 | The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a... | |
| CVE-2015-7000 | Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on... | |
| CVE-2015-6976 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977,... | |
| CVE-2015-6977 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... | |
| CVE-2015-6990 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... | |
| CVE-2015-6991 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... | |
| CVE-2015-6993 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... | |
| CVE-2015-7008 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... | |
| CVE-2015-7009 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... | |
| CVE-2015-7010 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... | |
| CVE-2015-7018 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... | |
| CVE-2015-6983 | Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. | |
| CVE-2015-6975 | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability... | |
| CVE-2015-6992 | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability... | |
| CVE-2015-7017 | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability... | |
| CVE-2015-6986 | com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion." | |
| CVE-2015-7023 | CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | |
| 2015-10-19 | CVE-2015-7752 | The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5,... |
| CVE-2015-7749 | The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS." | |
| CVE-2015-7750 | The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a... | |
| CVE-2015-7751 | Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before... | |
| CVE-2015-7748 | Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet. | |
| 2015-10-16 | CVE-2014-6449 | Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle... |
| CVE-2014-6450 | Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42,... | |
| CVE-2014-6451 | J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors. | |
| 2015-10-11 | CVE-2015-6263 | The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324. |
| 2015-10-09 | CVE-2015-5923 | Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. |
| 2015-10-08 | CVE-2015-6311 | Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID... |
| 2015-10-06 | CVE-2015-3874 | The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. |
| CVE-2015-6606 | The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,... | |
| CVE-2015-3865 | The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | |
| CVE-2015-3877 | Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | |
| CVE-2015-6596 | mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | |
| CVE-2015-6605 | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718. | |
| CVE-2015-3862 | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | |
| CVE-2015-7717 | mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. | |
| CVE-2015-7718 | mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605. | |
| CVE-2015-3878 | Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that... | |
| CVE-2015-3879 | Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. | |
| CVE-2015-3875 | libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. | |
| CVE-2015-3873 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824,... | |
| CVE-2015-6599 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. | |
| CVE-2015-3872 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. | |
| CVE-2015-6598 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. | |
| CVE-2015-3868 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | |
| CVE-2015-6603 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. | |
| CVE-2015-3867 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. | |
| CVE-2015-6604 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. | |
| CVE-2015-3869 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. | |
| CVE-2015-3871 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. | |
| CVE-2015-6601 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. | |
| CVE-2015-6600 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. | |
| CVE-2015-3870 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. | |
| CVE-2015-3823 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | |
| CVE-2015-7716 | libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than... | |
| CVE-2015-3847 | Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | |
| 2015-10-02 | CVE-2015-6308 | Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. |
| 2015-10-01 | CVE-2015-6602 | libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. |
| CVE-2015-3876 | libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | |
| 2015-09-30 | CVE-2015-3843 | The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to... |
| CVE-2015-3849 | The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via... | |
| CVE-2015-3836 | The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary... | |
| CVE-2015-3845 | The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a... | |
| CVE-2015-3837 | The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute... | |
| CVE-2015-3827 | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary... | |
| CVE-2015-3824 | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of... | |
| CVE-2015-3826 | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote... | |
| CVE-2015-3828 | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote... | |
| CVE-2015-3833 | The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the... | |
| CVE-2015-3844 | The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted... | |
| CVE-2015-3858 | The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation... | |
| CVE-2015-1541 | The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an... | |
| CVE-2015-6575 | SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory... | |
| CVE-2015-3860 | packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to... | |
| CVE-2015-3829 | Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and... | |
| CVE-2015-1539 | Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a... | |
| CVE-2015-3834 | Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption,... | |
| CVE-2015-3863 | Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob... | |
| CVE-2015-3861 | Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device... | |
| CVE-2015-3842 | Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516. | |
| CVE-2015-3832 | Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. | |
| CVE-2015-3864 | Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka... | |
| CVE-2015-1538 | Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an... | |
| CVE-2015-1528 | Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory... | |
| CVE-2015-1536 | Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server... | |
| CVE-2014-7916 | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751. | |
| CVE-2014-7917 | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. | |
| CVE-2014-7915 | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708. | |
| CVE-2015-3831 | Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted... | |
| CVE-2015-3835 | Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516. | |
| 2015-09-27 | CVE-2015-6280 | The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly... |
| CVE-2015-6278 | The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;... | |
| CVE-2015-6279 | The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;... | |
| 2015-09-25 | CVE-2015-6302 | The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. |
| CVE-2015-6282 | Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka... | |
| 2015-09-20 | CVE-2015-6295 | Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved... |
| 2015-09-18 | CVE-2015-5879 | XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption)... |
| CVE-2015-5793 | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2015-5791 | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2015-5814 | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2015-5816 | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2015-5822 | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2015-5823 | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2015-5792 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5794 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5795 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5796 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5797 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5799 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5800 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5801 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5789 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5790 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5802 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5803 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5804 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5805 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5806 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5807 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5809 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5810 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5811 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5812 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5813 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5817 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5818 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5819 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5821 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| CVE-2015-5921 | WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |
| CVE-2015-5826 | WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a... | |
| CVE-2015-5825 | WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via... | |
| CVE-2015-5820 | WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | |
| CVE-2015-5827 | WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | |
| CVE-2015-5907 | WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. | |
| CVE-2015-5788 | The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | |
| CVE-2015-5764 | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. | |
| CVE-2015-5765 | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. | |
| CVE-2015-5767 | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | |
| CVE-2015-5832 | The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified... | |
| CVE-2015-5906 | The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later... | |
| CVE-2015-3801 | The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | |
| CVE-2015-6297 | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | |
| CVE-2015-5851 | The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. | |
| CVE-2015-5912 | The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | |
| CVE-2015-5856 | The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | |
| CVE-2014-8611 | The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a... | |
| CVE-2015-5838 | SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. | |
| CVE-2015-5861 | SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. | |
| CVE-2015-5892 | Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |
| CVE-2015-5905 | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | |
| CVE-2015-5904 | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | |
| CVE-2015-5831 | NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |
| CVE-2015-5857 | Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. | |
| CVE-2015-5880 | CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. | |
| CVE-2015-6294 | Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. | |
| CVE-2015-5850 | AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | |
| CVE-2015-5835 | Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | |
| 2015-08-31 | CVE-2015-6270 | Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555. |
| CVE-2015-6269 | Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. | |
| CVE-2015-6271 | Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and... | |
| CVE-2015-6272 | Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393,... | |
| 2015-08-28 | CVE-2015-6273 | Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash)... |
| CVE-2015-6267 | Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. | |
| CVE-2015-6268 | Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. | |
| 2015-08-22 | CVE-2015-6258 | The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. |
| 2015-08-19 | CVE-2015-4277 | The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory... |
| CVE-2015-4296 | Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. | |
| CVE-2015-4301 | Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. | |
| CVE-2015-4323 | Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices... | |
| CVE-2015-4324 | Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote... | |
| 2015-08-16 | CVE-2015-3732 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
| CVE-2015-3733 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3735 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3736 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3737 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3738 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3739 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3740 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3730 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3731 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3734 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3741 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3742 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3743 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3744 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3745 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3746 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3747 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3748 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3749 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... | |
| CVE-2015-3753 | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the... | |
| CVE-2015-3750 | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy... | |
| CVE-2015-3755 | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | |
| CVE-2015-3751 | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in... | |
| CVE-2015-5759 | WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | |
| CVE-2015-3758 | UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. | |
| CVE-2015-3796 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular... | |
| CVE-2015-3797 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular... | |
| CVE-2015-3798 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular... | |
| CVE-2015-5749 | The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |
| CVE-2015-5769 | The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. | |
| CVE-2015-5748 | The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | |
| CVE-2015-3766 | The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |
| CVE-2015-3800 | The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | |
| CVE-2015-3752 | The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report... | |
| CVE-2015-3756 | The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | |
| CVE-2015-3763 | Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | |
| CVE-2015-5773 | QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document. | |
| CVE-2015-5770 | MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. | |
| CVE-2015-3759 | Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |
| CVE-2015-3795 | libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. | |
| CVE-2015-5757 | libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with... | |
| CVE-2015-5776 | Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket. | |
| CVE-2015-3776 | IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. | |
| CVE-2015-3768 | Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. | |
| CVE-2015-5782 | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | |
| CVE-2015-5781 | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. | |
| CVE-2015-5758 | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | |
| CVE-2015-3804 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... | |
| CVE-2015-5756 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... | |
| CVE-2015-5775 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... | |
| CVE-2015-5766 | Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | |
| CVE-2015-5755 | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... | |
| CVE-2015-5761 | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... | |
| CVE-2015-5777 | CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different... | |
| CVE-2015-5778 | CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different... | |
| CVE-2015-3782 | CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | |
| CVE-2015-3793 | CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |
| CVE-2015-5774 | Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. | |
| CVE-2015-3778 | bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. | |
| CVE-2015-5752 | Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | |
| CVE-2015-5746 | AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | |
| CVE-2015-3803 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. | |
| CVE-2015-3802 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. | |
| CVE-2015-3805 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. | |
| CVE-2015-3806 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. | |
| 2015-08-08 | CVE-2015-1805 | The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local... |
| 2015-08-03 | MITRE:28525 | Windows LoadLibrary EoP vulnerability |
| MITRE:28971 | Vulnerability in Active Directory Federation Services could allow elevation of privilege | |
| MITRE:28607 | Exchange Server-Side Request Forgery vulnerability | |
| MITRE:28928 | Exchange HTML injection vulnerability | |
| MITRE:29115 | Exchange Cross-Site Request Forgery vulnerability | |
| 2015-07-31 | CVE-2015-4295 | The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. |
| CVE-2015-4291 | Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. | |
| 2015-07-30 | CVE-2015-4293 | The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after... |
| 2015-07-27 | MITRE:28910 | Windows Media Player RCE via DataObject vulnerability |
| MITRE:29050 | Win32k Pool buffer overflow vulnerability | |
| MITRE:29145 | Win32k Null pointer dereference vulnerability | |
| MITRE:28508 | Win32k memory corruption elevation of privilege vulnerability | |
| MITRE:28994 | Win32k elevation of privilege vulnerability | |
| MITRE:28665 | Win32k buffer overflow vulnerability | |
| MITRE:29067 | Microsoft Windows Station use after free vulnerability | |
| MITRE:29118 | Microsoft Windows Kernel use after free vulnerability | |
| MITRE:29124 | Microsoft Windows Kernel Object use after free vulnerability | |
| MITRE:29093 | Microsoft Windows Kernel information disclosure vulnerability | |
| MITRE:28201 | Microsoft Windows Kernel Brush Object use after free vulnerability | |
| MITRE:28806 | Microsoft Windows Kernel Bitmap handling use after free vulnerability | |
| MITRE:28531 | Microsoft Office uninitialized memory use vulnerability | |
| MITRE:28513 | Microsoft Office memory corruption vulnerability | |
| MITRE:28744 | Microsoft Office memory corruption vulnerability | |
| MITRE:29072 | Microsoft common control use after free vulnerability | |
| MITRE:28848 | Internet Explorer memory corruption vulnerability | |
| MITRE:28889 | Internet Explorer memory corruption vulnerability | |
| MITRE:28948 | Internet Explorer memory corruption vulnerability | |
| MITRE:28512 | Internet Explorer memory corruption vulnerability | |
| MITRE:28518 | Internet Explorer memory corruption vulnerability | |
| MITRE:28530 | Internet Explorer memory corruption vulnerability | |
| MITRE:28610 | Internet Explorer memory corruption vulnerability | |
| MITRE:28593 | Internet Explorer memory corruption vulnerability | |
| MITRE:28650 | Internet Explorer memory corruption vulnerability | |
| MITRE:28724 | Internet Explorer memory corruption vulnerability | |
| MITRE:28769 | Internet Explorer memory corruption vulnerability | |
| MITRE:29033 | Internet Explorer memory corruption vulnerability | |
| MITRE:29057 | Internet Explorer memory corruption vulnerability | |
| MITRE:29060 | Internet Explorer memory corruption vulnerability | |
| MITRE:29061 | Internet Explorer memory corruption vulnerability | |
| MITRE:29076 | Internet Explorer memory corruption vulnerability | |
| MITRE:29081 | Internet Explorer memory corruption vulnerability | |
| MITRE:29113 | Internet Explorer memory corruption vulnerability | |
| MITRE:29119 | Internet Explorer memory corruption vulnerability | |
| MITRE:29123 | Internet Explorer memory corruption vulnerability | |
| MITRE:28429 | Internet Explorer information disclosure vulnerability | |
| MITRE:29005 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:29142 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:29147 | Internet Explorer elevation of privilege vulnerability | |
| 2015-07-24 | CVE-2015-0681 | The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG,... |
| 2015-07-23 | CVE-2015-4285 | The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows... |
| 2015-07-22 | CVE-2015-4284 | The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. |
| 2015-07-16 | CVE-2015-5363 | The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial... |
| CVE-2015-5357 | The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified... | |
| CVE-2015-5360 | IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5,... | |
| 2015-07-14 | CVE-2015-4269 | The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. |
| CVE-2015-3007 | The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically... | |
| CVE-2015-5362 | The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before... | |
| CVE-2015-4272 | Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID... | |
| CVE-2015-5358 | Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6,... | |
| CVE-2015-5359 | Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before... | |
| 2015-07-08 | CVE-2015-4243 | The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug... |
| 2015-07-06 | MITRE:28699 | Windows Kernel security feature bypass vulnerability |
| MITRE:28936 | Windows Journal remote code execution vulnerability | |
| MITRE:28517 | Windows Journal remote code execution vulnerability | |
| MITRE:28649 | Windows Journal remote code execution vulnerability | |
| MITRE:28710 | Windows Journal remote code execution vulnerability | |
| MITRE:28742 | Windows Journal remote code execution vulnerability | |
| MITRE:28390 | Windows Journal remote code execution vulnerability | |
| MITRE:28950 | Windows forms elevation of privilege vulnerability | |
| MITRE:28867 | VBScript memory corruption vulnerability | |
| MITRE:28745 | VBScript and JScript ASLR bypass vulnerability | |
| MITRE:28207 | TrueType font parsing vulnerability | |
| MITRE:28932 | Service control manager elevation of privilege vulnerability | |
| MITRE:28672 | Schannel information disclosure vulnerability | |
| MITRE:28362 | OpenType Font parsing vulnerability | |
| MITRE:28068 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:28876 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:28808 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:28883 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:28555 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:29001 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:28985 | Microsoft Silverlight out of browser application vulnerability | |
| MITRE:28924 | Microsoft SharePoint page content vulnerabilities | |
| MITRE:28645 | Microsoft Office memory corruption vulnerability | |
| MITRE:28723 | Microsoft Office memory corruption vulnerability | |
| MITRE:29018 | Microsoft Management Console file format denial of service vulnerability | |
| MITRE:28840 | Internet Explorer memory corruption vulnerability | |
| MITRE:28917 | Internet Explorer memory corruption vulnerability | |
| MITRE:28951 | Internet Explorer memory corruption vulnerability | |
| MITRE:28473 | Internet Explorer memory corruption vulnerability | |
| MITRE:28576 | Internet Explorer memory corruption vulnerability | |
| MITRE:28641 | Internet Explorer memory corruption vulnerability | |
| MITRE:28680 | Internet Explorer memory corruption vulnerability | |
| MITRE:28753 | Internet Explorer memory corruption vulnerability | |
| MITRE:28340 | Internet Explorer memory corruption vulnerability | |
| MITRE:28984 | Internet Explorer memory corruption vulnerability | |
| MITRE:28162 | Internet Explorer memory corruption vulnerability | |
| MITRE:28167 | Internet Explorer memory corruption vulnerability | |
| MITRE:28405 | Internet Explorer memory corruption vulnerability | |
| MITRE:28993 | Internet Explorer memory corruption vulnerability | |
| MITRE:29000 | Internet Explorer memory corruption vulnerability | |
| MITRE:28815 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28829 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28692 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28822 | Internet Explorer clipboard information disclosure vulnerability | |
| MITRE:29016 | Internet Explorer ASLR bypass vulnerability | |
| MITRE:28739 | .NET XML decryption denial of service vulnerability | |
| 2015-07-03 | CVE-2015-4231 | The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. |
| CVE-2015-4237 | The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491,... | |
| CVE-2015-4232 | Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. | |
| CVE-2015-4234 | Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. | |
| 2015-07-02 | CVE-2015-3727 | WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access... |
| CVE-2015-3719 | TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than... | |
| CVE-2015-3728 | The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. | |
| CVE-2015-3726 | The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. | |
| CVE-2015-3659 | The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL... | |
| CVE-2015-3658 | The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an... | |
| CVE-2015-3721 | The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |
| CVE-2015-3684 | The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL. | |
| CVE-2015-3690 | The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | |
| CVE-2015-3725 | MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app. | |
| CVE-2015-3710 | Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. | |
| CVE-2015-3703 | ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image. | |
| CVE-2015-3694 | FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719. | |
| CVE-2015-3685 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686,... | |
| CVE-2015-3686 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,... | |
| CVE-2015-3687 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,... | |
| CVE-2015-3688 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,... | |
| CVE-2015-3689 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,... | |
| CVE-2015-3723 | CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724. | |
| CVE-2015-3724 | CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723. | |
| CVE-2015-3722 | Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. | |
| 2015-06-29 | MITRE:29136 | RHSA-2015:0809 -- java-1.8.0-openjdk security update |
| MITRE:29140 | RHSA-2015:0808 -- java-1.6.0-openjdk security update | |
| MITRE:29084 | RHSA-2015:0807 -- java-1.7.0-openjdk security update | |
| MITRE:28599 | RHSA-2015:0806 -- java-1.7.0-openjdk security update | |
| MITRE:29248 | RHSA-2015:0803 -- kernel security and bug fix update | |
| MITRE:28514 | RHSA-2015:0800 -- openssl security update | |
| MITRE:29342 | RHSA-2009:1674 -- firefox security update | |
| MITRE:28862 | RHSA-2009:1670 -- kernel security and bug fix update | |
| MITRE:29266 | RHSA-2009:1648 -- ntp security update | |
| MITRE:29283 | RHSA-2009:1646 -- libtool security update | |
| MITRE:29263 | RHSA-2009:1642 -- acpid security update | |
| MITRE:29347 | RHSA-2009:1625 -- expat security update | |
| MITRE:29109 | RHSA-2009:1620 -- bind security update | |
| MITRE:29382 | RHSA-2009:1619 -- dstat security update | |
| MITRE:29047 | RHSA-2009:1615 -- xerces-j2 security update | |
| MITRE:29365 | RHSA-2009:1601 -- kdelibs security update | |
| MITRE:28898 | RHSA-2009:1584 -- java-1.6.0-openjdk security update | |
| MITRE:29317 | RHSA-2009:1579 -- httpd security update | |
| MITRE:29170 | RHSA-2009:1561 -- libvorbis security update | |
| MITRE:29275 | RHSA-2009:1549 -- wget security update | |
| MITRE:29269 | RHSA-2009:1548 -- kernel security and bug fix update | |
| MITRE:29046 | RHSA-2009:1536 -- pidgin security update | |
| MITRE:29230 | RHSA-2009:1530 -- firefox security update | |
| MITRE:29264 | RHSA-2009:1529 -- samba security update | |
| MITRE:29310 | RHSA-2009:1513 -- cups security update | |
| MITRE:28916 | RHSA-2009:1504 -- poppler security and bug fix update | |
| MITRE:28897 | RHSA-2009:1502 -- kdegraphics security update | |
| MITRE:29190 | RHSA-2009:1490 -- squirrelmail security update | |
| MITRE:28941 | RHSA-2009:1484 -- postgresql security update | |
| MITRE:29340 | RHSA-2009:1472 -- xen security and bug fix update | |
| MITRE:28926 | RHSA-2009:1471 -- elinks security update | |
| MITRE:29271 | RHSA-2009:1470 -- openssh security update | |
| MITRE:29041 | RHSA-2009:1463 -- newt security update | |
| MITRE:28758 | RHSA-2009:1459 -- cyrus-imapd security update | |
| MITRE:28765 | RHSA-2009:1453 -- pidgin security update | |
| MITRE:29270 | RHSA-2009:1452 -- neon security update | |
| MITRE:29331 | RHSA-2009:1451 -- freeradius security update | |
| MITRE:29334 | RHSA-2009:1430 -- firefox security update | |
| MITRE:29320 | RHSA-2009:1428 -- xmlsec1 security update | |
| MITRE:29379 | RHSA-2009:1427 -- fetchmail security update | |
| MITRE:29111 | RHSA-2009:1426 -- openoffice.org security update | |
| MITRE:29259 | RHSA-2009:1364 -- gdm security and bug fix update | |
| MITRE:29052 | RHSA-2009:1341 -- cman security, bug fix, and enhancement update | |
| MITRE:28953 | RHSA-2009:1337 -- gfs2-utils security and bug fix update | |
| MITRE:28749 | RHSA-2009:1335 -- openssl security, bug fix, and enhancement update | |
| MITRE:29369 | RHSA-2009:1321 -- nfs-utils security and bug fix update | |
| MITRE:29358 | RHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update | |
| MITRE:28888 | RHSA-2009:1289 -- mysql security and bug fix update | |
| MITRE:29350 | RHSA-2009:1287 -- openssh security, bug fix, and enhancement update | |
| MITRE:28929 | RHSA-2009:1278 -- lftp security and bug fix update | |
| MITRE:29153 | RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update | |
| MITRE:29359 | RHSA-2009:1238 -- dnsmasq security update | |
| MITRE:29281 | RHSA-2009:1232 -- gnutls security update | |
| MITRE:28627 | RHSA-2009:1222 -- kernel security and bug fix update | |
| MITRE:29217 | RHSA-2009:1219 -- libvorbis security update | |
| MITRE:29222 | RHSA-2009:1218 -- pidgin security update | |
| MITRE:29134 | RHSA-2009:1209 -- curl security update | |
| MITRE:28958 | RHSA-2009:1206 -- libxml and libxml2 security update | |
| MITRE:29077 | RHSA-2009:1204 -- apr and apr-util security update | |
| MITRE:29163 | RHSA-2009:1203 -- subversion security update | |
| MITRE:29205 | RHSA-2009:1201 -- java-1.6.0-openjdk security and bug fix update | |
| MITRE:29154 | RHSA-2009:1193 -- kernel security and bug fix update | |
| MITRE:29169 | RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update | |
| MITRE:28629 | RHSA-2009:1179 -- bind security update | |
| MITRE:29294 | RHSA-2009:1176 -- python security update | |
| MITRE:29179 | RHSA-2009:1164 -- tomcat security update | |
| MITRE:29188 | RHSA-2009:1162 -- firefox security update | |
| MITRE:28879 | RHSA-2009:1159 -- libtiff security update | |
| MITRE:28396 | RHSA-2009:1148 -- httpd security update | |
| MITRE:29258 | RHSA-2009:1140 -- ruby security update | |
| MITRE:29100 | RHSA-2009:1139 -- pidgin security and bug fix update | |
| MITRE:29103 | RHSA-2009:1138 -- openswan security update | |
| MITRE:29125 | RHSA-2009:1130 -- kdegraphics security update | |
| MITRE:29301 | RHSA-2009:1127 -- kdelibs security update | |
| MITRE:29183 | RHSA-2009:1126 -- thunderbird security update | |
| MITRE:29311 | RHSA-2009:1123 -- gstreamer-plugins-good security update | |
| MITRE:28965 | RHSA-2009:1122 -- icu security update | |
| MITRE:29022 | RHSA-2009:1116 -- cyrus-imapd security update | |
| MITRE:29299 | RHSA-2009:1107 -- apr-util security update | |
| MITRE:28617 | RHSA-2009:1106 -- kernel security and bug fix update | |
| MITRE:29254 | RHSA-2009:1102 -- cscope security update | |
| MITRE:28894 | RHSA-2009:1100 -- wireshark security update | |
| MITRE:29396 | RHSA-2009:1095 -- firefox security update | |
| MITRE:29206 | RHSA-2009:1082 -- cups security update | |
| MITRE:28800 | RHSA-2009:1075 -- httpd security update | |
| MITRE:29339 | RHSA-2009:1066 -- squirrelmail security update | |
| MITRE:29091 | RHSA-2009:1061 -- freetype security update | |
| MITRE:29110 | RHSA-2009:1060 -- pidgin security update | |
| MITRE:29463 | RHSA-2009:1039 -- ntp security update | |
| MITRE:28495 | RHSA-2009:1036 -- ipsec-tools security update | |
| MITRE:28869 | RHSA-2009:0480 -- poppler security update | |
| MITRE:29079 | RHSA-2009:0479 -- perl-DBD-Pg security update | |
| MITRE:28946 | RHSA-2009:0476 -- pango security update | |
| MITRE:28838 | RHSA-2009:0474 -- acpid security update | |
| MITRE:29446 | RHSA-2009:0473 -- kernel security and bug fix update | |
| MITRE:29380 | RHSA-2009:0457 -- libwmf security update | |
| MITRE:28736 | RHSA-2009:0449 -- firefox security update | |
| MITRE:29286 | RHSA-2009:0444 -- giflib security update | |
| MITRE:29267 | RHSA-2009:0436 -- firefox security update | |
| MITRE:29193 | RHSA-2009:0431 -- kdegraphics security update | |
| MITRE:28592 | RHSA-2009:0429 -- cups security update | |
| MITRE:28703 | RHSA-2009:0427 -- udev security update | |
| MITRE:29276 | RHSA-2009:0421 -- ghostscript security update | |
| MITRE:29387 | RHSA-2009:0411 -- device-mapper-multipath security update | |
| MITRE:28421 | RHSA-2009:0408 -- krb5 security update | |
| MITRE:28934 | RHSA-2009:0402 -- openswan security update | |
| MITRE:29178 | RHSA-2009:0397 -- firefox security update | |
| MITRE:29277 | RHSA-2009:0377 -- java-1.6.0-openjdk security update | |
| MITRE:28954 | RHSA-2009:0373 -- systemtap security update | |
| MITRE:29262 | RHSA-2009:0361 -- NetworkManager security update | |
| MITRE:28741 | RHSA-2009:0354 -- evolution-data-server security update | |
| MITRE:29319 | RHSA-2009:0352 -- gstreamer-plugins-base security update | |
| MITRE:29171 | RHSA-2009:0345 -- ghostscript security update | |
| MITRE:29371 | RHSA-2009:0344 -- libsoup security update | |
| MITRE:28978 | RHSA-2009:0341 -- curl security update | |
| MITRE:29236 | RHSA-2009:0339 -- lcms security update | |
| MITRE:29345 | RHSA-2009:0338 -- php security update | |
| MITRE:29068 | RHSA-2009:0336 -- glib2 security update | |
| MITRE:29196 | RHSA-2009:0333 -- libpng security update | |
| MITRE:28793 | RHSA-2009:0326 -- kernel security and bug fix update | |
| MITRE:29381 | RHSA-2009:0315 -- firefox security update | |
| MITRE:29088 | RHSA-2009:0313 -- wireshark security update | |
| MITRE:29195 | RHSA-2009:0296 -- icu security update | |
| MITRE:28896 | RHSA-2009:0271 -- gstreamer-plugins-good security update | |
| MITRE:29098 | RHSA-2009:0267 -- sudo security update | |
| MITRE:28966 | RHSA-2009:0264 -- kernel security update | |
| MITRE:29367 | RHSA-2009:0261 -- vnc security update | |
| MITRE:28850 | RHSA-2009:0259 -- mod_auth_mysql security update | |
| MITRE:29166 | RHSA-2009:0258 -- thunderbird security update | |
| MITRE:29045 | RHSA-2009:0256 -- firefox security update | |
| MITRE:29343 | RHSA-2009:0225 -- Red Hat Enterprise Linux 5.3 kernel security and bug fix update | |
| MITRE:29313 | RHSA-2009:0205 -- dovecot security and bug fix update | |
| MITRE:29213 | RHSA-2009:0057 -- squirrelmail security update | |
| MITRE:28923 | RHSA-2009:0046 -- ntp security update | |
| MITRE:28987 | RHSA-2009:0020 -- bind security update | |
| MITRE:29143 | RHSA-2009:0018 -- xterm security update | |
| MITRE:29261 | RHSA-2009:0013 -- avahi security update | |
| MITRE:29253 | RHSA-2009:0012 -- netpbm security update | |
| MITRE:29300 | RHSA-2009:0011 -- lcms security update | |
| MITRE:29372 | RHSA-2009:0010 -- squirrelmail security update | |
| MITRE:29288 | RHSA-2009:0008 -- dbus security update | |
| MITRE:28712 | RHSA-2009:0004 -- openssl security update | |
| MITRE:28776 | RHSA-2009:0003 -- xen security and bug fix update | |
| MITRE:29201 | RHSA-2009:0002 -- thunderbird security update | |
| MITRE:29215 | RHSA-2008:1036 -- firefox security update | |
| MITRE:29137 | RHSA-2008:1029 -- cups security update | |
| MITRE:29210 | RHSA-2008:1023 -- pidgin security and bug fix update | |
| MITRE:29354 | RHSA-2008:1017 -- kernel security and bug fix update | |
| MITRE:28976 | RHSA-2008:1016 -- enscript security update | |
| MITRE:29308 | RHSA-2008:1001 -- tog-pegasus security update | |
| MITRE:29306 | RHSA-2008:0988 -- libxml2 security update | |
| MITRE:29020 | RHSA-2008:0982 -- gnutls security update | |
| MITRE:28686 | RHSA-2008:0981 -- ruby security update | |
| MITRE:29237 | RHSA-2008:0978 -- firefox security update | |
| MITRE:29116 | RHSA-2008:0976 -- thunderbird security update | |
| MITRE:29197 | RHSA-2008:0971 -- net-snmp security update | |
| MITRE:29289 | RHSA-2008:0967 -- httpd security and bug fix update | |
| MITRE:28964 | RHSA-2008:0965 -- lynx security update | |
| MITRE:29265 | RHSA-2008:0957 -- kernel security and bug fix update | |
| MITRE:29199 | RHSA-2008:0946 -- ed security update | |
| MITRE:29069 | RHSA-2008:0939 -- openoffice.org security update | |
| MITRE:29185 | RHSA-2008:0937 -- cups security update | |
| MITRE:28693 | RHSA-2008:0908 -- thunderbird security update | |
| MITRE:29090 | RHSA-2008:0907 -- pam_krb5 security update | |
| MITRE:28242 | RHSA-2008:0897 -- ruby security update | |
| MITRE:29039 | RHSA-2008:0893 -- bzip2 security update | |
| MITRE:28930 | RHSA-2008:0892 -- xen security and bug fix update | |
| MITRE:29012 | RHSA-2008:0890 -- wireshark security update | |
| MITRE:29129 | RHSA-2008:0885 -- kernel security and bug fix update | |
| MITRE:29030 | RHSA-2008:0884 -- libxml2 security update | |
| MITRE:29008 | RHSA-2008:0879 -- firefox security update | |
| MITRE:29192 | RHSA-2008:0855 -- openssh security update | |
| MITRE:29044 | RHSA-2008:0849 -- ipsec-tools security update | |
| MITRE:28973 | RHSA-2008:0847 -- libtiff security and bug fix update | |
| MITRE:28256 | RHSA-2008:0839 -- postfix security update | |
| MITRE:29241 | RHSA-2008:0836 -- libxml2 security update | |
| MITRE:29162 | RHSA-2008:0835 -- openoffice.org security update | |
| MITRE:29133 | RHSA-2008:0818 -- hplip security update | |
| MITRE:28842 | RHSA-2008:0815 -- yum-rhn-plugin security update | |
| MITRE:29167 | RHSA-2008:0789 -- dnsmasq security update | |
| MITRE:29029 | RHSA-2008:0649 -- libxslt security update | |
| MITRE:28407 | RHSA-2008:0648 -- tomcat security update | |
| MITRE:28716 | RHSA-2008:0616 -- thunderbird security update | |
| MITRE:28983 | RHSA-2008:0612 -- kernel security and bug fix update | |
| MITRE:29066 | RHSA-2008:0597 -- firefox security update | |
| MITRE:29144 | RHSA-2008:0584 -- pidgin security and bug fix update | |
| MITRE:29038 | RHSA-2008:0583 -- openldap security update | |
| MITRE:29255 | RHSA-2008:0581 -- bluez-libs and bluez-utils security update | |
| MITRE:29232 | RHSA-2008:0580 -- vim security update | |
| MITRE:29234 | RHSA-2008:0575 -- rdesktop security update | |
| MITRE:29028 | RHSA-2008:0569 -- firefox security update | |
| MITRE:28980 | RHSA-2008:0561 -- ruby security update | |
| MITRE:29150 | RHSA-2008:0544 -- php security update | |
| MITRE:28787 | RHSA-2008:0533 -- bind security update | |
| MITRE:28887 | RHSA-2008:0486 -- nfs-utils security update | |
| MITRE:28823 | ELSA-2015-1189 -- kvm security update | |
| 2015-06-27 | CVE-2015-4199 | Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent... |
| CVE-2015-4225 | Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors,... | |
| 2015-06-26 | CVE-2015-4224 | Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. |
| 2015-06-25 | CVE-2015-4223 | Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478. |
| 2015-06-24 | CVE-2015-4215 | Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6... |
| CVE-2015-4213 | Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391. | |
| 2015-06-23 | CVE-2015-4203 | Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed... |
| CVE-2015-4200 | Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation,... | |
| CVE-2015-4204 | Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests... | |
| CVE-2015-4205 | Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. | |
| 2015-06-22 | MITRE:29009 | MSXML3 same origin policy SFB vulnerability |
| 2015-06-20 | CVE-2015-4197 | Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. |
| CVE-2015-4202 | Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization... | |
| 2015-06-18 | CVE-2015-4191 | Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. |
| CVE-2015-4195 | Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127. | |
| 2015-06-16 | MITRE:28440 | RHSA-2015:1115-01 -- Redhat openssl |
| MITRE:29126 | ELSA-2015-1115 -- Oracle openssl | |
| MITRE:28643 | ELSA-2015-1115 -- Oracle openssl | |
| MITRE:29099 | CESA-2015:1115 -- centos 7 openssl | |
| MITRE:28674 | CESA-2015:1115 -- centos 6 openssl | |
| 2015-06-13 | CVE-2015-4185 | The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202. |
| 2015-06-12 | CVE-2015-0771 | The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID... |
| CVE-2015-0775 | The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000... | |
| CVE-2015-0776 | telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566. | |
| 2015-06-02 | MITRE:28539 | RHSA-2015:1002-01 -- Redhat xen |
| MITRE:28106 | RHSA-2015:0999-01 -- Redhat qemu-kvm, libcacard | |
| MITRE:28702 | RHSA-2015:0998-01 -- Redhat qemu-kvm, qemu-guest-agent | |
| MITRE:28949 | ELSA-2015-1003 -- Oracle kvm-83 | |
| MITRE:28974 | ELSA-2015-1002 -- Oracle xen | |
| MITRE:28893 | ELSA-2015-0999 -- Oracle qemu-kvm | |
| MITRE:29004 | ELSA-2015-0998 -- Oracle qemu-kvm_qemu-guest-agent | |
| MITRE:28198 | CESA-2015:1003 -- centos 5 kvm | |
| MITRE:28937 | CESA-2015:1002 -- centos 5 xen | |
| MITRE:28600 | CESA-2015:0999 -- centos 7 qemu-kvm,libcacard | |
| MITRE:28912 | CESA-2015:0998 -- centos 6 qemu-kvm,qemu-guest-agent | |
| 2015-06-01 | MITRE:28603 | Windows MS-DOS device name vulnerability |
| MITRE:28397 | Windows Hyper-V DoS vulnerability | |
| MITRE:28831 | NtCreateTransactionManager type confusion vulnerability | |
| MITRE:28523 | Microsoft SharePoint XSS vulnerability | |
| MITRE:28565 | Microsoft SharePoint XSS vulnerability | |
| MITRE:27878 | Microsoft office memory corruption vulnerability | |
| MITRE:28561 | Microsoft office component use after free vulnerability | |
| MITRE:28690 | Microsoft office component use after free vulnerability | |
| MITRE:28752 | Microsoft office component use after free vulnerability | |
| MITRE:28861 | Internet Explorer memory corruption vulnerability | |
| MITRE:28865 | Internet Explorer memory corruption vulnerability | |
| MITRE:27899 | Internet Explorer memory corruption vulnerability | |
| MITRE:27908 | Internet Explorer memory corruption vulnerability | |
| MITRE:28895 | Internet Explorer memory corruption vulnerability | |
| MITRE:28574 | Internet Explorer memory corruption vulnerability | |
| MITRE:28704 | Internet Explorer memory corruption vulnerability | |
| MITRE:28709 | Internet Explorer memory corruption vulnerability | |
| MITRE:28783 | Internet Explorer memory corruption vulnerability | |
| MITRE:28821 | Internet Explorer ASLR bypass vulnerability | |
| MITRE:28623 | HTTP.sys Remote code execution vulnerability | |
| MITRE:28101 | EMF processing remote code execution vulnerability | |
| MITRE:28116 | ASP.NET information disclosure vulnerability | |
| MITRE:28782 | Active Directory Federation Services information disclosure vulnerability | |
| 2015-05-29 | CVE-2015-0756 | Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. |
| CVE-2015-0751 | Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. | |
| 2015-05-27 | CVE-2015-1157 | CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications... |
| 2015-05-16 | CVE-2015-0723 | The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. |
| CVE-2015-0726 | The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via... | |
| CVE-2015-0717 | Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | |
| 2015-05-15 | CVE-2015-0731 | The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. |
| 2015-05-07 | CVE-2015-1152 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a... |
| CVE-2015-1153 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a... | |
| CVE-2015-1156 | The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same... | |
| CVE-2015-1155 | The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | |
| 2015-05-01 | CVE-2014-8361 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. |
| 2015-04-29 | CVE-2015-3447 | Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. |
| 2015-04-28 | CVE-2015-0710 | The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling,... |
| CVE-2015-0709 | Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348. | |
| CVE-2015-0708 | Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956. | |
| 2015-04-27 | MITRE:27987 | WTS remote code execution vulnerability |
| MITRE:28813 | Win32k elevation of privilege vulnerability | |
| MITRE:28562 | Vulnerability in Microsoft Schannel could allow security feature bypass | |
| MITRE:28797 | VBScript memory corruption vulnerability | |
| MITRE:28780 | Task scheduler security feature bypass vulnerability | |
| MITRE:28847 | Remote desktop protocol | |
| MITRE:28816 | Registry virtualization elevation of privilege vulnerability | |
| MITRE:28811 | OWA modified canary parameter cross site scripting vulnerability | |
| MITRE:28863 | NETLOGON spoofing vulnerability | |
| MITRE:28851 | Microsoft word local zone remote code execution vulnerability | |
| MITRE:28803 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:28656 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:28667 | Microsoft windows kernel memory disclosure vulnerability | |
| MITRE:27875 | Microsoft SharePoint xss vulnerability | |
| MITRE:28658 | Microsoft SharePoint xss vulnerability | |
| MITRE:28356 | Microsoft office memory corruption vulnerability | |
| MITRE:28631 | Microsoft office component use after free vulnerability | |
| MITRE:28428 | Malformed PNG parsing information disclosure vulnerability | |
| MITRE:28675 | JPEG XR parser information disclosure vulnerability | |
| MITRE:28836 | Internet Explorer memory corruption vulnerability | |
| MITRE:28843 | Internet Explorer memory corruption vulnerability | |
| MITRE:28464 | Internet Explorer memory corruption vulnerability | |
| MITRE:28487 | Internet Explorer memory corruption vulnerability | |
| MITRE:28569 | Internet Explorer memory corruption vulnerability | |
| MITRE:28670 | Internet Explorer memory corruption vulnerability | |
| MITRE:28757 | Internet Explorer memory corruption vulnerability | |
| MITRE:28768 | Internet Explorer memory corruption vulnerability | |
| MITRE:28781 | Internet Explorer memory corruption vulnerability | |
| MITRE:28605 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28737 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28844 | Impersonation level check elevation of privilege vulnerability | |
| MITRE:28748 | ExchangeDLP cross site scripting vulnerability | |
| MITRE:28294 | Exchange forged meeting request spoofing vulnerability | |
| MITRE:27900 | Exchange error message cross site scripting vulnerability | |
| MITRE:28609 | DLL planting remote code execution vulnerability | |
| MITRE:28524 | Audit report cross site scripting vulnerability | |
| MITRE:28807 | Adobe font driver remote code execution vulnerability | |
| MITRE:28684 | Adobe font driver remote code execution vulnerability | |
| MITRE:28738 | Adobe font driver remote code execution vulnerability | |
| MITRE:28770 | Adobe font driver remote code execution vulnerability | |
| MITRE:28771 | Adobe font driver remote code execution vulnerability | |
| MITRE:28469 | Adobe font driver information disclosure vulnerability | |
| MITRE:28549 | Adobe font driver information disclosure vulnerability | |
| MITRE:28730 | Adobe font driver denial of service vulnerability | |
| 2015-04-16 | CVE-2015-0695 | Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card... |
| 2015-04-10 | CVE-2015-1126 | WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource... |
| CVE-2015-1116 | The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. | |
| CVE-2015-1125 | The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. | |
| CVE-2015-1115 | The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |
| CVE-2015-1113 | The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. | |
| CVE-2015-1106 | The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. | |
| CVE-2015-1107 | The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making... | |
| CVE-2015-1108 | The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | |
| CVE-2015-1091 | The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin... | |
| CVE-2015-1111 | Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | |
| CVE-2015-1109 | NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. | |
| CVE-2015-3003 | Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users... | |
| CVE-2015-3002 | Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port... | |
| CVE-2015-3004 | J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3... | |
| CVE-2015-1098 | iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |
| CVE-2015-1093 | FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | |
| CVE-2015-1087 | Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. | |
| CVE-2015-3005 | Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject... | |
| CVE-2015-1088 | CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | |
| CVE-2015-1090 | CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | |
| CVE-2015-1089 | CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |
| CVE-2015-1085 | AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. | |
| CVE-2015-1112 | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive... | |
| CVE-2015-1129 | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | |
| 2015-04-06 | CVE-2015-0690 | Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. |
| 2015-04-03 | CVE-2015-0688 | Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070. |
| 2015-04-02 | CVE-2015-0686 | The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID... |
| CVE-2015-0687 | The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka... | |
| CVE-2015-0685 | Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. | |
| 2015-03-30 | MITRE:28688 | Windows font driver denial of service vulnerability |
| MITRE:28764 | Windows create process elevation of privilege vulnerability | |
| MITRE:28689 | Win32k elevation of privilege vulnerability | |
| MITRE:28633 | TrueType font parsing remote code execution vulnerability | |
| MITRE:28731 | TIFF Processing information disclosure vulnerability | |
| MITRE:28598 | OneTableDocumentStream remote code execution vulnerability | |
| MITRE:28074 | Office remote code execution vulnerability | |
| MITRE:27780 | Microsoft schannel remote code execution vulnerability | |
| MITRE:28762 | Microsoft schannel remote code execution vulnerability | |
| MITRE:28668 | Microsoft Office component use after free vulnerability | |
| MITRE:28548 | Internet Explorer use-after-free vulnerability | |
| MITRE:27765 | Internet Explorer memory corruption vulnerability | |
| MITRE:27772 | Internet Explorer memory corruption vulnerability | |
| MITRE:27957 | Internet Explorer memory corruption vulnerability | |
| MITRE:27977 | Internet Explorer memory corruption vulnerability | |
| MITRE:28021 | Internet Explorer memory corruption vulnerability | |
| MITRE:28475 | Internet Explorer memory corruption vulnerability | |
| MITRE:28522 | Internet Explorer memory corruption vulnerability | |
| MITRE:28540 | Internet Explorer memory corruption vulnerability | |
| MITRE:28558 | Internet Explorer memory corruption vulnerability | |
| MITRE:28573 | Internet Explorer memory corruption vulnerability | |
| MITRE:28590 | Internet Explorer memory corruption vulnerability | |
| MITRE:28639 | Internet Explorer memory corruption vulnerability | |
| MITRE:28653 | Internet Explorer memory corruption vulnerability | |
| MITRE:28663 | Internet Explorer memory corruption vulnerability | |
| MITRE:28666 | Internet Explorer memory corruption vulnerability | |
| MITRE:28683 | Internet Explorer memory corruption vulnerability | |
| MITRE:28691 | Internet Explorer memory corruption vulnerability | |
| MITRE:28695 | Internet Explorer memory corruption vulnerability | |
| MITRE:28711 | Internet Explorer memory corruption vulnerability | |
| MITRE:28714 | Internet Explorer memory corruption vulnerability | |
| MITRE:28718 | Internet Explorer memory corruption vulnerability | |
| MITRE:28732 | Internet Explorer memory corruption vulnerability | |
| MITRE:28735 | Internet Explorer memory corruption vulnerability | |
| MITRE:28750 | Internet Explorer memory corruption vulnerability | |
| MITRE:28337 | Internet Explorer memory corruption vulnerability | |
| MITRE:28347 | Internet Explorer memory corruption vulnerability | |
| MITRE:28272 | Internet Explorer memory corruption vulnerability | |
| MITRE:28382 | Internet Explorer memory corruption vulnerability | |
| MITRE:28383 | Internet Explorer memory corruption vulnerability | |
| MITRE:28384 | Internet Explorer memory corruption vulnerability | |
| MITRE:28394 | Internet Explorer memory corruption vulnerability | |
| MITRE:28395 | Internet Explorer memory corruption vulnerability | |
| MITRE:28402 | Internet Explorer memory corruption vulnerability | |
| MITRE:28413 | Internet Explorer memory corruption vulnerability | |
| MITRE:28728 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28193 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28018 | Internet Explorer cross-domain information disclosure vulnerability | |
| MITRE:28449 | Internet Explorer ASLR bypass vulnerability | |
| MITRE:28486 | Internet Explorer ASLR bypass vulnerability | |
| MITRE:28257 | Internet Explorer ASLR bypass vulnerability | |
| MITRE:28767 | Group Policy security feature bypass vulnerability | |
| MITRE:28700 | Group Policy remote code execution vulnerability | |
| MITRE:28604 | Excel remote code execution vulnerability | |
| MITRE:28202 | CNG security feature bypass vulnerability | |
| 2015-03-27 | CVE-2015-0679 | The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. |
| CVE-2015-0658 | The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on... | |
| CVE-2015-0680 | Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. | |
| 2015-03-26 | CVE-2015-0650 | The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote... |
| CVE-2015-0645 | The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device... | |
| CVE-2015-0640 | The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device... | |
| CVE-2015-0672 | The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. | |
| CVE-2015-0639 | The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S,... | |
| CVE-2015-0635 | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA)... | |
| CVE-2015-0636 | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via... | |
| CVE-2015-0637 | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN... | |
| CVE-2015-0646 | Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of... | |
| CVE-2015-0648 | Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. | |
| CVE-2015-0641 | Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted... | |
| CVE-2015-0638 | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. | |
| CVE-2015-0647 | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. | |
| CVE-2015-0649 | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. | |
| CVE-2015-0642 | Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of... | |
| CVE-2015-0643 | Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of... | |
| CVE-2015-0644 | AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service... | |
| 2015-03-20 | CVE-2015-0669 | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN)... |
| 2015-03-18 | CVE-2015-1084 | The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. |
| 2015-03-12 | CVE-2015-1064 | Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. |
| CVE-2015-1065 | Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. | |
| CVE-2015-1063 | CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. | |
| 2015-03-09 | MITRE:28554 | Windows Telnet service buffer overflow vulnerability |
| 2015-03-05 | CVE-2015-0661 | The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. |
| CVE-2015-0598 | The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | |
| CVE-2015-0659 | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. | |
| CVE-2015-0607 | The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that... | |
| CVE-2015-0657 | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | |
| 2015-03-04 | CVE-2015-0204 | FREAK: SSL/TLS vulnerability |
| 2015-02-26 | CVE-2015-0632 | Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. |
| 2015-02-23 | MITRE:28634 | Windows Error Reporting security feature bypass vulnerability |
| MITRE:27743 | WebDAV elevation of privilege vulnerability | |
| MITRE:28297 | NLA Security Feature Bypass Vulnerability | |
| MITRE:28478 | Network policy server RADIUS implementation denial of service vulnerability | |
| MITRE:28330 | Microsoft user profile service elevation of privilege vulnerability | |
| MITRE:28664 | Graphics component information disclosure vulnerability | |
| MITRE:28717 | Directory Traversal elevation of privilege vulnerability | |
| 2015-02-21 | CVE-2015-0618 | Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with... |
| 2015-02-20 | CVE-2015-2078 | MITM installed: Superfish certificate |
| CVE-2015-2077 | MITM installed: Superfish adware | |
| 2015-02-18 | CVE-2015-0622 | The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the... |
| 2015-02-15 | CVE-2015-0609 | Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via... |
| CVE-2015-1474 | Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption)... | |
| 2015-02-12 | CVE-2015-0593 | The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. |
| 2015-02-11 | CVE-2015-0592 | The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672. |
| CVE-2015-0606 | The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. | |
| CVE-2015-0610 | Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco... | |
| CVE-2015-0608 | Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper... | |
| 2015-02-03 | CVE-2014-8013 | The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. |
| 2015-01-30 | CVE-2014-4467 | WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site. |
| CVE-2014-8840 | The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. | |
| CVE-2014-4493 | The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. | |
| CVE-2014-4494 | Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging... | |
| 2015-01-28 | CVE-2015-0586 | The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR... |
| MITRE:28438 | RHSA-2015:0092 -- glibc security update | |
| MITRE:28360 | RHSA-2015:0090 -- glibc security update | |
| MITRE:28622 | ELSA-2015-0092 -- glibc security update | |
| MITRE:28638 | ELSA-2015-0090 -- glibc security update | |
| 2015-01-26 | MITRE:28006 | Use After Free Word Remote Code Execution Vulnerability |
| MITRE:28328 | OWA XSS vulnerability () - MS14-075 | |
| MITRE:28291 | OWA XSS vulnerability () - MS14-075 | |
| MITRE:28425 | Outlook Web App token spoofing vulnerability () - MS14-075 | |
| MITRE:27937 | Microsoft Office component use after free vulnerability | |
| MITRE:28299 | Invalid index remote code execution vulnerability | |
| MITRE:27932 | Internet Explorer XSS filter bypass vulnerability | |
| MITRE:28172 | Internet Explorer XSS filter bypass vulnerability | |
| MITRE:27704 | Internet Explorer memory corruption vulnerability | |
| MITRE:28329 | Internet Explorer memory corruption vulnerability | |
| MITRE:28430 | Internet Explorer memory corruption vulnerability | |
| MITRE:28349 | Internet Explorer memory corruption vulnerability | |
| MITRE:28368 | Internet Explorer memory corruption vulnerability | |
| MITRE:28376 | Internet Explorer memory corruption vulnerability | |
| MITRE:28377 | Internet Explorer memory corruption vulnerability | |
| MITRE:28392 | Internet Explorer memory corruption vulnerability | |
| MITRE:28401 | Internet Explorer memory corruption vulnerability | |
| MITRE:28404 | Internet Explorer memory corruption vulnerability | |
| MITRE:28408 | Internet Explorer memory corruption vulnerability | |
| MITRE:28416 | Internet Explorer memory corruption vulnerability | |
| MITRE:28084 | Graphics component information disclosure vulnerability | |
| MITRE:28280 | Global free remote code execution in excel vulnerability | |
| MITRE:28415 | Exchange URL redirection vulnerability () - MS14-075 | |
| MITRE:27446 | Excel invalid pointer remote code execution vulnerability | |
| 2015-01-22 | CVE-2014-8008 | Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. |
| 2015-01-16 | CVE-2014-6383 | The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule. |
| CVE-2014-6382 | The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of... | |
| CVE-2014-6384 | Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle... | |
| CVE-2014-6386 | Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before... | |
| CVE-2014-6385 | Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1... | |
| 2015-01-09 | CVE-2015-0582 | The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. |
| 2014-12-30 | MITRE:28571 | SUSE-SU-2014:1650-1 -- Security update for flash-player |
| MITRE:28176 | SUSE-SU-2014:1623-1 -- Security update for pidgin | |
| MITRE:28044 | SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g | |
| MITRE:28499 | SUSE-SU-2014:1545-1 -- Security update for flash-player | |
| MITRE:28460 | RHSA-2014:2025 -- ntp security update | |
| MITRE:28483 | RHSA-2014:2024 -- ntp security update | |
| MITRE:28439 | RHSA-2014:2023 -- glibc security and bug fix update | |
| MITRE:28532 | RHSA-2014:2021 -- jasper security update | |
| MITRE:28630 | RHSA-2014:2010 -- kernel security update | |
| MITRE:28453 | RHSA-2014:2008 -- kernel security update | |
| MITRE:28385 | RHSA-2014:1999 -- mailx security update | |
| MITRE:27703 | RHSA-2014:1997 -- kernel security and bug fix update | |
| MITRE:28498 | RHSA-2014:1985 -- bind97 security update | |
| MITRE:28588 | RHSA-2014:1984 -- bind security update | |
| MITRE:28613 | RHSA-2014:1983 -- xorg-x11-server security update | |
| MITRE:28652 | RHSA-2014:1982 -- xorg-x11-server security update | |
| MITRE:28437 | RHSA-2014:1976 -- rpm security update | |
| MITRE:28661 | RHSA-2014:1974 -- rpm security update | |
| MITRE:28399 | RHSA-2014:1971 -- kernel security and bug fix update | |
| 2014-12-29 | MITRE:28056 | TypeFilterLevel vulnerability |
| MITRE:27794 | Microsoft schannel remote code execution vulnerability | |
| MITRE:27356 | Internet Explorer memory corruption vulnerability | |
| MITRE:27372 | Internet Explorer memory corruption vulnerability | |
| MITRE:27601 | Internet Explorer memory corruption vulnerability | |
| MITRE:28177 | Internet Explorer memory corruption vulnerability | |
| MITRE:28205 | Internet Explorer memory corruption vulnerability | |
| MITRE:28358 | Internet Explorer memory corruption vulnerability | |
| MITRE:27897 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28266 | Internet Explorer elevation of privilege vulnerability | |
| MITRE:28339 | Internet Explorer cross-domain information disclosure vulnerability. | |
| MITRE:28204 | Internet Explorer cross-domain information disclosure vulnerability | |
| MITRE:28290 | Internet Explorer cross-domain information disclosure vulnerability | |
| MITRE:28334 | Internet Explorer Clipboard Information Disclosure Vulnerability | |
| MITRE:28173 | Active Directory Federation Services information disclosure vulnerability | |
| 2014-12-22 | MITRE:28647 | ELSA-2014-3108 -- Unbreakable Enterprise kernel security update |
| MITRE:28492 | ELSA-2014-3107 -- Unbreakable Enterprise kernel security update | |
| MITRE:27915 | ELSA-2014-3106 -- Unbreakable Enterprise kernel security update | |
| MITRE:27668 | ELSA-2014-3105 -- Unbreakable Enterprise kernel security update | |
| MITRE:28482 | ELSA-2014-3104 -- Unbreakable Enterprise kernel security update | |
| MITRE:28305 | ELSA-2014-3103 -- Unbreakable Enterprise kernel security update | |
| MITRE:28192 | ELSA-2014-2025 -- ntp security update | |
| MITRE:28304 | ELSA-2014-2024 -- ntp security update | |
| MITRE:28088 | ELSA-2014-2023 -- glibc security and bug fix update | |
| MITRE:28420 | ELSA-2014-2021 -- jasper security update | |
| MITRE:28310 | ELSA-2014-2010 -- kernel security update | |
| MITRE:28616 | ELSA-2014-2008-1 -- kernel security update | |
| MITRE:28387 | ELSA-2014-2008 -- kernel security update | |
| MITRE:28324 | ELSA-2014-1999 -- mailx security update | |
| MITRE:28612 | ELSA-2014-1997 -- kernel security and bug fix update | |
| MITRE:28079 | ELSA-2014-1985 -- bind97 security update | |
| MITRE:28485 | ELSA-2014-1984 -- bind security update | |
| MITRE:28543 | ELSA-2014-1983 -- xorg-x11-server security update | |
| MITRE:28577 | ELSA-2014-1982 -- xorg-x11-server security update | |
| MITRE:28615 | ELSA-2014-1976 -- rpm security update | |
| MITRE:28261 | ELSA-2014-1974 -- rpm security update | |
| MITRE:28418 | ELSA-2014-1971 -- kernel security and bug fix update | |
| 2014-12-18 | CVE-2014-8014 | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. |
| 2014-12-17 | CVE-2014-9322 | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that... |
| 2014-12-15 | CVE-2014-8609 | The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for... |
| CVE-2014-8507 | Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary... | |
| CVE-2014-7911 | luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization,... | |
| CVE-2014-8610 | AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or... | |
| 2014-12-08 | MITRE:28472 | SUSE-SU-2014:1544-1 -- Security update for LibreOffice |
| MITRE:27600 | SUSE-SU-2014:1458-3 -- Security update for MozillaFirefox | |
| MITRE:28194 | SUSE-SU-2014:1442-1 -- Security update for flash-player | |
| MITRE:28507 | SUSE-SU-2014:1408-1 -- Security update for wget | |
| MITRE:28277 | SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK | |
| MITRE:28457 | SUSE-SU-2014:1387-1 -- Security update for OpenSSL | |
| MITRE:27526 | SUSE-SU-2014:1360-1 -- Security update for flash-player | |
| MITRE:28295 | RHSA-2014:1959 -- kernel security and bug fix update | |
| MITRE:27507 | RHSA-2014:1956 -- wpa_supplicant security update | |
| MITRE:28139 | RHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update | |
| MITRE:28459 | RHSA-2014:1924 -- thunderbird security update | |
| MITRE:27983 | RHSA-2014:1919 -- firefox security update | |
| MITRE:27935 | RHSA-2014:1912 -- ruby security update | |
| MITRE:28142 | RHSA-2014:1911 -- ruby security update | |
| MITRE:27716 | RHSA-2014:1893 -- libXfont security update | |
| MITRE:27707 | RHSA-2014:1885 -- libxml2 security update | |
| MITRE:28313 | RHSA-2014:1873 -- libvirt security and bug fix update | |
| MITRE:28435 | RHSA-2014:1870 -- libXfont security update | |
| MITRE:27610 | RHSA-2014:1861 -- mariadb security update | |
| MITRE:28389 | RHSA-2014:1859 -- mysql55-mysql security update | |
| MITRE:27895 | RHSA-2014:1846 -- gnutls security update | |
| MITRE:27992 | RHSA-2014:1843 -- kernel security and bug fix update | |
| MITRE:28039 | RHSA-2014:1827 -- kdenetwork security update | |
| MITRE:28208 | RHSA-2014:1826 -- libvncserver security update | |
| MITRE:28186 | RHSA-2014:1824 -- php security update | |
| MITRE:28374 | RHSA-2014:1803 -- mod_auth_mellon security update | |
| MITRE:27612 | RHSA-2014:1801 -- shim security update | |
| MITRE:28375 | RHSA-2014:1795 -- cups-filters security update | |
| MITRE:28326 | RHSA-2014:1768 -- php53 security update | |
| MITRE:28030 | RHSA-2014:1767 -- php security update | |
| MITRE:28354 | RHSA-2014:1764 -- wget security update | |
| MITRE:28090 | RHSA-2014:1724 -- kernel security and bug fix update | |
| MITRE:28373 | ELSA-2014-3096 -- Unbreakable Enterprise kernel security update | |
| MITRE:27549 | ELSA-2014-3095 -- docker security and bug fix update | |
| MITRE:28263 | ELSA-2014-3094 -- bash security update | |
| MITRE:27461 | ELSA-2014-3093 -- bash security update | |
| MITRE:28237 | ELSA-2014-3092 -- bash security update | |
| MITRE:27775 | ELSA-2014-1959-1 -- kernel security and bug fix update | |
| MITRE:27990 | ELSA-2014-1959 -- kernel security and bug fix update | |
| MITRE:28391 | ELSA-2014-1956 -- wpa_supplicant security update | |
| MITRE:27738 | ELSA-2014-1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update | |
| MITRE:28254 | ELSA-2014-1924 -- thunderbird security update | |
| MITRE:28112 | ELSA-2014-1919 -- firefox security update | |
| MITRE:28303 | ELSA-2014-1912 -- ruby security update | |
| MITRE:28027 | ELSA-2014-1911 -- ruby security update | |
| MITRE:28414 | ELSA-2014-1893 -- libXfont security update | |
| MITRE:28050 | ELSA-2014-1885 -- libxml2 security update | |
| MITRE:28378 | ELSA-2014-1873 -- libvirt security and bug fix update | |
| MITRE:28393 | ELSA-2014-1870 -- libXfont security update | |
| MITRE:27477 | ELSA-2014-1861 -- mariadb security update | |
| MITRE:28369 | ELSA-2014-1859 -- mysql55-mysql security update | |
| 2014-11-25 | CVE-2014-8005 | Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. |
| CVE-2014-8004 | Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | |
| 2014-11-24 | MITRE:26757 | .NET Framework remote code execution vulnerability |
| MITRE:26601 | .NET framework denial of service vulnerability | |
| MITRE:26910 | .NET ClickOnce elevation of privilege vulnerability | |
| 2014-11-18 | CVE-2014-4457 | The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time... |
| CVE-2014-4460 | CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive... | |
| CVE-2014-4451 | Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | |
| CVE-2014-4453 | Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via... | |
| CVE-2014-4463 | Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | |
| 2014-11-17 | CVE-2014-7992 | The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. |
| 2014-11-14 | CVE-2014-7997 | The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by... |
| MITRE:27974 | ELSA-2014-3089 -- Unbreakable Enterprise kernel security update | |
| MITRE:28227 | ELSA-2014-3087 -- Unbreakable Enterprise kernel security update | |
| MITRE:28219 | ELSA-2014-1827 -- kdenetwork security update | |
| CVE-2014-7998 | Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | |
| 2014-11-13 | CVE-2014-7991 | The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS... |
| 2014-11-05 | MITRE:26620 | ELSA-2014-3086 -- Unbreakable Enterprise kernel security update |
| MITRE:27236 | ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update | |
| MITRE:27227 | ELSA-2014-3083 -- Unbreakable Enterprise kernel Security update | |
| MITRE:26519 | ELSA-2014-3081 -- Unbreakable Enterprise kernel security update | |
| MITRE:27266 | ELSA-2014-3070 -- Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:27215 | ELSA-2014-3069 -- unbreakable enterprise kernel security update | |
| MITRE:26951 | ELSA-2014-3067 -- unbreakable enterprise kernel security update | |
| MITRE:27158 | ELSA-2014-3054 -- unbreakable enterprise kernel security update | |
| MITRE:26359 | ELSA-2014-3052 -- unbreakable enterprise kernel security update | |
| MITRE:26514 | ELSA-2014-3049 -- unbreakable enterprise kernel security update | |
| MITRE:27341 | ELSA-2014-3048 -- unbreakable enterprise kernel security update | |
| MITRE:27200 | ELSA-2014-3046 -- unbreakable enterprise kernel security update | |
| MITRE:27250 | ELSA-2014-3043 -- unbreakable enterprise kernel security update | |
| MITRE:27352 | ELSA-2014-3041 -- unbreakable enterprise kernel security update | |
| MITRE:27093 | ELSA-2014-3039 -- Unbreakable Enterprise kernel security update | |
| MITRE:27316 | ELSA-2014-3037 -- Unbreakable Enterprise kernel security update | |
| MITRE:26365 | ELSA-2014-3034 -- Unbreakable Enterprise kernel security update | |
| MITRE:27092 | ELSA-2014-3023 -- Unbreakable Enterprise kernel security update | |
| MITRE:27318 | ELSA-2014-3021 -- Unbreakable Enterprise kernel security update | |
| MITRE:27347 | ELSA-2014-3016 -- Unbreakable Enterprise kernel security update | |
| MITRE:26883 | ELSA-2014-3014 -- unbreakable enterprise kernel security update | |
| MITRE:27278 | ELSA-2014-3011 -- Unbreakable Enterprise kernel security update | |
| MITRE:27242 | ELSA-2014-3010 -- Unbreakable Enterprise kernel security update | |
| MITRE:26522 | ELSA-2014-3002 -- Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:27016 | ELSA-2014-1669 -- qemu-kvm security and bug fix update | |
| MITRE:26880 | ELSA-2014-1075 -- qemu-kvm security and bug fix update | |
| MITRE:27233 | ELSA-2014-1052 -- openssl security update | |
| MITRE:26804 | ELSA-2014-1004 -- yum-updatesd security update | |
| MITRE:27160 | ELSA-2014-0927 -- qemu-kvm security and bug fix update | |
| MITRE:26595 | ELSA-2014-0926-1 -- kernel security and bug fix update | |
| MITRE:26940 | ELSA-2014-0926 -- kernel security and bug fix update | |
| MITRE:27351 | ELSA-2014-0921 -- httpd security update | |
| MITRE:27060 | ELSA-2014-0920 -- httpd security update | |
| MITRE:27342 | ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update | |
| MITRE:26995 | ELSA-2014-0890 -- java-1.7.0-openjdk security update | |
| MITRE:27141 | ELSA-2014-0889 -- java-1.7.0-openjdk security update | |
| MITRE:26531 | ELSA-2014-0790 -- dovecot security update | |
| MITRE:27323 | ELSA-2014-0740-1 -- kernel security and bug fix update | |
| MITRE:27247 | ELSA-2014-0704 -- qemu-kvm security and bug fix update | |
| MITRE:27337 | ELSA-2014-0702 -- mariadb security update | |
| MITRE:27029 | ELSA-2014-0685 -- java-1.6.0-openjdk security update | |
| MITRE:27123 | ELSA-2014-0679 -- openssl security update | |
| MITRE:27331 | ELSA-2014-0675 -- java-1.7.0-openjdk security update | |
| MITRE:27296 | ELSA-2014-0433-1 -- kernel security, bug fix, and enhancement update | |
| MITRE:27275 | ELSA-2014-0285-1 -- kernel security, bug fix, and enhancement update | |
| MITRE:27232 | ELSA-2014-0108-1 -- kernel security and bug fix update | |
| MITRE:27343 | ELSA-2013-2589 -- unbreakable enterprise kernel security update | |
| MITRE:27388 | ELSA-2013-2587 -- unbreakable enterprise kernel security update | |
| MITRE:27358 | ELSA-2013-2585 -- Unbreakable Enterprise Kernel security update | |
| MITRE:27338 | ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update | |
| MITRE:27502 | ELSA-2013-2577 -- unbreakable enterprise kernel security update | |
| MITRE:27378 | ELSA-2013-2575 -- unbreakable enterprise kernel security update | |
| MITRE:26512 | ELSA-2013-2542 -- unbreakable enterprise kernel security update | |
| MITRE:27433 | ELSA-2013-2537 -- unbreakable enterprise kernel security update | |
| MITRE:27466 | ELSA-2013-2534 -- Unbreakable Enterprise kernel Security update | |
| MITRE:27622 | ELSA-2013-2520 -- Unbreakable Enterprise kernel security update | |
| MITRE:27047 | ELSA-2013-2512 -- Unbreakable Enterprise kernel Security update | |
| MITRE:27657 | ELSA-2013-2504 -- Unbreakable Enterprise kernel security update | |
| MITRE:26673 | ELSA-2013-1790-1 -- kernel security and bug fix update | |
| MITRE:27381 | ELSA-2013-1449-1 -- kernel security and bug fix update | |
| MITRE:27281 | ELSA-2013-1348-1 -- Oracle Linux 5 kernel update | |
| MITRE:27255 | ELSA-2013-1348 -- Oracle linux 5 kernel update | |
| MITRE:27491 | ELSA-2013-1292-1 -- kernel security and bug fix update | |
| MITRE:27425 | ELSA-2013-1166-1 -- kernel security and bug fix update | |
| MITRE:26661 | ELSA-2013-1034-1 -- kernel security and bug fix update | |
| MITRE:27334 | ELSA-2013-0847-1 -- kernel security and bug fix update | |
| MITRE:26901 | ELSA-2013-0747-1 -- kernel security and bug fix update | |
| MITRE:26800 | ELSA-2013-0621-1 -- kernel security update | |
| MITRE:27623 | ELSA-2013-0594-1 -- kernel security and bug fix update | |
| MITRE:27051 | ELSA-2013-0168-1 -- kernel security and bug fix update | |
| MITRE:27629 | ELSA-2012-2048 -- Unbreakable Enterprise kernel security update | |
| MITRE:26983 | ELSA-2012-2044 -- Unbreakable Enterprise kernel security update | |
| MITRE:27071 | ELSA-2012-2041 -- Unbreakable Enterprise kernel Security update | |
| MITRE:27596 | ELSA-2012-2038 -- Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:27648 | ELSA-2012-2035 -- Unbreakable Enterprise kernel security update | |
| MITRE:27735 | ELSA-2012-2026 -- Unbreakable Enterprise kernel Security update | |
| MITRE:27550 | ELSA-2012-2020 -- Unbreakable Enterprise kernel security and bugfix update | |
| MITRE:27698 | ELSA-2012-2014 -- Unbreakable Enterprise kernel security update | |
| MITRE:27249 | ELSA-2012-2007 -- Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:27914 | ELSA-2012-2003 -- Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:27842 | ELSA-2012-2001 -- Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:27375 | ELSA-2012-1540-1 -- kernel security, bug fix, and enhancement update | |
| MITRE:27812 | ELSA-2012-1445-1 -- kernel security and bug fix update | |
| MITRE:27688 | ELSA-2012-1323-1 -- kernel security and bug fix update | |
| MITRE:27535 | ELSA-2012-1174-1 -- kernel security and bug fix update | |
| MITRE:27194 | ELSA-2012-1061-1 -- kernel security and bug fix update | |
| MITRE:27635 | ELSA-2012-0721-1 -- kernel security update | |
| MITRE:27818 | ELSA-2012-0690-1 -- kernel security and bug fix update | |
| MITRE:27823 | ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update | |
| MITRE:27877 | ELSA-2012-0150-1 -- Oracle Linux 5.8 kernel security and bug update | |
| MITRE:27955 | ELSA-2011-2038 -- Unbreakable Enterprise kernel security update | |
| MITRE:27916 | ELSA-2011-2037 -- Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:28092 | ELSA-2011-2033 -- Unbreakable Enterprise kernel security update | |
| MITRE:28158 | ELSA-2011-2029 -- Unbreakable Enterprise kernel security update | |
| MITRE:28157 | ELSA-2011-2025 -- Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:28038 | ELSA-2011-2024 -- Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update | |
| MITRE:27903 | ELSA-2011-2021 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update | |
| MITRE:27518 | ELSA-2011-2019 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update | |
| MITRE:27793 | ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update | |
| MITRE:28004 | ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update | |
| MITRE:28005 | ELSA-2011-2014 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update | |
| MITRE:27959 | ELSA-2011-2010 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update | |
| MITRE:27702 | ELSA-2010-2011 -- Unbreakable enterprise kernel security and bug fix update | |
| MITRE:28028 | ELSA-2010-2010 -- kernel security update | |
| MITRE:27240 | ELSA-2010-2009 -- Oracle Linux 5 Unbreakable Enterprise kernel security fix update | |
| MITRE:27587 | ELSA-2010-2008 -- Unbreakable enterprise kernel security update | |
| 2014-10-31 | CVE-2014-3366 | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. |
| CVE-2014-3375 | Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. | |
| CVE-2014-3372 | Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | |
| CVE-2014-3373 | Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug... | |
| CVE-2014-3374 | Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. | |
| 2014-10-28 | MITRE:27022 | RHSA-2014:1669 -- qemu-kvm security and bug fix update |
| MITRE:27220 | RHSA-2013:1353 -- sudo security and bug fix update | |
| MITRE:27070 | RHSA-2013:0519 -- openssh security, bug fix and enhancement update | |
| 2014-10-25 | CVE-2014-3409 | The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. |
| 2014-10-22 | CVE-2014-4450 | The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading... |
| CVE-2014-4449 | iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2014-4448 | House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | |
| 2014-10-20 | MITRE:26378 | Unspecified vulnerability allows remote attackers to bypass Protected Mode |
| MITRE:26532 | Heap-based buffer overflow in KMPlayer 3.0.0.1441 | |
| MITRE:25633 | Arbitrary code executing via unknown vectors. | |
| MITRE:26362 | Apache Subversion vulnerability Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials | |
| MITRE:25808 | Apache Subversion vulnerability 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate | |
| 2014-10-17 | MITRE:27068 | RHSA-2014:1658: java-1.6.0-sun security update |
| MITRE:26915 | RHSA-2014:1657: java-1.7.0-oracle security update | |
| MITRE:27149 | RHSA-2014:1655: libxml2 security update | |
| MITRE:26767 | RHSA-2014:1654: rsyslog7 security update | |
| MITRE:26947 | RHSA-2014:1636: java-1.8.0-openjdk security update | |
| MITRE:27101 | RHSA-2014:1606: file security and bug fix update | |
| MITRE:26805 | RHSA-2014:1552: openssh security, bug fix, and enhancement update | |
| MITRE:26927 | RHSA-2014:1507: trousers security, bug fix, and enhancement update | |
| MITRE:26759 | RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update | |
| MITRE:27086 | RHSA-2014:1392: kernel security, bug fix, and enhancement update | |
| MITRE:26605 | RHSA-2014:1391: glibc security, bug fix, and enhancement update | |
| MITRE:26390 | RHSA-2014:1390: luci security, bug fix, and enhancement update | |
| MITRE:26917 | RHSA-2014:1389: krb5 security and bug fix update | |
| MITRE:27056 | RHSA-2014:1388: cups security and bug fix update | |
| MITRE:27084 | ELSA-2014-1652 -- openssl security update | |
| MITRE:26179 | ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update | |
| MITRE:26796 | ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update | |
| MITRE:26716 | ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update | |
| MITRE:27085 | ELSA-2014-1552 -- openssh security, bug fix, and enhancement update | |
| MITRE:26570 | ELSA-2014-1388 -- cups security and bug fix update | |
| 2014-10-16 | CVE-2014-3566 | POODLE: SSLv3 vulnerability |
| 2014-10-14 | CVE-2014-3825 | The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote... |
| CVE-2014-3818 | Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49... | |
| CVE-2014-6378 | Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5,... | |
| CVE-2014-6379 | Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2... | |
| CVE-2014-6380 | Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before... | |
| 2014-10-09 | CVE-2014-3404 | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. |
| CVE-2014-3403 | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. | |
| CVE-2014-3405 | Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct... | |
| 2014-10-08 | CVE-2014-3187 | Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device... |
| 2014-10-06 | MITRE:26275 | CSyncBasePlayer use after free vulnerability |
| 2014-10-01 | MITRE:26189 | ELSA-2014-3073 -- Unbreakable Enterprise kernel security update |
| MITRE:26806 | ELSA-2014-3072 -- Unbreakable Enterprise kernel security update | |
| MITRE:26970 | ELSA-2014-1244 -- bind97 security and bug fix update | |
| MITRE:27050 | ELSA-2014-1166 -- jakarta-commons-httpclient security update | |
| MITRE:26892 | ELSA-2014-1148 -- squid security update | |
| MITRE:26644 | ELSA-2014-1147 -- squid security update | |
| 2014-09-29 | MITRE:26919 | ELSA-2014-3018 -- Unbreakable Enterprise kernel security update |
| 2014-09-26 | MITRE:26718 | RHSA-2014:1255: krb5 security update |
| MITRE:26451 | RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update | |
| MITRE:26777 | RHSA-2014:1245: krb5 security and bug fix update | |
| MITRE:26030 | RHSA-2014:1244: bind97 security and bug fix update | |
| MITRE:26641 | RHSA-2014:1243: automake security update | |
| MITRE:26851 | RHSA-2014:1194: conga security and bug fix update | |
| 2014-09-25 | CVE-2014-3355 | The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via... |
| CVE-2014-3356 | The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via... | |
| CVE-2014-3361 | The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071. | |
| CVE-2014-3359 | Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or... | |
| CVE-2014-3358 | Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface... | |
| CVE-2014-3357 | Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug... | |
| CVE-2014-3360 | Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service... | |
| CVE-2014-3354 | Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a... | |
| CVE-2014-6271 | Bash environment variables code injection | |
| CVE-2014-7169 | Bash environment variables code injection | |
| 2014-09-20 | CVE-2014-3378 | tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. |
| CVE-2014-3377 | snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | |
| CVE-2014-3376 | Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | |
| 2014-09-18 | CVE-2014-4409 | WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. |
| CVE-2014-4362 | The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | |
| CVE-2014-4361 | The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | |
| CVE-2014-4423 | The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | |
| CVE-2014-4368 | The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | |
| CVE-2014-4363 | Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509... | |
| CVE-2014-4386 | Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | |
| CVE-2014-4353 | Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | |
| CVE-2014-4374 | NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |
| CVE-2014-4366 | Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |
| CVE-2014-4384 | Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | |
| CVE-2014-4367 | Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |
| CVE-2014-4354 | Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | |
| CVE-2014-4356 | Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | |
| CVE-2014-4352 | Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | |
| 2014-09-11 | CVE-2014-3342 | The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. |
| CVE-2014-3363 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. | |
| 2014-09-10 | CVE-2014-3343 | Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. |
| 2014-09-08 | MITRE:25066 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity |
| MITRE:25224 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity | |
| MITRE:24828 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity | |
| MITRE:25160 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability | |
| MITRE:24806 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability | |
| MITRE:25136 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity | |
| MITRE:25273 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality | |
| MITRE:24827 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality | |
| 2014-09-04 | CVE-2014-3353 | Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. |
| 2014-08-18 | MITRE:24871 | Windows journal remote code execution vulnerability |
| 2014-08-12 | CVE-2014-3338 | The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via... |
| 2014-08-11 | CVE-2014-3327 | The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. |
| CVE-2014-3332 | Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. | |
| 2014-08-06 | MITRE:26284 | SUSE-SU-2014:0905-1 -- Security update for Mozilla Firefox |
| 2014-08-05 | MITRE:26186 | RHSA-2014:1004: yum-updatesd security update |
| MITRE:26244 | RHSA-2013-1605: glibc security, bug fix, and enhancement update | |
| MITRE:26218 | RHSA-2012:0884: openssh security, bug fix, and enhancement update | |
| 2014-07-28 | MITRE:25091 | RHSA-2014:0927: qemu-kvm security and bug fix update |
| 2014-07-21 | MITRE:24567 | SharePoint Page Content Vulnerabilities () - MS14-022 |
| 2014-07-15 | MITRE:25349 | SUSE-SU-2014:0727-1 -- Security update for Mozilla Firefox |
| MITRE:25341 | SUSE-SU-2014:0665-2 -- Security update for Mozilla Firefox | |
| MITRE:25916 | SUSE-SU-2013:1183-1 -- Security update for xorg-x11 | |
| MITRE:26212 | SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox | |
| MITRE:25815 | SUSE-SU-2013:0306-1 -- Security update for Mozilla Firefox | |
| MITRE:25898 | SUSE-RU-2013:0703-2 -- Recommended update for ksh | |
| MITRE:25231 | SUSE-RU-2013:0634-1 -- Recommended update for Xorg | |
| 2014-07-14 | CVE-2014-3319 | Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. |
| CVE-2014-3317 | Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. | |
| 2014-07-11 | CVE-2014-3815 | Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. |
| CVE-2014-3822 | Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service... | |
| CVE-2014-3817 | Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote... | |
| CVE-2014-3816 | Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before... | |
| CVE-2014-3819 | Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4,... | |
| CVE-2014-3821 | Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote... | |
| 2014-07-10 | CVE-2014-3316 | The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. |
| CVE-2014-3318 | Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. | |
| CVE-2014-3315 | Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka... | |
| 2014-07-09 | CVE-2014-3309 | The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka... |
| 2014-07-02 | CVE-2014-3100 | Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended... |
| 2014-07-01 | CVE-2014-1345 | WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. |
| CVE-2014-1349 | Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. | |
| CVE-2014-1351 | Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. | |
| CVE-2014-1350 | Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. | |
| CVE-2014-1348 | Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive... | |
| CVE-2014-1360 | Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. | |
| CVE-2014-1353 | Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application,... | |
| CVE-2014-1352 | Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. | |
| CVE-2014-1354 | CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via... | |
| 2014-06-25 | CVE-2014-3299 | Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. |
| 2014-06-14 | CVE-2014-3290 | The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a... |
| CVE-2014-3295 | The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. | |
| 2014-06-13 | CVE-2014-3813 | Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors... |
| CVE-2014-3814 | The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the... | |
| 2014-06-10 | CVE-2014-3292 | The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. |
| CVE-2014-3287 | SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL,... | |
| 2014-06-08 | CVE-2014-3291 | Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling,... |
| 2014-06-02 | MITRE:24712 | Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols |
| MITRE:24520 | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | |
| MITRE:24523 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT | |
| MITRE:24709 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI | |
| MITRE:24672 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D | |
| MITRE:24441 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security | |
| MITRE:24676 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT | |
| MITRE:24510 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound | |
| MITRE:24502 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | |
| MITRE:23723 | The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened,... | |
| 2014-05-25 | CVE-2013-1191 | Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management... |
| CVE-2014-2200 | Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID... | |
| CVE-2014-3284 | Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | |
| 2014-05-20 | CVE-2014-3269 | The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. |
| CVE-2014-3273 | The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | |
| CVE-2014-3270 | The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. | |
| CVE-2014-3271 | The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | |
| CVE-2013-6975 | Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | |
| 2014-05-19 | MITRE:24283 | Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server |
| MITRE:24101 | Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server | |
| 2014-05-16 | CVE-2014-3263 | The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. |
| CVE-2014-3262 | The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet... | |
| 2014-05-13 | CVE-2010-4832 | Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate... |
| 2014-05-07 | CVE-2014-0684 | Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. |
| 2014-05-05 | MITRE:24405 | Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products |
| MITRE:24141 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| 2014-04-29 | CVE-2014-2183 | The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. |
| CVE-2014-2184 | The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | |
| CVE-2014-2185 | The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | |
| CVE-2013-7373 | Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | |
| 2014-04-28 | MITRE:23940 | Apache Subversion vulnerability before 1.7.15 and 1.8.x before 1.8.6 in VisualSVN Server allows remote attackers to cause a denial of service |
| MITRE:23340 | Apache Subversion vulnerability 1.8.0 through 1.8.2 in VisualSVN Server | |
| MITRE:24245 | Apache Subversion vulnerability 1.8.0 through 1.8.1 in VisualSVN Server allows to split "pack file" in the repository | |
| MITRE:24277 | Apache Subversion vulnerability 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4 in VisualSVN Server allows remote attackers to cause a denial of service | |
| MITRE:24294 | Apache Subversion vulnerability 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 in VisualSVN Server allows remote attackers to bypass intended access restrictions and possibly cause a denial of service | |
| MITRE:23774 | Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |
| 2014-04-24 | CVE-2012-3946 | Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the... |
| CVE-2012-5723 | Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. | |
| 2014-04-23 | CVE-2012-1317 | The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. |
| CVE-2012-4658 | The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. | |
| CVE-2012-5032 | The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or... | |
| CVE-2012-5039 | The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. | |
| CVE-2012-5037 | The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | |
| CVE-2012-0360 | Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. | |
| CVE-2012-5427 | Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. | |
| CVE-2012-4651 | Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. | |
| CVE-2012-5044 | Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. | |
| CVE-2012-5014 | Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436. | |
| CVE-2012-5017 | Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. | |
| CVE-2012-3062 | Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID... | |
| CVE-2012-1366 | Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. | |
| CVE-2012-4638 | Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. | |
| CVE-2012-5036 | Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | |
| 2014-04-15 | CVE-2014-2842 | Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. |
| 2014-04-14 | CVE-2014-0612 | Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote... |
| CVE-2014-2714 | The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows... | |
| CVE-2014-2713 | Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of... | |
| CVE-2014-0614 | Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets. | |
| CVE-2014-2711 | Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3... | |
| CVE-2014-2712 | Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before... | |
| 2014-04-11 | MITRE:24439 | RHSA-2014:0380: flash-plugin security update |
| MITRE:24718 | RHSA-2014:0376: openssl security update | |
| 2014-04-10 | REF000672 | openSSL Vulnerability: Heartbleed - unix |
| CVE-2014-0160 | openSSL Vulnerability: Heartbleed | |
| 2014-04-05 | CVE-2014-2144 | Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. |
| 2014-04-04 | CVE-2014-2143 | The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. |
| 2014-03-31 | MITRE:22065 | VBScript Memory Corruption Vulnerability () - MS14-010, MS14-011 |
| CVE-2013-6770 | The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by... | |
| 2014-03-28 | CVE-2014-2131 | The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. |
| 2014-03-27 | CVE-2014-2109 | The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. |
| CVE-2014-2112 | The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | |
| CVE-2014-2111 | The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | |
| CVE-2014-2106 | Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. | |
| CVE-2014-2113 | Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet,... | |
| CVE-2014-2107 | Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID... | |
| CVE-2014-2108 | Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. | |
| 2014-03-24 | MITRE:23928 | RHSA-2014:0289: flash-plugin security update |
| 2014-03-20 | CVE-2014-2124 | Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. |
| 2014-03-14 | CVE-2014-2292 | Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via... |
| CVE-2013-6835 | TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a... | |
| CVE-2014-1286 | SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. | |
| CVE-2014-1285 | Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. | |
| CVE-2014-1281 | Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a... | |
| CVE-2014-1276 | IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. | |
| CVE-2014-1274 | FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | |
| CVE-2014-2291 | Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows... | |
| CVE-2013-5133 | Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. | |
| 2014-03-07 | MITRE:24162 | RHSA-2014:0196: flash-plugin security update |
| 2014-03-06 | CVE-2014-0705 | The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a... |
| CVE-2014-0704 | The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device... | |
| CVE-2014-0703 | Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by... | |
| CVE-2014-0707 | Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681. | |
| CVE-2014-0706 | Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929. | |
| CVE-2014-0701 | Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high... | |
| 2014-03-03 | MITRE:22096 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE |
| MITRE:21979 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22170 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22233 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22402 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22214 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22227 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22270 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22289 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22372 | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE | |
| MITRE:22200 | Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE | |
| MITRE:22304 | Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE | |
| MITRE:21384 | Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE | |
| 2014-03-02 | CVE-2013-4710 | Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a... |
| 2014-02-26 | CVE-2014-0741 | The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command,... |
| CVE-2014-0743 | The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID... | |
| CVE-2014-0742 | The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors,... | |
| CVE-2014-0747 | The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | |
| CVE-2014-0740 | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to... | |
| 2014-02-22 | CVE-2014-0731 | The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. |
| 2014-02-20 | CVE-2014-0732 | The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct... |
| CVE-2014-0733 | The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a... | |
| CVE-2014-0734 | SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka... | |
| CVE-2014-0735 | Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug... | |
| CVE-2014-0736 | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary... | |
| 2014-02-18 | CVE-2014-2019 | The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this... |
| 2014-02-15 | REF000670 | End of Windows XP support from Microsoft |
| 2014-02-14 | MITRE:22390 | RHSA-2014:0137: flash-plugin security update |
| MITRE:22092 | RHSA-2014:0136: java-1.5.0-ibm security update | |
| MITRE:22560 | RHSA-2014:0135: java-1.6.0-ibm security update | |
| MITRE:22292 | RHSA-2014:0134: java-1.7.0-ibm security update | |
| 2014-02-13 | CVE-2014-0722 | The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka... |
| CVE-2014-0724 | The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | |
| CVE-2014-0728 | SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. | |
| CVE-2014-0726 | SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. | |
| CVE-2014-0729 | SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. | |
| CVE-2014-0727 | SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | |
| CVE-2014-0723 | Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. | |
| CVE-2014-0725 | Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | |
| 2014-02-04 | CVE-2014-0686 | Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. |
| 2014-01-28 | MITRE:22499 | RHSA-2014:0028: flash-plugin security update |
| 2014-01-23 | CVE-2013-7313 | The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database,... |
| 2014-01-22 | CVE-2014-0661 | The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a... |
| CVE-2014-0677 | The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. | |
| CVE-2014-0676 | Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | |
| 2014-01-19 | CVE-2013-3594 | The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. |
| CVE-2013-3595 | The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. | |
| CVE-2013-3606 | The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username. | |
| 2014-01-15 | CVE-2014-0613 | The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before... |
| MITRE:22006 | RHSA-2011:0926: bind security update | |
| MITRE:21913 | RHSA-2011:0918: curl security update | |
| MITRE:21435 | RHSA-2011:0885: firefox security and bug fix update | |
| MITRE:21301 | RHSA-2011:0862: subversion security update | |
| MITRE:21616 | RHSA-2011:0859: cyrus-imapd security update | |
| MITRE:21740 | RHSA-2011:0845: bind security update | |
| MITRE:21899 | RHSA-2011:0843: postfix security update | |
| MITRE:21920 | RHSA-2011:0506: rdesktop security update | |
| MITRE:21684 | RHSA-2011:0472: nss security update | |
| MITRE:21758 | RHSA-2011:0471: firefox security update | |
| MITRE:21165 | RHSA-2011:0433: xorg-x11-server-utils security update | |
| MITRE:21712 | RHSA-2011:0428: dhcp security update | |
| MITRE:21821 | RHSA-2011:0391: libvirt security update | |
| MITRE:21426 | RHSA-2011:0373: firefox security update | |
| MITRE:21856 | RHSA-2011:0337: vsftpd security update | |
| MITRE:21847 | RHSA-2011:0332: scsi-target-utils security update | |
| MITRE:21822 | RHSA-2011:0324: logwatch security update | |
| MITRE:21627 | RHSA-2011:0318: libtiff security update | |
| MITRE:21214 | RHSA-2011:0310: firefox security and bug fix update | |
| MITRE:21898 | RHSA-2011:0305: samba security update | |
| MITRE:21931 | RHSA-2011:0281: java-1.6.0-openjdk security update | |
| MITRE:21713 | RHSA-2011:0214: java-1.6.0-openjdk security update | |
| MITRE:21857 | RHSA-2011:0206: flash-plugin security update | |
| MITRE:21138 | RHSA-2011:0197: postgresql security update | |
| MITRE:21479 | RHSA-2011:0180: pango security update | |
| MITRE:21813 | RHSA-2011:0154: hplip security update | |
| CVE-2014-0617 | Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. | |
| CVE-2014-0615 | Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,... | |
| CVE-2014-0616 | Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,... | |
| 2014-01-14 | MITRE:21501 | RHSA-2012:1569: flash-plugin security update |
| MITRE:21011 | RHSA-2012:1466: java-1.6.0-ibm security update | |
| MITRE:21614 | RHSA-2012:1465: java-1.5.0-ibm security update | |
| MITRE:21660 | RHSA-2012:1431: flash-plugin security update | |
| MITRE:21594 | RHSA-2012:1346: flash-plugin security update | |
| MITRE:21334 | RHSA-2012:1245: java-1.5.0-ibm security update | |
| MITRE:21447 | RHSA-2012:1238: java-1.6.0-ibm security update | |
| MITRE:21376 | RHSA-2012:0722: flash-plugin security update | |
| MITRE:21162 | RHSA-2012:0688: flash-plugin security update | |
| MITRE:21404 | RHSA-2012:0514: java-1.6.0-ibm security update | |
| MITRE:21398 | RHSA-2012:0508: java-1.5.0-ibm security update | |
| MITRE:20413 | RHSA-2012:0144: flash-plugin security update | |
| 2014-01-10 | CVE-2014-0618 | Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote... |
| 2014-01-09 | MITRE:21081 | RHSA-2013:1818: flash-plugin security update |
| MITRE:20714 | RHSA-2013:1518: flash-plugin security update | |
| MITRE:20642 | RHSA-2013:1509: java-1.5.0-ibm security update | |
| MITRE:21240 | RHSA-2013:1508: java-1.6.0-ibm security update | |
| MITRE:21151 | RHSA-2013:1507: java-1.7.0-ibm security update | |
| MITRE:20796 | RHSA-2013:1402: Adobe Reader - notification of end of updates | |
| MITRE:20919 | RHSA-2013:1256: flash-plugin security update | |
| MITRE:21196 | RHSA-2013:1081: java-1.5.0-ibm security update | |
| MITRE:21131 | RHSA-2013:1060: java-1.7.0-ibm security update | |
| MITRE:21219 | RHSA-2013:1059: java-1.6.0-ibm security update | |
| MITRE:20942 | RHSA-2013:1035: flash-plugin security update | |
| MITRE:20910 | RHSA-2013:0941: flash-plugin security update | |
| MITRE:21241 | RHSA-2013:0855: java-1.5.0-ibm security update | |
| MITRE:20740 | RHSA-2013:0826: acroread security update | |
| MITRE:21201 | RHSA-2013:0825: flash-plugin security update | |
| MITRE:21111 | RHSA-2013:0823: java-1.6.0-ibm security update | |
| MITRE:20254 | RHSA-2013:0822: java-1.7.0-ibm security update | |
| MITRE:21078 | RHSA-2013:0730: flash-plugin security update | |
| MITRE:20806 | RHSA-2013:0643: flash-plugin security update | |
| MITRE:21040 | RHSA-2013:0626: java-1.7.0-ibm security update | |
| MITRE:21077 | RHSA-2013:0625: java-1.6.0-ibm security update | |
| MITRE:21109 | RHSA-2013:0624: java-1.5.0-ibm security update | |
| MITRE:20438 | RHSA-2013:0574: flash-plugin security update | |
| MITRE:21027 | RHSA-2013:0551: acroread security update | |
| MITRE:20801 | RHSA-2013:0254: flash-plugin security update | |
| MITRE:20926 | RHSA-2013:0243: flash-plugin security update | |
| MITRE:20442 | RHSA-2013:0150: acroread security update | |
| MITRE:21009 | RHSA-2013:0149: flash-plugin security update | |
| 2014-01-08 | CVE-2014-0653 | The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. |
| CVE-2014-0655 | The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID... | |
| CVE-2013-6982 | The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer... | |
| CVE-2014-0657 | The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a... | |
| 2013-12-27 | CVE-2013-6981 | Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. |
| 2013-12-23 | CVE-2013-6979 | The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source... |
| 2013-12-21 | CVE-2013-6978 | The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug... |
| CVE-2012-4131 | Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. | |
| CVE-2012-4135 | Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. | |
| 2013-12-18 | CVE-2013-4775 | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware... |
| CVE-2013-4776 | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. | |
| 2013-12-14 | CVE-2013-6271 | Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class... |
| 2013-12-13 | CVE-2013-6958 | Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. |
| CVE-2013-6956 | Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web... | |
| 2013-12-12 | CVE-2013-2751 | Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to... |
| CVE-2013-2752 | Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. | |
| CVE-2013-7030 | ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential... | |
| 2013-12-03 | CVE-2013-6705 | The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. |
| CVE-2013-6704 | Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. | |
| 2013-12-02 | CVE-2013-6696 | Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861. |
| 2013-11-28 | CVE-2013-6700 | The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. |
| CVE-2013-6706 | The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | |
| 2013-11-26 | MITRE:19002 | Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
| MITRE:19020 | Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:19032 | Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:18645 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | |
| MITRE:19046 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | |
| MITRE:19096 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | |
| MITRE:19101 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | |
| MITRE:19207 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | |
| MITRE:18874 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | |
| MITRE:19188 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier | |
| MITRE:18504 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:18733 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:18971 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:18990 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:19024 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:18436 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:19088 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:19150 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:19185 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:19189 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:18894 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | |
| MITRE:19039 | OpenSSL vulnerability before 1.0.0c in VisualSVN Server | |
| MITRE:19016 | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server | |
| MITRE:19081 | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server | |
| MITRE:18910 | OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server | |
| MITRE:18868 | OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server | |
| MITRE:18985 | OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server | |
| MITRE:19036 | Denial of service vulnerability in Microsoft SharePoint () - MS13-067 | |
| MITRE:18750 | Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067 | |
| MITRE:19136 | Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067 | |
| MITRE:18922 | Apache Subversion vulnerability before 1.6.17 in VisualSVN Server | |
| MITRE:18967 | Apache Subversion vulnerability before 1.6.16 in VisualSVN Server | |
| MITRE:18788 | Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server | |
| MITRE:18973 | Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server | |
| MITRE:18980 | Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server | |
| MITRE:18772 | Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server | |
| MITRE:18986 | Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server | |
| MITRE:19057 | Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server | |
| MITRE:19007 | Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server | |
| MITRE:18999 | Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server | |
| MITRE:18889 | Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server | |
| MITRE:18790 | Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server | |
| MITRE:18835 | Apache HTTP vulnerability before 2.2.25 in VisualSVN Server | |
| MITRE:18827 | Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server | |
| 2013-11-25 | MITRE:18621 | Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server |
| MITRE:18554 | Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server | |
| MITRE:18087 | Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server | |
| MITRE:18538 | Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server | |
| MITRE:18154 | Apache HTTP vulnerability before 2.2.21 in VisualSVN Server | |
| 2013-11-22 | CVE-2013-6698 | The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,... |
| CVE-2013-6694 | The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. | |
| CVE-2013-6699 | The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,... | |
| 2013-11-21 | CVE-2013-6693 | The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID... |
| CVE-2013-6692 | Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka... | |
| 2013-11-17 | CVE-2013-6686 | The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568. |
| CVE-2013-5556 | The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches... | |
| CVE-2013-5193 | The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous... | |
| CVE-2013-6688 | Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted... | |
| CVE-2013-6689 | Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | |
| 2013-11-13 | CVE-2013-6684 | The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011. |
| CVE-2013-6683 | The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904. | |
| CVE-2013-5552 | Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID... | |
| 2013-11-11 | MITRE:18997 | The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site |
| 2013-11-07 | CVE-2013-5565 | The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. |
| CVE-2013-5553 | Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383. | |
| CVE-2013-5566 | Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874. | |
| 2013-11-05 | CVE-2013-6618 | jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. |
| 2013-10-31 | CVE-2013-5546 | The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,... |
| CVE-2013-5545 | The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. | |
| CVE-2013-5548 | The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. | |
| CVE-2013-5555 | Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. | |
| CVE-2013-5547 | Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. | |
| CVE-2013-5543 | Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by... | |
| 2013-10-28 | CVE-2013-6012 | Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote... |
| CVE-2013-6014 | Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when... | |
| 2013-10-24 | CVE-2013-5549 | Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6... |
| CVE-2013-5522 | Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | |
| 2013-10-23 | CVE-2013-5162 | Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. |
| CVE-2013-5144 | Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain... | |
| CVE-2013-5164 | Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. | |
| 2013-10-19 | CVE-2013-6027 | Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to... |
| 2013-10-17 | CVE-2013-6015 | Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a... |
| CVE-2013-6170 | Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing... | |
| CVE-2013-4689 | J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site... | |
| CVE-2013-6013 | Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might... | |
| 2013-10-14 | MITRE:18318 | Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066 |
| 2013-10-13 | CVE-2012-4097 | The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043. |
| CVE-2012-4099 | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. | |
| CVE-2012-4121 | Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | |
| CVE-2012-4077 | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | |
| CVE-2012-4076 | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. | |
| 2013-10-10 | CVE-2013-5499 | The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822. |
| CVE-2013-5527 | The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. | |
| CVE-2013-5528 | Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug... | |
| 2013-10-05 | CVE-2012-4091 | The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. |
| CVE-2012-4090 | The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | |
| CVE-2012-4122 | The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | |
| CVE-2012-4098 | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. | |
| CVE-2012-4141 | Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. | |
| CVE-2012-4075 | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. | |
| 2013-10-03 | CVE-2013-5519 | Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. |
| 2013-10-02 | CVE-2013-5503 | The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413. |
| 2013-09-30 | CVE-2013-5516 | The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka... |
| 2013-09-27 | CVE-2013-5476 | The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID... |
| CVE-2013-5477 | The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. | |
| CVE-2013-5498 | The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | |
| CVE-2013-5481 | The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. | |
| CVE-2013-5472 | The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of... | |
| CVE-2013-5480 | The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. | |
| CVE-2013-5479 | The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. | |
| CVE-2013-5474 | Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug... | |
| CVE-2013-5160 | Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button... | |
| CVE-2013-5161 | Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened... | |
| CVE-2013-5473 | Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. | |
| CVE-2013-5478 | Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. | |
| CVE-2013-5475 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID... | |
| 2013-09-19 | CVE-2013-1037 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
| CVE-2013-1038 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1039 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1040 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1041 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1042 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1043 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1044 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1045 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1046 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-1047 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-5125 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-5126 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-5127 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-5128 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... | |
| CVE-2013-5159 | WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | |
| CVE-2013-5157 | The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | |
| CVE-2013-5156 | The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct... | |
| CVE-2013-5158 | The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified... | |
| CVE-2013-5154 | The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a... | |
| CVE-2013-5155 | The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | |
| CVE-2013-1121 | The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. | |
| CVE-2013-5149 | The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification... | |
| CVE-2013-5141 | The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer... | |
| CVE-2013-5142 | The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | |
| CVE-2013-5140 | The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |
| CVE-2011-2391 | The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. | |
| CVE-2013-5139 | The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | |
| CVE-2013-5150 | The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | |
| CVE-2013-5153 | Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |
| CVE-2013-1036 | Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |
| CVE-2013-5147 | Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of... | |
| CVE-2013-5129 | Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | |
| CVE-2013-5151 | Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | |
| CVE-2013-5152 | Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | |
| CVE-2013-5145 | kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |
| CVE-2013-5137 | IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | |
| CVE-2013-5138 | IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | |
| CVE-2013-0957 | Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | |
| CVE-2013-5131 | Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| 2013-09-16 | CVE-2013-1028 | The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive... |
| CVE-2013-5496 | Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. | |
| CVE-2013-1026 | Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |
| CVE-2013-1025 | Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. | |
| 2013-09-13 | CVE-2013-5649 | Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary... |
| 2013-09-09 | MITRE:16762 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
| MITRE:17187 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17252 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17298 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17300 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17009 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17561 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17572 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17601 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17604 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17621 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17123 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17143 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17407 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:16907 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17359 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17396 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17400 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17441 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17466 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:16768 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16780 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17184 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17199 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17224 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17237 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17246 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17264 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17269 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17272 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17288 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16986 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17559 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17562 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17575 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17582 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16532 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16588 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16983 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17507 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17516 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17518 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17523 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17524 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17530 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17539 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17544 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17546 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17548 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16626 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16638 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17064 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17081 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17144 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17163 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16874 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:16891 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17336 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17342 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17352 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17357 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17377 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17384 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17393 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17433 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17437 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17445 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17463 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17467 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17478 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17481 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| MITRE:17263 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17068 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17138 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17365 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17368 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17469 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17475 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17212 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17203 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17207 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17208 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17211 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17317 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17020 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17051 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17483 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:16714 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:16724 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17076 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17084 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17133 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17170 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:16865 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17340 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17355 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17362 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17370 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17383 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17401 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17444 | WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| MITRE:17241 | WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory... | |
| MITRE:17072 | WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or... | |
| MITRE:16788 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17218 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17222 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16730 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17191 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17247 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17250 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17254 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17280 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17299 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17312 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16568 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16959 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17018 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17104 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17127 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17059 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17070 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17092 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17094 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17161 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17167 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17172 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17413 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16457 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16488 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16843 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16871 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16903 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16916 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:16938 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17327 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17339 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17372 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17373 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17374 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17378 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17394 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17397 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17446 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17452 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17482 | WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... | |
| MITRE:17308 | WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service... | |
| MITRE:16756 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16795 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16826 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17185 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17204 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17271 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17276 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17282 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17287 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17297 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17302 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17319 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16994 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16941 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16974 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16980 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17048 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17486 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17488 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16678 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16726 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17057 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17060 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17082 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17128 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17152 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17156 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17158 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17168 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17169 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17174 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17419 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17427 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17429 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17431 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16862 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:16879 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17326 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17331 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17334 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17364 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17366 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17375 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17387 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17432 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17434 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17435 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17438 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17458 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17464 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17471 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17473 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... | |
| MITRE:17220 | Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service... | |
| MITRE:17099 | Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon | |
| MITRE:17367 | Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium... | |
| MITRE:17303 | Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file | |
| MITRE:17016 | Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist | |
| MITRE:16919 | CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)... | |
| MITRE:17228 | Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding | |
| MITRE:16784 | Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream | |
| MITRE:17304 | Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file | |
| MITRE:17605 | Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate | |
| MITRE:17136 | Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning | |
| MITRE:16978 | Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a... | |
| 2013-09-07 | CVE-2013-3458 | Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID... |
| 2013-08-30 | CVE-2013-3474 | The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or... |
| CVE-2013-5469 | The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN... | |
| 2013-08-29 | CVE-2013-3470 | The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. |
| CVE-2013-3463 | The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use... | |
| CVE-2013-3472 | Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,... | |
| 2013-08-26 | MITRE:17341 | TrueType Font Parsing Vulnerability |
| 2013-08-24 | CVE-2013-3460 | Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka... |
| CVE-2013-3461 | Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,... | |
| CVE-2013-3459 | Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. | |
| CVE-2013-3462 | Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified... | |
| 2013-08-22 | CVE-2013-3453 | Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP... |
| 2013-08-19 | MITRE:16998 | WMV Video Decoder remote code execution vulnerability - MS13-057 |
| MITRE:17253 | Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058 | |
| 2013-08-13 | CVE-2013-3464 | Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C... |
| 2013-08-12 | CVE-2013-4806 | The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link... |
| 2013-08-08 | CVE-2013-3454 | Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the... |
| 2013-08-05 | MITRE:17256 | Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity... |
| MITRE:16770 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17214 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:16389 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:16806 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17181 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17189 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17230 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17236 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17294 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:16580 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17042 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:16311 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17106 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:16712 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17052 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17090 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17149 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17176 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:16840 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... | |
| MITRE:17221 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect... | |
| MITRE:16545 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to... | |
| MITRE:16803 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:17206 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:16982 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:16887 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:16617 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors... | |
| MITRE:17098 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors... | |
| MITRE:17195 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability... | |
| MITRE:17265 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and... | |
| MITRE:17180 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. | |
| MITRE:16899 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. | |
| MITRE:17257 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:17116 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:17192 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | |
| MITRE:17069 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to... | |
| MITRE:17202 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:17014 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors... | |
| CVE-2013-3442 | The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | |
| CVE-2013-3451 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug... | |
| CVE-2013-3450 | Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | |
| 2013-08-01 | CVE-2012-5460 | Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText... |
| 2013-07-29 | MITRE:16835 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks... |
| MITRE:17186 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated... | |
| MITRE:17266 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated... | |
| MITRE:16267 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to... | |
| MITRE:17175 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful... | |
| MITRE:16877 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network... | |
| MITRE:16395 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful... | |
| MITRE:17077 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks... | |
| MITRE:16960 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via... | |
| MITRE:16947 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks... | |
| MITRE:16825 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful... | |
| MITRE:17268 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful... | |
| MITRE:16758 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful... | |
| MITRE:16451 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via... | |
| MITRE:17255 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via... | |
| MITRE:16792 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated... | |
| MITRE:16632 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful... | |
| 2013-07-25 | CVE-2013-3414 | Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. |
| 2013-07-22 | MITRE:16375 | The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to... |
| 2013-07-19 | CVE-2013-3436 | The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy... |
| 2013-07-18 | CVE-2013-3433 | Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka... |
| CVE-2013-3434 | Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka... | |
| CVE-2013-3412 | SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | |
| CVE-2013-3404 | SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging... | |
| CVE-2013-3403 | Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged... | |
| CVE-2013-3402 | An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | |
| 2013-07-11 | CVE-2013-4686 | The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and... |
| CVE-2013-4690 | Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of... | |
| CVE-2013-4684 | flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM... | |
| CVE-2013-4687 | flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via... | |
| CVE-2013-4688 | flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. | |
| CVE-2013-4685 | Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute... | |
| 2013-07-10 | CVE-2013-3400 | The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. |
| 2013-07-09 | CVE-2013-4787 | Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does... |
| 2013-07-06 | CVE-2013-2341 | Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to... |
| CVE-2013-2340 | Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute... | |
| 2013-06-26 | CVE-2013-3382 | The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device... |
| CVE-2013-3397 | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified... | |
| 2013-06-21 | CVE-2013-3377 | Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. |
| 2013-06-18 | CVE-2013-4616 | The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier... |
| 2013-06-10 | MITRE:16168 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Swing) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect... |
| MITRE:16430 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality,... | |
| MITRE:15923 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote... | |
| MITRE:16519 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... | |
| MITRE:16581 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on... | |
| MITRE:16537 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via... | |
| MITRE:16013 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via... | |
| MITRE:15888 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... | |
| MITRE:16058 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... | |
| MITRE:16496 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... | |
| MITRE:16558 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... | |
| MITRE:15832 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... | |
| MITRE:16550 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,... | |
| MITRE:16530 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via... | |
| MITRE:16528 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... | |
| MITRE:16513 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect... | |
| MITRE:16259 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote... | |
| MITRE:15996 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers... | |
| MITRE:16312 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers... | |
| MITRE:16649 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,... | |
| MITRE:16566 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... | |
| MITRE:16613 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... | |
| MITRE:16652 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... | |
| MITRE:16680 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,... | |
| MITRE:16567 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... | |
| MITRE:16035 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... | |
| MITRE:16045 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... | |
| MITRE:16502 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier... | |
| MITRE:15733 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... | |
| 2013-06-05 | CVE-2013-3954 | The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is... |
| CVE-2013-3953 | The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory... | |
| CVE-2013-3950 | Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR... | |
| CVE-2013-3948 | Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary... | |
| 2013-06-03 | MITRE:16549 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access... |
| MITRE:16564 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access... | |
| MITRE:16697 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access... | |
| MITRE:16527 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... | |
| MITRE:16578 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... | |
| MITRE:16314 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... | |
| MITRE:16688 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... | |
| MITRE:16702 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... | |
| MITRE:16446 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... | |
| MITRE:16297 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful... | |
| MITRE:16597 | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... | |
| MITRE:16684 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. | |
| MITRE:16686 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:16506 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:16685 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity... | |
| MITRE:16227 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity,... | |
| MITRE:16546 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and... | |
| MITRE:16553 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... | |
| MITRE:16538 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... | |
| MITRE:16585 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... | |
| MITRE:16602 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... | |
| MITRE:16654 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... | |
| MITRE:16043 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... | |
| MITRE:16466 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... | |
| MITRE:16544 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and... | |
| 2013-05-29 | CVE-2013-1212 | The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,... |
| CVE-2013-1209 | The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable... | |
| CVE-2013-1208 | The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by... | |
| CVE-2013-1211 | Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a... | |
| CVE-2013-1213 | Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability... | |
| CVE-2013-1210 | Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by... | |
| 2013-05-27 | MITRE:16598 | Microsoft Windows Remote Desktop Client remote code execution vulnerability - MS13-029 |
| MITRE:16293 | Elevation of privilege vulnerability in Windows Defender - MS13-034 | |
| 2013-05-24 | CVE-2013-1019 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. |
| 2013-05-23 | CVE-2013-1204 | Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. |
| 2013-05-22 | CVE-2013-2842 | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. |
| 2013-05-20 | CVE-2013-0999 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
| CVE-2013-1000 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1001 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1002 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1003 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1004 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1005 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1006 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1007 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1008 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| CVE-2013-1010 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... | |
| 2013-05-15 | CVE-2013-1188 | Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. |
| 2013-05-13 | CVE-2013-1136 | The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then... |
| 2013-05-03 | CVE-2013-1234 | The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. |
| CVE-2013-1240 | The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. | |
| CVE-2013-1235 | Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly... | |
| 2013-04-29 | CVE-2013-1226 | The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098. |
| CVE-2013-1216 | Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. | |
| 2013-04-25 | CVE-2013-1215 | The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. |
| CVE-2013-1192 | The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp... | |
| CVE-2013-1178 | Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices... | |
| CVE-2013-1179 | Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to... | |
| CVE-2013-1181 | Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by... | |
| CVE-2013-1180 | Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted... | |
| 2013-04-24 | CVE-2013-1217 | The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. |
| 2013-04-18 | CVE-2013-1194 | The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via... |
| CVE-2013-1199 | Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing... | |
| 2013-04-16 | CVE-2012-5415 | Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for... |
| 2013-04-11 | CVE-2013-1150 | The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before... |
| CVE-2013-2779 | Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a... | |
| CVE-2013-1164 | Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card... | |
| CVE-2013-1166 | Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by... | |
| CVE-2013-1167 | Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not... | |
| CVE-2013-1165 | Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. | |
| CVE-2013-1152 | Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080. | |
| CVE-2013-1149 | Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall... | |
| 2013-03-28 | CVE-2013-1146 | The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. |
| CVE-2013-1143 | The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect... | |
| CVE-2013-1147 | The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote... | |
| CVE-2013-1148 | The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service... | |
| CVE-2013-1142 | Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745. | |
| CVE-2013-1144 | Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055. | |
| CVE-2013-1145 | Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP... | |
| CVE-2012-5216 | Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of... | |
| 2013-03-25 | CVE-2013-1162 | The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. |
| 2013-03-20 | CVE-2013-0980 | The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call... |
| CVE-2013-0979 | lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that... | |
| 2013-02-28 | CVE-2013-1141 | The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS... |
| 2013-02-27 | CVE-2013-1134 | The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct... |
| CVE-2013-1133 | Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused... | |
| 2013-02-25 | CVE-2013-1138 | The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386. |
| 2013-02-24 | CVE-2013-0120 | The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. |
| 2013-02-23 | CVE-2013-0879 | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have... |
| 2013-02-13 | CVE-2013-1100 | The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. |
| CVE-2013-1122 | Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. | |
| 2013-02-12 | CVE-2011-5262 | SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. |
| 2013-02-05 | CVE-2011-1350 | The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. |
| CVE-2011-1352 | The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. | |
| 2013-01-29 | CVE-2013-0948 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
| CVE-2013-0949 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0950 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0951 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0952 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0953 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0954 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0955 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0956 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0958 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0959 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0968 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2013-0974 | StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript... | |
| CVE-2013-0963 | Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an... | |
| CVE-2013-0962 | Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. | |
| 2013-01-24 | CVE-2013-1102 | The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service... |
| CVE-2013-1104 | The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. | |
| CVE-2013-1105 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device... | |
| CVE-2013-1103 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. | |
| 2013-01-19 | CVE-2012-6396 | Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces... |
| 2013-01-18 | CVE-2012-5717 | Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID... |
| CVE-2012-6395 | Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors,... | |
| 2012-12-21 | CVE-2012-0841 | libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. |
| 2012-12-19 | CVE-2012-5991 | screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type... |
| CVE-2012-5992 | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts... | |
| CVE-2012-6007 | Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter,... | |
| 2012-12-10 | CVE-2012-6301 | The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. |
| 2012-11-30 | CVE-2012-4221 | Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an... |
| CVE-2012-4222 | drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses... | |
| CVE-2012-4220 | diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference)... | |
| 2012-11-27 | CVE-2012-5134 | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or... |
| 2012-11-26 | MITRE:15395 | Reflected XSS Vulnerability - MS12-070 |
| 2012-11-14 | CVE-2012-2619 | The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service... |
| 2012-11-03 | CVE-2012-3750 | The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. |
| CVE-2012-3749 | The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a... | |
| CVE-2012-3748 | Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | |
| 2012-10-29 | CVE-2012-4660 | The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5... |
| CVE-2012-4643 | The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before... | |
| CVE-2012-4662 | The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before... | |
| CVE-2012-4663 | The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before... | |
| CVE-2012-4659 | The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before... | |
| CVE-2012-4661 | Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before... | |
| 2012-10-11 | CVE-2012-5112 | Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. |
| 2012-10-07 | CVE-2011-3918 | The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application. |
| 2012-09-26 | CVE-2012-3949 | The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS,... |
| CVE-2012-4618 | The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183. | |
| CVE-2012-4619 | The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123. | |
| CVE-2012-3950 | The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS... | |
| CVE-2012-4623 | The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a... | |
| CVE-2012-4621 | The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049. | |
| CVE-2012-4617 | The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed... | |
| CVE-2012-2889 | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | |
| CVE-2012-4622 | Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error... | |
| CVE-2012-4620 | Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug... | |
| 2012-09-20 | CVE-2012-3747 | WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2012-3746 | UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. | |
| CVE-2012-3743 | The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. | |
| CVE-2012-3722 | The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service... | |
| CVE-2012-3741 | The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step... | |
| CVE-2012-3737 | The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. | |
| CVE-2012-3740 | The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |
| CVE-2012-3735 | The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the... | |
| CVE-2012-3736 | The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | |
| CVE-2012-3739 | The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. | |
| CVE-2012-3728 | The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. | |
| CVE-2012-3738 | The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime... | |
| CVE-2012-3725 | The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information... | |
| CVE-2012-3729 | The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a... | |
| CVE-2012-3744 | Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating... | |
| CVE-2012-3742 | Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the... | |
| CVE-2012-3734 | Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. | |
| CVE-2012-3745 | Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. | |
| CVE-2012-3733 | Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain... | |
| CVE-2012-3732 | Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. | |
| CVE-2012-3731 | Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |
| CVE-2012-3730 | Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a... | |
| CVE-2012-3726 | Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | |
| CVE-2012-3724 | CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived... | |
| CVE-2012-3727 | Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | |
| 2012-09-17 | CVE-2012-2993 | Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an... |
| 2012-09-16 | CVE-2012-3924 | The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a... |
| CVE-2012-3923 | The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a... | |
| CVE-2012-3893 | The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. | |
| CVE-2012-3915 | The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. | |
| CVE-2012-3051 | Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. | |
| CVE-2012-3895 | Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. | |
| CVE-2012-3079 | Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957. | |
| 2012-09-13 | CVE-2012-3606 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
| CVE-2012-3607 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2012-3621 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2012-3632 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2012-3687 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| CVE-2012-3701 | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... | |
| 2012-08-31 | CVE-2012-2870 | libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not... |
| CVE-2012-2871 | libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or... | |
| 2012-08-20 | MITRE:14783 | ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045 |
| 2012-08-06 | CVE-2012-2857 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a... |
| CVE-2012-1367 | The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka... | |
| CVE-2012-1357 | The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. | |
| CVE-2012-2474 | Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN... | |
| CVE-2012-2469 | Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP)... | |
| CVE-2012-1361 | Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. | |
| CVE-2012-1344 | Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka... | |
| CVE-2012-1338 | Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. | |
| CVE-2012-1350 | Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. | |
| CVE-2012-2472 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU... | |
| 2012-06-27 | CVE-2012-2824 | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. |
| CVE-2012-2807 | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via... | |
| 2012-06-25 | MITRE:15621 | GDI+ Record Type Vulnerability |
| 2012-06-20 | CVE-2012-3058 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause... |
| 2012-05-31 | CVE-2012-2488 | Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. |
| 2012-05-15 | CVE-2011-3102 | Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. |
| 2012-05-08 | CVE-2012-0672 | WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| CVE-2012-0674 | Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | |
| 2012-05-03 | CVE-2012-0376 | The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. |
| CVE-2012-1324 | Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534. | |
| CVE-2011-4023 | Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682. | |
| CVE-2011-4019 | Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs... | |
| CVE-2012-1327 | dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S,... | |
| CVE-2011-4231 | Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. | |
| CVE-2012-0378 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect... | |
| 2012-05-02 | CVE-2011-4016 | The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID... |
| CVE-2011-3295 | The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888. | |
| CVE-2011-2586 | The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249. | |
| CVE-2012-0362 | The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network... | |
| CVE-2011-4006 | The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565. | |
| CVE-2011-2578 | Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366. | |
| CVE-2011-3285 | CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks... | |
| CVE-2011-4015 | Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. | |
| CVE-2011-4007 | Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2)... | |
| CVE-2011-3289 | Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640. | |
| CVE-2012-0339 | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client,... | |
| CVE-2012-0338 | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka... | |
| CVE-2011-4012 | Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091. | |
| CVE-2011-3309 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE... | |
| CVE-2012-0335 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a... | |
| 2012-04-27 | CVE-2012-2439 | The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. |
| 2012-04-02 | MITRE:15075 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and... |
| MITRE:15069 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. | |
| MITRE:14878 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote... | |
| MITRE:14082 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start... | |
| MITRE:14900 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start... | |
| MITRE:14813 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start... | |
| MITRE:14942 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect... | |
| MITRE:13976 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start... | |
| 2012-03-30 | CVE-2011-3058 | Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. |
| 2012-03-29 | CVE-2012-1314 | The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. |
| CVE-2012-0386 | The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse... | |
| CVE-2012-0385 | The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051. | |
| CVE-2012-1311 | The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets,... | |
| CVE-2012-0382 | The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote... | |
| CVE-2012-1312 | The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226. | |
| CVE-2012-0381 | The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of... | |
| CVE-2012-1310 | Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536. | |
| CVE-2012-1315 | Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171. | |
| CVE-2012-0383 | Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation... | |
| CVE-2012-0387 | Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug... | |
| CVE-2012-0388 | Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID... | |
| CVE-2012-0384 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow... | |
| 2012-03-14 | CVE-2012-0353 | The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3... |
| CVE-2012-0354 | The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before... | |
| CVE-2012-0355 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service... | |
| CVE-2012-0356 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8),... | |
| CVE-2012-0358 | Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before... | |
| 2012-03-08 | CVE-2012-0613 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
| CVE-2012-0614 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0615 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0635 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2011-2833 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2011-2867 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2011-2868 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2011-2869 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2011-2870 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2011-2871 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2011-2872 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2011-2873 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0591 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0592 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0593 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0594 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0595 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0596 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0597 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0598 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0599 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0600 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0601 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0602 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0603 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0604 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0605 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0606 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0607 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0608 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0609 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0610 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0611 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0612 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0616 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0617 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0618 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0619 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0620 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0621 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0622 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0623 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0624 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0625 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0626 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0627 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0628 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0629 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0630 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0631 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0632 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0633 | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... | |
| CVE-2012-0585 | The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method. | |
| CVE-2012-0643 | The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. | |
| CVE-2012-0645 | Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to... | |
| CVE-2012-0644 | Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | |
| CVE-2012-0642 | Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image. | |
| CVE-2012-0646 | Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | |
| CVE-2012-0590 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. | |
| CVE-2012-0586 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588,... | |
| CVE-2012-0587 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588,... | |
| CVE-2012-0588 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,... | |
| CVE-2012-0589 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,... | |
| CVE-2012-0641 | CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. | |
| 2012-02-29 | CVE-2012-0368 | The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device... |
| CVE-2011-4487 | SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and... | |
| CVE-2012-0369 | Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID... | |
| CVE-2012-0371 | Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. | |
| CVE-2012-0370 | Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2)... | |
| CVE-2011-4486 | Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before... | |
| 2012-02-24 | CVE-2012-0363 | The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a... |
| CVE-2012-0365 | Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload... | |
| CVE-2012-0364 | Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. | |
| 2012-02-16 | CVE-2012-0352 | Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote... |
| 2012-01-30 | MITRE:14309 | Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ. |
| MITRE:14650 | Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. | |
| MITRE:14489 | Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of... | |
| MITRE:13796 | Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7. | |
| MITRE:14634 | Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka... | |
| MITRE:14725 | IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. | |
| MITRE:14203 | Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR... | |
| MITRE:14238 | Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are... | |
| MITRE:14822 | Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party... | |
| MITRE:14348 | Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share... | |
| 2012-01-27 | CVE-2011-3874 | Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand... |
| 2012-01-25 | CVE-2011-4276 | The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. |
| 2012-01-16 | MITRE:14282 | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
| MITRE:13357 | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14092 | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14101 | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14276 | Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |
| MITRE:14340 | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14354 | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14208 | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. | |
| MITRE:13959 | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:13662 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to... | |
| MITRE:14492 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:14339 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:14394 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:14465 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown... | |
| MITRE:14316 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to... | |
| MITRE:14373 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to... | |
| MITRE:14524 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to... | |
| MITRE:14180 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to... | |
| MITRE:13885 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:14210 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |
| MITRE:14288 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via... | |
| MITRE:14105 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via... | |
| MITRE:13971 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via... | |
| MITRE:13492 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | |
| MITRE:14061 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | |
| MITRE:14321 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability... | |
| MITRE:13803 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability... | |
| MITRE:14351 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... | |
| MITRE:13552 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java... | |
| MITRE:14417 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets... | |
| MITRE:14045 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:13639 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:14233 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:14034 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:14403 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and... | |
| MITRE:13546 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,... | |
| MITRE:14039 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,... | |
| MITRE:14119 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,... | |
| MITRE:14271 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows... | |
| MITRE:13888 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via... | |
| MITRE:14011 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start... | |
| MITRE:14240 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... | |
| MITRE:14081 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... | |
| MITRE:14112 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... | |
| MITRE:14225 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... | |
| MITRE:14335 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... | |
| MITRE:14477 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:14174 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and... | |
| MITRE:14475 | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.... | |
| MITRE:13923 | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the... | |
| MITRE:13795 | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14453 | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14350 | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14144 | Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. ... | |
| MITRE:14503 | Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... | |
| MITRE:14521 | Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |
| MITRE:13934 | Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via... | |
| MITRE:14328 | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other... | |
| MITRE:13317 | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality,... | |
| 2011-11-22 | CVE-2011-4500 | The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. |
| CVE-2011-4499 | The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish... | |
| 2011-11-11 | CVE-2011-3440 | The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. |
| CVE-2011-3442 | The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. | |
| CVE-2011-3441 | libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | |
| CVE-2011-3439 | FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. | |
| 2011-11-03 | CVE-2011-4005 | Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and... |
| 2011-11-01 | CVE-2011-0941 | Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory... |
| 2011-10-27 | CVE-2011-3315 | Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP... |
| CVE-2011-2569 | Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008,... | |
| 2011-10-21 | CVE-2011-2060 | The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description,... |
| CVE-2011-2059 | The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a... | |
| CVE-2011-1640 | The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug... | |
| CVE-2011-2058 | The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors... | |
| CVE-2011-2057 | The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which... | |
| 2011-10-16 | CVE-2010-4964 | recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. |
| CVE-2010-4965 | /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | |
| 2011-10-14 | CVE-2011-3434 | The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. |
| CVE-2011-3432 | The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. | |
| CVE-2011-3430 | The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by... | |
| CVE-2011-3429 | The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. | |
| CVE-2011-3245 | The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | |
| CVE-2011-3259 | The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many... | |
| CVE-2011-3431 | The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. | |
| CVE-2011-3427 | The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or... | |
| CVE-2011-3257 | The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances... | |
| CVE-2011-3256 | FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via... | |
| CVE-2011-3261 | Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. | |
| CVE-2011-3243 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | |
| CVE-2011-3426 | Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. | |
| CVE-2011-3254 | Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | |
| CVE-2011-3246 | CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a... | |
| CVE-2011-3255 | CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | |
| CVE-2011-3253 | CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | |
| CVE-2011-3260 | Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. | |
| 2011-10-06 | CVE-2011-3296 | Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via... |
| CVE-2011-3297 | Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by... | |
| CVE-2011-3304 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before... | |
| CVE-2011-3303 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before... | |
| CVE-2011-3299 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3... | |
| CVE-2011-3300 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3... | |
| CVE-2011-3301 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3... | |
| CVE-2011-3302 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3... | |
| CVE-2011-3298 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before... | |
| 2011-10-03 | CVE-2011-3271 | Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165. |
| CVE-2011-3278 | Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka... | |
| CVE-2011-3277 | Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka... | |
| CVE-2011-3276 | Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port... | |
| CVE-2011-3281 | Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID... | |
| CVE-2011-0939 | Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022. | |
| CVE-2011-3282 | Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related... | |
| CVE-2011-3274 | Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet,... | |
| CVE-2011-3270 | Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453. | |
| CVE-2011-3279 | The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219. | |
| CVE-2011-0946 | The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS)... | |
| CVE-2011-3272 | The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073. | |
| CVE-2011-3280 | Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port... | |
| CVE-2011-0945 | Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to... | |
| CVE-2011-3273 | Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka... | |
| CVE-2011-2072 | Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of... | |
| CVE-2011-3275 | Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504. | |
| CVE-2011-0944 | Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194. | |
| CVE-2011-3975 | A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote... | |
| 2011-09-23 | CVE-2011-2544 | Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant... |
| CVE-2011-2543 | Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long... | |
| 2011-09-14 | CVE-2011-2581 | The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which... |
| 2011-08-31 | CVE-2011-2577 | Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted... |
| 2011-08-29 | CVE-2011-2563 | Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause... |
| CVE-2011-2564 | Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause... | |
| CVE-2011-2562 | Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service... | |
| CVE-2011-2561 | The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a... | |
| CVE-2011-2560 | The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by... | |
| CVE-2011-0228 | The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL... | |
| CVE-2011-1643 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by... | |
| 2011-08-18 | CVE-2011-1625 | Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing... |
| CVE-2011-1624 | Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631. | |
| 2011-08-15 | MITRE:12441 | Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability |
| 2011-08-12 | CVE-2011-2357 | Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the... |
| 2011-08-01 | MITRE:12664 | XML External Entities Resolution Vulnerability |
| 2011-07-28 | CVE-2011-2549 | Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695. |
| CVE-2011-2547 | The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. | |
| CVE-2011-2546 | SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669. | |
| 2011-07-19 | CVE-2011-0227 | The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. |
| CVE-2011-0226 | Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial... | |
| 2011-07-11 | CVE-2011-2064 | Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577. |
| 2011-07-08 | CVE-2011-2344 | Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums... |
| 2011-06-09 | CVE-2011-1823 | The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that... |
| CVE-2010-4804 | The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | |
| 2011-06-08 | CVE-2011-2395 | The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is... |
| 2011-05-31 | CVE-2011-1651 | Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095. |
| CVE-2011-0943 | Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147. | |
| CVE-2011-0949 | Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417. | |
| 2011-05-30 | MITRE:12673 | Scripting Memory Reallocation Vulnerability |
| MITRE:12457 | MFC Insecure Library Loading Vulnerability | |
| 2011-05-09 | MITRE:12367 | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
| 2011-05-03 | CVE-2011-1613 | Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets,... |
| CVE-2011-1605 | Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process... | |
| CVE-2011-1606 | Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process... | |
| CVE-2011-1609 | SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL... | |
| CVE-2011-1610 | Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2,... | |
| CVE-2011-1604 | Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption... | |
| CVE-2011-1607 | Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to... | |
| 2011-04-25 | MITRE:12514 | Vulnerability in Microsoft Internet Explorer Could Allow GUI Corruption |
| MITRE:12519 | Apple iTunes Webkit Vulnerability, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service | |
| 2011-04-21 | CVE-2011-1149 | Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to... |
| 2011-04-15 | CVE-2011-0195 | The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. |
| 2011-04-14 | CVE-2011-0935 | The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a... |
| 2011-03-11 | CVE-2011-0163 | WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site... |
| CVE-2011-0161 | WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences... | |
| CVE-2011-0160 | WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the... | |
| CVE-2011-0157 | WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs... | |
| CVE-2011-0159 | The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by... | |
| CVE-2011-0158 | MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. | |
| CVE-2011-1417 | Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory... | |
| 2011-03-10 | CVE-2011-1344 | Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary... |
| 2011-02-25 | CVE-2011-0390 | The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534. |
| CVE-2011-0378 | The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. | |
| CVE-2011-0376 | The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876. | |
| CVE-2011-0383 | The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative... | |
| CVE-2011-0384 | The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary... | |
| CVE-2011-0375 | The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. | |
| CVE-2011-0373 | The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. | |
| CVE-2011-0374 | The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. | |
| CVE-2011-0372 | The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. | |
| CVE-2011-0385 | The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite... | |
| CVE-2011-0387 | The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors... | |
| CVE-2011-0388 | Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which... | |
| CVE-2011-0389 | Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID... | |
| CVE-2011-0377 | Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP... | |
| CVE-2011-0396 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read... | |
| CVE-2011-0395 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow... | |
| CVE-2011-0393 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances... | |
| CVE-2011-0394 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances... | |
| CVE-2011-0379 | Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software... | |
| 2011-02-21 | MITRE:12333 | DSN Overflow Vulnerability |
| MITRE:12411 | ADO Record Memory Vulnerability | |
| 2011-01-31 | CVE-2011-0680 | data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in... |
| 2011-01-28 | CVE-2011-0349 | Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID... |
| CVE-2011-0350 | Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID... | |
| CVE-2011-0348 | Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass... | |
| 2011-01-24 | MITRE:12289 | TIFF Image Converter Memory Corruption Vulnerability |
| MITRE:11827 | TIFF Image Converter Heap Overflow Vulnerability | |
| MITRE:12387 | TIFF Image Converter Buffer Overflow Vulnerability | |
| MITRE:11967 | PICT Image Converter Integer Overflow Vulnerability | |
| MITRE:12235 | Insecure Library Loading Vulnerability | |
| MITRE:12150 | FlashPix Image Converter Heap Corruption Vulnerability | |
| MITRE:12350 | FlashPix Image Converter Buffer Overflow Vulnerability | |
| MITRE:12249 | CGM Image Converter Buffer Overrun Vulnerability | |
| CVE-2011-0352 | Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request. | |
| 2011-01-07 | CVE-2010-4691 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742. |
| CVE-2010-4692 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka... | |
| CVE-2010-4676 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. | |
| CVE-2010-4681 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901. | |
| CVE-2010-4674 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. | |
| CVE-2010-4688 | Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug... | |
| CVE-2010-4680 | The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to... | |
| CVE-2010-4671 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with... | |
| CVE-2010-4690 | The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers... | |
| CVE-2010-4687 | STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls... | |
| CVE-2010-4682 | Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID... | |
| CVE-2009-5039 | Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as... | |
| CVE-2010-4683 | Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. | |
| CVE-2010-4677 | emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. | |
| CVE-2010-4684 | Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. | |
| CVE-2010-4685 | Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug... | |
| CVE-2009-5038 | Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server,... | |
| CVE-2010-4670 | Cisco Adaptive Security Appliances (ASA) IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS | |
| CVE-2010-4689 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network... | |
| CVE-2010-4678 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network... | |
| CVE-2010-4679 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP... | |
| CVE-2010-4675 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access... | |
| CVE-2009-5037 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911. | |
| CVE-2010-4673 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. | |
| CVE-2010-4672 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. | |
| CVE-2010-4686 | CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending... | |
| CVE-2009-5040 | CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. | |
| 2010-12-27 | MITRE:11268 | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
| MITRE:11798 | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | |
| MITRE:11880 | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | |
| MITRE:12240 | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | |
| MITRE:12004 | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | |
| MITRE:12005 | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | |
| MITRE:11330 | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | |
| MITRE:11990 | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | |
| MITRE:11871 | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | |
| MITRE:11619 | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | |
| MITRE:12226 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | |
| MITRE:12029 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | |
| MITRE:12173 | Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | |
| MITRE:11320 | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | |
| MITRE:12181 | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | |
| MITRE:12200 | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | |
| MITRE:12189 | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | |
| MITRE:11714 | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions | |
| MITRE:12225 | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | |
| MITRE:12180 | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | |
| MITRE:11893 | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | |
| MITRE:12177 | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | |
| MITRE:11815 | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | |
| 2010-12-20 | MITRE:12219 | Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 |
| 2010-12-08 | CVE-2010-4012 | Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. |
| 2010-12-06 | MITRE:6653 | Windows Media Player Memory Corruption Vulnerability |
| MITRE:7360 | Vulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software | |
| MITRE:6843 | Untrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47 | |
| 2010-11-30 | CVE-2010-4354 | The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only... |
| 2010-11-29 | MITRE:6645 | Vulnerability in pl\php ADD-ON in PostgreSQL version less than or equal to 9.0 |
| MITRE:7291 | Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0 | |
| 2010-11-26 | CVE-2010-3829 | WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for... |
| CVE-2010-3831 | Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a... | |
| CVE-2010-3830 | Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | |
| CVE-2010-3828 | iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. | |
| CVE-2010-3832 | Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary... | |
| CVE-2010-3827 | Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. | |
| 2010-11-09 | CVE-2010-3039 | /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the... |
| 2010-11-08 | MITRE:6778 | Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 |
| 2010-11-01 | MITRE:7221 | Apple iTunes Webkit Unspecified Vulnerability |
| MITRE:7604 | Apple iTunes Log File Insecure File Operation Local Privilege Escalation Vulnerability | |
| MITRE:7061 | Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability | |
| MITRE:7217 | Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability | |
| MITRE:6988 | Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability | |
| MITRE:7178 | Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability | |
| 2010-10-07 | CISEC:1127 | Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows |
| 2010-09-27 | MITRE:12011 | Movie Maker Memory Corruption Vulnerability |
| 2010-09-23 | CVE-2010-2831 | Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624. |
| CVE-2010-2832 | Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428. | |
| CVE-2010-2833 | Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472. | |
| CVE-2010-2829 | Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via... | |
| CVE-2010-2828 | Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323... | |
| CVE-2010-2830 | The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603. | |
| CVE-2010-2836 | Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections... | |
| CVE-2010-2834 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote... | |
| CVE-2010-2835 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before... | |
| 2010-09-10 | CVE-2010-1807 | WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial... |
| CVE-2010-2841 | Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service... | |
| CVE-2010-0574 | Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to... | |
| CVE-2010-0575 | Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified... | |
| CVE-2010-3034 | Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified... | |
| CVE-2010-2842 | Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a... | |
| CVE-2010-2843 | Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a... | |
| CVE-2010-3033 | Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a... | |
| 2010-09-09 | CVE-2010-1814 | WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving... |
| CVE-2010-1813 | WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. | |
| CVE-2010-1812 | Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors... | |
| CVE-2010-1815 | Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors... | |
| CVE-2010-1809 | The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. | |
| CVE-2010-1811 | ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. | |
| CVE-2010-1810 | FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. | |
| CVE-2010-1781 | Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an... | |
| CVE-2010-1817 | Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. | |
| 2010-08-30 | CVE-2010-3035 | Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the... |
| 2010-08-26 | CVE-2010-2837 | The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to... |
| CVE-2010-2838 | The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process... | |
| 2010-08-17 | CVE-2010-2825 | Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series... |
| CVE-2010-2822 | Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710... | |
| CVE-2010-2823 | Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets,... | |
| 2010-08-16 | CVE-2010-1797 | Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch... |
| CVE-2010-2827 | Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193. | |
| 2010-08-10 | CVE-2010-2983 | The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an... |
| CVE-2010-2976 | The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4)... | |
| CVE-2010-2988 | Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333. | |
| CVE-2010-2975 | Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544. | |
| CVE-2010-2980 | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794. | |
| CVE-2010-2979 | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508. | |
| CVE-2010-2984 | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305. | |
| CVE-2010-2978 | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions,... | |
| CVE-2010-2977 | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. | |
| CVE-2010-2982 | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. | |
| CVE-2010-2981 | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. | |
| 2010-08-09 | CVE-2010-2707 | Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. |
| CVE-2010-2708 | Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors. | |
| CVE-2010-2705 | Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via... | |
| CVE-2010-1581 | Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3... | |
| CVE-2010-2814 | Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3... | |
| CVE-2010-2815 | Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3... | |
| CVE-2010-1578 | Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security... | |
| CVE-2010-1579 | Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security... | |
| CVE-2010-1580 | Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security... | |
| CVE-2010-2816 | Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of... | |
| CVE-2010-2706 | Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors. | |
| CVE-2010-2817 | Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and... | |
| 2010-08-05 | CVE-2010-2973 | Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. |
| 2010-07-08 | CVE-2010-1574 | IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the... |
| 2010-07-06 | CVE-2010-1576 | The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence... |
| CVE-2010-2629 | The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which... | |
| CVE-2010-1575 | The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via... | |
| 2010-06-29 | CVE-2009-4922 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer... |
| CVE-2009-4916 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka... | |
| CVE-2009-4915 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection... | |
| CVE-2009-4917 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901. | |
| CVE-2009-4911 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug... | |
| CVE-2009-4923 | Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162. | |
| CVE-2009-4920 | Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412. | |
| CVE-2009-4913 | The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6... | |
| CVE-2009-4914 | Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID... | |
| CVE-2009-4910 | Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug... | |
| CVE-2008-7257 | CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack... | |
| CVE-2009-4912 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions... | |
| CVE-2009-4921 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110. | |
| CVE-2009-4918 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439. | |
| CVE-2009-4919 | Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. | |
| 2010-06-28 | CVE-2010-2506 | Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. |
| 2010-06-22 | CVE-2010-1407 | WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via... |
| CVE-2010-1757 | WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. | |
| CVE-2010-1756 | The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an... | |
| CVE-2010-1752 | Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. | |
| CVE-2010-1755 | Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. | |
| CVE-2010-1775 | Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data,... | |
| CVE-2010-1754 | Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to... | |
| CVE-2010-1753 | ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. | |
| CVE-2010-1751 | Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. | |
| 2010-06-18 | CVE-2010-1387 | Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service... |
| 2010-06-15 | CVE-2010-2293 | The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size. |
| CVE-2010-2292 | Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. | |
| 2010-06-09 | CVE-2010-1573 | Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3)... |
| CVE-2010-2261 | Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | |
| 2010-06-07 | MITRE:7170 | VBScript Help Keypress Vulnerability |
| MITRE:7049 | LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability | |
| MITRE:7561 | Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability | |
| MITRE:6741 | Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability | |
| MITRE:6901 | Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability | |
| MITRE:6885 | Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability | |
| MITRE:7427 | Apple iTunes MP4 File Processing Denial of Service Vulnerability | |
| MITRE:7110 | Apple iTunes Install or Update Privilege Escalation Vulnerability | |
| 2010-05-24 | MITRE:8595 | Movie Maker and Producer Buffer Overflow Vulnerability |
| 2010-05-17 | MITRE:7709 | libpng buffer overflow |
| 2010-04-27 | CVE-2009-4821 | The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi... |
| 2010-04-01 | CVE-2010-1226 | The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV... |
| 2010-03-29 | CVE-2010-1181 | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. |
| 2010-03-25 | CVE-2010-1119 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause... |
| CVE-2010-0581 | Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability." | |
| CVE-2010-0580 | Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability." | |
| CVE-2010-0584 | Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250. | |
| CVE-2010-0576 | Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers... | |
| CVE-2010-0579 | The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability." | |
| CVE-2010-0578 | The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491. | |
| CVE-2010-0583 | Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855. | |
| CVE-2010-0577 | Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186. | |
| CVE-2010-0585 | Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny... | |
| CVE-2010-0586 | Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny... | |
| CVE-2010-0582 | Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. | |
| 2010-03-08 | CVE-2010-0936 | Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. |
| 2010-03-05 | CVE-2010-0592 | The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of... |
| CVE-2010-0590 | The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register... | |
| CVE-2010-0591 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to... | |
| CVE-2010-0588 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines... | |
| CVE-2010-0587 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP... | |
| 2010-02-22 | MITRE:7573 | ATL Null String Vulnerability |
| MITRE:7995 | Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability | |
| 2010-02-19 | CVE-2010-0149 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a... |
| CVE-2010-0565 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device... | |
| CVE-2010-0568 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote... | |
| CVE-2010-0150 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows... | |
| CVE-2010-0569 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows... | |
| CVE-2010-0567 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows... | |
| CVE-2010-0566 | Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service... | |
| 2010-02-08 | MITRE:7581 | ATL Uninitialized Object Vulnerability |
| MITRE:6716 | ATL COM Initialization Vulnerability | |
| 2010-02-03 | CVE-2010-0038 | Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that... |
| 2010-01-25 | MITRE:5846 | WordPad and Office Text converter Memory Corruption Vulnerability |
| 2010-01-21 | CVE-2010-0137 | Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574. |
| 2009-12-29 | CVE-2009-4455 | The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended... |
| 2009-12-07 | MITRE:6407 | Windows Media Runtime Voice Sample Rate Vulnerability |
| MITRE:6484 | Windows Media Runtime Heap Corruption Vulnerability | |
| 2009-12-04 | CVE-2009-2631 | Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix... |
| 2009-11-30 | MITRE:5967 | GDI+ WMF Integer Overflow Vulnerability |
| MITRE:5898 | GDI+ TIFF Buffer Overflow Vulnerability | |
| MITRE:6491 | GDI+ TIFF Buffer Overflow Vulnerability | |
| MITRE:6134 | GDI+ PNG Integer Overflow Vulnerability | |
| MITRE:6282 | GDI+ .NET API Vulnerability | |
| MITRE:6290 | Apple iTunes '.pls' File Buffer Overflow Vulnerability | |
| 2009-10-19 | MITRE:6257 | Windows Media Header Parsing Invalid Free Vulnerability |
| MITRE:6316 | JScript Remote Code Execution Vulnerability | |
| 2009-10-14 | CVE-2009-2999 | The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an... |
| CVE-2009-3698 | An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656. | |
| 2009-09-30 | CVE-2009-3486 | Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the... |
| CVE-2009-3487 | Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the... | |
| CVE-2009-3485 | Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. | |
| 2009-09-28 | CVE-2009-2867 | Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP... |
| CVE-2009-2869 | Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948. | |
| CVE-2009-2870 | Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880. | |
| CVE-2009-2868 | Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997. | |
| CVE-2009-2866 | Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104. | |
| CVE-2009-2871 | Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002. | |
| CVE-2009-2862 | The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114,... | |
| CVE-2009-2863 | Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | |
| CVE-2009-2864 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP... | |
| CVE-2009-2873 | Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889. | |
| CVE-2009-2872 | Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from... | |
| CVE-2009-2865 | Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a... | |
| 2009-09-24 | CVE-2009-3341 | Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this... |
| CVE-2009-3347 | Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this... | |
| 2009-09-21 | CVE-2009-3273 | iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. |
| CVE-2009-3271 | Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | |
| 2009-09-10 | CVE-2009-2797 | The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive... |
| CVE-2009-2796 | The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | |
| CVE-2009-2815 | The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted... | |
| CVE-2009-2207 | The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these... | |
| CVE-2009-2794 | The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended... | |
| CVE-2009-2206 | Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial... | |
| CVE-2009-2795 | Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related... | |
| 2009-09-08 | CVE-2009-0627 | Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation,"... |
| 2009-08-27 | CVE-2009-2861 | The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of... |
| CVE-2009-2050 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466. | |
| CVE-2009-2054 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and... | |
| CVE-2009-2053 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP... | |
| CVE-2009-2052 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote... | |
| CVE-2009-2051 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote... | |
| CVE-2009-2976 | Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by... | |
| 2009-08-21 | CVE-2009-2056 | Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path. |
| CVE-2009-1154 | Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute. | |
| 2009-08-19 | CVE-2009-2055 | Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009. |
| 2009-08-12 | CVE-2009-2199 | Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and... |
| 2009-08-03 | CVE-2009-2204 | Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory... |
| CVE-2009-2656 | Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and... | |
| 2009-07-30 | CVE-2009-1168 | Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through... |
| CVE-2009-2049 | Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t... | |
| 2009-07-29 | CVE-2009-1167 | Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules... |
| CVE-2009-1166 | The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services... | |
| CVE-2009-1164 | The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services... | |
| CVE-2009-1165 | Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless... | |
| 2009-07-17 | CVE-2009-2348 | Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and... |
| 2009-07-09 | CVE-2009-1725 | WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle... |
| CVE-2009-1724 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or... | |
| 2009-06-25 | CVE-2009-1203 | WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it... |
| CVE-2009-1202 | WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS)... | |
| CVE-2009-1201 | Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct... | |
| 2009-06-19 | CVE-2009-1692 | WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via... |
| CVE-2009-1683 | The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an... | |
| CVE-2009-1679 | The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password... | |
| CVE-2009-0959 | The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input... | |
| CVE-2009-0960 | The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device... | |
| CVE-2009-0961 | The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a... | |
| CVE-2009-1680 | Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to... | |
| CVE-2009-0958 | Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in... | |
| 2009-06-10 | CVE-2009-1698 | WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical... |
| CVE-2009-1690 | Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to... | |
| CVE-2009-1701 | Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or... | |
| CVE-2009-1700 | The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from... | |
| CVE-2009-1699 | The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read... | |
| CVE-2009-1702 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors... | |
| 2009-05-26 | CVE-2009-1754 | The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an... |
| 2009-05-06 | CVE-2009-1561 | Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator... |
| 2009-05-04 | MITRE:5868 | Microsoft Malformed BMP Filter Vulnerability |
| MITRE:5336 | Apple iTunes Information Disclosure Vulnerability | |
| MITRE:6001 | Apple iTunes Denial of Service Vulnerability | |
| 2009-04-09 | CVE-2009-1156 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload)... |
| CVE-2009-1158 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote... | |
| CVE-2009-1159 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a... | |
| CVE-2009-1157 | Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of... | |
| CVE-2009-1155 | Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field,... | |
| CVE-2009-1160 | Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote... | |
| 2009-04-01 | CVE-2008-6576 | Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion... |
| CVE-2008-6577 | Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | |
| CVE-2008-6579 | Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." | |
| CVE-2008-6578 | Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors. | |
| 2009-03-27 | CVE-2009-0636 | Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message. |
| CVE-2009-0631 | Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol... | |
| CVE-2009-0626 | The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. | |
| CVE-2009-0637 | The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite... | |
| CVE-2009-0630 | The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission... | |
| CVE-2009-0629 | The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging... | |
| CVE-2009-0634 | Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge... | |
| CVE-2009-0633 | Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6... | |
| CVE-2009-0628 | Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control... | |
| CVE-2009-0635 | Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a... | |
| 2009-03-12 | CVE-2009-0632 | The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2)... |
| 2009-02-26 | CVE-2009-0624 | Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote... |
| CVE-2009-0623 | Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of... | |
| CVE-2009-0622 | Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute... | |
| CVE-2009-0625 | Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of... | |
| CVE-2009-0742 | The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers... | |
| CVE-2009-0621 | Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform... | |
| 2009-02-09 | CVE-2008-6096 | Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet... |
| 2009-02-06 | CVE-2009-0470 | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different... |
| CVE-2009-0471 | Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. | |
| 2009-02-04 | CVE-2009-0061 | Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before... |
| CVE-2009-0062 | Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain... | |
| CVE-2009-0058 | The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial... | |
| CVE-2009-0059 | The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a... | |
| 2009-01-22 | CVE-2009-0057 | The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a... |
| 2009-01-16 | CVE-2008-3821 | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. |
| CVE-2008-3818 | Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session. | |
| 2008-12-08 | MITRE:6075 | HIS Command Execution Vulnerability |
| 2008-11-25 | CVE-2008-5230 | The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which... |
| CVE-2008-4230 | The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain... | |
| CVE-2008-4228 | The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an... | |
| CVE-2008-4232 | Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a... | |
| CVE-2008-4231 | Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory... | |
| CVE-2008-4233 | Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone... | |
| CVE-2008-4229 | Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the... | |
| CVE-2008-1586 | ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. | |
| CVE-2008-4227 | Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain... | |
| 2008-11-17 | REF000667 | USB devices installed over time |
| 2008-11-06 | CVE-2008-4963 | Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP... |
| 2008-11-04 | CVE-2008-4918 | Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that... |
| 2008-11-03 | MITRE:6035 | Apple iTunes Local Privilege Escalation Vulnerability |
| 2008-10-23 | CVE-2008-3816 | Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet. |
| CVE-2008-3815 | Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using... | |
| CVE-2008-3817 | Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets,... | |
| 2008-10-20 | CVE-2008-4609 | The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple... |
| 2008-10-17 | CVE-2008-4594 | Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote. |
| 2008-10-14 | CVE-2008-4441 | The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of... |
| 2008-10-10 | CVE-2008-4211 | Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service... |
| 2008-10-06 | MITRE:5995 | Windows Messenger Information Disclosure Vulnerability |
| 2008-10-03 | CVE-2008-4383 | Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01,... |
| 2008-09-27 | CVE-2008-4296 | The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. |
| 2008-09-26 | CVE-2008-3802 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka... |
| CVE-2008-3800 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service... | |
| CVE-2008-3801 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service... | |
| CVE-2008-3804 | Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software... | |
| CVE-2008-3813 | Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet. | |
| CVE-2008-3808 | Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet. | |
| CVE-2008-2739 | The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a... | |
| CVE-2008-3799 | Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP... | |
| CVE-2008-3812 | Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet. | |
| CVE-2008-3798 | Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. | |
| CVE-2008-3810 | Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than... | |
| CVE-2008-3811 | Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different... | |
| CVE-2008-3807 | Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this... | |
| CVE-2008-3809 | Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet. | |
| CVE-2008-3805 | Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of... | |
| CVE-2008-3806 | Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of... | |
| CVE-2008-3803 | A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from... | |
| 2008-09-22 | MITRE:5997 | Microsoft PICT Filter Parsing Vulnerability |
| MITRE:6019 | Microsoft Office WPG Image File Heap Corruption Vulnerability | |
| MITRE:5879 | Microsoft Malformed PICT Filter Vulnerability | |
| MITRE:6122 | Microsoft Malformed EPS Filter Vulnerability | |
| 2008-09-19 | CVE-2008-4133 | The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. |
| 2008-09-18 | CVE-2008-4128 | Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command... |
| 2008-09-05 | CVE-2008-1197 | The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a... |
| CVE-2008-1144 | The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or... | |
| CVE-2007-5474 | The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users... | |
| 2008-09-04 | CVE-2008-2736 | Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown... |
| CVE-2008-2735 | The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of... | |
| CVE-2008-2732 | Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow... | |
| CVE-2008-2734 | Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a... | |
| CVE-2008-2733 | Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote... | |
| 2008-06-26 | CVE-2008-2062 | The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information... |
| CVE-2008-2730 | The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and... | |
| CVE-2008-2061 | The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP... | |
| 2008-06-23 | MITRE:5578 | Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability |
| 2008-06-09 | CVE-2008-2636 | The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many... |
| 2008-06-04 | CVE-2008-2057 | The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a... |
| CVE-2008-2056 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the... | |
| CVE-2008-2059 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors. | |
| CVE-2008-2058 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device. | |
| CVE-2008-2055 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. | |
| 2008-05-22 | CVE-2008-1159 | Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293. |
| 2008-05-16 | CVE-2008-1747 | Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via... |
| CVE-2008-1746 | The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and... | |
| CVE-2008-1744 | The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via... | |
| CVE-2008-1743 | Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service... | |
| CVE-2008-1742 | Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of... | |
| CVE-2008-1748 | Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service... | |
| CVE-2008-1745 | Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. | |
| 2008-04-04 | CVE-2008-1154 | The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not... |
| 2008-03-27 | CVE-2008-1156 | Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree... |
| CVE-2008-1150 | The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB)... | |
| CVE-2008-1152 | The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. | |
| CVE-2008-1151 | Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated... | |
| CVE-2008-1153 | Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | |
| 2008-03-13 | CVE-2007-6709 | The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. |
| CVE-2007-6707 | Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than... | |
| CVE-2007-6708 | Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an... | |
| 2008-03-10 | CVE-2008-1247 | The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2)... |
| CVE-2008-1263 | The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | |
| CVE-2008-1264 | The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. | |
| CVE-2008-1265 | The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | |
| CVE-2008-1268 | The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | |
| CVE-2008-1266 | Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name... | |
| CVE-2008-1243 | Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. | |
| CVE-2008-1258 | Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. | |
| CVE-2008-1253 | Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the... | |
| 2008-02-14 | CVE-2008-0026 | SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and... |
| 2008-02-04 | MITRE:3622 | Windows Media Format Remote Code Execution Vulnerability |
| 2008-01-23 | CVE-2008-0028 | Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of... |
| 2008-01-17 | REF000657 | IM installed: Yahoo! Messenger |
| REF000661 | IM installed: Windows Live Messenger | |
| REF000658 | IM installed: Trillian | |
| REF000659 | IM installed: Skype | |
| REF000662 | IM installed: Pidgin | |
| REF000656 | IM installed: ICQ | |
| REF000655 | IM installed: Google Talk | |
| REF000660 | IM installed: Gizmo | |
| 2008-01-16 | CVE-2008-0027 | Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows... |
| 2008-01-11 | CVE-2007-0588 | SANS07C4:Apple QuickDraw on Mac OSX 10.4.8 and earlier allows remote denial of service |
| CVE-2007-0466 | SANS07C4: Telestream Flip4Mac WMV for Quicktime 2.1.0.33 remote code execution vulnerability | |
| 2008-01-10 | CVE-2007-0731 | SANS07S3: Samba module in Apple Mac OS X buffer overflow |
| CVE-2006-6652 | SANS07S3: Buffer overflow in libc used in FTP daemon and tnftpd in Apple Mac OS X | |
| CVE-2007-0776 | SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8 | |
| CVE-2008-0228 | Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | |
| 2008-01-08 | CVE-2006-0994 | SANS07S5: Sophos Anti-Virus products allow remote code execution via crafted CAB |
| CVE-2006-6335 | SANS07S5: Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 | |
| 2008-01-07 | CVE-2007-3509 | SANS07S4: Buffer overflow in Symantec/Veritas Backup Exec |
| REF000618 | IM installed: xchat installed | |
| REF000617 | IM installed: konversation installed | |
| 2008-01-03 | CVE-2007-2974 | SANS07S5: Multiple Vulnerabilities in Avira AntiVir |
| CVE-2007-3509 | SANS07S4: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers | |
| REF000584 | Config pam: no bruteforce protection configured | |
| 2007-12-21 | CVE-2007-2139 | SANS07S4: Multiple unspecified vulnerabilities in mediasvr and caloggerd in CA BrightStor ARCServe Backup |
| 2007-12-20 | REF000653 | MP installed: VLC browser plug-in is installed |
| REF000651 | MP installed: MPlayer browser plug-in is installed | |
| REF000652 | MP installed: HelixPlayer browser plug-in is installed | |
| REF000654 | MP installed: GCJ java browser plug-in is installed | |
| REF000650 | MP installed: Flash browser plug-in is installed | |
| 2007-12-17 | CVE-2006-5339 | SANS07S7: Multiple vulnerabilities in Oracle 8.1.7.4 |
| CVE-2007-1086 | SANS07S7: Multiple vulnerabilities in IBM DB2 | |
| 2007-12-14 | CVE-2007-6372 | Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. |
| CVE-2006-5332 | SANS07S7: Multiple vulnerabilities in Oracle Database 9i | |
| CVE-2006-5332 | SANS07S7: Multiple vulnerabilities in Oracle Database 10g | |
| CVE-2007-1680 | SANS07A1: Stack-based buffer overflow in Yahoo! Messenger before 20070313 | |
| CVE-2007-2418 | SANS07A1: Multiple buffer overflow vulnerabilities in Trillian earlier than 3.1.7.0 | |
| 2007-12-11 | CVE-2007-0711 | SANS07C4: Multiple vulnerabilities in Apple Quicktime 7.2 and earlier |
| CVE-2007-3457 | SANS07C4: Adobe Flash Player 8.0.34.0 and earlier vulnerable to CSRF attack | |
| 2007-12-10 | CVE-2007-2497 | SANS07C4: Multiple Vulnerabilities in RealPlayer 10, 10.5 and 11 Beta |
| CVE-2007-3752 | SANS07C4: Buffer overflow in Apple iTunes before 7.4 | |
| REF000642 | P2P installed: mldonkey installed | |
| 2007-12-07 | CVE-2007-0044 | SANS07C1: Multiple vulnerabilities in Adobe Reader earlier than 8.0.0 |
| 2007-12-06 | REF000638 | P2P installed: xmule installed |
| REF000636 | P2P installed: transmission installed | |
| REF000635 | P2P installed: rtorrent installed | |
| REF000634 | P2P installed: qtella installed | |
| REF000643 | P2P installed: napster installed | |
| REF000646 | P2P installed: nap installed | |
| REF000640 | P2P installed: mutella installed | |
| REF000645 | P2P installed: lopster instaled | |
| REF000632 | P2P installed: ktorrent installed | |
| REF000633 | P2P installed: kommute installed | |
| REF000641 | P2P installed: knapster installed | |
| REF000647 | P2P installed: gtk-gnutella installed | |
| REF000644 | P2P installed: gnut installed | |
| REF000631 | P2P installed: gnunet installed | |
| REF000630 | P2P installed: deluge installed | |
| REF000637 | P2P installed: dctc installed | |
| REF000629 | P2P installed: ctorrent installed | |
| REF000628 | P2P installed: bittorrent installed | |
| REF000627 | P2P installed: bittornado installed | |
| REF000649 | P2P installed: bitstormlite installed | |
| REF000626 | P2P installed: azureus installed | |
| REF000639 | P2P installed: apollon installed | |
| REF000648 | P2P installed: amule installed | |
| REF000624 | IM installed: ytalk installed | |
| REF000621 | IM installed: yahoo messenger installed | |
| REF000622 | IM installed: trebuchet installed | |
| REF000623 | IM installed: talk installed | |
| REF000601 | IM installed: skype installed | |
| REF000615 | IM installed: sircd installed | |
| REF000614 | IM installed: sim installed | |
| REF000613 | IM installed: psi installed | |
| REF000612 | IM installed: pidgin installed | |
| REF000611 | IM installed: micq installed | |
| REF000610 | IM installed: lostirc installed | |
| REF000609 | IM installed: licq installed | |
| REF000608 | IM installed: kxicq installed | |
| REF000620 | IM installed: kopete installed | |
| REF000616 | IM installed: kicq installed | |
| REF000607 | IM installed: kadu installed | |
| REF000606 | IM installed: jabbin installed | |
| REF000605 | IM installed: jabber installed | |
| REF000604 | IM installed: gossip installed | |
| REF000603 | IM installed: gnu gadu installed | |
| REF000619 | IM installed: gaim installed | |
| REF000625 | IM installed: gabber installed | |
| REF000602 | IM installed: epic installed | |
| 2007-12-05 | REF000663 | Config laptop: swap partition not encrypted |
| REF000665 | Config laptop: root partition not encypted | |
| REF000664 | Config laptop: home partition not encrypted | |
| 2007-12-04 | CVE-2007-2867 | SANS07C3: Multiple Vulnerabilities in Mozilla Thunderbird 2.x earlier than 2.0.0.6 |
| CVE-2007-0777 | SANS07C3: Multiple Vulnerabilities in Mozilla Thunderbird 1.5.x earlier than 1.5.0.13 | |
| CVE-2007-0981 | SANS07C1: Multiple Vulnerabilities in SeaMonkey earlier than 1.1.5 | |
| CVE-2007-0776 | SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8 | |
| REF000578 | Config yum-updatesd: auto-updating disabled | |
| REF000580 | Config yum-updatesd: auto-resolving dependencies disabled | |
| REF000579 | Config yum-updatesd: auto-downloading disabled | |
| REF000583 | Config apt: update notification disabled | |
| REF000582 | Config apt: daily job disabled | |
| REF000581 | Config apt: auto-updating package lists disabled | |
| 2007-12-03 | REF000577 | Config yum-updatesd: start on boot disabled |
| 2007-10-30 | CVE-2007-5020 | APSB07-18: Adobe Acrobat mailto: vulnerability |
| 2007-10-23 | CVE-2007-5651 | Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and... |
| 2007-10-18 | CVE-2007-5549 | Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as... |
| CVE-2007-5550 | Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no... | |
| CVE-2007-5551 | Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information.... | |
| CVE-2007-5548 | Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory... | |
| CVE-2007-5552 | Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known... | |
| CVE-2007-5547 | Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague... | |
| CVE-2007-5569 | Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120. | |
| 2007-10-17 | CVE-2007-5537 | Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers... |
| CVE-2007-5538 | Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of... | |
| 2007-10-15 | CVE-2007-5468 | Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof... |
| 2007-10-11 | CVE-2007-5381 | Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message... |
| 2007-08-31 | CVE-2007-4634 | Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands... |
| CVE-2007-4633 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web... | |
| CVE-2007-4632 | Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass... | |
| 2007-08-20 | CVE-2007-4430 | Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE:... |
| 2007-08-09 | CVE-2007-4294 | Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. |
| CVE-2007-4285 | Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or... | |
| CVE-2007-4295 | Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749. | |
| CVE-2007-4292 | Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007,... | |
| CVE-2007-4291 | Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with... | |
| CVE-2007-4293 | Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505. | |
| CVE-2007-4286 | Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet. | |
| 2007-08-08 | CVE-2007-4263 | Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. |
| 2007-07-25 | CVE-2007-4011 | Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or... |
| CVE-2007-4012 | Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a... | |
| 2007-07-23 | CVE-2007-3944 | Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute... |
| 2007-07-15 | CVE-2007-3775 | Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1)... |
| CVE-2006-5277 | Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that... | |
| CVE-2006-5278 | Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets,... | |
| CVE-2007-3776 | Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings,... | |
| 2007-07-10 | MITRE:1670 | CAPICOM.Certificates Vulnerability |
| 2007-07-05 | CVE-2007-3574 | Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3)... |
| 2007-06-22 | CVE-2007-3348 | The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message. |
| CVE-2007-3347 | The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. | |
| 2007-05-23 | CVE-2007-2832 | Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via... |
| MITRE:2001 | CMS Memory Corruption Vulnerability | |
| MITRE:1575 | CMS Cross-Site Scripting and Spoofing Vulnerability | |
| 2007-05-22 | CVE-2007-2813 | Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session. |
| 2007-05-16 | CVE-2007-2734 | The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. |
| 2007-05-15 | CVE-2007-2688 | The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. |
| 2007-05-10 | REF000467 | AutoRun is enabled |
| 2007-05-09 | CVE-2007-2587 | The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). |
| CVE-2007-2586 | The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that... | |
| 2007-05-03 | CVE-2007-2502 | Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. |
| 2007-05-02 | CVE-2007-2462 | Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via... |
| CVE-2007-2463 | Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination... | |
| CVE-2007-2461 | The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP... | |
| CVE-2007-2464 | Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions." | |
| 2007-04-27 | CVE-2007-2332 | Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. |
| CVE-2007-2333 | Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow... | |
| CVE-2007-2334 | Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration... | |
| 2007-04-16 | CVE-2007-2036 | The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID... |
| CVE-2007-2038 | The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1)... | |
| CVE-2007-2039 | The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1)... | |
| CVE-2007-2041 | Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug... | |
| CVE-2007-2037 | Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. | |
| CVE-2007-2040 | Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. | |
| 2007-04-10 | MITRE:746 | Word Malformed Data Structures Vulnerability |
| MITRE:1141 | FTP Server Response Parsing Memory Corruption Vulnerability | |
| MITRE:257 | COM Object Instantiation Memory Corruption Vulnerability | |
| MITRE:1120 | COM Object Instantiation Memory Corruption Vulnerability | |
| 2007-04-02 | CVE-2007-1826 | Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster... |
| CVE-2007-1833 | The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of... | |
| CVE-2007-1834 | Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. | |
| 2007-03-21 | CVE-2007-1585 | The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE:... |
| 2007-03-16 | CVE-2007-1467 | Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace... |
| 2007-03-03 | CVE-2007-1258 | Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a... |
| 2007-03-02 | REF000466 | P2P Software: SoulSeek Installed |
| REF000465 | P2P Software: Shareaza Installed | |
| REF000464 | P2P Software: Kazaa Installed | |
| REF000463 | P2P Software: IMESH Installed | |
| REF000462 | P2P Software: eMule Installed | |
| REF000461 | P2P Software: eDonkey 2000 Installed | |
| REF000460 | P2P Software: DC++ Installed | |
| REF000459 | P2P Software: BitTorrent Installed | |
| 2007-02-20 | MITRE:669 | Windows Media Format ASX Parsing Vulnerability |
| MITRE:536 | Windows Media Format ASF Parsing Vulnerability | |
| MITRE:313 | TIF Folder Information Disclosure Vulnerability | |
| MITRE:337 | TIF Folder Information Disclosure Vulnerability | |
| MITRE:761 | Script Error Handling Memory Corruption Vulnerability | |
| MITRE:116 | DHTML Script Function Memory Corruption Vulnerability | |
| 2007-02-16 | REF000454 | Config shadow: incorrect file premissions |
| REF000458 | Config passwd: incorrect file permissions | |
| REF000456 | Config LILO: no password configured | |
| REF000457 | Config INIT: pasword-less single user mode | |
| REF000455 | Config GRUB: no password configured | |
| 2007-02-15 | REF000451 | Config PAM: password strenght checking not configured |
| REF000450 | Config PAM: minimum password lenght less than 6 | |
| REF000452 | Config PAM: empty passwords enabled | |
| REF000453 | Config PAM: difference between paswords less than 6 | |
| REF000431 | Config GDM: remote root login enabled | |
| REF000449 | Config GDM: remote logins enabled | |
| REF000448 | Config GDM: remote autologin enabled | |
| 2007-02-14 | REF000403 | Config VSFTPd: upload enabled |
| REF000404 | Config VSFTPd: anonymous upload enabled | |
| REF000402 | Config VSFTPd: anonymous login enabled | |
| REF000428 | Config SSHd: using default port | |
| REF000429 | Config SSHd: protocol 1 enabled | |
| REF000427 | Config SSHd: .rhosts and .shosts enabled | |
| REF000430 | Config SSH: protocol 1 enabled | |
| REF000437 | Config shadow: weak encryption detected | |
| REF000447 | Config passwd: no shadow file detected | |
| REF000446 | Config passwd: multiple root accounts | |
| REF000442 | Config KDM: shutdown by everybody enabled | |
| REF000441 | Config KDM: root login enabled | |
| REF000439 | Config KDM: password-less login enabled | |
| REF000440 | Config KDM: empty password login enabled | |
| REF000438 | Config KDM: autologin enabled | |
| REF000445 | Config GDM: shutdown by everbody enabled | |
| REF000444 | Config GDM: root login enabled | |
| REF000443 | Config GDM: autologin enabled | |
| 2007-02-13 | CVE-2007-0917 | The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. |
| CVE-2007-0918 | The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations... | |
| REF000383 | GFI EndPointSecurity Report | |
| REF000382 | GFI EndPointSecurity agent missing | |
| 2007-02-12 | CVE-2006-1249 | SANS06C5: Multiple iTunes and QuickTime for Mac Vulnerabilities |
| CVE-2006-5084 | SANS06C4: Skype for Mac 1.5.*.79 and earlier vulnerable to DoS or remote code execution. | |
| 2007-02-09 | CVE-2006-3505 | SANS06M1: WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. |
| CVE-2006-3946 | SANS06M1: WebCore in Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to cause a denial of service | |
| CVE-2006-3946 | SANS06M1: WebCore in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | |
| CVE-2006-0848 | SANS06M1: Vulnerability in Safari and LaunchServices can lead to remote code exencution. | |
| CVE-2006-4394 | SANS06M1: Vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIDs to bypass service access controls. | |
| CVE-2006-0397 | SANS06M1: Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 | |
| CVE-2005-2516 | SANS06M1: Safari in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary commands. | |
| CVE-2006-1450 | SANS06M1: Multiple vulnerabilities in Mail in Apple Mac OS X 10.3.9 and 10.4.6 | |
| CVE-2005-3705 | SANS06M1: Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, allows remote attackers to execute arbitrary code. | |
| CVE-2006-3498 | SANS06M1: Buffer overflow in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 and earlier | |
| CVE-2005-2518 | SANS06M1: Buffer overflow in servermgrd in Mac OS X Server 10.4.2 and earlier | |
| CVE-2006-1987 | SANS06M1: Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag. | |
| 2007-02-08 | CVE-2006-1469 | SANS06M1: Multiple Vulnerabilities in ImageIO |
| CVE-2006-0384 | SANS06M1: automount in Mac OS X 10.4.5 and earlier vulnerable to denial of service or execution of arbitrary code. | |
| 2007-02-07 | CVE-2006-3507 | SANS06M1: Multiple vulnerabilities in AirPort wireless driver |
| REF000409 | Config SSHd: X11 forwarding enabled | |
| REF000408 | Config SSHd: root login permited | |
| REF000410 | Config SSHd: empty passwords permited | |
| REF000436 | Config shadow: empty password detected | |
| REF000412 | Config SElinux: not in strict mode | |
| REF000411 | Config SElinux: not in enforcing mode | |
| 2007-02-06 | REF000407 | Service running: SSH |
| 2007-02-05 | REF000433 | Config BIND: allow-update not specified |
| REF000434 | Config BIND: allow-transfer not specified | |
| REF000435 | Config BIND: allow-recursion not specified | |
| REF000432 | Config BIND: allow-query not specified | |
| 2007-01-31 | REF000415 | Service running: Telnet |
| REF000422 | Service running: SWAT | |
| REF000416 | Service running: SMTP | |
| REF000425 | Service running: SAMBA SMB | |
| REF000426 | Service running: SAMBA NMB | |
| REF000424 | Service running: PostgeSQL | |
| REF000420 | Service running: POP3 | |
| REF000423 | Service running: MySQL | |
| REF000421 | Service running: IMAP4 | |
| REF000419 | Service running: HTTPS | |
| REF000406 | Service running: HTTP | |
| REF000414 | Service running: FTP | |
| REF000413 | Service running: Finger | |
| REF000417 | Service running: DNS | |
| REF000418 | Service running: CUPS | |
| CVE-2007-0648 | Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. | |
| 2007-01-11 | CVE-2007-0199 | The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." |
| 2006-12-20 | CVE-2006-2313 | SANS06C2: PostgreSQL 8.1 SQL injection vulnerability |
| 2006-12-13 | CVE-2006-6538 | D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the... |
| 2006-12-12 | CVE-2006-2753 | SANS06C2: SQL Injection vulnerability in MySQL 5.0.x |
| CVE-2006-2753 | SANS06C2: SQL Injection vulnerability in MySQL 4.1.x | |
| CVE-2006-2313 | SANS06C2: PostgreSQL 8.0 SQL injection vulnerability | |
| CVE-2006-2313 | SANC06C2: PostgreSQL 8.0 SQL injection vulnerability | |
| 2006-12-11 | CVE-2005-3641 | SANS06C2: Multiple vulnerabilities in Oracle Database 9i |
| 2006-12-06 | CVE-2005-3641 | SANS06C2: Multiple vulnerabilities in Oracle Database 10g |
| 2006-12-04 | CVE-2006-5478 | SANS07S6: Multiple vulnerabilities in Novell eDirectory 8.x |
| 2006-12-01 | CVE-2006-0992 | SANS07S6: Stack-based buffer overflow in Novell GroupWise Messenger |
| 2006-11-30 | CVE-2005-1928 | SANS07C6: Multiple vulnerabilities in Trend Micro ServerProtect EarthAgent 5.58 and earlier |
| CVE-2006-0323 | SANS06C5: Buffer overflow in swfformat.dll in Real Rhapsody 3 | |
| 2006-11-28 | CVE-2005-2628 | SANS06C5: Multiple vulnerabilities in Macromedia Flash |
| 2006-11-27 | CVE-2006-1370 | SANS06C5: Multiple Vulnerabilities in RealPlayer |
| CVE-2006-1249 | SANS06C5: Multiple iTunes and QuickTime Vulnerabilities | |
| CVE-2005-2310 | SANS06C5: Multiple buffer overflows in NullSoft Winamp 5.13 and earlier | |
| 2006-11-21 | CVE-2006-6055 | Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). |
| 2006-11-10 | SFBID715 | Sendmail 8-8-4 |
| 2006-10-31 | MITRE:100 | VML Buffer Overrun Vulnerability |
| 2006-10-26 | CVE-2006-5537 | Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection... |
| CVE-2006-5536 | Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. | |
| CVE-2006-5538 | D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. | |
| CVE-2006-5553 | Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan... | |
| 2006-10-25 | CVE-2006-5382 | 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that... |
| 2006-10-24 | MITRE:376 | Windows XP,SP2 Remote Desktop Protocol (RDP) DoS Vulnerability |
| MITRE:256 | Windows XP,SP2 Print Spooler Service Buffer Overflow | |
| MITRE:497 | Windows XP,SP2 Plug and Play Buffer Overflow Vulnerability | |
| MITRE:618 | Windows XP,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability | |
| MITRE:267 | Windows XP Plug and Play Buffer Overflow Vulnerability | |
| MITRE:346 | Windows Server 2003,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability | |
| MITRE:609 | Windows Server 2003 Remote Desktop Protocol (RDP) DoS Vulnerability | |
| MITRE:160 | Windows Server 2003 Plug and Play Buffer Overflow Vulnerability | |
| MITRE:783 | Windows Server 2003 Plug and Play Buffer Overflow Vulnerability | |
| MITRE:180 | Windows 2000,SP4 Remote Desktop Protocol (RDP) DoS Vulnerability | |
| MITRE:474 | Windows 2000 Plug and Play Buffer Overflow Vulnerability | |
| 2006-10-17 | REF000190 | Webmin running |
| REF000197 | VNC server listening on port 5901 | |
| REF000245 | Upnp helper is running | |
| REF000188 | Sub7 server passworded | |
| REF000185 | Squid running | |
| REF000196 | Some POP3 server banners providing information to attacker | |
| REF000252 | Sasser worm | |
| REF000182 | Oracle HTTP Server running | |
| REF000181 | MySQL (open source database) running | |
| REF000180 | Microsoft SQL server | |
| REF000192 | List of modems installed | |
| REF000195 | IMAP4 server banner provides information to attacker | |
| REF000161 | Ftp Exposing Full Path | |
| REF000194 | Finger service running | |
| REF000193 | Citrix server running on this host | |
| REF000240 | BugBear-B backdoor | |
| REF000177 | Apache Tomcat running | |
| 2006-10-16 | MITRE:171 | Window Location Information Disclosure Vulnerability |
| MITRE:694 | Visual Basic for Applications Vulnerability | |
| MITRE:577 | Source Element Cross-Domain Vulnerability | |
| MITRE:738 | Redirect Cross-Domain Information Disclosure Vulnerability | |
| MITRE:502 | HTML Rendering Memory Corruption Vulnerability | |
| MITRE:433 | HTML Layout and Positioning Memory Corruption Vulnerability | |
| MITRE:462 | FTP Server Command Injection Vulnerability | |
| MITRE:5 | CSS Memory Corruption Vulnerability | |
| MITRE:719 | COM Object Instantiation Memory Corruption Vulnerability | |
| 2006-10-10 | CVE-2006-5202 | Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout... |
| 2006-10-07 | MITRE:1922 | Remote Code Execution Vulnerability in Flash Player 8 |
| MITRE:1987 | Remote Code Execution Vulnerability in Flash Player 6 and 7 | |
| 2006-09-23 | CVE-2006-4950 | Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting... |
| 2006-09-13 | CVE-2006-4775 | The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a... |
| CVE-2006-4774 | The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2. | |
| CVE-2006-4776 | Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement. | |
| 2006-09-12 | CVE-2006-4662 | SANS06C4: ICQ 2003b Buffer Overflow |
| 2006-09-08 | CVE-2006-4650 | Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect... |
| 2006-08-25 | CVE-2006-4352 | The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. |
| 2006-08-24 | CVE-2006-2113 | The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not... |
| CVE-2006-2112 | Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP... | |
| 2006-08-23 | CVE-2006-4312 | Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user... |
| 2006-08-14 | CVE-2006-4143 | Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums. |
| 2006-08-07 | CVE-2006-4015 | Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors. |
| 2006-07-27 | CVE-2006-3906 | Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the... |
| 2006-07-21 | CVE-2006-3687 | Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows... |
| 2006-07-18 | CVE-2006-3592 | Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI... |
| CVE-2006-3593 | The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. | |
| CVE-2006-3594 | Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. | |
| 2006-07-11 | CVE-2006-3529 | Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed. |
| 2006-06-28 | CVE-2006-3291 | The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all... |
| 2006-06-20 | CVE-2006-3109 | Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in... |
| 2006-06-07 | CVE-2006-2901 | The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. |
| 2006-05-31 | MITRE:1748 | FPSE XSS Vulnerability |
| 2006-05-30 | CVE-2006-2653 | Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. |
| 2006-05-23 | CVE-2006-2559 | Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using... |
| 2006-05-11 | CVE-2006-2337 | Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. |
| 2006-04-21 | CVE-2006-1973 | Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages. |
| 2006-04-20 | CVE-2006-1928 | Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS... |
| CVE-2006-1927 | Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco... | |
| 2006-04-05 | CVE-2006-1631 | Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP... |
| 2006-02-19 | CVE-2006-0784 | D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. |
| 2006-01-31 | CVE-2006-0485 | The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may... |
| CVE-2006-0486 | Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user... | |
| 2006-01-22 | CVE-2006-0367 | Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative... |
| CVE-2006-0354 | Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large... | |
| CVE-2006-0368 | Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000... | |
| 2006-01-20 | CVE-2006-0340 | Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang... |
| 2006-01-18 | CVE-2006-0309 | Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. |
| 2005-12-31 | CVE-2005-4826 | Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different... |
| CVE-2005-4723 | D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | |
| 2005-12-22 | CVE-2005-4499 | The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password,... |
| 2005-12-15 | CVE-2005-4258 | Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is... |
| CVE-2005-4257 | Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is... | |
| 2005-12-01 | MITRE:1231 | WinXP,SP2 DirectShow Malicious avi File Vulnerability |
| MITRE:1434 | WinXP,SP1 DirectShow Malicious avi File Vulnerability | |
| MITRE:1267 | Win2k,SP4 DirectShow Malicious avi File Vulnerability | |
| MITRE:1149 | Server 2003,SP1 DirectShow Malicious avi File Vulnerability | |
| MITRE:1424 | Server 2003 DirectShow Malicious avi File Vulnerability | |
| 2005-11-30 | CVE-2005-3921 | Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of... |
| 2005-11-22 | CVE-2005-3774 | Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system,... |
| 2005-11-16 | CVE-2003-1267 | GuildFTPd FTP Server Can Be Crashed By Remote Users Requesting DOS Device Names |
| MITRE:100110 | Apache Listening Socket Starvation Vulnerability | |
| 2005-11-02 | CVE-2005-3481 | Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the... |
| CVE-2005-3482 | Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic... | |
| 2005-11-01 | CVE-2005-3426 | Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. |
| 2005-10-20 | CVE-2005-2973 | Linux Kernel version prior to 2.6.14-rc5 |
| 2005-10-12 | MITRE:989 | Microsoft Outlook Express 6,SP1 News Reading Vulnerability |
| 2005-09-15 | CVE-2005-2799 | Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. |
| 2005-09-14 | CVE-2005-2912 | Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. |
| CVE-2005-2916 | Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi... | |
| CVE-2005-2915 | ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to... | |
| CVE-2005-2914 | ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration... | |
| 2005-09-08 | CVE-2005-2841 | Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted... |
| 2005-08-23 | CVE-2005-2640 | Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which... |
| 2005-08-17 | CVE-2005-2589 | Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. |
| 2005-08-03 | CVE-2005-2434 | Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. |
| CVE-2005-2451 | Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. | |
| 2005-07-12 | CVE-2005-2244 | The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger... |
| CVE-2005-2243 | Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory... | |
| CVE-2005-2241 | Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows... | |
| 2005-07-05 | CVE-2005-2105 | Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. |
| 2005-06-01 | MITRE:3556 | Microsoft .NET Framework v1.1 Security Bypass |
| 2005-05-27 | CVE-2005-1802 | Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. |
| 2005-05-26 | CVE-2005-1828 | D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. |
| CVE-2005-1827 | D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | |
| 2005-05-20 | CVE-2005-1680 | D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes... |
| 2005-05-02 | CVE-2005-1133 | The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. |
| CVE-2005-1025 | The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | |
| CVE-2005-1020 | Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the... | |
| CVE-2005-1006 | Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | |
| CVE-2005-1021 | Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. | |
| CVE-2005-1059 | Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. | |
| CVE-2005-1057 | Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." | |
| CVE-2005-1058 | Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass... | |
| CVE-2005-0197 | Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. | |
| CVE-2005-0195 | Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet. | |
| CVE-2005-0196 | Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet. | |
| CVE-2005-1238 | By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | |
| 2005-03-29 | REF000254 | Possible Rootkit Detected : Hidden Processes |
| REF000255 | Possible Rootkit Detected : Hidden Processes | |
| REF000257 | Possible Rootkit Detected : Altered system call table detected | |
| REF000253 | Possible Rootkit Detected : Altered system call functions code | |
| 2005-01-19 | CVE-2005-0186 | Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed... |
| 2005-01-17 | CVE-2005-0290 | NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. |
| CVE-2005-0291 | Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. | |
| 2004-12-31 | CVE-2004-2691 | Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this... |
| CVE-2004-1446 | Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet. | |
| CVE-2004-2606 | The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | |
| CVE-2004-2556 | NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | |
| CVE-2004-2557 | NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | |
| CVE-2004-0467 | Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at... | |
| CVE-2004-2508 | Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. | |
| CVE-2004-1775 | Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. | |
| CVE-2004-1464 | Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port. | |
| CVE-2004-1454 | Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet. | |
| CVE-2004-2377 | Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled. | |
| CVE-2004-2507 | Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. | |
| 2004-12-09 | MITRE:4392 | Windows Server 2003 NNTP Component Buffer Overflow |
| MITRE:5070 | Windows NT NNTP Component Buffer Overflow | |
| MITRE:5926 | Windows 2000 NNTP Component Buffer Overflow | |
| 2004-12-06 | CVE-2004-0611 | Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. |
| CVE-2004-0468 | Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets. | |
| CVE-2004-0615 | Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a... | |
| 2004-11-23 | CVE-2004-0312 | Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. |
| CVE-2004-0244 | Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet,... | |
| CVE-2004-0352 | Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | |
| 2004-09-29 | MITRE:188 | MS Word Macro Security Bypass Vulnerability |
| 2004-08-31 | CVE-2004-1650 | D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. |
| 2004-08-06 | CVE-2004-0661 | Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid... |
| CVE-2004-0580 | DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information. | |
| CVE-2004-0589 | Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages. | |
| CVE-2004-0551 | Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the... | |
| 2004-07-27 | CVE-2004-0710 | IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of... |
| 2004-07-21 | MITRE:2705 | Windows XP/Server 2003 DirectPlay Denial of Service |
| MITRE:2413 | Windows XP (64-Bit) DirectPlay Denial of Service | |
| MITRE:2190 | Windows XP (32-Bit) DirectPlay Denial of Service | |
| MITRE:2516 | Windows Server 2003 (32-Bit) DirectPlay Denial of Service | |
| 2004-07-16 | CVE-2002-0082 | mod_ssl is old |
| 2004-07-14 | CVE-2004-0595 | PHP older than 4.3.8 |
| 2004-07-12 | MITRE:1027 | Windows 2000 DirectPlay Denial of Service |
| 2004-06-16 | MITRE:958 | Windows XP RPCSS Service DCOM Activation Denial of Service |
| MITRE:900 | Windows XP RPCSS DCOM Buffer Overflow | |
| MITRE:925 | MS IE HTML Directive Buffer Overflow | |
| MITRE:974 | IE Frame Domain Verification Vulnerability | |
| MITRE:921 | IE File Execution User-prompt Bypass Vulnerability | |
| MITRE:1014 | IE File Download Dialog Deception Vulnerability | |
| 2004-06-11 | CVE-2004-0413 | Subversion version older than 1.0.5 |
| 2004-05-25 | MITRE:886 | Windows XP SSL Library Denial of Service |
| MITRE:898 | Windows XP LSASS Buffer Overflow | |
| MITRE:964 | Windows XP H.323 Protocol Remote Code Execution Vulnerability | |
| MITRE:885 | Windows Server 2003 SSL Library Denial of Service | |
| MITRE:919 | Windows Server 2003 LSASS Buffer Overflow (Sasser Worm Vulnerability | |
| MITRE:946 | Windows Server 2003 H.323 Protocol Remote Code Execution Vulnerability | |
| MITRE:968 | MS Jet Database Buffer Overflow | |
| MITRE:990 | Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability | |
| 2004-03-25 | MITRE:586 | MS Word 98 Macro Names Buffer Overflow |
| MITRE:585 | MS Word 97 Macro Names Buffer Overflow | |
| MITRE:675 | MS Excel 97 Malicious Macro Security Bypass Vulnerability | |
| MITRE:141 | Microsoft Internet Explorer MIME Hack | |
| 2004-02-17 | CVE-2004-0054 | Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the... |
| 2004-02-03 | CVE-2004-0129 | phpMyAdmin mysql web administration tool vulnerability |
| 2004-01-27 | CVE-2003-0789 | Apache is older than 2.0.48 |
| 2004-01-05 | CVE-2003-1002 | Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. |
| CVE-2003-1001 | Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. | |
| 2003-12-31 | CVE-2003-1132 | The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to... |
| CVE-2003-1264 | TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img)... | |
| CVE-2003-1490 | SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | |
| CVE-2003-1346 | D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | |
| CVE-2003-1398 | Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | |
| CVE-2003-1497 | Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable. | |
| 2003-11-12 | CVE-2003-0795 | zebra/Quagga versions older than 0.96.4 |
| 2003-08-27 | CVE-2003-0511 | The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. |
| CVE-2003-0512 | Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password... | |
| CVE-2003-0647 | Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. | |
| 2003-06-30 | SFBID8062 | Abyss Web server Bufferoverflow |
| 2003-06-09 | CVE-2003-0305 | The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. |
| 2003-05-12 | CVE-2003-0216 | Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. |
| 2003-04-11 | CVE-2002-1426 | HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. |
| 2003-03-31 | CVE-2002-1547 | Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different... |
| 2003-03-29 | CVE-2003-0161 | Sendmail is older than 8.12.9 |
| 2003-03-03 | CVE-2003-0100 | Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. |
| 2003-03-02 | CVE-2002-1337 | Remote Buffer Overflow in Sendmail |
| 2002-12-31 | CVE-2002-2053 | The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is... |
| CVE-2002-2239 | The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet. | |
| CVE-2002-1892 | NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information. | |
| CVE-2002-2371 | Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. | |
| CVE-2002-2159 | Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to... | |
| CVE-2002-2137 | GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive... | |
| CVE-2002-2150 | Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the... | |
| CVE-2002-2208 | Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements,... | |
| CVE-2002-1810 | D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and... | |
| CVE-2002-2341 | Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | |
| CVE-2002-1706 | Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message... | |
| CVE-2002-2315 | Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router. | |
| CVE-2002-1768 | Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985. | |
| CVE-2002-2316 | Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive... | |
| CVE-2002-2052 | Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port... | |
| CVE-2002-1865 | Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote... | |
| CVE-2002-2379 | ** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be... | |
| 2002-12-23 | CVE-2002-1360 | Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code... |
| CVE-2002-1357 | Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder... | |
| CVE-2002-1358 | Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | |
| CVE-2002-1359 | Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder... | |
| 2002-12-13 | CVE-2002-1354 | TYPSoft FTP Server 0-99-8 Arbitrary Dir Listing |
| 2002-12-11 | CVE-2002-1272 | Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. |
| 2002-11-20 | CVE-2002-1312 | Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to... |
| 2002-11-12 | CVE-2002-1236 | The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. |
| 2002-10-28 | CVE-2002-1222 | Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. |
| 2002-10-11 | CVE-2002-1147 | The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of... |
| 2002-10-04 | CVE-2002-1068 | The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request. |
| CVE-2002-0891 | The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name. | |
| CVE-2002-1069 | The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device... | |
| CVE-2002-0954 | The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. | |
| CVE-2002-0886 | Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to... | |
| 2002-09-05 | CVE-2002-0870 | The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL... |
| 2002-08-12 | CVE-2002-0426 | VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys. |
| CVE-2002-0792 | The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. | |
| CVE-2002-0505 | Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via... | |
| CVE-2002-0813 | Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. | |
| 2002-08-09 | CVE-2002-0661 | Apache: Apache 2.0.39 directory traversal and path disclosure bug |
| 2002-08-08 | CVE-2002-0826 | Ipswitch WS_FTP Server 3-1-1 Buffer Overflow in SITE CPWD Command Processing |
| 2002-08-01 | REF000107 | All Servers: Tomcat source.jsp directory listing and webroot location display |
| 2002-07-30 | CVE-2002-0655 | OpenSSL versions older than 0.9.7e and 0.9.6m |
| 2002-07-03 | CVE-2002-0713 | Multiple Squid vulnerabilities |
| CVE-2002-0545 | Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. | |
| 2002-06-25 | CVE-2002-0350 | HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service. |
| CVE-2002-0339 | Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length. | |
| 2002-06-24 | CVE-2002-0640 | Remote OpenSSH Vulnerability |
| 2002-06-17 | CVE-2002-0392 | Apache Chunked-Encoding Memory Corruption Vulnerability |
| 2002-05-29 | CVE-2002-0234 | NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which... |
| CVE-2002-1634 | All Servers: Netware default programs display server information | |
| CVE-2002-1634 | All Servers: Netware default programs display server information | |
| 2002-05-22 | CVE-2002-0893 | IIS: ServletExec 4.1 ISAPI File Reading |
| 2002-05-10 | CVE-2002-0379 | IMAP4 server |
| 2002-04-28 | CVE-2002-0889 | Qualcomm QPopper Bulletin Name Buffer Overflow Vulnerability |
| 2002-04-19 | CVE-2002-0575 | AFS-Kerberos Support in OpenSSH Poses a Security Threat |
| 2002-04-16 | CVE-2002-1744 | IIS: Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability |
| 2002-03-25 | CVE-2002-0109 | Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the... |
| 2002-03-21 | CVE-2002-0061 | Apache: Apache Win32 Batch File Remote Command Execution Vulnerability |
| 2002-03-12 | CVE-2002-0434 | All Servers: Directory.php Allows Arbitrary Code Execution |
| 2002-03-09 | SFBID4261 | Web server 404 path disclosure |
| CVE-2000-1196 | Netscape: Netscape PSCOErrPage | |
| CVE-2001-0461 | All Servers: Free On-line Dictionary | |
| 2002-03-07 | CVE-2002-0083 | OpenSSH Channel Code Off-By-One Vulnerability |
| 2002-02-27 | CVE-2002-0082 | Apache Mod_SSL-Apache-SSL Buffer Overflow Vulnerability |
| 2002-02-26 | CVE-2002-0081 | PHP Post File Upload Buffer Overflow Vulnerabilities |
| 2002-02-02 | CVE-2002-0232 | All Servers: MRTG CGI Arbitrary File Display Vulnerability |
| CVE-2002-0232 | All Servers: MRTG CGI Arbitrary File Display Vulnerability | |
| CVE-2002-0232 | All Servers: MRTG CGI Arbitrary File Display Vulnerability | |
| CVE-2002-0232 | All Servers: MRTG CGI Arbitrary File Display Vulnerability | |
| CVE-2002-0232 | All Servers: MRTG CGI Arbitrary File Display Vulnerability | |
| 2002-01-29 | CVE-2002-2113 | All Servers: AHG's 'search.cgi' Search Engine Input Validation Flaw |
| 2002-01-21 | SFBID3915 | All Servers: COWS CGI Online Worldweb Shopping Information Disclosure Vulnerability |
| 2002-01-18 | CVE-2002-2032 | All Servers: Possible PHPNuke SQL_Debug Information Disclosure Vulnerability |
| 2002-01-07 | CVE-2002-2033 | Apache: Faqmanager.cgi file read vulnerability |
| 2002-01-04 | CVE-2002-2029 | Apache: Security Risk When Using the CGI Binary (PHP.EXE) Under Apache |
| 2002-01-01 | REF000323 | yppasswdd service running |
| REF000308 | Windows AutoUpdate is not enabled | |
| REF000307 | Windows AutoUpdate is enabled but requires user interaction to install patches | |
| REF000306 | Windows AutoUpdate is enabled but require user intervention for both patch download and installation | |
| REF000322 | walld message spoofing | |
| REF000256 | Vulnerable Linux/Unix application package | |
| REF000319 | This computer is a NIS server | |
| CVE-1999-0660 | Telecomando trojan | |
| REF000189 | Systems Management Server | |
| CVE-1999-0660 | Syphillis 1-18 trojan | |
| CVE-1999-0660 | Subseven 2-x trojan | |
| REF000187 | SSL module running | |
| REF000186 | SSL enabled | |
| REF000295 | Shutdown without logon | |
| CVE-1999-0660 | Psychward trojan | |
| CVE-1999-0660 | Prosiak 0-70 trojan | |
| CVE-1999-0660 | Priority BETA trojan | |
| REF000184 | PHP module running | |
| REF000183 | Perl module running | |
| REF000081 | Netscape: Netscape Administration Server admin password | |
| CVE-1999-0660 | NetbusPro2 trojan | |
| CVE-1999-0660 | Ncw trojan | |
| REF000304 | Nachi Worm | |
| REF000283 | LM Hash | |
| REF000198 | Linux/Unix application package(s) version check | |
| REF000282 | Last logged-on username visible | |
| CVE-1999-0660 | Kuang trojan | |
| CVE-1999-0660 | Indoctrination trojan | |
| REF000124 | IIS: Terminal Services | |
| REF000062 | IIS: IIS Global.asa Retrieval | |
| REF000060 | IIS: IIS ASP.NET Application Trace Enabled | |
| REF000275 | Guest users have access to the system log | |
| REF000273 | Guest users have access to the security log | |
| REF000271 | Guest users have access to the application log | |
| REF000179 | Frontpage extensions enabled | |
| REF000311 | fam service running | |
| CVE-1999-0660 | CrazyNet trojan | |
| REF000178 | ClearCase running | |
| REF000265 | Cached Logon Credentials | |
| REF000303 | Blaster Worm | |
| CVE-1999-0660 | Back Orifice 2000 (BO2K) trojan | |
| REF000262 | AutoShareWKS | |
| REF000260 | AutoShareServer | |
| REF000305 | Auto Logon | |
| CVE-2000-0628 | Apache: Apache source.asp | |
| REF000016 | Apache: Apache server-status | |
| REF000015 | Apache: Apache server-info | |
| REF000013 | Apache: Apache manual | |
| REF000309 | amd service running | |
| REF000090 | All Servers: Perl.exe | |
| REF000040 | All Servers: Directory Manager Execution bug | |
| REF000191 | A modem is installed on this computer | |
| 2001-12-31 | CVE-2001-1209 | All Servers: Abe Timmerman zml.cgi File Disclosure Vulnerability |
| 2001-12-30 | CVE-2001-1210 | Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary... |
| 2001-12-21 | CVE-2001-1221 | D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information. |
| CVE-2001-1220 | D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. | |
| 2001-12-06 | CVE-2001-0866 | Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access... |
| CVE-2001-0865 | Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. | |
| CVE-2001-0864 | Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. | |
| CVE-2001-0867 | Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. | |
| CVE-2001-0863 | Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. | |
| CVE-2001-0862 | Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. | |
| CVE-2001-0861 | Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. | |
| 2001-11-28 | CVE-2001-0929 | Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. |
| 2001-11-27 | CVE-2001-0550 | WU-FTPD glob() function error handling heap corruption |
| 2001-11-15 | CVE-2001-0895 | Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the... |
| 2001-11-07 | REF000251 | SSH server accepts Version 1.x connections |
| 2001-10-22 | CVE-2001-1503 | Solaris Fingerd Discloses Complete User List |
| 2001-10-18 | CVE-2001-0751 | Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. |
| CVE-2001-0750 | Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. | |
| CVE-2001-0753 | Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. | |
| CVE-2001-0752 | Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. | |
| CVE-2001-0754 | Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. | |
| CVE-2001-0757 | Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. | |
| 2001-10-09 | CVE-2001-1156 | TYPSoft FTP Server 0-95-1 and possibly prior for Microsoft Windows Can Be Crashed by Remote Users |
| CVE-2001-1071 | Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. | |
| 2001-09-20 | CVE-2001-0650 | Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. |
| 2001-09-18 | REF000106 | IIS: This computer seems to be infected with Nimda |
| CVE-1999-0756 | IIS: Cold Fusion check | |
| 2001-09-15 | CVE-2001-1014 | All Servers: (e)shop Online-Shop System |
| 2001-09-06 | CVE-2001-1137 | D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. |
| 2001-09-05 | CVE-2001-0992 | All Servers: ShopPlus Cart |
| 2001-08-31 | CVE-2001-1065 | Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. |
| CVE-2001-0711 | Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. | |
| CVE-2001-1064 | Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop... | |
| 2001-08-29 | CVE-2001-1168 | All Servers: PhpMyExplorer Vulnerable to Directory Traversal |
| 2001-08-22 | CVE-2001-0589 | NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns. |
| 2001-08-14 | CVE-2001-0622 | The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating... |
| CVE-2001-0621 | The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. | |
| CVE-2001-0566 | Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled. | |
| 2001-08-10 | CVE-2001-1117 | LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. |
| 2001-07-26 | CVE-2001-1021 | Ipswitch WS_FTP Server 2-0-2 Will Execute Remotely-Supplied Arbitrary Code |
| 2001-07-25 | CVE-2001-1104 | SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. |
| 2001-07-24 | CVE-2001-1097 | Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. |
| 2001-07-21 | CVE-2001-0514 | SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such... |
| CVE-2001-0537 | HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | |
| 2001-07-20 | REF000105 | IIS: This computer is infected with CodeRed |
| 2001-07-15 | CVE-2001-0804 | All Servers: Directory traversal vulnerability in story.pl |
| 2001-07-12 | CVE-2001-1183 | PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
| 2001-07-02 | CVE-2001-0444 | Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. |
| CVE-2001-0429 | Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. | |
| 2001-06-27 | CVE-2001-0455 | Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. |
| 2001-06-19 | CVE-2001-0698 | SurgeFTP nlist directory traversal |
| 2001-06-18 | CVE-2001-0376 | SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This... |
| CVE-2001-0427 | Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several... | |
| CVE-2001-0375 | Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. | |
| CVE-2001-0412 | Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. | |
| CVE-2001-0821 | All Servers: DCShop vulnerability | |
| 2001-06-17 | CVE-2001-0820 | Possible Gaztek HTTP Daemon (ghttpd) buffer overflow |
| 2001-06-10 | CVE-2001-0688 | Broker FTP server 5.9.5.0 |
| 2001-05-26 | CVE-2001-0767 | GuildFTPD FTP |
| 2001-05-07 | CVE-1999-0922 | IIS: Cold Fusion check |
| CVE-2001-0561 | All Servers: A1Stats | |
| 2001-05-03 | CVE-2001-0288 | Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
| 2001-04-27 | CVE-2001-0463 | All Servers: PerlCal allows remote file retrieving |
| 2001-04-04 | CVE-2001-0272 | All Servers: sendtemp.pl |
| 2001-04-03 | CVE-2001-0466 | All Servers: uStorekeeper allows remote file retrieving |
| 2001-03-15 | CVE-2001-0236 | Possible snmpXdmid SunOS buffer overflow |
| 2001-03-12 | CVE-2000-0368 | Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. |
| 2001-03-11 | CVE-2001-0360 | All Servers: Ikonboard allows remote file retrieving |
| 2001-02-28 | CVE-2002-0558 | TYPSoft FTP Server 0-97-1 and prior Discloses Listing of Directory Contents for Any Directory on the |
| CVE-2001-0293 | FtpXQ FTP Server | |
| CVE-2004-1776 | Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. | |
| CVE-2001-1434 | Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. | |
| 2001-02-17 | SFBID2698 | Multiple WarFTPd (1-71) DoS |
| 2001-02-16 | CVE-2001-0058 | The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. |
| CVE-2001-0056 | The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. | |
| CVE-2001-0041 | Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. | |
| CVE-2001-0057 | Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. | |
| CVE-2001-0055 | CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. | |
| CVE-2001-0305 | All Servers: Arts Store.cgi | |
| 2001-02-12 | CVE-2001-0080 | Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. |
| CVE-2001-0211 | All Servers: WebSPIRS | |
| CVE-2001-0214 | All Servers: Way-board | |
| CVE-2001-0215 | All Servers: Roads search system | |
| CVE-2001-0212 | All Servers: HIS Aktion | |
| CVE-2001-0210 | All Servers: Commerce.cgi | |
| CVE-2001-0212 | All Servers: Auktion.cgi | |
| 2001-02-08 | CVE-2001-0144 | SSH1 CRC-32 compensation attack |
| 2001-02-05 | CVE-2001-0015 | Network Dynamic Data Exchange (DDE) vulnerability |
| 2001-01-29 | CVE-2001-0010 | BIND 8-2-1, 8-2-2 |
| CVE-2002-0400 | BIND - Prior to Version 9 | |
| 2001-01-28 | CVE-2001-0253 | All Servers: Hyperseek |
| 2001-01-15 | CVE-2001-0113 | OmniHTTPd v2.07 |
| 2001-01-09 | CVE-2000-1098 | The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. |
| CVE-2000-1097 | The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. | |
| 2001-01-01 | CVE-2001-0163 | Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
| CVE-2001-0161 | Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks. | |
| 2000-12-23 | CVE-2001-0074 | All Servers: Talkback vulnerability |
| 2000-12-20 | CVE-2001-0100 | All Servers: Brian Stanback bslist.cgi |
| CVE-2001-0099 | All Servers: Brian Stanback bsguest.cgi | |
| 2000-12-19 | CVE-2000-0945 | The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. |
| CVE-2000-0984 | The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. | |
| 2000-12-13 | CVE-2001-0065 | bftpd 1.0.13 |
| CVE-2000-1092 | All Servers: Alex Heiphetz Group EZShopper Directory Disclosure | |
| 2000-12-11 | CVE-2001-0025 | Leif M. Wright ad.cgi |
| 2000-12-06 | CVE-2001-0045 | Windows 2000 SNMP parameters |
| 2000-12-05 | CVE-2001-0054 | Serv-U FTP-Server v2.2 to 2.5 |
| 2000-11-20 | CVE-2000-1161 | All Servers: Adcycle - build.cgi |
| 2000-11-01 | SFBID1872 | SWAT - Samba Web Administration Tool enabled |
| 2000-10-20 | CVE-2000-0700 | Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or... |
| 2000-09-21 | CVE-2000-1016 | Apache: Apache doc packages directory |
| CVE-2000-1016 | Apache: Apache doc directory | |
| 2000-08-29 | CVE-1999-0511 | IP forwarding enabled |
| 2000-08-23 | CVE-2000-0709 | IIS: Frontpage check |
| 2000-07-28 | CVE-2000-0663 | Windows 2000 Relative Shell Path |
| 2000-07-27 | CVE-2000-0673 | NetBIOS Name Server Protocol Spoofing |
| CVE-2000-0673 | NetBIOS Name Server Protocol Spoofing | |
| 2000-07-16 | CVE-2000-0666 | Possible statd format string attack |
| 2000-07-12 | CVE-2000-0674 | All Servers: Virtual Vision FTP Browser Vulnerability |
| 2000-06-22 | CVE-2000-0573 | wu-ftpd SITE EXEC format |
| 2000-05-03 | CVE-2000-0345 | The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. |
| 2000-04-26 | CVE-2000-0380 | The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. |
| 2000-04-25 | CVE-1999-0203 | Sendmail 8-6 |
| CVE-1999-0203 | Sendmail 8-5 | |
| 2000-04-20 | CVE-2000-0268 | Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. |
| CVE-2000-0267 | Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. | |
| 2000-03-20 | CVE-2000-0613 | Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections. |
| 2000-01-12 | CVE-2000-0070 | Spoofed LPC Port Request |
| 1999-12-31 | CVE-1999-1175 | Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. |
| CVE-1999-1464 | Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not... | |
| CVE-1999-1465 | Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with... | |
| 1999-12-27 | SFBID894 | POP3 server might be vulnerable to a remote buffer overflow exploit |
| 1999-12-10 | CVE-1999-0977 | sadmin service running |
| 1999-11-08 | SFBID789 | Imail Pop3 5.0 |
| 1999-11-03 | CVE-1999-0885 | All Servers: get32.exe |
| 1999-09-29 | CVE-1999-0526 | X server accepts connections from any host |
| CVE-1999-0204 | Sendmail 8-6-9 ident vulnerability | |
| CVE-1999-0626 | rusers service running | |
| 1999-09-11 | CVE-1999-0071 | Apache 1-1-1 |
| 1999-09-01 | CVE-1999-1129 | Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag. |
| 1999-08-21 | CVE-1999-0687 | ttsession service running |
| 1999-07-26 | CVE-1999-0197 | Finger service is running |
| 1999-07-13 | CVE-1999-0320 | cmsd service running |
| 1999-07-03 | CVE-1999-0345 | Fragmented IGMP Packet |
| CVE-1999-0345 | Fragmented ICMP Packet | |
| 1999-07-01 | CVE-1999-0889 | Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. |
| 1999-06-23 | CVE-1999-0721 | Malformed LSA Request |
| 1999-06-10 | CVE-1999-0775 | Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. |
| 1999-06-07 | CVE-1999-0616 | Trivial FTP service running |
| CVE-1999-0512 | SMTP server allows relaying | |
| CVE-1999-0651 | RSH service enabled | |
| CVE-1999-0651 | RLOGIN service enabled | |
| CVE-1999-0618 | REXEC service enabled | |
| CVE-1999-0253 | IIS: ASP source using $2e trick | |
| CVE-1999-0497 | Ftp Anonymous Upload | |
| CVE-1999-0531 | EXPN,VRFY commands enabled on mail server | |
| 1999-04-20 | CVE-1999-0605 | All Servers: Merchant Order Form 1.2 Order Log Permissions |
| 1999-04-01 | CVE-1999-0445 | In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. |
| 1999-03-12 | CVE-1999-0382 | NT Screen Saver Vulnerability |
| 1999-03-11 | CVE-1999-0416 | Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. |
| CVE-1999-0415 | The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. | |
| 1999-02-20 | CVE-1999-0376 | KnownDLLs List Vulnerability |
| 1999-02-11 | CVE-1999-0800 | IIS: Cold Fusion check |
| 1999-02-04 | CVE-1999-0362 | WS FTP Server 1-0-2 |
| 1999-01-14 | CVE-1999-1538 | IIS: iisadmin is accesible |
| 1999-01-11 | CVE-1999-0063 | Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. |
| 1998-09-01 | CVE-1999-0162 | The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. |
| 1998-08-31 | CVE-1999-0003 | ttdbserver service running |
| 1998-08-28 | CVE-1999-0002 | Linux mountd running |
| 1998-08-12 | CVE-1999-0159 | Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. |
| 1998-07-15 | CVE-1999-1582 | By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive... |
| 1998-06-27 | CVE-1999-0006 | QPOP 2-2 to 2.4 |
| 1998-02-09 | CVE-2002-0421 | IIS: Microsoft IIS 4.0 IISADMPWD Proxied Password Attack |
| 1998-01-06 | CVE-1999-1293 | Apache 1-2-5 |
| 1998-01-01 | CVE-1999-0293 | AAA authentication on Cisco systems allows attackers to execute commands without authorization. |
| 1997-12-15 | CVE-1999-0230 | Buffer overflow in Cisco 7xx routers through the telnet service. |
| 1997-12-01 | CVE-1999-0016 | Land IP denial of service. |
| REF000326 | Alerter service enabled | |
| 1997-10-04 | CVE-1999-1061 | HP JetDirect password is not set |
| 1997-10-01 | CVE-1999-0160 | Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. |
| 1997-02-07 | SFBID688 | Denial of service on port 135 |
| 1997-01-20 | CVE-1999-0047 | Sendmail privilege escalation |
| 1996-07-03 | SFBID2026 | All Servers: Aglimpse |
| 1995-12-19 | SFBID1749 | ypupdated service running |
| 1995-07-31 | CVE-1999-0161 | In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. |
| 1992-12-10 | CVE-1999-1466 | Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword. |
| CVE-1999-1306 | Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters. | |
| CVE-2023-4581 | XLL file extensions were downloadable without warnings | |
| CVE-2023-4387 | use-after-free in vmxnet3_rq_alloc_rx_buf | |
| CVE-2023-4563 | Use-after-free in nft_verdict_dump due to a race between set GC and transaction | |
| CVE-2023-4133 | use-after-free in ch_flower_stats_cb | |
| CVE-2023-4273 | stack overflow in exfat_get_uniname_from_ext_entry | |
| CVE-2023-4155 | SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability | |
| CVE-2023-4580 | Push notifications saved to disk unencrypted | |
| CVE-2023-41358 | processes invalid NLRIs if attribute length is zero | |
| CVE-2023-41175 | potential integer overflow in raw2tiff.c | |
| CVE-2023-4641 | possible password leak during passwd | |
| CVE-2023-41359 | out of bounds read in bgp_attr_aigp_valid | |
| CVE-2023-41080 | Open Redirect vulnerability in FORM authentication | |
| CVE-2023-4459 | NULL pointer dereference in vmxnet3_rq_cleanup | |
| CVE-2023-4147 | nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free | |
| CVE-2023-4585 | Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 | |
| CVE-2023-4584 | Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 | |
| CVE-2023-4577 | Memory corruption in JIT UpdateRegExpStatics | |
| CVE-2023-4575 | Memory corruption in IPC FilePickerShownCallback | |
| CVE-2023-4574 | Memory corruption in IPC ColorPickerShownCallback | |
| CVE-2023-4573 | Memory corruption in IPC CanvasTranslator | |
| CVE-2023-40745 | integer overflow in tiffcp.c | |
| CVE-2023-4569 | information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c | |
| CVE-2023-4156 | heap out of bound read in builtin.c | |
| CVE-2023-4051 | Full screen notification obscured by file open dialog | |
| CVE-2023-4053 | Full screen notification obscured by external program | |
| CVE-2023-41105 | file path truncation at \0 characters | |
| CVE-2023-4578 | Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception | |
| CVE-2023-4511 | DoS | |
| CVE-2023-4512 | DoS | |
| CVE-2023-4513 | DoS | |
| CVE-2023-41361 | does not check for an overly large length of the rcv software version | |
| CVE-2023-4194 | correctly initialize socket uid next fix of i_uid to current_fsuid | |
| CVE-2023-4128 | cls_fw, cls_u32 and cls_route | |
| CVE-2023-40857 | buffer overflow that allows a remote attacker to execute arbtirary code via the yr_execute_cod function | |
| CVE-2023-4583 | Browsing Context potentially not cleared when closing Private Window | |
| CVE-2023-41360 | ahead-of-stream read of ORF header | |
