LanGuard reports



Supported OVAL/CVE Bulletins

Date Bulletin ID Title

2017-06-02  OVAL2409  oval:org.cisecurity:def:2409: Use after free in PDFium
  OVAL2413  oval:org.cisecurity:def:2413: Multiple out of bounds writes in ChunkDemuxer
  OVAL2407  oval:org.cisecurity:def:2407: Memory corruption in V8
  OVAL2406  oval:org.cisecurity:def:2406: Use after free in PDFium
  OVAL2408  oval:org.cisecurity:def:2408: Use after free in PDFium
  OVAL2414  oval:org.cisecurity:def:2414: Use after free in GuestView
  OVAL2411  oval:org.cisecurity:def:2411: Out of bounds write in PDFium
  OVAL2404  oval:org.cisecurity:def:2404: Use after free in ANGLE
  OVAL2412  oval:org.cisecurity:def:2412: Integer overflow in libxslt
  OVAL2403  oval:org.cisecurity:def:2403: Bypass of Content Security Policy in Blink
  OVAL2405  oval:org.cisecurity:def:2405: Information disclosure in V8
  OVAL2410  oval:org.cisecurity:def:2410: Incorrect security UI in Omnibox

2017-06-01  OVAL2402  oval:org.cisecurity:def:2402: Microsoft Malware Protection Engine Denial of Service Vulnerability –
  OVAL2401  oval:org.cisecurity:def:2401: Microsoft Malware Protection Engine Denial of Service Vulnerability –

2017-05-31  OVAL2399  oval:org.cisecurity:def:2399: Microsoft Edge Elevation of Privilege Vulnerability

2017-05-26  OVAL2398  oval:org.cisecurity:def:2398: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability
  OVAL2397  oval:org.cisecurity:def:2397: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability
  OVAL2396  oval:org.cisecurity:def:2396: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability
  OVAL2395  oval:org.cisecurity:def:2395: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability

2017-05-16  CVE-2014-9931  A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.
  CVE-2014-9932  In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.
  CVE-2014-9933  Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.
  CVE-2014-9934  A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.

2017-05-10  OVAL2284  oval:org.cisecurity:def:2284: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2286  oval:org.cisecurity:def:2286: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2285  oval:org.cisecurity:def:2285: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2270  oval:org.cisecurity:def:2270: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2276  oval:org.cisecurity:def:2276: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2283  oval:org.cisecurity:def:2283: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2275  oval:org.cisecurity:def:2275: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2281  oval:org.cisecurity:def:2281: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2287  oval:org.cisecurity:def:2287: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2273  oval:org.cisecurity:def:2273: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2271  oval:org.cisecurity:def:2271: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2269  oval:org.cisecurity:def:2269: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2288  oval:org.cisecurity:def:2288: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2278  oval:org.cisecurity:def:2278: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2280  oval:org.cisecurity:def:2280: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2279  oval:org.cisecurity:def:2279: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2282  oval:org.cisecurity:def:2282: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2277  oval:org.cisecurity:def:2277: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2272  oval:org.cisecurity:def:2272: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  OVAL2274  oval:org.cisecurity:def:2274: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier

2017-05-05  OVAL2239  oval:org.cisecurity:def:2239: Hyper-V Remote Code Execution Vulnerability –
  OVAL2235  oval:org.cisecurity:def:2235: Scripting Engine Memory Corruption Vulnerability –
  OVAL2232  oval:org.cisecurity:def:2232: LDAP Elevation of Privilege Vulnerability –
  OVAL2233  oval:org.cisecurity:def:2233: Hyper-V Denial of Service Vulnerability –
  OVAL2224  oval:org.cisecurity:def:2224: Hyper-V Remote Code Execution Vulnerability –
  OVAL2231  oval:org.cisecurity:def:2231: Hyper-V Information Disclosure Vulnerability –
  OVAL2234  oval:org.cisecurity:def:2234: Hyper-V Denial of Service Vulnerability –
  OVAL2238  oval:org.cisecurity:def:2238: Active Directory Denial of Service Vulnerability –
  OVAL2230  oval:org.cisecurity:def:2230: Hyper-V Denial of Service Vulnerability –
  OVAL2228  oval:org.cisecurity:def:2228: Hyper-V Denial of Service Vulnerability –
  OVAL2226  oval:org.cisecurity:def:2226: Hyper-V Remote Code Execution Vulnerability –
  OVAL2227  oval:org.cisecurity:def:2227: Hyper-V Denial of Service Vulnerability –
  OVAL2229  oval:org.cisecurity:def:2229: Hyper-V Remote Code Execution Vulnerability –
  OVAL2236  oval:org.cisecurity:def:2236: Hyper-V Denial of Service Vulnerability –
  OVAL2223  oval:org.cisecurity:def:2223: ADFS Security Feature Bypass Vulnerability –
  OVAL2237  oval:org.cisecurity:def:2237: Hyper-V Denial of Service Vulnerability –
  OVAL2225  oval:org.cisecurity:def:2225: Hyper-V Information Disclosure Vulnerability –

2017-05-02  OVAL2248  oval:org.cisecurity:def:2248: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  OVAL2246  oval:org.cisecurity:def:2246: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  OVAL2260  oval:org.cisecurity:def:2260: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2245  oval:org.cisecurity:def:2245: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  OVAL2266  oval:org.cisecurity:def:2266: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2251  oval:org.cisecurity:def:2251: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2249  oval:org.cisecurity:def:2249: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  OVAL2252  oval:org.cisecurity:def:2252: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2264  oval:org.cisecurity:def:2264: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2242  oval:org.cisecurity:def:2242: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  OVAL2263  oval:org.cisecurity:def:2263: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  OVAL2257  oval:org.cisecurity:def:2257: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2261  oval:org.cisecurity:def:2261: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2265  oval:org.cisecurity:def:2265: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  OVAL2254  oval:org.cisecurity:def:2254: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  OVAL2258  oval:org.cisecurity:def:2258: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability
  OVAL2253  oval:org.cisecurity:def:2253: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  OVAL2267  oval:org.cisecurity:def:2267: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2256  oval:org.cisecurity:def:2256: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  OVAL2241  oval:org.cisecurity:def:2241: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  OVAL2240  oval:org.cisecurity:def:2240: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2255  oval:org.cisecurity:def:2255: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2244  oval:org.cisecurity:def:2244: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2243  oval:org.cisecurity:def:2243: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  OVAL2247  oval:org.cisecurity:def:2247: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  OVAL2262  oval:org.cisecurity:def:2262: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  OVAL2250  oval:org.cisecurity:def:2250: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CVE-2014-9940  The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
  CVE-2015-9004  kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

2017-04-27  OVAL2201  oval:org.cisecurity:def:2201: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  OVAL2196  oval:org.cisecurity:def:2196: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  OVAL2220  oval:org.cisecurity:def:2220: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking
  OVAL2198  oval:org.cisecurity:def:2198: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  OVAL2207  oval:org.cisecurity:def:2207: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Networking
  OVAL2221  oval:org.cisecurity:def:2221: Vulnerability in Java SE: 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT
  OVAL2202  oval:org.cisecurity:def:2202: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  OVAL2219  oval:org.cisecurity:def:2219: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JAXP
  OVAL2214  oval:org.cisecurity:def:2214: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking
  OVAL2213  oval:org.cisecurity:def:2213: Vulnerability in Java SE: 6u141, 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT
  OVAL2197  oval:org.cisecurity:def:2197: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  OVAL2200  oval:org.cisecurity:def:2200: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  OVAL2199  oval:org.cisecurity:def:2199: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  OVAL2208  oval:org.cisecurity:def:2208: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Security
  OVAL2206  oval:org.cisecurity:def:2206: Vulnerability in Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JCE

2017-04-26  OVAL2210  oval:org.cisecurity:def:2210: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API) –
  OVAL2192  oval:org.cisecurity:def:2192: Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier –
  OVAL2175  oval:org.cisecurity:def:2175: Microsoft Office XSS Elevation of Privilege Vulnerability –
  OVAL2184  oval:org.cisecurity:def:2184: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 –
  OVAL2204  oval:org.cisecurity:def:2204: ATMFD.dll Information Disclosure Vulnerability –
  OVAL2181  oval:org.cisecurity:def:2181: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.20 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –
  OVAL2190  oval:org.cisecurity:def:2190: Vulnerability in Oracle MySQL 5.7.11 to 5.7.17 –
  OVAL2217  oval:org.cisecurity:def:2217: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges) –
  OVAL2212  oval:org.cisecurity:def:2212: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL) –
  OVAL2186  oval:org.cisecurity:def:2186: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 –
  OVAL2188  oval:org.cisecurity:def:2188: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier –
  OVAL2209  oval:org.cisecurity:def:2209: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth) –
  OVAL2215  oval:org.cisecurity:def:2215: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges) –
  OVAL2187  oval:org.cisecurity:def:2187: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 –
  OVAL2182  oval:org.cisecurity:def:2182: Vulnerability in Oracle MySQL 5.7.17 and earlier –
  OVAL2174  oval:org.cisecurity:def:2174: Microsoft Office XSS Elevation of Privilege Vulnerability –
  OVAL2180  oval:org.cisecurity:def:2180: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier –
  OVAL2218  oval:org.cisecurity:def:2218: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump) –
  OVAL2185  oval:org.cisecurity:def:2185: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 –
  OVAL2189  oval:org.cisecurity:def:2189: Vulnerability in Oracle MySQL 5.7.17 and earlier –
  OVAL2178  oval:org.cisecurity:def:2178: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier –
  OVAL2211  oval:org.cisecurity:def:2211: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption) –
  OVAL2193  oval:org.cisecurity:def:2193: Vulnerability in Oracle MySQL 5.7.17 and earlier –
  OVAL2176  oval:org.cisecurity:def:2176: Vulnerability in Oracle MySQL 5.7.17 and earlier –
  OVAL2179  oval:org.cisecurity:def:2179: Vulnerability in the MySQL Cluster 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier – CVE-2016-3304
  OVAL2216  oval:org.cisecurity:def:2216: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges) –
  OVAL2191  oval:org.cisecurity:def:2191: Vulnerability in Oracle MySQL 5.7.17 and earlier –
  OVAL2177  oval:org.cisecurity:def:2177: Vulnerability in Oracle MySQL 5.7.17 and earlier –
  OVAL2183  oval:org.cisecurity:def:2183: Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier –
  OVAL2222  oval:org.cisecurity:def:2222: libjpeg Information Disclosure Vulnerability –

2017-04-24  OVAL2205  oval:org.cisecurity:def:2205: .NET Remote Code Execution Vulnerability –
  CVE-2010-1776  Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe...

2017-04-20  OVAL2194  oval:org.cisecurity:def:2194: Windows Denial of Service Vulnerability –
  OVAL2195  oval:org.cisecurity:def:2195: Windows Elevation of Privilege Vulnerability –
  OVAL2171  oval:org.cisecurity:def:2171: Windows OLE Elevation of Privilege Vulnerability –
  OVAL2173  oval:org.cisecurity:def:2173: Microsoft Office Memory Corruption Vulnerability –

2017-04-19  OVAL2162  oval:org.cisecurity:def:2162: Win32k Information Disclosure Vulnerability –
  OVAL2164  oval:org.cisecurity:def:2164: Microsoft Outlook Remote Code Execution Vulnerability –
  OVAL2163  oval:org.cisecurity:def:2163: Windows Graphics Elevation of Privilege Vulnerability –
  OVAL2168  oval:org.cisecurity:def:2168: Microsoft Office Security Feature Bypass Vulnerability –
  OVAL2161  oval:org.cisecurity:def:2161: Windows Kernel Information Disclosure Vulnerability –
  OVAL2170  oval:org.cisecurity:def:2170: Win32k Information Disclosure Vulnerability –
  OVAL2165  oval:org.cisecurity:def:2165: Windows Graphics Component Elevation of Privilege Vulnerability –
  OVAL2169  oval:org.cisecurity:def:2169: Win32k Elevation of Privilege Vulnerability –

2017-04-18  OVAL2153  oval:org.cisecurity:def:2153: Internet Explorer Memory Corruption Vulnerability
  OVAL2152  oval:org.cisecurity:def:2152: Microsoft Edge Memory Corruption Vulnerability
  OVAL2160  oval:org.cisecurity:def:2160: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API –
  OVAL2154  oval:org.cisecurity:def:2154: Microsoft Edge Memory Corruption Vulnerability
  OVAL2159  oval:org.cisecurity:def:2159: Microsoft Edge Security Feature Bypass Vulnerability
  OVAL2157  oval:org.cisecurity:def:2157: Internet Explorer Elevation of Privilege Vulnerability
  OVAL2135  oval:org.cisecurity:def:2135: Microsoft Exchange Server Elevation of Privilege Vulnerability
  OVAL2156  oval:org.cisecurity:def:2156: Scripting Engine Memory Corruption Vulnerability

2017-04-17  OVAL2155  oval:org.cisecurity:def:2155: Scripting Engine Memory Corruption Vulnerability
  OVAL2158  oval:org.cisecurity:def:2158: Scripting Engine Information Disclosure Vulnerability

2017-04-14  OVAL2120  oval:org.cisecurity:def:2120: Microsoft Office Memory Corruption Vulnerability –
  OVAL2116  oval:org.cisecurity:def:2116: Microsoft Office Memory Corruption Vulnerability –
  OVAL2123  oval:org.cisecurity:def:2123: Microsoft Office Memory Corruption Vulnerability –
  OVAL2122  oval:org.cisecurity:def:2122: Microsoft Office Denial of Service Vulnerability –
  OVAL2119  oval:org.cisecurity:def:2119: Microsoft Office Information Disclosure Vulnerability –
  OVAL2118  oval:org.cisecurity:def:2118: Microsoft Office Memory Corruption Vulnerability –
  OVAL2117  oval:org.cisecurity:def:2117: Microsoft Office Memory Corruption Vulnerability –
  OVAL2115  oval:org.cisecurity:def:2115: Microsoft Office Memory Corruption Vulnerability –
  OVAL2121  oval:org.cisecurity:def:2121: Microsoft Office Information Disclosure Vulnerability –
  OVAL2125  oval:org.cisecurity:def:2125: Microsoft SharePoint XSS Vulnerability –
  OVAL2124  oval:org.cisecurity:def:2124: Microsoft Office Memory Corruption Vulnerability –

2017-04-13  CVE-2014-7920  mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
  CVE-2014-7921  mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.

2017-04-12  OVAL2094  oval:org.cisecurity:def:2094: Windows SMB Remote Code Execution Vulnerability –
  OVAL2089  oval:org.cisecurity:def:2089: Windows SMB Remote Code Execution Vulnerability –
  OVAL2099  oval:org.cisecurity:def:2099: Windows SMB Remote Code Execution Vulnerability –
  OVAL2133  oval:org.cisecurity:def:2133: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability
  OVAL2096  oval:org.cisecurity:def:2096: Windows SMB Remote Code Execution Vulnerability –
  OVAL2101  oval:org.cisecurity:def:2101: Windows SMB Remote Code Execution Vulnerability –
  OVAL2134  oval:org.cisecurity:def:2134: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability
  OVAL2107  oval:org.cisecurity:def:2107: Windows DVD Maker Cross-Site Request Forgery Vulnerability
  OVAL2131  oval:org.cisecurity:def:2131: iSNS Server Memory Corruption Vulnerability –
  OVAL2095  oval:org.cisecurity:def:2095: Windows SMB Remote Code Execution Vulnerability –
  OVAL2132  oval:org.cisecurity:def:2132: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability

2017-04-11  OVAL2085  oval:org.cisecurity:def:2085: Vulnerability in Adobe Flash Player versions 24.0.0.221 and earlier
  OVAL2088  oval:org.cisecurity:def:2088: Vulnerability in Adobe Flash Player versions 24.0.0.221 and earlier
  OVAL2127  oval:org.cisecurity:def:2127: SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability –
  OVAL2129  oval:org.cisecurity:def:2129: Device Guard Security Feature Bypass Vulnerability –
  OVAL2087  oval:org.cisecurity:def:2087: Vulnerability in Adobe Flash Player versions 24.0.0.221 and earlier
  OVAL2126  oval:org.cisecurity:def:2126: Windows DNS Query Information Disclosure Vulnerability –
  OVAL2086  oval:org.cisecurity:def:2086: Vulnerability in Adobe Flash Player versions 24.0.0.221 and earlier
  OVAL2090  oval:org.cisecurity:def:2090: Windows Graphics Component Remote Code Execution Vulnerability
  OVAL2130  oval:org.cisecurity:def:2130: Windows HelpPane Elevation of Privilege Vulnerability –
  OVAL2128  oval:org.cisecurity:def:2128: Windows DLL Loading Remote Code Execution Vulnerability –
  OVAL2106  oval:org.cisecurity:def:2106: Windows Graphics Component Remote Code Execution Vulnerability

2017-04-08  OVAL2092  oval:org.cisecurity:def:2092: Microsoft Color Management Information Disclosure Vulnerability
  OVAL2100  oval:org.cisecurity:def:2100: Windows Graphics Component Information Disclosure Vulnerability
  OVAL2091  oval:org.cisecurity:def:2091: Microsoft Color Management Information Disclosure Vulnerability

2017-04-06  OVAL2104  oval:org.cisecurity:def:2104: Windows GDI Elevation of Privilege Vulnerability
  OVAL2097  oval:org.cisecurity:def:2097: Windows GDI Elevation of Privilege Vulnerability
  OVAL2103  oval:org.cisecurity:def:2103: Windows GDI+ Information Disclosure Vulnerability
  OVAL2105  oval:org.cisecurity:def:2105: Windows GDI+ Information Disclosure Vulnerability
  OVAL2098  oval:org.cisecurity:def:2098: Windows GDI+ Information Disclosure Vulnerability
  OVAL2093  oval:org.cisecurity:def:2093: Windows GDI Elevation of Privilege Vulnerability

2017-04-05  OVAL2114  oval:org.cisecurity:def:2114: Microsoft IIS Server XSS Elevation of Privilege Vulnerability –
  OVAL2081  oval:org.cisecurity:def:2081: Windows DirectShow Information Disclosure Vulnerability –

2017-04-04  OVAL2080  oval:org.cisecurity:def:2080: Microsoft Active Directory Federation Services Information Disclosure Vulnerability –
  CVE-2014-9922  The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

2017-04-03  OVAL2075  oval:org.cisecurity:def:2075: Hyper-V vSMB Remote Code Execution Vulnerability –
  OVAL2077  oval:org.cisecurity:def:2077: Hyper-V Denial of Service Vulnerability –
  OVAL2071  oval:org.cisecurity:def:2071: Hyper-V Information Disclosure Vulnerability –
  OVAL2073  oval:org.cisecurity:def:2073: Hyper-V Denial of Service Vulnerability –
  OVAL2074  oval:org.cisecurity:def:2074: Microsoft Hyper-V Network Switch Denial of Service Vulnerability –
  OVAL2072  oval:org.cisecurity:def:2072: Hyper-V Denial of Service Vulnerability –
  OVAL2079  oval:org.cisecurity:def:2079: Hyper-V Denial of Service Vulnerability –
  OVAL2076  oval:org.cisecurity:def:2076: Hyper-V Remote Code Execution Vulnerability –
  OVAL2070  oval:org.cisecurity:def:2070: Hyper-V Denial of Service Vulnerability –
  OVAL2078  oval:org.cisecurity:def:2078: Hyper-V vSMB Remote Code Execution Vulnerability –
  OVAL2069  oval:org.cisecurity:def:2069: Hyper-V Remote Code Execution Vulnerability –

2017-03-30  OVAL2060  oval:org.cisecurity:def:2060: Windows GDI Elevation of Privilege Vulnerability

2017-03-29  OVAL2062  oval:org.cisecurity:def:2062: Win32k Elevation of Privilege Vulnerability –
  OVAL2067  oval:org.cisecurity:def:2067: Win32k Elevation of Privilege Vulnerability –
  OVAL2063  oval:org.cisecurity:def:2063: Win32k Elevation of Privilege Vulnerability –
  OVAL2065  oval:org.cisecurity:def:2065: Win32k Elevation of Privilege Vulnerability –
  OVAL2068  oval:org.cisecurity:def:2068: Win32k Elevation of Privilege Vulnerability –
  OVAL2064  oval:org.cisecurity:def:2064: Win32k Elevation of Privilege Vulnerability –
  OVAL2061  oval:org.cisecurity:def:2061: Win32k Elevation of Privilege Vulnerability –
  OVAL2066  oval:org.cisecurity:def:2066: Win32k Elevation of Privilege Vulnerability –

2017-03-24  OVAL2057  oval:org.cisecurity:def:2057: Windows Kernel Elevation of Privilege Vulnerability –
  OVAL2008  oval:org.cisecurity:def:2008: Microsoft Edge Information Disclosure Vulnerability
  OVAL2058  oval:org.cisecurity:def:2058: Windows Elevation of Privilege Vulnerability –
  OVAL2036  oval:org.cisecurity:def:2036: Scripting Engine Memory Corruption Vulnerability
  OVAL2022  oval:org.cisecurity:def:2022: Microsoft Edge Spoofing Vulnerability
  OVAL2059  oval:org.cisecurity:def:2059: Windows Registry Elevation of Privilege Vulnerability –
  OVAL2024  oval:org.cisecurity:def:2024: Scripting Engine Memory Corruption Vulnerability
  OVAL2010  oval:org.cisecurity:def:2010: Microsoft PDF Memory Corruption Vulnerability
  OVAL2001  oval:org.cisecurity:def:2001: Scripting Engine Memory Corruption Vulnerability
  OVAL2026  oval:org.cisecurity:def:2026: Microsoft Browser Memory Corruption Vulnerability
  OVAL2002  oval:org.cisecurity:def:2002: Internet Explorer Information Disclosure Vulnerability
  OVAL2023  oval:org.cisecurity:def:2023: Scripting Engine Memory Corruption Vulnerability
  OVAL2056  oval:org.cisecurity:def:2056: Windows Elevation of Privilege Vulnerability –
  OVAL2005  oval:org.cisecurity:def:2005: Scripting Engine Memory Corruption Vulnerability
  OVAL2030  oval:org.cisecurity:def:2030: Microsoft Edge Security Feature Bypass
  OVAL2007  oval:org.cisecurity:def:2007: Internet Explorer Elevation of Privilege Vulnerability
  OVAL2039  oval:org.cisecurity:def:2039: Microsoft Edge Security Feature Bypass
  OVAL2018  oval:org.cisecurity:def:2018: Scripting Engine Memory Corruption Vulnerability
  OVAL2017  oval:org.cisecurity:def:2017: Scripting Engine Memory Corruption Vulnerability
  OVAL2025  oval:org.cisecurity:def:2025: Microsoft Edge Security Feature Bypass Vulnerability
  OVAL2034  oval:org.cisecurity:def:2034: Microsoft Browser Information Disclosure Vulnerability
  OVAL2012  oval:org.cisecurity:def:2012: Scripting Engine Memory Corruption Vulnerability
  OVAL2027  oval:org.cisecurity:def:2027: Scripting Engine Memory Corruption Vulnerability
  OVAL2006  oval:org.cisecurity:def:2006: Scripting Engine Memory Corruption Vulnerability
  OVAL2004  oval:org.cisecurity:def:2004: Scripting Engine Memory Corruption Vulnerability
  OVAL2028  oval:org.cisecurity:def:2028: Microsoft Edge Memory Corruption Vulnerability
  OVAL2000  oval:org.cisecurity:def:2000: Microsoft Browser Spoofing Vulnerability
  OVAL2016  oval:org.cisecurity:def:2016: Scripting Engine Memory Corruption Vulnerability
  OVAL2014  oval:org.cisecurity:def:2014: Scripting Engine Memory Corruption Vulnerability
  OVAL2019  oval:org.cisecurity:def:2019: Microsoft Browser Information Disclosure Vulnerability
  OVAL2021  oval:org.cisecurity:def:2021: Scripting Engine Memory Corruption Vulnerability
  OVAL2015  oval:org.cisecurity:def:2015: Microsoft Internet Explorer Memory Corruption Vulnerability
  OVAL2037  oval:org.cisecurity:def:2037: Microsoft Edge Information Disclosure Vulnerability
  OVAL2032  oval:org.cisecurity:def:2032: Internet Explorer Memory Corruption Vulnerability
  OVAL2033  oval:org.cisecurity:def:2033: Scripting Engine Memory Corruption Vulnerability
  OVAL2035  oval:org.cisecurity:def:2035: Microsoft Browser Spoofing Vulnerability
  OVAL2031  oval:org.cisecurity:def:2031: Scripting Engine Memory Corruption Vulnerability
  OVAL2003  oval:org.cisecurity:def:2003: Internet Explorer Information Disclosure Vulnerability
  OVAL2009  oval:org.cisecurity:def:2009: Microsoft Edge Information Disclosure Vulnerability
  OVAL2038  oval:org.cisecurity:def:2038: Scripting Engine Memory Corruption Vulnerability
  OVAL2029  oval:org.cisecurity:def:2029: Microsoft Edge Security Feature Bypass
  OVAL2011  oval:org.cisecurity:def:2011: Scripting Engine Memory Corruption Vulnerability
  OVAL2013  oval:org.cisecurity:def:2013: Scripting Engine Memory Corruption Vulnerability
  OVAL2020  oval:org.cisecurity:def:2020: Scripting Engine Memory Corruption Vulnerability

2017-03-22  OVAL1999  oval:org.cisecurity:def:1999: Internet Explorer Information Disclosure Vulnerability

2017-03-20  OVAL1998  oval:org.cisecurity:def:1998: Microsoft XML Core Services Information Disclosure Vulnerability –

2017-03-15  OVAL1977  oval:org.cisecurity:def:1977: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1983  oval:org.cisecurity:def:1983: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1978  oval:org.cisecurity:def:1978: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1984  oval:org.cisecurity:def:1984: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1996  oval:org.cisecurity:def:1996: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1973  oval:org.cisecurity:def:1973: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1988  oval:org.cisecurity:def:1988: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1982  oval:org.cisecurity:def:1982: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1974  oval:org.cisecurity:def:1974: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1991  oval:org.cisecurity:def:1991: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1987  oval:org.cisecurity:def:1987: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1980  oval:org.cisecurity:def:1980: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1971  oval:org.cisecurity:def:1971: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1992  oval:org.cisecurity:def:1992: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1972  oval:org.cisecurity:def:1972: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1995  oval:org.cisecurity:def:1995: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1994  oval:org.cisecurity:def:1994: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1975  oval:org.cisecurity:def:1975: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1997  oval:org.cisecurity:def:1997: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1993  oval:org.cisecurity:def:1993: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1990  oval:org.cisecurity:def:1990: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1976  oval:org.cisecurity:def:1976: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1989  oval:org.cisecurity:def:1989: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1979  oval:org.cisecurity:def:1979: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1981  oval:org.cisecurity:def:1981: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1969  oval:org.cisecurity:def:1969: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1970  oval:org.cisecurity:def:1970: Windows Uniscribe Remote Code Execution Vulnerability
  OVAL1985  oval:org.cisecurity:def:1985: Windows Uniscribe Information Disclosure Vulnerability
  OVAL1986  oval:org.cisecurity:def:1986: Windows Uniscribe Information Disclosure Vulnerability

2017-03-10  OVAL1944  oval:org.cisecurity:def:1944: Montgomery multiplication may produce incorrect results in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0c
  OVAL1947  oval:org.cisecurity:def:1947: Encrypt-Then-Mac renegotiation crash in OpenSSL 1.1.0 before 1.1.0e
  OVAL1943  oval:org.cisecurity:def:1943: Truncated packet could crash via OOB read in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0d
  OVAL1946  oval:org.cisecurity:def:1946: ChaCha20/Poly1305 heap-buffer-overflow in OpenSSL 1.1.0 before 1.1.0c
  OVAL1945  oval:org.cisecurity:def:1945: CMS Null dereference vulnerability in OpenSSL 1.1.0 before 1.1.0c

2017-03-09  OVAL1942  oval:org.cisecurity:def:1942: UI spoofing

2017-03-08  OVAL1953  oval:org.cisecurity:def:1953: Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  OVAL1954  oval:org.cisecurity:def:1954: A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  OVAL1952  oval:org.cisecurity:def:1952: PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  OVAL1951  oval:org.cisecurity:def:1951: Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux

2017-03-03  OVAL1950  oval:org.cisecurity:def:1950: Vulnerability in OpenSSL 1.1.0 before 1.1.0d and OpenSSL 1.0.2 before 1.0.2k
  OVAL1931  oval:org.cisecurity:def:1931: Vulnerability in crypto/x509/x509_vfy.c in OpenSSL 1.0.2i
  OVAL1926  oval:org.cisecurity:def:1926: Vulnerability in the ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a
  OVAL1948  oval:org.cisecurity:def:1948: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length
  OVAL1949  oval:org.cisecurity:def:1949: Vulnerability in OpenSSL 1.1.0 before 1.1.0d
  OVAL1930  oval:org.cisecurity:def:1930: Vulnerability in statem/statem.c in OpenSSL 1.1.0a
  OVAL1928  oval:org.cisecurity:def:1928: Vulnerability in certificate parser in OpenSSL 1.0.1 before 1.0.1u, and 1.0.2 before 1.0.2i
  OVAL1929  oval:org.cisecurity:def:1929: Multiple memory leaks in OpenSSL 1.0.1 before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a
  OVAL1927  oval:org.cisecurity:def:1927: Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a

2017-02-24  OVAL1895  oval:org.cisecurity:def:1895: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  OVAL1893  oval:org.cisecurity:def:1893: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  OVAL1885  oval:org.cisecurity:def:1885: Heap overflow in FFmpeg
  OVAL1884  oval:org.cisecurity:def:1884: UI spoofing
  OVAL1891  oval:org.cisecurity:def:1891: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  OVAL1892  oval:org.cisecurity:def:1892: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  OVAL1890  oval:org.cisecurity:def:1890: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  OVAL1894  oval:org.cisecurity:def:1894: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier

2017-02-22  OVAL1901  oval:org.cisecurity:def:1901: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results
  OVAL1906  oval:org.cisecurity:def:1906: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number
  OVAL1900  oval:org.cisecurity:def:1900: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages
  OVAL1903  oval:org.cisecurity:def:1903: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length
  OVAL1904  oval:org.cisecurity:def:1904: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service
  OVAL1907  oval:org.cisecurity:def:1907: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks
  OVAL1902  oval:org.cisecurity:def:1902: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations
  OVAL1905  oval:org.cisecurity:def:1905: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service -...

2017-02-21  OVAL1909  oval:org.cisecurity:def:1909: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability
  OVAL1908  oval:org.cisecurity:def:1908: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability
  OVAL1911  oval:org.cisecurity:def:1911: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability
  OVAL1910  oval:org.cisecurity:def:1910: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability
  OVAL1912  oval:org.cisecurity:def:1912: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability

2017-02-17  OVAL1859  oval:org.cisecurity:def:1859: Type confusion in metrics
  OVAL1861  oval:org.cisecurity:def:1861: Uninitialised memory access in webm video
  OVAL1862  oval:org.cisecurity:def:1862: Universal XSS in chrome://apps
  OVAL1856  oval:org.cisecurity:def:1856: Use after free in Renderer
  OVAL1858  oval:org.cisecurity:def:1858: Heap overflow in FFmpeg
  OVAL1860  oval:org.cisecurity:def:1860: Use after free in Extensions
  OVAL1855  oval:org.cisecurity:def:1855: Universal XSS in chrome://downloads
  OVAL1857  oval:org.cisecurity:def:1857: Bypass of Content Security Policy in Blink

2017-02-16  OVAL1869  oval:org.cisecurity:def:1869: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability
  OVAL1870  oval:org.cisecurity:def:1870: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability

2017-02-15  OVAL1868  oval:org.cisecurity:def:1868: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  OVAL1865  oval:org.cisecurity:def:1865: Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  OVAL1847  oval:org.cisecurity:def:1847: Vulnerability in the MySQL Cluster 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier – CVE-2016-3321
  OVAL1850  oval:org.cisecurity:def:1850: Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3323
  OVAL1864  oval:org.cisecurity:def:1864: A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  OVAL1863  oval:org.cisecurity:def:1863: Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs
  OVAL1867  oval:org.cisecurity:def:1867: Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs
  OVAL1866  oval:org.cisecurity:def:1866: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  OVAL1846  oval:org.cisecurity:def:1846: Vulnerability in the MySQL Cluster 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier –
  OVAL1844  oval:org.cisecurity:def:1844: Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3322

2017-02-13  OVAL1852  oval:org.cisecurity:def:1852: WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking
  OVAL1854  oval:org.cisecurity:def:1854: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method
  OVAL1851  oval:org.cisecurity:def:1851: Vulnerability in Java SE 6u131, 7u121 and 8u112; and Java SE Embedded 8u111
  OVAL1853  oval:org.cisecurity:def:1853: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context

2017-02-10  OVAL1818  oval:org.cisecurity:def:1818: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier –
  OVAL1814  oval:org.cisecurity:def:1814: Vulnerability in MySQL Server 5.5.53 and earlier –
  OVAL1819  oval:org.cisecurity:def:1819: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier –
  OVAL1815  oval:org.cisecurity:def:1815: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier –
  OVAL1822  oval:org.cisecurity:def:1822: Vulnerability in MQ Explorer in IBM WebSphere MQ before 8.0.0.3 –
  OVAL1824  oval:org.cisecurity:def:1824: Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2 –
  OVAL1816  oval:org.cisecurity:def:1816: Vulnerability in MySQL Server 5.5.53 and earlier –
  OVAL1823  oval:org.cisecurity:def:1823: Vulnerability in cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2 –
  OVAL1825  oval:org.cisecurity:def:1825: Vulnerability in MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 –
  OVAL1813  oval:org.cisecurity:def:1813: Vulnerability in MySQL Server 5.6.34 and earlier. and 5.7.16 and earlier –
  OVAL1817  oval:org.cisecurity:def:1817: Vulnerability in MySQL Server 5.5.53 and earlier –

2017-02-09  OVAL1836  oval:org.cisecurity:def:1836: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page
  OVAL1837  oval:org.cisecurity:def:1837: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships
  OVAL1841  oval:org.cisecurity:def:1841: Cross-site scripting
  OVAL1840  oval:org.cisecurity:def:1840: Directory traversal vulnerability in Atlassian JIRA before 6.0.5
  OVAL1839  oval:org.cisecurity:def:1839: Cross-site scripting
  OVAL1842  oval:org.cisecurity:def:1842: Directory traversal vulnerability in Atlassian JIRA before 6.0.4

2017-02-08  OVAL1835  oval:org.cisecurity:def:1835: Vulnerability in IBM WebSphere MQ 7.0.1 before 7.0.1.13 –

2017-02-07  OVAL1832  oval:org.cisecurity:def:1832: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) –
  OVAL1831  oval:org.cisecurity:def:1831: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging) –
  OVAL1829  oval:org.cisecurity:def:1829: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) –
  OVAL1833  oval:org.cisecurity:def:1833: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication) –
  OVAL1830  oval:org.cisecurity:def:1830: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging) –
  OVAL1827  oval:org.cisecurity:def:1827: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control
  OVAL1826  oval:org.cisecurity:def:1826: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CVE-2014-9914  Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations...

2017-02-03  OVAL1800  oval:org.cisecurity:def:1800: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  OVAL1801  oval:org.cisecurity:def:1801: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; and Java SE Embedded 8u111
  OVAL1802  oval:org.cisecurity:def:1802: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111

2017-02-01  OVAL1799  oval:org.cisecurity:def:1799: Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5 –
  OVAL1798  oval:org.cisecurity:def:1798: Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5 –

2017-01-31  OVAL1797  oval:org.cisecurity:def:1797: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL) –
  OVAL1779  oval:org.cisecurity:def:1779: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  OVAL1778  oval:org.cisecurity:def:1778: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  OVAL1777  oval:org.cisecurity:def:1777: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  OVAL1796  oval:org.cisecurity:def:1796: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB) –
  OVAL1789  oval:org.cisecurity:def:1789: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking
  OVAL1795  oval:org.cisecurity:def:1795: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML) –
  OVAL1790  oval:org.cisecurity:def:1790: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
  OVAL1791  oval:org.cisecurity:def:1791: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking

2017-01-30  OVAL1780  oval:org.cisecurity:def:1780: Vulnerability in IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 –

2017-01-27  OVAL1776  oval:org.cisecurity:def:1776: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  OVAL1775  oval:org.cisecurity:def:1775: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111

2017-01-26  OVAL1772  oval:org.cisecurity:def:1772: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging) –
  OVAL1774  oval:org.cisecurity:def:1774: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption) –
  OVAL1773  oval:org.cisecurity:def:1773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL) –

2017-01-25  OVAL1747  oval:org.cisecurity:def:1747: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1746  oval:org.cisecurity:def:1746: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1751  oval:org.cisecurity:def:1751: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1745  oval:org.cisecurity:def:1745: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1748  oval:org.cisecurity:def:1748: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1749  oval:org.cisecurity:def:1749: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1744  oval:org.cisecurity:def:1744: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1750  oval:org.cisecurity:def:1750: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier

2017-01-24  OVAL1769  oval:org.cisecurity:def:1769: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS
  OVAL1770  oval:org.cisecurity:def:1770: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries
  OVAL1771  oval:org.cisecurity:def:1771: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control

2017-01-19  OVAL1765  oval:org.cisecurity:def:1765: Vulnerability in SSL 3.0 as used in OpenSSL through 1.0.1i

2017-01-18  OVAL1732  oval:org.cisecurity:def:1732: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1731  oval:org.cisecurity:def:1731: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1729  oval:org.cisecurity:def:1729: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1728  oval:org.cisecurity:def:1728: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1730  oval:org.cisecurity:def:1730: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  OVAL1727  oval:org.cisecurity:def:1727: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CVE-2014-9909  An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...
  CVE-2014-9910  An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...

2017-01-17  OVAL1721  oval:org.cisecurity:def:1721: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1726  oval:org.cisecurity:def:1726: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1720  oval:org.cisecurity:def:1720: EPHEMERAL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  OVAL1723  oval:org.cisecurity:def:1723: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1725  oval:org.cisecurity:def:1725: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1724  oval:org.cisecurity:def:1724: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1719  oval:org.cisecurity:def:1719: EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  OVAL1722  oval:org.cisecurity:def:1722: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier

2017-01-12  OVAL1715  oval:org.cisecurity:def:1715: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  OVAL1733  oval:org.cisecurity:def:1733: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability
  OVAL1714  oval:org.cisecurity:def:1714: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1737  oval:org.cisecurity:def:1737: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability
  OVAL1717  oval:org.cisecurity:def:1717: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  OVAL1716  oval:org.cisecurity:def:1716: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  OVAL1709  oval:org.cisecurity:def:1709: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1741  oval:org.cisecurity:def:1741: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  OVAL1734  oval:org.cisecurity:def:1734: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  OVAL1742  oval:org.cisecurity:def:1742: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  OVAL1740  oval:org.cisecurity:def:1740: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability
  OVAL1738  oval:org.cisecurity:def:1738: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  OVAL1718  oval:org.cisecurity:def:1718: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  OVAL1743  oval:org.cisecurity:def:1743: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  OVAL1710  oval:org.cisecurity:def:1710: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1735  oval:org.cisecurity:def:1735: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  OVAL1712  oval:org.cisecurity:def:1712: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1736  oval:org.cisecurity:def:1736: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability
  OVAL1711  oval:org.cisecurity:def:1711: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  OVAL1739  oval:org.cisecurity:def:1739: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability
  OVAL1713  oval:org.cisecurity:def:1713: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier

2017-01-11  OVAL1706  oval:org.cisecurity:def:1706: Microsoft Edge Elevation of Privilege Vulnerability
  OVAL1707  oval:org.cisecurity:def:1707: Microsoft Office Memory Corruption Vulnerability –

2017-01-10  OVAL1705  oval:org.cisecurity:def:1705: Local Security Authority Subsystem Service Denial of Service Vulnerability

2017-01-09  OVAL1703  oval:org.cisecurity:def:1703: Vulnerability in Samsung Security Manager

2017-01-08  OVAL1704  oval:org.cisecurity:def:1704: Remove OneDrive option located in the navigation panel of File Explorer on Windows 10.

2017-01-05  OVAL1686  oval:org.cisecurity:def:1686: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228
  OVAL1685  oval:org.cisecurity:def:1685: Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160

2017-01-04  OVAL1691  oval:org.cisecurity:def:1691: Vulnerability in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18 –

2017-01-03  OVAL1684  oval:org.cisecurity:def:1684: Microsoft Office Memory Corruption Vulnerability –

2016-12-30  OVAL1653  oval:org.cisecurity:def:1653: Secure Kernel Mode Elevation of Privilege Vulnerability
  OVAL1676  oval:org.cisecurity:def:1676: Vulnerability in NVIDIA Graphics Driver
  OVAL1652  oval:org.cisecurity:def:1652: .NET Information Disclosure Vulnerability
  OVAL1651  oval:org.cisecurity:def:1651: Windows Uniscribe Remote Code Execution Vulnerability

2016-12-29  OVAL1647  oval:org.cisecurity:def:1647: Microsoft Browser – Memory Corruption Vulnerability
  OVAL1648  oval:org.cisecurity:def:1648: Scripting Engine Memory Corruption Vulnerability
  OVAL1650  oval:org.cisecurity:def:1650: Microsoft Browser Security Feature Bypass
  OVAL1649  oval:org.cisecurity:def:1649: Microsoft Browser Information Disclosure Vulnerability

2016-12-28  OVAL1688  oval:org.cisecurity:def:1688: Microsoft Office Security Feature Bypass Vulnerability –
  OVAL1687  oval:org.cisecurity:def:1687: Microsoft Office Information Disclosure Vulnerability –
  OVAL1689  oval:org.cisecurity:def:1689: Microsoft Office Information Disclosure Vulnerability –

2016-12-21  OVAL1641  oval:org.cisecurity:def:1641: Microsoft Office Information Disclosure Vulnerability –
  OVAL1640  oval:org.cisecurity:def:1640: Microsoft Office Information Disclosure Vulnerability –
  OVAL1643  oval:org.cisecurity:def:1643: Microsoft Office Security Feature Bypass Vulnerability –
  OVAL1639  oval:org.cisecurity:def:1639: Microsoft Office Memory Corruption Vulnerability –
  OVAL1642  oval:org.cisecurity:def:1642: Microsoft Office Information Disclosure Vulnerability –
  OVAL1644  oval:org.cisecurity:def:1644: Microsoft Office Security Feature Bypass Vulnerability –
  OVAL1638  oval:org.cisecurity:def:1638: Microsoft Office OLE DLL Side Loading Vulnerability –
  OVAL1637  oval:org.cisecurity:def:1637: Microsoft Office Information Disclosure Vulnerability –

2016-12-20  OVAL1634  oval:org.cisecurity:def:1634: Internet Explorer Memory Corruption Vulnerability
  OVAL1633  oval:org.cisecurity:def:1633: Scripting Engine Memory Corruption Vulnerability
  OVAL1625  oval:org.cisecurity:def:1625: Microsoft Edge Information Disclosure Vulnerability
  OVAL1632  oval:org.cisecurity:def:1632: Internet Explorer Information Disclosure Vulnerability
  OVAL1630  oval:org.cisecurity:def:1630: Microsoft Edge Memory Corruption Vulnerability
  OVAL1636  oval:org.cisecurity:def:1636: Microsoft Office Memory Corruption Vulnerability –
  OVAL1627  oval:org.cisecurity:def:1627: Windows Hyperlink Object Library Information Disclosure Vulnerability
  OVAL1631  oval:org.cisecurity:def:1631: Scripting Engine Memory Corruption Vulnerability
  OVAL1629  oval:org.cisecurity:def:1629: Scripting Engine Memory Corruption Vulnerability
  OVAL1626  oval:org.cisecurity:def:1626: Scripting Engine Memory Corruption Vulnerability
  OVAL1628  oval:org.cisecurity:def:1628: Scripting Engine Memory Corruption Vulnerability
  OVAL1635  oval:org.cisecurity:def:1635: Microsoft Edge Information Disclosure Vulnerability

2016-12-16  OVAL1605  oval:org.cisecurity:def:1605: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1610  oval:org.cisecurity:def:1610: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1612  oval:org.cisecurity:def:1612: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1611  oval:org.cisecurity:def:1611: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1614  oval:org.cisecurity:def:1614: Windows Installer Elevation of Privilege Vulnerability
  OVAL1607  oval:org.cisecurity:def:1607: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1609  oval:org.cisecurity:def:1609: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1608  oval:org.cisecurity:def:1608: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  OVAL1606  oval:org.cisecurity:def:1606: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier

2016-12-15  OVAL1681  oval:org.cisecurity:def:1681: Windows Kernel Memory Address Information Disclosure Vulnerability
  OVAL1645  oval:org.cisecurity:def:1645: Win32k Elevation of Privilege Vulnerability –
  OVAL1613  oval:org.cisecurity:def:1613: Windows Crypto Driver Information Disclosure Vulnerability
  OVAL1646  oval:org.cisecurity:def:1646: Win32k Elevation of Privilege Vulnerability –
  OVAL1680  oval:org.cisecurity:def:1680: Windows Common Log File System Driver Information Disclosure Vulnerability

2016-12-14  OVAL1601  oval:org.cisecurity:def:1601: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1598  oval:org.cisecurity:def:1598: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1597  oval:org.cisecurity:def:1597: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1604  oval:org.cisecurity:def:1604: Windows Graphics Remote Code Execution Vulnerability
  OVAL1599  oval:org.cisecurity:def:1599: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1600  oval:org.cisecurity:def:1600: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1603  oval:org.cisecurity:def:1603: Windows Graphics Remote Code Execution Vulnerability
  OVAL1596  oval:org.cisecurity:def:1596: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1593  oval:org.cisecurity:def:1593: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1602  oval:org.cisecurity:def:1602: GDI Information Disclosure Vulnerability
  OVAL1595  oval:org.cisecurity:def:1595: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  OVAL1594  oval:org.cisecurity:def:1594: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier

2016-12-09  OVAL1559  oval:org.cisecurity:def:1559: CSP Referrer disclosure
  OVAL1562  oval:org.cisecurity:def:1562: Private property access in V8
  OVAL1564  oval:org.cisecurity:def:1564: Use after free in V8
  OVAL1560  oval:org.cisecurity:def:1560: Same-origin bypass in PDFium
  OVAL1554  oval:org.cisecurity:def:1554: Universal XSS in Blink
  OVAL1566  oval:org.cisecurity:def:1566: Use after free in PDFium
  OVAL1561  oval:org.cisecurity:def:1561: Universal XSS in Blink
  OVAL1567  oval:org.cisecurity:def:1567: Out of bounds write in Blink
  OVAL1558  oval:org.cisecurity:def:1558: Vulnerability in Google Chrome before 55.0.2883.75
  OVAL1565  oval:org.cisecurity:def:1565: Out of bounds write in PDFium
  OVAL1557  oval:org.cisecurity:def:1557: Universal XSS in Blink
  OVAL1563  oval:org.cisecurity:def:1563: Universal XSS in Blink
  OVAL1556  oval:org.cisecurity:def:1556: Local file disclosure in DevTools
  OVAL1555  oval:org.cisecurity:def:1555: Use after free in PDFium

2016-12-08  OVAL1551  oval:org.cisecurity:def:1551: MSL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  OVAL1552  oval:org.cisecurity:def:1552: LABEL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CVE-2015-8967  arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

2016-12-07  OVAL1576  oval:org.cisecurity:def:1576: A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1570  oval:org.cisecurity:def:1570: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1513  oval:org.cisecurity:def:1513: SQL RDBMS Engine EoP vulnerability
  OVAL1575  oval:org.cisecurity:def:1575: PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1571  oval:org.cisecurity:def:1571: Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows
  OVAL1569  oval:org.cisecurity:def:1569: Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1514  oval:org.cisecurity:def:1514: SQL Server Agent Elevation of Privilege Vulnerability
  OVAL1573  oval:org.cisecurity:def:1573: Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files
  OVAL1578  oval:org.cisecurity:def:1578: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1577  oval:org.cisecurity:def:1577: Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1574  oval:org.cisecurity:def:1574: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1580  oval:org.cisecurity:def:1580: Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1579  oval:org.cisecurity:def:1579: A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux
  OVAL1568  oval:org.cisecurity:def:1568: Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  OVAL1572  oval:org.cisecurity:def:1572: A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows

2016-12-06  OVAL1553  oval:org.cisecurity:def:1553: Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service

2016-12-02  OVAL1517  oval:org.cisecurity:def:1517: Secure Boot Component Vulnerability –
  OVAL1516  oval:org.cisecurity:def:1516: Windows Kernel Elevation of Privilege Vulnerability –

2016-12-01  OVAL1501  oval:org.cisecurity:def:1501: VHD Driver Elevation of Privilege Vulnerability –
  OVAL1499  oval:org.cisecurity:def:1499: VHD Driver Elevation of Privilege Vulnerability –
  OVAL1500  oval:org.cisecurity:def:1500: VHD Driver Elevation of Privilege Vulnerability –
  OVAL1498  oval:org.cisecurity:def:1498: VHD Driver Elevation of Privilege Vulnerability –

2016-11-30  OVAL1486  oval:org.cisecurity:def:1486: Win32k Information Disclosure Vulnerability
  OVAL1487  oval:org.cisecurity:def:1487: Win32k Elevation of Privilege Vulnerability
  OVAL1485  oval:org.cisecurity:def:1485: Win32k Elevation of Privilege Vulnerability
  OVAL1483  oval:org.cisecurity:def:1483: Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218
  OVAL1484  oval:org.cisecurity:def:1484: Win32k Elevation of Privilege Vulnerability

2016-11-29  OVAL1497  oval:org.cisecurity:def:1497: Local Security Authority Subsystem Service Denial of Service Vulnerability –
  OVAL1496  oval:org.cisecurity:def:1496: Windows NTLM Elevation of Privilege Vulnerability –
  OVAL1478  oval:org.cisecurity:def:1478: Open Type Font Remote Code Execution Vulnerability –
  OVAL1480  oval:org.cisecurity:def:1480: Virtual Secure Mode Information Disclosure Vulnerability –
  OVAL1479  oval:org.cisecurity:def:1479: Open Type Font Information Disclosure Vulnerability –

2016-11-28  OVAL1482  oval:org.cisecurity:def:1482: Windows Animation Manager Memory Corruption Vulnerability –
  OVAL1481  oval:org.cisecurity:def:1481: Media Foundation Memory Corruption Vulnerability –
  OVAL1477  oval:org.cisecurity:def:1477: Microsoft Video Control Remote Code Execution Vulnerability –

2016-11-25  OVAL1450  oval:org.cisecurity:def:1450: Microsoft Office Memory Corruption Vulnerability –
  OVAL1454  oval:org.cisecurity:def:1454: Microsoft Office Memory Corruption Vulnerability –
  OVAL1476  oval:org.cisecurity:def:1476: Task Scheduler Elevation of Privilege Vulnerability –
  OVAL1452  oval:org.cisecurity:def:1452: Microsoft Office Denial of Service Vulnerability –
  OVAL1451  oval:org.cisecurity:def:1451: Microsoft Office Information Disclosure Vulnerability –
  OVAL1453  oval:org.cisecurity:def:1453: Microsoft Office Memory Corruption Vulnerability –

2016-11-24  OVAL1457  oval:org.cisecurity:def:1457: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1456  oval:org.cisecurity:def:1456: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1455  oval:org.cisecurity:def:1455: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1475  oval:org.cisecurity:def:1475: Windows IME Elevation of Privilege Vulnerability –
  OVAL1464  oval:org.cisecurity:def:1464: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1462  oval:org.cisecurity:def:1462: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1463  oval:org.cisecurity:def:1463: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1460  oval:org.cisecurity:def:1460: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1474  oval:org.cisecurity:def:1474: Windows Remote Code Execution Vulnerability –
  OVAL1459  oval:org.cisecurity:def:1459: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1461  oval:org.cisecurity:def:1461: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
  OVAL1458  oval:org.cisecurity:def:1458: Windows Common Log File System Driver Elevation of Privilege Vulnerability –

2016-11-22  OVAL1471  oval:org.cisecurity:def:1471: Scripting Engine Memory Corruption Vulnerability
  OVAL1468  oval:org.cisecurity:def:1468: Microsoft Browser Memory Corruption Vulnerability
  OVAL1473  oval:org.cisecurity:def:1473: Scripting Engine Memory Corruption Vulnerability
  OVAL1466  oval:org.cisecurity:def:1466: Microsoft Browser Information Disclosure Vulnerability
  OVAL1470  oval:org.cisecurity:def:1470: Scripting Engine Memory Corruption Vulnerability
  OVAL1472  oval:org.cisecurity:def:1472: Scripting Engine Memory Corruption Vulnerability
  OVAL1465  oval:org.cisecurity:def:1465: Microsoft Edge Spoofing Vulnerability
  OVAL1467  oval:org.cisecurity:def:1467: Microsoft Edge Information Disclosure Vulnerability
  OVAL1469  oval:org.cisecurity:def:1469: Microsoft Browser Information Disclosure Vulnerability

2016-11-18  OVAL1447  oval:org.cisecurity:def:1447: Microsoft Office Memory Corruption Vulnerability –
  OVAL1448  oval:org.cisecurity:def:1448: Microsoft Office Memory Corruption Vulnerability –
  OVAL1449  oval:org.cisecurity:def:1449: Microsoft Office Memory Corruption Vulnerability –
  OVAL1445  oval:org.cisecurity:def:1445: Microsoft Office Memory Corruption Vulnerability –
  OVAL1446  oval:org.cisecurity:def:1446: Microsoft Office Memory Corruption Vulnerability –

2016-11-17  OVAL1426  oval:org.cisecurity:def:1426: Microsoft Office Memory Corruption Vulnerability –

2016-11-16  OVAL1425  oval:org.cisecurity:def:1425: Microsoft Office Memory Corruption Vulnerability –
  OVAL1427  oval:org.cisecurity:def:1427: Scripting Engine Memory Corruption Vulnerability
  OVAL1430  oval:org.cisecurity:def:1430: Scripting Engine Memory Corruption Vulnerability
  OVAL1428  oval:org.cisecurity:def:1428: Scripting Engine Memory Corruption Vulnerability
  OVAL1429  oval:org.cisecurity:def:1429: Scripting Engine Memory Corruption Vulnerability

2016-11-15  OVAL1423  oval:org.cisecurity:def:1423: Microsoft Browser Memory Corruption Vulnerability
  OVAL1422  oval:org.cisecurity:def:1422: Microsoft Browser Memory Corruption Vulnerability
  OVAL1421  oval:org.cisecurity:def:1421: Microsoft Browser Memory Corruption Vulnerability
  OVAL1413  oval:org.cisecurity:def:1413: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1420  oval:org.cisecurity:def:1420: Microsoft Browser Memory Corruption Vulnerability
  OVAL1411  oval:org.cisecurity:def:1411: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1414  oval:org.cisecurity:def:1414: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1412  oval:org.cisecurity:def:1412: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
  OVAL1415  oval:org.cisecurity:def:1415: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –

2016-11-14  OVAL1410  oval:org.cisecurity:def:1410: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 –
  OVAL1405  oval:org.cisecurity:def:1405: Graphics Component Buffer Overflow Vulnerability –
  OVAL1407  oval:org.cisecurity:def:1407: Windows Journal RCE Vulnerability
  OVAL1419  oval:org.cisecurity:def:1419: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  OVAL1408  oval:org.cisecurity:def:1408: Windows Journal Integer Overflow RCE Vulnerability
  OVAL1418  oval:org.cisecurity:def:1418: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  OVAL1416  oval:org.cisecurity:def:1416: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  OVAL1409  oval:org.cisecurity:def:1409: Windows Journal RCE Vulnerability
  OVAL1417  oval:org.cisecurity:def:1417: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability

2016-11-10  OVAL1392  oval:org.cisecurity:def:1392: Memory Corruption Vulnerability
  OVAL1382  oval:org.cisecurity:def:1382: Memory Corruption Vulnerability
  OVAL1388  oval:org.cisecurity:def:1388: Memory Corruption Vulnerability
  OVAL1391  oval:org.cisecurity:def:1391: Memory Corruption Vulnerability
  OVAL1381  oval:org.cisecurity:def:1381: Memory Corruption Vulnerability
  OVAL1390  oval:org.cisecurity:def:1390: Memory Corruption Vulnerability
  OVAL1385  oval:org.cisecurity:def:1385: Memory Corruption Vulnerability
  OVAL1384  oval:org.cisecurity:def:1384: Memory Corruption Vulnerability
  OVAL1383  oval:org.cisecurity:def:1383: Memory Corruption Vulnerability
  OVAL1404  oval:org.cisecurity:def:1404: Vulnerability in Symantec Anti-Virus Engine
  OVAL1380  oval:org.cisecurity:def:1380: Memory Corruption Vulnerability
  OVAL1386  oval:org.cisecurity:def:1386: Memory Corruption Vulnerability
  OVAL1389  oval:org.cisecurity:def:1389: Memory Corruption Vulnerability
  OVAL1387  oval:org.cisecurity:def:1387: Memory Corruption Vulnerability

2016-11-08  OVAL1394  oval:org.cisecurity:def:1394: Internet Explorer Information Disclosure Vulnerability

2016-11-07  OVAL1378  oval:org.cisecurity:def:1378: Scripting Engine Remote Code Execution Vulnerability
  OVAL1393  oval:org.cisecurity:def:1393: Windows Graphics Component RCE Vulnerability –
  OVAL1375  oval:org.cisecurity:def:1375: Microsoft Office Memory Corruption Vulnerability –
  OVAL1374  oval:org.cisecurity:def:1374: Microsoft Office RCE Vulnerability –

2016-11-04  OVAL1352  oval:org.cisecurity:def:1352: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241
  OVAL1353  oval:org.cisecurity:def:1353: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1355  oval:org.cisecurity:def:1355: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1345  oval:org.cisecurity:def:1345: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1348  oval:org.cisecurity:def:1348: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1344  oval:org.cisecurity:def:1344: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1349  oval:org.cisecurity:def:1349: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1354  oval:org.cisecurity:def:1354: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241
  OVAL1351  oval:org.cisecurity:def:1351: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1347  oval:org.cisecurity:def:1347: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1346  oval:org.cisecurity:def:1346: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1350  oval:org.cisecurity:def:1350: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...

2016-11-02  OVAL1360  oval:org.cisecurity:def:1360: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1331  oval:org.cisecurity:def:1331: Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows
  OVAL1372  oval:org.cisecurity:def:1372: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1358  oval:org.cisecurity:def:1358: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1361  oval:org.cisecurity:def:1361: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1373  oval:org.cisecurity:def:1373: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1366  oval:org.cisecurity:def:1366: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1364  oval:org.cisecurity:def:1364: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1362  oval:org.cisecurity:def:1362: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1356  oval:org.cisecurity:def:1356: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1359  oval:org.cisecurity:def:1359: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1357  oval:org.cisecurity:def:1357: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1370  oval:org.cisecurity:def:1370: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1371  oval:org.cisecurity:def:1371: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1368  oval:org.cisecurity:def:1368: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1332  oval:org.cisecurity:def:1332: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  OVAL1365  oval:org.cisecurity:def:1365: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1363  oval:org.cisecurity:def:1363: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1369  oval:org.cisecurity:def:1369: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1367  oval:org.cisecurity:def:1367: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows

2016-10-27  OVAL1316  oval:org.cisecurity:def:1316: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –
  OVAL1315  oval:org.cisecurity:def:1315: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
  OVAL1314  oval:org.cisecurity:def:1314: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –

2016-10-26  OVAL1307  oval:org.cisecurity:def:1307: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1310  oval:org.cisecurity:def:1310: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1309  oval:org.cisecurity:def:1309: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1308  oval:org.cisecurity:def:1308: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier

2016-10-25  OVAL1313  oval:org.cisecurity:def:1313: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 –
  OVAL1311  oval:org.cisecurity:def:1311: Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 –
  OVAL1312  oval:org.cisecurity:def:1312: Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier –

2016-10-21  OVAL1304  oval:org.cisecurity:def:1304: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1301  oval:org.cisecurity:def:1301: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  OVAL1305  oval:org.cisecurity:def:1305: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  OVAL1303  oval:org.cisecurity:def:1303: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  OVAL1302  oval:org.cisecurity:def:1302: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  OVAL1306  oval:org.cisecurity:def:1306: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier

2016-10-19  OVAL1285  oval:org.cisecurity:def:1285: Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4
  OVAL1287  oval:org.cisecurity:def:1287: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  OVAL1283  oval:org.cisecurity:def:1283: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1
  OVAL1288  oval:org.cisecurity:def:1288: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  OVAL1286  oval:org.cisecurity:def:1286: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  OVAL1284  oval:org.cisecurity:def:1284: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1

2016-10-18  OVAL1293  oval:org.cisecurity:def:1293: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier –
  OVAL1291  oval:org.cisecurity:def:1291: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
  OVAL1292  oval:org.cisecurity:def:1292: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 –
  OVAL1296  oval:org.cisecurity:def:1296: Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier –
  OVAL1295  oval:org.cisecurity:def:1295: Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier –
  OVAL1290  oval:org.cisecurity:def:1290: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
  OVAL1289  oval:org.cisecurity:def:1289: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –
  OVAL1294  oval:org.cisecurity:def:1294: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 –

2016-10-17  OVAL1298  oval:org.cisecurity:def:1298: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication –
  OVAL1297  oval:org.cisecurity:def:1297: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files –
  OVAL1299  oval:org.cisecurity:def:1299: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files –
  OVAL1300  oval:org.cisecurity:def:1300: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges –

2016-10-14  OVAL1267  oval:org.cisecurity:def:1267: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4
  OVAL1266  oval:org.cisecurity:def:1266: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2
  OVAL1268  oval:org.cisecurity:def:1268: Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security

2016-10-13  OVAL1253  oval:org.cisecurity:def:1253: Vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK and Compiler before 15.0.0.356
  OVAL1265  oval:org.cisecurity:def:1265: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products –
  OVAL1264  oval:org.cisecurity:def:1264: Untrusted search path vulnerability in python.exe in Python through 3.5.0 –
  OVAL1251  oval:org.cisecurity:def:1251: Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK and Compiler before 15.0.0.302
  OVAL1241  oval:org.cisecurity:def:1241: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33
  OVAL1254  oval:org.cisecurity:def:1254: Vulnerability in Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287
  OVAL1252  oval:org.cisecurity:def:1252: Vulnerability in Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239, Adobe AIR before 15.0.0.293
  OVAL1242  oval:org.cisecurity:def:1242: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60

2016-10-12  OVAL1248  oval:org.cisecurity:def:1248: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 –
  OVAL1250  oval:org.cisecurity:def:1250: Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 –
  OVAL1249  oval:org.cisecurity:def:1249: SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 –
  OVAL1255  oval:org.cisecurity:def:1255: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3 –
  OVAL1256  oval:org.cisecurity:def:1256: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails –

2016-10-11  OVAL1246  oval:org.cisecurity:def:1246: Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows
  OVAL1247  oval:org.cisecurity:def:1247: Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  OVAL1245  oval:org.cisecurity:def:1245: Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows
  OVAL1244  oval:org.cisecurity:def:1244: Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows
  OVAL1243  oval:org.cisecurity:def:1243: Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

2016-10-10  OVAL1240  oval:org.cisecurity:def:1240: Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  OVAL1257  oval:org.cisecurity:def:1257: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92
  OVAL1258  oval:org.cisecurity:def:1258: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  OVAL1262  oval:org.cisecurity:def:1262: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91
  OVAL1263  oval:org.cisecurity:def:1263: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  OVAL1239  oval:org.cisecurity:def:1239: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  OVAL1260  oval:org.cisecurity:def:1260: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  OVAL1259  oval:org.cisecurity:def:1259: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  OVAL1261  oval:org.cisecurity:def:1261: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91
  OVAL1238  oval:org.cisecurity:def:1238: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  CVE-2015-8951  Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a...
  CVE-2015-8955  arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during...
  CVE-2015-8956  The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind...

2016-10-06  CVE-2015-0721  Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access...
  CVE-2015-6393  Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay...

2016-10-05  OVAL1234  oval:org.cisecurity:def:1234: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  OVAL1237  oval:org.cisecurity:def:1237: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  OVAL1232  oval:org.cisecurity:def:1232: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  OVAL1235  oval:org.cisecurity:def:1235: Unspecified vulnerability in Oracle Java SE 8u92
  OVAL1236  oval:org.cisecurity:def:1236: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  OVAL1233  oval:org.cisecurity:def:1233: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CVE-2015-6392  Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or...

2016-10-04  OVAL1218  oval:org.cisecurity:def:1218: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1219  oval:org.cisecurity:def:1219: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050

2016-09-29  OVAL1230  oval:org.cisecurity:def:1230: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65
  OVAL1231  oval:org.cisecurity:def:1231: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65
  OVAL1229  oval:org.cisecurity:def:1229: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65

2016-09-27  OVAL1182  oval:org.cisecurity:def:1182: Arbitrary Memory Read in v8
  OVAL1181  oval:org.cisecurity:def:1181: Use after free in Blink
  OVAL1180  oval:org.cisecurity:def:1180: Use after free in Blink
  OVAL1199  oval:org.cisecurity:def:1199: Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17

2016-09-22  OVAL1169  oval:org.cisecurity:def:1169: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1176  oval:org.cisecurity:def:1176: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1172  oval:org.cisecurity:def:1172: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1175  oval:org.cisecurity:def:1175: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1166  oval:org.cisecurity:def:1166: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1173  oval:org.cisecurity:def:1173: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1178  oval:org.cisecurity:def:1178: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1168  oval:org.cisecurity:def:1168: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1197  oval:org.cisecurity:def:1197: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype
  OVAL1179  oval:org.cisecurity:def:1179: Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257
  OVAL1170  oval:org.cisecurity:def:1170: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1171  oval:org.cisecurity:def:1171: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1167  oval:org.cisecurity:def:1167: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1196  oval:org.cisecurity:def:1196: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests
  OVAL1198  oval:org.cisecurity:def:1198: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service
  OVAL1177  oval:org.cisecurity:def:1177: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  OVAL1174  oval:org.cisecurity:def:1174: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CVE-2014-2146  The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access...

2016-09-21  OVAL1163  oval:org.cisecurity:def:1163: Microsoft Browser Information Disclosure Vulnerability
  OVAL1164  oval:org.cisecurity:def:1164: Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182
  OVAL1165  oval:org.cisecurity:def:1165: Vulnerability in Adobe Flash Player 21.0.0.197 and earlier

2016-09-19  OVAL1195  oval:org.cisecurity:def:1195: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1188  oval:org.cisecurity:def:1188: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1183  oval:org.cisecurity:def:1183: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1185  oval:org.cisecurity:def:1185: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1191  oval:org.cisecurity:def:1191: Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1193  oval:org.cisecurity:def:1193: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1192  oval:org.cisecurity:def:1192: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1189  oval:org.cisecurity:def:1189: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1187  oval:org.cisecurity:def:1187: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1184  oval:org.cisecurity:def:1184: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1194  oval:org.cisecurity:def:1194: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1186  oval:org.cisecurity:def:1186: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  OVAL1190  oval:org.cisecurity:def:1190: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows

2016-09-13  OVAL1129  oval:org.cisecurity:def:1129: Use after free in Blink
  OVAL1131  oval:org.cisecurity:def:1131: Use after destruction in Blink
  OVAL1136  oval:org.cisecurity:def:1136: Address bar spoofing
  OVAL1132  oval:org.cisecurity:def:1132: Use after free in PDFium
  OVAL1134  oval:org.cisecurity:def:1134: Heap overflow in PDFium
  OVAL1133  oval:org.cisecurity:def:1133: Use after free in event bindings
  OVAL1130  oval:org.cisecurity:def:1130: Universal XSS in Blink
  OVAL1137  oval:org.cisecurity:def:1137: Script injection in extensions
  OVAL1128  oval:org.cisecurity:def:1128: Universal XSS in Blink
  OVAL1135  oval:org.cisecurity:def:1135: Heap overflow in PDFium

2016-09-06  OVAL1144  oval:org.cisecurity:def:1144: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  OVAL1139  oval:org.cisecurity:def:1139: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows
  OVAL1138  oval:org.cisecurity:def:1138: The download implementation in Google Chrome before 53.0.2785.89 on Windows
  OVAL1127  oval:org.cisecurity:def:1127: Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  OVAL1142  oval:org.cisecurity:def:1142: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  OVAL1143  oval:org.cisecurity:def:1143: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows
  OVAL1146  oval:org.cisecurity:def:1146: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  OVAL1145  oval:org.cisecurity:def:1145: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  OVAL1140  oval:org.cisecurity:def:1140: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows
  OVAL1141  oval:org.cisecurity:def:1141: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  OVAL1147  oval:org.cisecurity:def:1147: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows

2016-08-24  OVAL1074  oval:org.cisecurity:def:1074: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1080  oval:org.cisecurity:def:1080: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1084  oval:org.cisecurity:def:1084: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1088  oval:org.cisecurity:def:1088: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1087  oval:org.cisecurity:def:1087: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1076  oval:org.cisecurity:def:1076: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1083  oval:org.cisecurity:def:1083: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1075  oval:org.cisecurity:def:1075: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1078  oval:org.cisecurity:def:1078: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1085  oval:org.cisecurity:def:1085: Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1079  oval:org.cisecurity:def:1079: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1086  oval:org.cisecurity:def:1086: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1081  oval:org.cisecurity:def:1081: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1082  oval:org.cisecurity:def:1082: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1077  oval:org.cisecurity:def:1077: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050

2016-08-23  OVAL1122  oval:org.cisecurity:def:1122: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1118  oval:org.cisecurity:def:1118: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1120  oval:org.cisecurity:def:1120: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1116  oval:org.cisecurity:def:1116: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1121  oval:org.cisecurity:def:1121: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1108  oval:org.cisecurity:def:1108: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1106  oval:org.cisecurity:def:1106: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1126  oval:org.cisecurity:def:1126: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1103  oval:org.cisecurity:def:1103: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1112  oval:org.cisecurity:def:1112: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1107  oval:org.cisecurity:def:1107: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1109  oval:org.cisecurity:def:1109: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1115  oval:org.cisecurity:def:1115: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1104  oval:org.cisecurity:def:1104: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1125  oval:org.cisecurity:def:1125: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1113  oval:org.cisecurity:def:1113: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1114  oval:org.cisecurity:def:1114: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1105  oval:org.cisecurity:def:1105: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1117  oval:org.cisecurity:def:1117: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1102  oval:org.cisecurity:def:1102: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1123  oval:org.cisecurity:def:1123: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1110  oval:org.cisecurity:def:1110: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1124  oval:org.cisecurity:def:1124: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1119  oval:org.cisecurity:def:1119: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1101  oval:org.cisecurity:def:1101: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1111  oval:org.cisecurity:def:1111: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209

2016-08-22  OVAL1067  oval:org.cisecurity:def:1067: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1089  oval:org.cisecurity:def:1089: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process
  OVAL1091  oval:org.cisecurity:def:1091: Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82
  OVAL1095  oval:org.cisecurity:def:1095: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82
  OVAL1097  oval:org.cisecurity:def:1097: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  OVAL1061  oval:org.cisecurity:def:1061: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1062  oval:org.cisecurity:def:1062: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1065  oval:org.cisecurity:def:1065: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1060  oval:org.cisecurity:def:1060: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1066  oval:org.cisecurity:def:1066: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1096  oval:org.cisecurity:def:1096: The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  OVAL1093  oval:org.cisecurity:def:1093: Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82
  OVAL1070  oval:org.cisecurity:def:1070: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1063  oval:org.cisecurity:def:1063: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1090  oval:org.cisecurity:def:1090: objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82
  OVAL1059  oval:org.cisecurity:def:1059: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1069  oval:org.cisecurity:def:1069: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1092  oval:org.cisecurity:def:1092: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82
  OVAL1064  oval:org.cisecurity:def:1064: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1068  oval:org.cisecurity:def:1068: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1057  oval:org.cisecurity:def:1057: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1094  oval:org.cisecurity:def:1094: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  OVAL1058  oval:org.cisecurity:def:1058: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050

2016-08-19  OVAL1054  oval:org.cisecurity:def:1054: Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
  OVAL1053  oval:org.cisecurity:def:1053: The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116
  OVAL1056  oval:org.cisecurity:def:1056: Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar
  OVAL1055  oval:org.cisecurity:def:1055: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116

2016-08-18  OVAL986  oval:org.cisecurity:def:986: Same origin bypass for images in Blink
  OVAL1050  oval:org.cisecurity:def:1050: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL987  oval:org.cisecurity:def:987: Various fixes from internal audits, fuzzing and other initiatives
  OVAL1032  oval:org.cisecurity:def:1032: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1030  oval:org.cisecurity:def:1030: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1047  oval:org.cisecurity:def:1047: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1029  oval:org.cisecurity:def:1029: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1034  oval:org.cisecurity:def:1034: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1027  oval:org.cisecurity:def:1027: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1031  oval:org.cisecurity:def:1031: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1038  oval:org.cisecurity:def:1038: Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1037  oval:org.cisecurity:def:1037: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1033  oval:org.cisecurity:def:1033: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1039  oval:org.cisecurity:def:1039: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1026  oval:org.cisecurity:def:1026: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  OVAL1042  oval:org.cisecurity:def:1042: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL996  oval:org.cisecurity:def:996: URL leakage via PAC script
  OVAL1040  oval:org.cisecurity:def:1040: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL995  oval:org.cisecurity:def:995: Use-after-free in libxml
  OVAL991  oval:org.cisecurity:def:991: Content-Security-Policy bypass
  OVAL1035  oval:org.cisecurity:def:1035: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL997  oval:org.cisecurity:def:997: URL spoofing
  OVAL1048  oval:org.cisecurity:def:1048: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1049  oval:org.cisecurity:def:1049: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1028  oval:org.cisecurity:def:1028: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1046  oval:org.cisecurity:def:1046: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL990  oval:org.cisecurity:def:990: History sniffing with HSTS and CSP
  OVAL1036  oval:org.cisecurity:def:1036: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1051  oval:org.cisecurity:def:1051: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL992  oval:org.cisecurity:def:992: Use after free in extensions
  OVAL988  oval:org.cisecurity:def:988: Origin confusion in proxy authentication
  OVAL989  oval:org.cisecurity:def:989: Parameter sanitization failure in DevTools
  OVAL1043  oval:org.cisecurity:def:1043: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL994  oval:org.cisecurity:def:994: Parameter sanitization failure in DevTools
  OVAL1052  oval:org.cisecurity:def:1052: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL993  oval:org.cisecurity:def:993: Limited same-origin bypass in Service Workers
  OVAL1045  oval:org.cisecurity:def:1045: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1044  oval:org.cisecurity:def:1044: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  OVAL1041  oval:org.cisecurity:def:1041: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209

2016-08-07  CVE-2015-3854  packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug...

2016-08-06  CVE-2014-9871  Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted...
  CVE-2014-9872  The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9873  Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2014-9874  Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and...
  CVE-2014-9875  drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal...
  CVE-2014-9876  drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,...
  CVE-2014-9877  drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges...
  CVE-2014-9878  drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9863  Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android...
  CVE-2014-9864  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9865  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9866  drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via...
  CVE-2014-9867  drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges...
  CVE-2014-9868  drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted...
  CVE-2014-9869  drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges...
  CVE-2014-9870  The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges...
  CVE-2014-9879  The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221...
  CVE-2014-9880  drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a...
  CVE-2014-9881  drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer...
  CVE-2014-9882  Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546...
  CVE-2014-9883  Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2014-9884  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9885  Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string...
  CVE-2014-9886  arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted...
  CVE-2014-9887  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9889  drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted...
  CVE-2014-9890  Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that...
  CVE-2014-9891  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl...
  CVE-2014-9892  The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which...
  CVE-2014-9893  drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a...
  CVE-2014-9894  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a...
  CVE-2014-9895  drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive...
  CVE-2014-9896  drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a...
  CVE-2014-9897  sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9898  arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information...
  CVE-2014-9899  drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9900  The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to...
  CVE-2015-8937  drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2015-8938  The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug...
  CVE-2015-8939  drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted...
  CVE-2015-8940  Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and...
  CVE-2015-8941  drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges...
  CVE-2015-8942  drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted...
  CVE-2015-8943  drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain...
  CVE-2015-8944  The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain...

2016-08-05  CVE-2014-9901  The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android...
  CVE-2014-9902  Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in...

2016-08-01  OVAL982  oval:org.cisecurity:def:982: ZIP decompression memory access violation –
  OVAL983  oval:org.cisecurity:def:983: MIME message modification memory corruption –
  OVAL984  oval:org.cisecurity:def:984: TNEF integer overflow –

2016-07-26  OVAL979  oval:org.cisecurity:def:979: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
  OVAL978  oval:org.cisecurity:def:978: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
  OVAL981  oval:org.cisecurity:def:981: Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
  OVAL980  oval:org.cisecurity:def:980: Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –

2016-07-10  CVE-2013-7457  Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
  CVE-2014-9777  The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers...
  CVE-2014-9778  The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows...
  CVE-2014-9779  arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug...
  CVE-2014-9780  drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,...
  CVE-2014-9781  Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm...
  CVE-2014-9782  drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to...
  CVE-2014-9783  drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted...
  CVE-2014-9784  Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9785  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9786  Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a...
  CVE-2014-9787  Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and...
  CVE-2014-9788  Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm...
  CVE-2014-9789  The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a...
  CVE-2014-9790  drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted...
  CVE-2014-9792  arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9793  platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9795  app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size...
  CVE-2014-9796  app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a...
  CVE-2014-9798  platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service...
  CVE-2014-9799  The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that...
  CVE-2014-9800  Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm...
  CVE-2014-9801  Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm...
  CVE-2014-9802  Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965...
  CVE-2014-9803  arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a...
  CVE-2015-8888  Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka...
  CVE-2015-8889  The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm...
  CVE-2015-8890  platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended...
  CVE-2015-8891  Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal...
  CVE-2015-8892  platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug...
  CVE-2015-8893  app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal...

2016-07-08  OVAL423  oval:org.cisecurity:def:423: DLL Loading Remote Code Execution Vulnerability

2016-07-07  OVAL960  oval:org.cisecurity:def:960: WebDAV Elevation of Privilege Vulnerability –
  OVAL961  oval:org.cisecurity:def:961: Remote Desktop Protocol

2016-07-05  OVAL959  oval:org.cisecurity:def:959: Windows Kerberos Security Feature Bypass –
  OVAL948  oval:org.cisecurity:def:948: Windows DLL Loading Denial of Service Vulnerability –
  OVAL930  oval:org.cisecurity:def:930: Silverlight Runtime Remote Code Execution Vulnerability –

2016-07-04  OVAL946  oval:org.cisecurity:def:946: Windows OLE Memory Remote Code Execution Vulnerability
  OVAL929  oval:org.cisecurity:def:929: Windows Media Parsing Remote Code Execution Vulnerability
  OVAL945  oval:org.cisecurity:def:945: Windows Media Parsing Remote Code Execution Vulnerability
  OVAL947  oval:org.cisecurity:def:947: Windows OLE Memory Remote Code Execution Vulnerability

2016-07-03  OVAL963  oval:org.cisecurity:def:963: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka...

2016-06-23  OVAL928  oval:org.cisecurity:def:928: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL922  oval:org.cisecurity:def:922: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL916  oval:org.cisecurity:def:916: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL893  oval:org.cisecurity:def:893: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL886  oval:org.cisecurity:def:886: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL924  oval:org.cisecurity:def:924: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL926  oval:org.cisecurity:def:926: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL923  oval:org.cisecurity:def:923: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL904  oval:org.cisecurity:def:904: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL913  oval:org.cisecurity:def:913: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL903  oval:org.cisecurity:def:903: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL887  oval:org.cisecurity:def:887: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL902  oval:org.cisecurity:def:902: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL896  oval:org.cisecurity:def:896: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL899  oval:org.cisecurity:def:899: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL910  oval:org.cisecurity:def:910: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL914  oval:org.cisecurity:def:914: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL919  oval:org.cisecurity:def:919: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL888  oval:org.cisecurity:def:888: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL918  oval:org.cisecurity:def:918: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL906  oval:org.cisecurity:def:906: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL917  oval:org.cisecurity:def:917: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL905  oval:org.cisecurity:def:905: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL911  oval:org.cisecurity:def:911: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL920  oval:org.cisecurity:def:920: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL890  oval:org.cisecurity:def:890: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL895  oval:org.cisecurity:def:895: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL915  oval:org.cisecurity:def:915: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL892  oval:org.cisecurity:def:892: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL925  oval:org.cisecurity:def:925: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL901  oval:org.cisecurity:def:901: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL897  oval:org.cisecurity:def:897: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL908  oval:org.cisecurity:def:908: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL921  oval:org.cisecurity:def:921: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL927  oval:org.cisecurity:def:927: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL912  oval:org.cisecurity:def:912: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  OVAL985  oval:org.cisecurity:def:985: Vulnerability in Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207

2016-06-22  OVAL942  oval:org.cisecurity:def:942: Windows Graphics Component Information Disclosure Vulnerability
  OVAL943  oval:org.cisecurity:def:943: Win32k Elevation of Privilege Vulnerability
  OVAL907  oval:org.cisecurity:def:907: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
  OVAL909  oval:org.cisecurity:def:909: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
  OVAL884  oval:org.cisecurity:def:884: Windows Search Component Denial of Service Vulnerability
  OVAL940  oval:org.cisecurity:def:940: Windows Virtual PCI Information Disclosure Vulnerability
  OVAL894  oval:org.cisecurity:def:894: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
  OVAL885  oval:org.cisecurity:def:885: Microsoft Exchange Information Disclosure Vulnerability
  OVAL944  oval:org.cisecurity:def:944: ATMFD.DLL Elevation of Privilege Vulnerability
  CVE-2015-6289  Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.

2016-06-21  OVAL877  oval:org.cisecurity:def:877: Microsoft Office Information Disclosure Vulnerability –
  OVAL876  oval:org.cisecurity:def:876: Microsoft Office Memory Corruption Vulnerability –
  OVAL939  oval:org.cisecurity:def:939: Win32k Elevation of Privilege Vulnerability
  OVAL874  oval:org.cisecurity:def:874: Microsoft Office Memory Corruption Vulnerability –
  OVAL879  oval:org.cisecurity:def:879: Microsoft Office OLE DLL Side Loading Vulnerability –
  OVAL941  oval:org.cisecurity:def:941: Win32k Elevation of Privilege Vulnerability

2016-06-20  OVAL880  oval:org.cisecurity:def:880: Windows Diagnostics Hub Elevation of Privilege Vulnerability –
  OVAL883  oval:org.cisecurity:def:883: Windows Netlogon Memory Corruption Remote Code Execution Vulnerability –
  OVAL882  oval:org.cisecurity:def:882: Active Directory Denial of Service Vulnerability
  OVAL881  oval:org.cisecurity:def:881: Windows SMB Server Elevation of Privilege Vulnerability

2016-06-17  OVAL873  oval:org.cisecurity:def:873: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier

2016-06-16  OVAL866  oval:org.cisecurity:def:866: Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability
  OVAL871  oval:org.cisecurity:def:871: Windows DNS Server Use After Free Vulnerability
  OVAL861  oval:org.cisecurity:def:861: WPAD Elevation of Privilege Vulnerability
  OVAL859  oval:org.cisecurity:def:859: Group Policy Elevation of Privilege Vulnerability

2016-06-15  OVAL864  oval:org.cisecurity:def:864: Microsoft Edge Security Feature Bypass
  OVAL828  oval:org.cisecurity:def:828: Scripting Engine Memory Corruption Vulnerability
  OVAL863  oval:org.cisecurity:def:863: Scripting Engine Memory Corruption Vulnerability
  OVAL858  oval:org.cisecurity:def:858: Internet Explorer Memory Corruption Vulnerability
  OVAL860  oval:org.cisecurity:def:860: Windows PDF Remote Code Execution Vulnerability
  OVAL869  oval:org.cisecurity:def:869: Internet Explorer XSS Filter Vulnerability
  OVAL870  oval:org.cisecurity:def:870: Windows PDF Information Disclosure Vulnerability
  OVAL862  oval:org.cisecurity:def:862: Scripting Engine Memory Corruption Vulnerability
  OVAL829  oval:org.cisecurity:def:829: Scripting Engine Memory Corruption Vulnerability
  OVAL865  oval:org.cisecurity:def:865: Internet Explorer Memory Corruption Vulnerability
  OVAL868  oval:org.cisecurity:def:868: Windows PDF Information Disclosure Vulnerability
  OVAL826  oval:org.cisecurity:def:826: Scripting Engine Memory Corruption Vulnerability
  OVAL827  oval:org.cisecurity:def:827: Scripting Engine Memory Corruption Vulnerability
  OVAL872  oval:org.cisecurity:def:872: Scripting Engine Memory Corruption Vulnerability
  OVAL830  oval:org.cisecurity:def:830: Scripting Engine Memory Corruption Vulnerability
  OVAL867  oval:org.cisecurity:def:867: Internet Explorer Memory Corruption Vulnerability

2016-06-08  OVAL798  oval:org.cisecurity:def:798: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL796  oval:org.cisecurity:def:796: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL794  oval:org.cisecurity:def:794: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL795  oval:org.cisecurity:def:795: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL797  oval:org.cisecurity:def:797: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL801  oval:org.cisecurity:def:801: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL817  oval:org.cisecurity:def:817: Scripting Engine Memory Corruption Vulnerability
  OVAL818  oval:org.cisecurity:def:818: Scripting Engine Memory Corruption Vulnerability
  OVAL819  oval:org.cisecurity:def:819: Scripting Engine Memory Corruption Vulnerability –
  OVAL800  oval:org.cisecurity:def:800: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL799  oval:org.cisecurity:def:799: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL793  oval:org.cisecurity:def:793: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier

2016-06-07  OVAL812  oval:org.cisecurity:def:812: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL807  oval:org.cisecurity:def:807: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL811  oval:org.cisecurity:def:811: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL809  oval:org.cisecurity:def:809: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL805  oval:org.cisecurity:def:805: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL810  oval:org.cisecurity:def:810: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL813  oval:org.cisecurity:def:813: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL816  oval:org.cisecurity:def:816: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL806  oval:org.cisecurity:def:806: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL802  oval:org.cisecurity:def:802: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL815  oval:org.cisecurity:def:815: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL803  oval:org.cisecurity:def:803: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL804  oval:org.cisecurity:def:804: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL814  oval:org.cisecurity:def:814: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  OVAL808  oval:org.cisecurity:def:808: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier

2016-06-06  OVAL824  oval:org.cisecurity:def:824: EVP_EncryptUpdate overflow
  OVAL822  oval:org.cisecurity:def:822: ASN.1 BIO excessive memory allocation
  OVAL789  oval:org.cisecurity:def:789: Information leak in Extension bindings
  OVAL790  oval:org.cisecurity:def:790: Cross-origin bypass in Blink
  OVAL785  oval:org.cisecurity:def:785: Out-of-bounds read in Skia
  OVAL823  oval:org.cisecurity:def:823: EBCDIC overread
  OVAL786  oval:org.cisecurity:def:786: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79
  OVAL788  oval:org.cisecurity:def:788: Parameter sanitization failure in DevTools
  OVAL821  oval:org.cisecurity:def:821: Memory corruption in the ASN.1 encoder
  OVAL820  oval:org.cisecurity:def:820: Padding oracle in AES-NI CBC MAC check
  OVAL792  oval:org.cisecurity:def:792: Cross-origin bypass in extension bindings
  OVAL825  oval:org.cisecurity:def:825: EVP_EncodeUpdate overflow
  OVAL791  oval:org.cisecurity:def:791: Use-after-free in Extensions
  OVAL787  oval:org.cisecurity:def:787: Use-after-free in Autofill

2016-06-03  OVAL784  oval:org.cisecurity:def:784: Secondary Logon Elevation of Privilege Vulnerability

2016-06-01  OVAL774  oval:org.cisecurity:def:774: Windows DLL Loading Remote Code Execution Vulnerability
  OVAL775  oval:org.cisecurity:def:775: Windows Kernel Elevation of Privilege Vulnerability
  OVAL776  oval:org.cisecurity:def:776: Windows Media Center Remote Code Execution Vulnerability

2016-05-31  OVAL773  oval:org.cisecurity:def:773: Microsoft Office Memory Corruption Vulnerability
  OVAL772  oval:org.cisecurity:def:772: Microsoft Office Malformed EPS File Vulnerability

2016-05-30  OVAL783  oval:org.cisecurity:def:783: Cross-origin bypass in extension bindings
  OVAL771  oval:org.cisecurity:def:771: RPC Network Data Representation Engine Remote Code Execution Vulnerability
  OVAL782  oval:org.cisecurity:def:782: Microsoft Office Memory Corruption Vulnerability –

2016-05-26  OVAL769  oval:org.cisecurity:def:769: Microsoft Office Graphics RCE Vulnerability

2016-05-24  OVAL768  oval:org.cisecurity:def:768: Microsoft Office Memory Corruption Vulnerability

2016-05-23  OVAL780  oval:org.cisecurity:def:780: Windows Graphics Component Information Disclosure Vulnerability
  OVAL779  oval:org.cisecurity:def:779: Windows Graphics Component Information Disclosure Vulnerability
  OVAL781  oval:org.cisecurity:def:781: Windows Graphics Component RCE Vulnerability

2016-05-20  OVAL695  oval:org.cisecurity:def:695: Hypervisor Code Integrity Security Feature Bypass
  OVAL767  oval:org.cisecurity:def:767: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability –
  OVAL766  oval:org.cisecurity:def:766: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability –
  OVAL731  oval:org.cisecurity:def:731: Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g

2016-05-19  OVAL703  oval:org.cisecurity:def:703: Unspecified vulnerability in Oracle Java SE 8u77
  OVAL729  oval:org.cisecurity:def:729: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  OVAL721  oval:org.cisecurity:def:721: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL701  oval:org.cisecurity:def:701: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL712  oval:org.cisecurity:def:712: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL722  oval:org.cisecurity:def:722: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL710  oval:org.cisecurity:def:710: Unspecified vulnerability in Oracle Virtualization VirtualBox before 5.0.18
  OVAL705  oval:org.cisecurity:def:705: Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier
  OVAL732  oval:org.cisecurity:def:732: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL711  oval:org.cisecurity:def:711: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL737  oval:org.cisecurity:def:737: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL723  oval:org.cisecurity:def:723: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL713  oval:org.cisecurity:def:713: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL735  oval:org.cisecurity:def:735: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL717  oval:org.cisecurity:def:717: Unspecified vulnerability in Oracle Java SE 8u77
  OVAL724  oval:org.cisecurity:def:724: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  OVAL709  oval:org.cisecurity:def:709: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL718  oval:org.cisecurity:def:718: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL733  oval:org.cisecurity:def:733: Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2
  OVAL730  oval:org.cisecurity:def:730: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
  OVAL715  oval:org.cisecurity:def:715: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  OVAL720  oval:org.cisecurity:def:720: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL700  oval:org.cisecurity:def:700: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL736  oval:org.cisecurity:def:736: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL716  oval:org.cisecurity:def:716: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  OVAL727  oval:org.cisecurity:def:727: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier

2016-05-18  OVAL745  oval:org.cisecurity:def:745: Windows Imaging Component Memory Corruption Vulnerability –

2016-05-17  OVAL650  oval:org.cisecurity:def:650: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL764  oval:org.cisecurity:def:764: Win32k Elevation of Privilege Vulnerability –
  OVAL631  oval:org.cisecurity:def:631: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL619  oval:org.cisecurity:def:619: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL608  oval:org.cisecurity:def:608: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL614  oval:org.cisecurity:def:614: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL609  oval:org.cisecurity:def:609: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL742  oval:org.cisecurity:def:742: Microsoft Browser Memory Corruption Vulnerability
  OVAL640  oval:org.cisecurity:def:640: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL761  oval:org.cisecurity:def:761: Win32k Elevation of Privilege Vulnerability –
  OVAL664  oval:org.cisecurity:def:664: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL760  oval:org.cisecurity:def:760: Win32k Elevation of Privilege Vulnerability –
  OVAL692  oval:org.cisecurity:def:692: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL762  oval:org.cisecurity:def:762: Win32k Information Disclosure Vulnerability –
  OVAL763  oval:org.cisecurity:def:763: Win32k Elevation of Privilege Vulnerability –
  OVAL688  oval:org.cisecurity:def:688: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL663  oval:org.cisecurity:def:663: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL616  oval:org.cisecurity:def:616: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL630  oval:org.cisecurity:def:630: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL744  oval:org.cisecurity:def:744: Direct3D Use After Free Vulnerability –
  OVAL689  oval:org.cisecurity:def:689: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL683  oval:org.cisecurity:def:683: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL613  oval:org.cisecurity:def:613: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL639  oval:org.cisecurity:def:639: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL615  oval:org.cisecurity:def:615: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL741  oval:org.cisecurity:def:741: Internet Explorer Security Feature Bypass
  OVAL661  oval:org.cisecurity:def:661: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL648  oval:org.cisecurity:def:648: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL743  oval:org.cisecurity:def:743: Internet Explorer Information Disclosure Vulnerability
  OVAL657  oval:org.cisecurity:def:657: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL686  oval:org.cisecurity:def:686: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039

2016-05-16  OVAL605  oval:org.cisecurity:def:605: Vulnerability in Google Chrome before 50.0.2661.102
  OVAL606  oval:org.cisecurity:def:606: Vulnerability in Google Chrome before 50.0.2661.102
  OVAL607  oval:org.cisecurity:def:607: Vulnerability in Google Chrome before 50.0.2661.102
  OVAL739  oval:org.cisecurity:def:739: TLS/SSL Information Disclosure Vulnerability
  OVAL740  oval:org.cisecurity:def:740: Windows Journal Memory Corruption Vulnerability
  OVAL604  oval:org.cisecurity:def:604: Vulnerability in Google Chrome before 50.0.2661.102

2016-05-12  OVAL621  oval:org.cisecurity:def:621: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL676  oval:org.cisecurity:def:676: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL679  oval:org.cisecurity:def:679: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL654  oval:org.cisecurity:def:654: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL646  oval:org.cisecurity:def:646: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL659  oval:org.cisecurity:def:659: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL625  oval:org.cisecurity:def:625: Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL690  oval:org.cisecurity:def:690: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL618  oval:org.cisecurity:def:618: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL617  oval:org.cisecurity:def:617: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL510  oval:org.cisecurity:def:510: Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
  OVAL660  oval:org.cisecurity:def:660: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL610  oval:org.cisecurity:def:610: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL645  oval:org.cisecurity:def:645: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL662  oval:org.cisecurity:def:662: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL647  oval:org.cisecurity:def:647: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL638  oval:org.cisecurity:def:638: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL678  oval:org.cisecurity:def:678: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL655  oval:org.cisecurity:def:655: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL682  oval:org.cisecurity:def:682: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL673  oval:org.cisecurity:def:673: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL649  oval:org.cisecurity:def:649: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL694  oval:org.cisecurity:def:694: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL665  oval:org.cisecurity:def:665: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL628  oval:org.cisecurity:def:628: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL666  oval:org.cisecurity:def:666: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL668  oval:org.cisecurity:def:668: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL651  oval:org.cisecurity:def:651: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL612  oval:org.cisecurity:def:612: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL641  oval:org.cisecurity:def:641: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL652  oval:org.cisecurity:def:652: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL672  oval:org.cisecurity:def:672: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL626  oval:org.cisecurity:def:626: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL644  oval:org.cisecurity:def:644: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL633  oval:org.cisecurity:def:633: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL656  oval:org.cisecurity:def:656: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL624  oval:org.cisecurity:def:624: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL680  oval:org.cisecurity:def:680: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL669  oval:org.cisecurity:def:669: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL636  oval:org.cisecurity:def:636: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL623  oval:org.cisecurity:def:623: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL670  oval:org.cisecurity:def:670: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL693  oval:org.cisecurity:def:693: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL685  oval:org.cisecurity:def:685: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL637  oval:org.cisecurity:def:637: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL632  oval:org.cisecurity:def:632: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL611  oval:org.cisecurity:def:611: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL635  oval:org.cisecurity:def:635: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL658  oval:org.cisecurity:def:658: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL691  oval:org.cisecurity:def:691: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL674  oval:org.cisecurity:def:674: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL642  oval:org.cisecurity:def:642: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL671  oval:org.cisecurity:def:671: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL629  oval:org.cisecurity:def:629: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL681  oval:org.cisecurity:def:681: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL643  oval:org.cisecurity:def:643: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL620  oval:org.cisecurity:def:620: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL675  oval:org.cisecurity:def:675: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL653  oval:org.cisecurity:def:653: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL667  oval:org.cisecurity:def:667: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  OVAL634  oval:org.cisecurity:def:634: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039

2016-05-11  OVAL513  oval:org.cisecurity:def:513: Adobe Flash Player Remote Code Execution Vulnerability
  OVAL520  oval:org.cisecurity:def:520: Windows Shell Remote Code Execution Vulnerability
  OVAL509  oval:org.cisecurity:def:509: Scripting Engine Memory Corruption Vulnerability
  OVAL507  oval:org.cisecurity:def:507: Scripting Engine Memory Corruption Vulnerability

2016-05-10  OVAL512  oval:org.cisecurity:def:512: Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74

2016-05-05  OVAL501  oval:org.cisecurity:def:501: Windows OLE Remote Code Execution Vulnerability

2016-05-04  OVAL497  oval:org.cisecurity:def:497: Windows CSRSS Security Feature Bypass Vulnerability

2016-05-03  OVAL499  oval:org.cisecurity:def:499: .NET Framework Remote Code Execution Vulnerability
  OVAL498  oval:org.cisecurity:def:498: Microsoft Office Memory Corruption Vulnerability –

2016-05-02  OVAL622  oval:org.cisecurity:def:622: Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056
  OVAL504  oval:org.cisecurity:def:504: Microsoft Office Memory Corruption Vulnerability –
  OVAL502  oval:org.cisecurity:def:502: Microsoft Office Memory Corruption Vulnerability –
  OVAL503  oval:org.cisecurity:def:503: Microsoft Office Memory Corruption Vulnerability –

2016-04-26  OVAL500  oval:org.cisecurity:def:500: Graphics Memory Corruption Vulnerability –

2016-04-25  OVAL475  oval:org.cisecurity:def:475: Windows SAM and LSAD Downgrade Vulnerability

2016-04-22  OVAL511  oval:org.cisecurity:def:511: Microsoft Edge Memory Corruption Vulnerability –
  OVAL508  oval:org.cisecurity:def:508: Microsoft Edge Memory Corruption Vulnerability –
  OVAL515  oval:org.cisecurity:def:515: Microsoft Edge Elevation of Privilege Vulnerability –
  OVAL477  oval:org.cisecurity:def:477: MSXML Remote Code Execution Vulnerability
  OVAL505  oval:org.cisecurity:def:505: Microsoft Edge Elevation of Privilege Vulnerability –
  OVAL519  oval:org.cisecurity:def:519: Microsoft Edge Memory Corruption Vulnerability –

2016-04-21  OVAL476  oval:org.cisecurity:def:476: Win32k Elevation of Privilege Vulnerability –
  OVAL480  oval:org.cisecurity:def:480: Win32k Elevation of Privilege Vulnerability –
  OVAL479  oval:org.cisecurity:def:479: Win32k Elevation of Privilege Vulnerability –

2016-04-20  OVAL472  oval:org.cisecurity:def:472: Internet Explorer Information Disclosure Vulnerability
  OVAL465  oval:org.cisecurity:def:465: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 and 14.x through 18.0.0.203
  OVAL514  oval:org.cisecurity:def:514: Microsoft Browser Memory Corruption Vulnerability
  OVAL469  oval:org.cisecurity:def:469: Microsoft Browser Memory Corruption Vulnerability
  OVAL474  oval:org.cisecurity:def:474: Internet Explorer Memory Corruption Vulnerability
  OVAL470  oval:org.cisecurity:def:470: Internet Explorer Memory Corruption Vulnerability
  OVAL464  oval:org.cisecurity:def:464: DLL Loading Remote Code Execution Vulnerability
  OVAL466  oval:org.cisecurity:def:466: Internet Explorer Memory Corruption Vulnerability

2016-04-19  OVAL467  oval:org.cisecurity:def:467: Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows

2016-04-18  OVAL471  oval:org.cisecurity:def:471: Use-after-free vulnerability in the ByteArray class in the ActionScript 3

2016-04-11  OVAL458  oval:org.cisecurity:def:458: Use-after-free vulnerability in the BitmapData class in the ActionScript 3

2016-04-08  OVAL452  oval:org.cisecurity:def:452: Windows Journal DoS Vulnerability –
  OVAL454  oval:org.cisecurity:def:454: Windows Journal DoS Vulnerability –

2016-04-05  OVAL473  oval:org.cisecurity:def:473: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 –

2016-03-31  OVAL450  oval:org.cisecurity:def:450: OpenType Font Parsing Vulnerability –
  OVAL463  oval:org.cisecurity:def:463: Microsoft Office Memory Corruption Vulnerability –

2016-03-30  OVAL453  oval:org.cisecurity:def:453: Memory Corruption Vulnerability –
  OVAL468  oval:org.cisecurity:def:468: Scripting Engine Memory Corruption Vulnerability
  OVAL451  oval:org.cisecurity:def:451: Memory Corruption Vulnerability –

2016-03-08  OVAL447  oval:org.cisecurity:def:447: Scripting Engine Memory Corruption Vulnerability –
  OVAL426  oval:org.cisecurity:def:426: Internet Explorer Memory Corruption Vulnerability –
  OVAL430  oval:org.cisecurity:def:430: Internet Explorer Memory Corruption Vulnerability –
  OVAL432  oval:org.cisecurity:def:432: Internet Explorer Memory Corruption Vulnerability –
  OVAL427  oval:org.cisecurity:def:427: Internet Explorer Memory Corruption Vulnerability –
  OVAL428  oval:org.cisecurity:def:428: Internet Explorer Memory Corruption Vulnerability –
  OVAL425  oval:org.cisecurity:def:425: Internet Explorer Memory Corruption Vulnerability –
  OVAL433  oval:org.cisecurity:def:433: Internet Explorer Memory Corruption Vulnerability –
  OVAL429  oval:org.cisecurity:def:429: Internet Explorer Memory Corruption Vulnerability –
  OVAL431  oval:org.cisecurity:def:431: Internet Explorer Memory Corruption Vulnerability –

2016-03-07  OVAL412  oval:org.cisecurity:def:412: Internet Explorer Memory Corruption Vulnerability
  OVAL415  oval:org.cisecurity:def:415: Internet Explorer Elevation of Privilege Vulnerability
  OVAL413  oval:org.cisecurity:def:413: Microsoft Browser Memory Corruption Vulnerability
  OVAL422  oval:org.cisecurity:def:422: Microsoft Browser Memory Corruption Vulnerability
  OVAL420  oval:org.cisecurity:def:420: Internet Explorer Memory Corruption Vulnerability
  OVAL416  oval:org.cisecurity:def:416: Internet Explorer Memory Corruption Vulnerability
  OVAL414  oval:org.cisecurity:def:414: Microsoft Browser Memory Corruption Vulnerability
  OVAL421  oval:org.cisecurity:def:421: Internet Explorer Memory Corruption Vulnerability
  OVAL419  oval:org.cisecurity:def:419: Internet Explorer Elevation of Privilege Vulnerability
  OVAL418  oval:org.cisecurity:def:418: Microsoft Browser Spoofing Vulnerability
  OVAL417  oval:org.cisecurity:def:417: Internet Explorer Memory Corruption Vulnerability
  OVAL424  oval:org.cisecurity:def:424: Internet Explorer Information Disclosure Vulnerability

2016-03-03  OVAL448  oval:org.cisecurity:def:448: Internet Explorer Elevation of Privilege Vulnerability
  OVAL411  oval:org.cisecurity:def:411: Scripting Engine Memory Corruption Vulnerability
  CVE-2015-6260  Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

2016-02-24  OVAL409  oval:org.cisecurity:def:409: Windows Kernel Memory Information Disclosure Vulnerability –

2016-02-16  OVAL392  oval:org.cisecurity:def:392: Windows Kernel Memory Elevation of Privilege Vulnerability –
  OVAL410  oval:org.cisecurity:def:410: Windows Kernel Memory Information Disclosure Vulnerability –

2016-02-11  OVAL389  oval:org.cisecurity:def:389: Windows Graphics Memory Remote Code Execution Vulnerability –
  OVAL390  oval:org.cisecurity:def:390: Windows Graphics Memory Remote Code Execution Vulnerability –

2016-02-09  OVAL386  oval:org.cisecurity:def:386: Internet Explorer Memory Corruption Vulnerability
  OVAL387  oval:org.cisecurity:def:387: Internet Explorer Memory Corruption Vulnerability
  OVAL388  oval:org.cisecurity:def:388: Internet Explorer Memory Corruption Vulnerability
  OVAL385  oval:org.cisecurity:def:385: Internet Explorer Memory Corruption Vulnerability

2016-02-07  CVE-2015-6398  Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.

2016-02-03  OVAL391  oval:org.cisecurity:def:391: Windows Kernel Memory Elevation of Privilege Vulnerability –

2016-02-01  OVAL381  oval:org.cisecurity:def:381: Internet Explorer Memory Corruption Vulnerability –

2016-01-22  OVAL376  oval:org.cisecurity:def:376: Internet Explorer Memory Corruption Vulnerability –

2016-01-14  CVE-2015-6314  Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.

2016-01-08  CVE-2015-7754  Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.

2016-01-07  CVE-2015-6433  SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.

2016-01-06  CVE-2015-6641  Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.
  CVE-2015-6642  The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6643  Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
  CVE-2015-6644  Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
  CVE-2015-6645  SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
  CVE-2015-6646  The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and...
  CVE-2015-6647  The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
  CVE-2015-5310  Wi-Fi in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Wi-Fi information by leveraging access to the local physical environment, aka internal bug 25266660.
  CVE-2015-6636  mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
  CVE-2015-6637  The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
  CVE-2015-6638  The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
  CVE-2015-6639  The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
  CVE-2015-6640  The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or...

2016-01-04  CVE-2015-6432  Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service...

2015-12-28  OVAL333  oval:org.cisecurity:def:333: Internet Explorer Memory Corruption Vulnerability

2015-12-22  CVE-2015-6431  Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

2015-12-19  CVE-2015-7755  Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before...
  CVE-2015-7756  The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18...
  CVE-2015-6429  The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.

2015-12-18  OVAL311  oval:org.cisecurity:def:311: Internet Explorer Memory Corruption Vulnerability –

2015-12-16  CVE-2015-6425  The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.

2015-12-15  CVE-2015-4206  Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.
  CVE-2015-6359  The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of...

2015-12-11  CVE-2015-7037  Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
  CVE-2015-7050  WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
  CVE-2015-7062  Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.
  CVE-2015-7069  Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
  CVE-2015-7070  Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.
  CVE-2015-7080  Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
  CVE-2015-7081  iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML...
  CVE-2015-7094  CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
  CVE-2015-7107  QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-7109  IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-7110  The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.

2015-12-08  CVE-2015-6616  mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and...
  CVE-2015-6617  Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740.
  CVE-2015-6618  Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992.
  CVE-2015-6619  The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.
  CVE-2015-6620  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and...
  CVE-2015-6621  SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.
  CVE-2015-6622  The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as...
  CVE-2015-6623  Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.
  CVE-2015-6624  System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740.
  CVE-2015-6625  System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.
  CVE-2015-6626  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6627  The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka...
  CVE-2015-6628  Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6629  Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.
  CVE-2015-6630  SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.
  CVE-2015-6631  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6632  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6633  The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
  CVE-2015-6634  The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
  CVE-2015-8505  mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than...
  CVE-2015-8506  mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different...
  CVE-2015-8507  mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than...

2015-12-05  CVE-2015-6783  The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows...

2015-12-04  CVE-2015-6394  The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408.

2015-12-02  CVE-2015-6383  Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.

2015-12-01  CVE-2015-6385  The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment...

2015-11-21  CVE-2015-7036  The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API...
  CVE-2015-5787  The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
  CVE-2015-5859  The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain...
  CVE-2015-6375  The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010.

2015-11-13  CVE-2015-6365  Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID...

2015-11-12  CVE-2015-6366  Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.

2015-11-03  CVE-2015-6608  mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574,...
  CVE-2015-6609  libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
  CVE-2015-6610  libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
  CVE-2015-6611  mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs...
  CVE-2015-6612  libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
  CVE-2015-6613  Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or...
  CVE-2015-6614  Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage...
  CVE-2015-8072  mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug...
  CVE-2015-8073  mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability...
  CVE-2015-8074  mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a...

2015-10-31  CVE-2015-6343  The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.

2015-10-24  CVE-2015-6341  The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.

2015-10-23  CVE-2015-7010  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7012  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7013  WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-7014  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7017  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-7018  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7022  The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.
  CVE-2015-7023  CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
  CVE-2015-5924  The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
  CVE-2015-5928  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5929  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5930  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5940  The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a...
  CVE-2015-6975  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-6976  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977,...
  CVE-2015-6977  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6981  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-6982  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-6983  Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
  CVE-2015-6986  com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion."
  CVE-2015-6988  The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
  CVE-2015-6990  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6991  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6992  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-6993  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6994  The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
  CVE-2015-6995  The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-6999  The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.
  CVE-2015-7000  Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on...
  CVE-2015-7002  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7004  The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.
  CVE-2015-7005  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-7008  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7009  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...

2015-10-19  CVE-2015-7748  Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.
  CVE-2015-7749  The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."
  CVE-2015-7750  The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a...
  CVE-2015-7752  The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5,...
  CVE-2015-7751  Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...

2015-10-16  CVE-2014-6449  Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle...
  CVE-2014-6450  Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42,...
  CVE-2014-6451  J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.

2015-10-11  CVE-2015-6263  The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.

2015-10-09  CVE-2015-5923  Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

2015-10-08  CVE-2015-6311  Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID...

2015-10-06  CVE-2015-3823  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
  CVE-2015-3847  Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.
  CVE-2015-3862  mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.
  CVE-2015-3865  The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
  CVE-2015-3867  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
  CVE-2015-3868  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.
  CVE-2015-3869  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.
  CVE-2015-3870  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.
  CVE-2015-3871  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.
  CVE-2015-3872  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
  CVE-2015-3873  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824,...
  CVE-2015-3874  The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.
  CVE-2015-3875  libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.
  CVE-2015-3877  Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.
  CVE-2015-3878  Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that...
  CVE-2015-3879  Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.
  CVE-2015-6596  mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
  CVE-2015-6598  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.
  CVE-2015-6599  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.
  CVE-2015-6600  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.
  CVE-2015-6601  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.
  CVE-2015-6603  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.
  CVE-2015-6604  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.
  CVE-2015-6605  mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.
  CVE-2015-6606  The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,...
  CVE-2015-7716  libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than...
  CVE-2015-7717  mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
  CVE-2015-7718  mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.

2015-10-02  CVE-2015-6308  Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

2015-10-01  CVE-2015-3876  libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
  CVE-2015-6602  libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

2015-09-30  CVE-2014-7915  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
  CVE-2014-7916  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
  CVE-2014-7917  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
  CVE-2015-1528  Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory...
  CVE-2015-1536  Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server...
  CVE-2015-1538  Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an...
  CVE-2015-1539  Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a...
  CVE-2015-1541  The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an...
  CVE-2015-3824  The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of...
  CVE-2015-3826  The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3827  The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary...
  CVE-2015-3828  The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3829  Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and...
  CVE-2015-3831  Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted...
  CVE-2015-3832  Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.
  CVE-2015-3833  The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the...
  CVE-2015-3834  Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption,...
  CVE-2015-3835  Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.
  CVE-2015-3836  The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary...
  CVE-2015-3837  The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute...
  CVE-2015-3842  Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
  CVE-2015-3843  The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to...
  CVE-2015-3844  The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted...
  CVE-2015-3845  The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a...
  CVE-2015-3849  The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via...
  CVE-2015-3858  The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation...
  CVE-2015-3860  packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to...
  CVE-2015-3861  Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device...
  CVE-2015-3863  Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob...
  CVE-2015-3864  Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka...
  CVE-2015-6575  SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory...

2015-09-27  CVE-2015-6278  The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...
  CVE-2015-6279  The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...
  CVE-2015-6280  The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly...

2015-09-25  CVE-2015-6282  Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka...
  CVE-2015-6302  The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419.

2015-09-20  CVE-2015-6295  Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved...

2015-09-18  CVE-2014-8611  The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a...
  CVE-2015-3801  The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
  CVE-2015-5764  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
  CVE-2015-5765  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
  CVE-2015-5767  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
  CVE-2015-5788  The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
  CVE-2015-5789  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5790  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5791  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5792  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5793  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5794  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5795  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5796  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5797  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5799  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5800  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5801  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5802  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5803  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5804  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5805  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5806  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5807  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5809  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5810  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5811  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5812  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5813  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5814  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5816  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5817  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5818  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5819  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5820  WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
  CVE-2015-5821  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5822  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5823  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5825  WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via...
  CVE-2015-5826  WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a...
  CVE-2015-5827  WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
  CVE-2015-5831  NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-5832  The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified...
  CVE-2015-5835  Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.
  CVE-2015-5838  SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.
  CVE-2015-5850  AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.
  CVE-2015-5851  The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
  CVE-2015-5856  The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.
  CVE-2015-5857  Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
  CVE-2015-5861  SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.
  CVE-2015-5879  XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption)...
  CVE-2015-5880  CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.
  CVE-2015-5892  Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
  CVE-2015-5904  Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.
  CVE-2015-5905  Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.
  CVE-2015-5906  The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later...
  CVE-2015-5907  WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.
  CVE-2015-5912  The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
  CVE-2015-5921  WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
  CVE-2015-6294  Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.
  CVE-2015-6297  The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.

2015-08-31  CVE-2015-6269  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.
  CVE-2015-6270  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.
  CVE-2015-6271  Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and...
  CVE-2015-6272  Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393,...

2015-08-28  CVE-2015-6267  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.
  CVE-2015-6268  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.
  CVE-2015-6273  Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash)...

2015-08-22  CVE-2015-6258  The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.

2015-08-19  CVE-2015-4277  The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory...
  CVE-2015-4296  Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006.
  CVE-2015-4301  Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225.
  CVE-2015-4323  Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices...
  CVE-2015-4324  Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote...

2015-08-16  CVE-2015-3729  Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks...
  CVE-2015-3730  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3731  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3732  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3733  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3734  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3735  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3736  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3737  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3738  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3739  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3740  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3741  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3742  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3743  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3744  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3745  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3746  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3747  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3748  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3749  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3750  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy...
  CVE-2015-3751  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in...
  CVE-2015-3752  The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report...
  CVE-2015-3753  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the...
  CVE-2015-3755  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
  CVE-2015-3756  The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
  CVE-2015-3758  UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
  CVE-2015-3759  Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
  CVE-2015-3763  Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site.
  CVE-2015-3766  The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-3768  Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
  CVE-2015-3776  IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
  CVE-2015-3778  bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
  CVE-2015-3782  CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
  CVE-2015-3793  CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
  CVE-2015-3795  libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
  CVE-2015-3796  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3797  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3798  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3800  The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
  CVE-2015-3802  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
  CVE-2015-3803  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
  CVE-2015-3804  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-3805  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
  CVE-2015-3806  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
  CVE-2015-5746  AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
  CVE-2015-5748  The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
  CVE-2015-5749  The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
  CVE-2015-5752  Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
  CVE-2015-5755  CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5756  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5757  libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with...
  CVE-2015-5758  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
  CVE-2015-5759  WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
  CVE-2015-5761  CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5766  Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
  CVE-2015-5769  The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
  CVE-2015-5770  MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
  CVE-2015-5773  QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
  CVE-2015-5774  Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
  CVE-2015-5775  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5776  Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
  CVE-2015-5777  CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different...
  CVE-2015-5778  CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different...
  CVE-2015-5781  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
  CVE-2015-5782  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

2015-08-08  CVE-2015-1805  The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local...

2015-07-31  CVE-2015-4291  Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.
  CVE-2015-4295  The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.

2015-07-30  OVAL29480  Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code
  OVAL29418  Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2
  OVAL29400  Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers
  CVE-2015-4293  The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after...

2015-07-24  CVE-2015-0681  The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG,...

2015-07-23  OVAL28544  Microsoft Office memory corruption vulnerability
  OVAL29449  Microsoft Office memory corruption vulnerability
  OVAL29525  Microsoft Excel DLL remote code execution vulnerability
  OVAL29284  Microsoft Office memory corruption vulnerability
  OVAL29517  Microsoft Office memory corruption vulnerability
  OVAL29245  Microsoft Office memory corruption vulnerability
  OVAL28805  Microsoft Office memory corruption vulnerability
  OVAL29139  Microsoft Office memory corruption vulnerability
  CVE-2015-4285  The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows...

2015-07-22  OVAL29010  Internet Explorer memory corruption vulnerability
  OVAL29436  Win32k Elevation of privilege vulnerability
  OVAL29388  Win32k information disclosure vulnerability
  OVAL29493  OpenType font driver vulnerability
  OVAL29149  DLL planting remote code execution vulnerability
  OVAL28818  Internet Explorer memory corruption vulnerability
  OVAL29422  Internet Explorer information disclosure vulnerability
  OVAL28804  Internet Explorer memory corruption vulnerability
  OVAL29278  Internet Explorer memory corruption vulnerability
  OVAL29132  Win32k information disclosure vulnerability
  OVAL29315  SQL Server remote code execution vulnerability
  OVAL29487  Internet Explorer memory corruption vulnerability
  OVAL29414  Internet Explorer memory corruption vulnerability
  OVAL29198  OLE Elevation of privilege vulnerability
  OVAL29324  Internet Explorer memory corruption vulnerability
  OVAL28990  OLE Elevation of privilege vulnerability
  OVAL29159  Internet Explorer memory corruption vulnerability
  OVAL29360  Internet Explorer memory corruption vulnerability
  OVAL29431  Windows installer EoP vulnerability
  OVAL28614  Internet Explorer memory corruption vulnerability
  OVAL29392  Remote Desktop Protocol
  OVAL29485  SQL Server remote code execution vulnerability
  OVAL29296  Internet Explorer memory corruption vulnerability
  OVAL29332  ATMFD.DLL Memory corruption vulnerability
  OVAL28968  Elevation of privilege vulnerability in Netlogon
  OVAL29015  Internet Explorer memory corruption vulnerability
  OVAL29087  Internet Explorer memory corruption vulnerability
  OVAL29406  Hyper-V system data structure vulnerability
  OVAL28529  Internet Explorer memory corruption vulnerability
  OVAL29247  Internet Explorer memory corruption vulnerability
  OVAL29128  Win32k elevation of privilege vulnerability
  OVAL29452  SQL Server elevation of privilege vulnerability
  OVAL29219  Internet Explorer memory corruption vulnerability
  OVAL29355  Internet Explorer ASLR bypass vulnerability
  OVAL29164  Internet Explorer memory corruption vulnerability
  OVAL29156  Win32k elevation of privilege vulnerability
  OVAL29280  Windows DLL remote code execution vulnerability
  OVAL29470  Internet Explorer memory corruption vulnerability
  OVAL29357  Internet Explorer memory corruption vulnerability
  OVAL29454  Internet Explorer elevation of privilege vulnerability
  OVAL29395  Internet Explorer memory corruption vulnerability
  OVAL28938  VBScript Memory corruption vulnerability
  OVAL29391  Hyper-V buffer overflow vulnerability
  OVAL28708  Graphics component EOP vulnerability
  OVAL28834  Internet Explorer memory corruption vulnerability
  OVAL29292  Internet Explorer memory corruption vulnerability
  OVAL29295  Internet Explorer memory corruption vulnerability
  OVAL29327  Windows RPC elevation of privilege vulnerability
  OVAL28743  Win32k information disclosure vulnerability
  OVAL29316  Jscript9 Memory corruption vulnerability
  OVAL29075  Internet Explorer XSS filter bypass vulnerability
  CVE-2015-4284  The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.

2015-07-16  CVE-2015-5357  The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified...
  CVE-2015-5360  IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5,...
  CVE-2015-5363  The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial...

2015-07-14  CVE-2015-3007  The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically...
  CVE-2015-5358  Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6,...
  CVE-2015-5359  Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before...
  CVE-2015-5362  The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-4269  The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
  CVE-2015-4272  Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID...

2015-07-08  CVE-2015-4243  The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug...

2015-07-03  CVE-2015-4231  The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
  CVE-2015-4232  Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
  CVE-2015-4234  Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.
  CVE-2015-4237  The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491,...

2015-07-02  CVE-2015-3658  The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an...
  CVE-2015-3659  The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL...
  CVE-2015-3684  The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
  CVE-2015-3685  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686,...
  CVE-2015-3686  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3687  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3688  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3689  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3690  The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
  CVE-2015-3694  FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
  CVE-2015-3703  ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.
  CVE-2015-3710  Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
  CVE-2015-3719  TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than...
  CVE-2015-3721  The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-3722  Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.
  CVE-2015-3723  CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.
  CVE-2015-3724  CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
  CVE-2015-3725  MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.
  CVE-2015-3726  The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
  CVE-2015-3727  WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access...
  CVE-2015-3728  The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.

2015-06-29  OVAL29345  RHSA-2009:0338 -- php security update
  OVAL29205  RHSA-2009:1201 -- java-1.6.0-openjdk security and bug fix update
  OVAL29148  SUSE-SU-2015:1020-1 -- Security update for autofs
  OVAL29270  RHSA-2009:1452 -- neon security update
  OVAL29038  RHSA-2008:0583 -- openldap security update
  OVAL29140  RHSA-2015:0808 -- java-1.6.0-openjdk security update
  OVAL28921  SUSE-SU-2015:0866-1 -- Security update for gd
  OVAL29110  RHSA-2009:1060 -- pidgin security update
  OVAL28279  SUSE-SU-2015:0884-1 -- Security update for spice
  OVAL28696  SUSE-SU-2015:0974-1 -- Security update for apache2
  OVAL28256  RHSA-2008:0839 -- postfix security update
  OVAL29129  RHSA-2008:0885 -- kernel security and bug fix update
  OVAL28823  ELSA-2015-1189 -- kvm security update
  OVAL28926  RHSA-2009:1471 -- elinks security update
  OVAL29343  RHSA-2009:0225 -- Red Hat Enterprise Linux 5.3 kernel security and bug fix update
  OVAL29286  RHSA-2009:0444 -- giflib security update
  OVAL29039  RHSA-2008:0893 -- bzip2 security update
  OVAL29242  SUSE-SU-2015:0979-1 -- Security update for dnsmasq
  OVAL28396  RHSA-2009:1148 -- httpd security update
  OVAL29230  RHSA-2009:1530 -- firefox security update
  OVAL28898  RHSA-2009:1584 -- java-1.6.0-openjdk security update
  OVAL28617  RHSA-2009:1106 -- kernel security and bug fix update
  OVAL29369  RHSA-2009:1321 -- nfs-utils security and bug fix update
  OVAL29146  SUSE-SU-2015:0942-1 -- Security update for gstreamer-0_10-plugins-bad
  OVAL29199  RHSA-2008:0946 -- ed security update
  OVAL29170  RHSA-2009:1561 -- libvorbis security update
  OVAL29098  RHSA-2009:0267 -- sudo security update
  OVAL29288  RHSA-2009:0008 -- dbus security update
  OVAL29255  RHSA-2008:0581 -- bluez-libs and bluez-utils security update
  OVAL29289  RHSA-2008:0967 -- httpd security and bug fix update
  OVAL29169  RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update
  OVAL28793  RHSA-2009:0326 -- kernel security and bug fix update
  OVAL29069  RHSA-2008:0939 -- openoffice.org security update
  OVAL29248  RHSA-2015:0803 -- kernel security and bug fix update
  OVAL29028  RHSA-2008:0569 -- firefox security update
  OVAL28333  SUSE-SU-2015:0743-1 -- Security update for mariadb
  OVAL28514  RHSA-2015:0800 -- openssl security update
  OVAL29041  RHSA-2009:1463 -- newt security update
  OVAL28894  RHSA-2009:1100 -- wireshark security update
  OVAL29342  RHSA-2009:1674 -- firefox security update
  OVAL29125  RHSA-2009:1130 -- kdegraphics security update
  OVAL28627  RHSA-2009:1222 -- kernel security and bug fix update
  OVAL29310  RHSA-2009:1513 -- cups security update
  OVAL29253  RHSA-2009:0012 -- netpbm security update
  OVAL29347  RHSA-2009:1625 -- expat security update
  OVAL29294  RHSA-2009:1176 -- python security update
  OVAL29008  RHSA-2008:0879 -- firefox security update
  OVAL28407  RHSA-2008:0648 -- tomcat security update
  OVAL29084  RHSA-2015:0807 -- java-1.7.0-openjdk security update
  OVAL29091  RHSA-2009:1061 -- freetype security update
  OVAL29266  RHSA-2009:1648 -- ntp security update
  OVAL29234  RHSA-2008:0575 -- rdesktop security update
  OVAL29358  RHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update
  OVAL28964  RHSA-2008:0965 -- lynx security update
  OVAL28765  RHSA-2009:1453 -- pidgin security update
  OVAL29380  RHSA-2009:0457 -- libwmf security update
  OVAL29190  RHSA-2009:1490 -- squirrelmail security update
  OVAL28800  RHSA-2009:1075 -- httpd security update
  OVAL28896  RHSA-2009:0271 -- gstreamer-plugins-good security update
  OVAL29381  RHSA-2009:0315 -- firefox security update
  OVAL29313  RHSA-2009:0205 -- dovecot security and bug fix update
  OVAL29271  RHSA-2009:1470 -- openssh security update
  OVAL28787  RHSA-2008:0533 -- bind security update
  OVAL28736  RHSA-2009:0449 -- firefox security update
  OVAL29299  RHSA-2009:1107 -- apr-util security update
  OVAL28693  RHSA-2008:0908 -- thunderbird security update
  OVAL29192  RHSA-2008:0855 -- openssh security update
  OVAL29259  RHSA-2009:1364 -- gdm security and bug fix update
  OVAL29046  RHSA-2009:1536 -- pidgin security update
  OVAL28776  RHSA-2009:0003 -- xen security and bug fix update
  OVAL29241  RHSA-2008:0836 -- libxml2 security update
  OVAL29264  RHSA-2009:1529 -- samba security update
  OVAL29379  RHSA-2009:1427 -- fetchmail security update
  OVAL29109  RHSA-2009:1620 -- bind security update
  OVAL29183  RHSA-2009:1126 -- thunderbird security update
  OVAL29153  RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update
  OVAL29103  RHSA-2009:1138 -- openswan security update
  OVAL28749  RHSA-2009:1335 -- openssl security, bug fix, and enhancement update
  OVAL29188  RHSA-2009:1162 -- firefox security update
  OVAL29045  RHSA-2009:0256 -- firefox security update
  OVAL29283  RHSA-2009:1646 -- libtool security update
  OVAL28495  RHSA-2009:1036 -- ipsec-tools security update
  OVAL28953  RHSA-2009:1337 -- gfs2-utils security and bug fix update
  OVAL29167  RHSA-2008:0789 -- dnsmasq security update
  OVAL29052  RHSA-2009:1341 -- cman security, bug fix, and enhancement update
  OVAL29300  RHSA-2009:0011 -- lcms security update
  OVAL29210  RHSA-2008:1023 -- pidgin security and bug fix update
  OVAL29133  RHSA-2008:0818 -- hplip security update
  OVAL29365  RHSA-2009:1601 -- kdelibs security update
  OVAL29193  RHSA-2009:0431 -- kdegraphics security update
  OVAL29165  SUSE-SU-2015:0990-1 -- Security update for curl
  OVAL29171  RHSA-2009:0345 -- ghostscript security update
  OVAL29090  RHSA-2008:0907 -- pam_krb5 security update
  OVAL29396  RHSA-2009:1095 -- firefox security update
  OVAL28629  RHSA-2009:1179 -- bind security update
  OVAL28978  RHSA-2009:0341 -- curl security update
  OVAL29111  RHSA-2009:1426 -- openoffice.org security update
  OVAL29217  RHSA-2009:1219 -- libvorbis security update
  OVAL29163  RHSA-2009:1203 -- subversion security update
  OVAL29367  RHSA-2009:0261 -- vnc security update
  OVAL28987  RHSA-2009:0020 -- bind security update
  OVAL29197  RHSA-2008:0971 -- net-snmp security update
  OVAL29267  RHSA-2009:0436 -- firefox security update
  OVAL29276  RHSA-2009:0421 -- ghostscript security update
  OVAL29265  RHSA-2008:0957 -- kernel security and bug fix update
  OVAL29261  RHSA-2009:0013 -- avahi security update
  OVAL29319  RHSA-2009:0352 -- gstreamer-plugins-base security update
  OVAL29275  RHSA-2009:1549 -- wget security update
  OVAL29208  SUSE-SU-2015:1077-1 -- Security update for openldap2
  OVAL29233  SUSE-SU-2015:0108-1 -- Security update for evolution-data-server
  OVAL29202  SUSE-SU-2015:0515-1 -- Security update for gnome-settings-daemon
  OVAL29308  RHSA-2008:1001 -- tog-pegasus security update
  OVAL29262  RHSA-2009:0361 -- NetworkManager security update
  OVAL28916  RHSA-2009:1504 -- poppler security and bug fix update
  OVAL28897  RHSA-2009:1502 -- kdegraphics security update
  OVAL28965  RHSA-2009:1122 -- icu security update
  OVAL29196  RHSA-2009:0333 -- libpng security update
  OVAL28930  RHSA-2008:0892 -- xen security and bug fix update
  OVAL28242  RHSA-2008:0897 -- ruby security update
  OVAL29178  RHSA-2009:0397 -- firefox security update
  OVAL29301  RHSA-2009:1127 -- kdelibs security update
  OVAL28850  RHSA-2009:0259 -- mod_auth_mysql security update
  OVAL29185  RHSA-2008:0937 -- cups security update
  OVAL29334  RHSA-2009:1430 -- firefox security update
  OVAL29213  RHSA-2009:0057 -- squirrelmail security update
  OVAL28592  RHSA-2009:0429 -- cups security update
  OVAL29331  RHSA-2009:1451 -- freeradius security update
  OVAL29317  RHSA-2009:1579 -- httpd security update
  OVAL29371  RHSA-2009:0344 -- libsoup security update
  OVAL29387  RHSA-2009:0411 -- device-mapper-multipath security update
  OVAL29236  RHSA-2009:0339 -- lcms security update
  OVAL29055  SUSE-SU-2015:0953-2 -- Security update for perl-YAML-LibYAML
  OVAL29022  RHSA-2009:1116 -- cyrus-imapd security update
  OVAL29162  RHSA-2008:0835 -- openoffice.org security update
  OVAL29134  RHSA-2009:1209 -- curl security update
  OVAL28265  SUSE-SU-2015:1143-1 -- Security update for openssl
  OVAL29079  RHSA-2009:0479 -- perl-DBD-Pg security update
  OVAL29237  RHSA-2008:0978 -- firefox security update
  OVAL28421  RHSA-2009:0408 -- krb5 security update
  OVAL29143  RHSA-2009:0018 -- xterm security update
  OVAL29166  RHSA-2009:0258 -- thunderbird security update
  OVAL29029  RHSA-2008:0649 -- libxslt security update
  OVAL29281  RHSA-2009:1232 -- gnutls security update
  OVAL28973  RHSA-2008:0847 -- libtiff security and bug fix update
  OVAL29254  RHSA-2009:1102 -- cscope security update
  OVAL28983  RHSA-2008:0612 -- kernel security and bug fix update
  OVAL29222  RHSA-2009:1218 -- pidgin security update
  OVAL29215  RHSA-2008:1036 -- firefox security update
  OVAL29277  RHSA-2009:0377 -- java-1.6.0-openjdk security update
  OVAL29350  RHSA-2009:1287 -- openssh security, bug fix, and enhancement update
  OVAL29269  RHSA-2009:1548 -- kernel security and bug fix update
  OVAL28703  RHSA-2009:0427 -- udev security update
  OVAL29068  RHSA-2009:0336 -- glib2 security update
  OVAL29044  RHSA-2008:0849 -- ipsec-tools security update
  OVAL28925  SUSE-SU-2015:0803-1 -- Security update for gdm
  OVAL29354  RHSA-2008:1017 -- kernel security and bug fix update
  OVAL29136  RHSA-2015:0809 -- java-1.8.0-openjdk security update
  OVAL29012  RHSA-2008:0890 -- wireshark security update
  OVAL29320  RHSA-2009:1428 -- xmlsec1 security update
  OVAL29047  RHSA-2009:1615 -- xerces-j2 security update
  OVAL29263  RHSA-2009:1642 -- acpid security update
  OVAL29095  SUSE-SU-2015:1013-1 -- Security update for wpa_supplicant
  OVAL29137  RHSA-2008:1029 -- cups security update
  OVAL29258  RHSA-2009:1140 -- ruby security update
  OVAL28879  RHSA-2009:1159 -- libtiff security update
  OVAL29100  RHSA-2009:1139 -- pidgin security and bug fix update
  OVAL29144  RHSA-2008:0584 -- pidgin security and bug fix update
  OVAL29088  RHSA-2009:0313 -- wireshark security update
  OVAL29359  RHSA-2009:1238 -- dnsmasq security update
  OVAL28712  RHSA-2009:0004 -- openssl security update
  OVAL29179  RHSA-2009:1164 -- tomcat security update
  OVAL28792  SUSE-SU-2015:1014-1 -- Security update for vorbis-tools
  OVAL29077  RHSA-2009:1204 -- apr and apr-util security update
  OVAL28838  RHSA-2009:0474 -- acpid security update
  OVAL29251  SUSE-SU-2015:0805-1 -- Security update for cups-filters
  OVAL29195  RHSA-2009:0296 -- icu security update
  OVAL29201  RHSA-2009:0002 -- thunderbird security update
  OVAL29463  RHSA-2009:1039 -- ntp security update
  OVAL29206  RHSA-2009:1082 -- cups security update
  OVAL29382  RHSA-2009:1619 -- dstat security update
  OVAL28954  RHSA-2009:0373 -- systemtap security update
  OVAL28887  RHSA-2008:0486 -- nfs-utils security update
  OVAL29030  RHSA-2008:0884 -- libxml2 security update
  OVAL29020  RHSA-2008:0982 -- gnutls security update
  OVAL29154  RHSA-2009:1193 -- kernel security and bug fix update
  OVAL28686  RHSA-2008:0981 -- ruby security update
  OVAL28958  RHSA-2009:1206 -- libxml and libxml2 security update
  OVAL28934  RHSA-2009:0402 -- openswan security update
  OVAL29339  RHSA-2009:1066 -- squirrelmail security update
  OVAL28976  RHSA-2008:1016 -- enscript security update
  OVAL28741  RHSA-2009:0354 -- evolution-data-server security update
  OVAL29066  RHSA-2008:0597 -- firefox security update
  OVAL28980  RHSA-2008:0561 -- ruby security update
  OVAL28946  RHSA-2009:0476 -- pango security update
  OVAL28869  RHSA-2009:0480 -- poppler security update
  OVAL28842  RHSA-2008:0815 -- yum-rhn-plugin security update
  OVAL28941  RHSA-2009:1484 -- postgresql security update
  OVAL29306  RHSA-2008:0988 -- libxml2 security update
  OVAL28888  RHSA-2009:1289 -- mysql security and bug fix update
  OVAL28716  RHSA-2008:0616 -- thunderbird security update
  OVAL29232  RHSA-2008:0580 -- vim security update
  OVAL28862  RHSA-2009:1670 -- kernel security and bug fix update
  OVAL29311  RHSA-2009:1123 -- gstreamer-plugins-good security update
  OVAL28599  RHSA-2015:0806 -- java-1.7.0-openjdk security update
  OVAL28929  RHSA-2009:1278 -- lftp security and bug fix update
  OVAL28966  RHSA-2009:0264 -- kernel security update
  OVAL29340  RHSA-2009:1472 -- xen security and bug fix update
  OVAL28923  RHSA-2009:0046 -- ntp security update
  OVAL29372  RHSA-2009:0010 -- squirrelmail security update
  OVAL28758  RHSA-2009:1459 -- cyrus-imapd security update
  OVAL29116  RHSA-2008:0976 -- thunderbird security update
  OVAL29252  SUSE-SU-2015:1150-1 -- Security update for compat-openssl098
  OVAL29150  RHSA-2008:0544 -- php security update
  OVAL29446  RHSA-2009:0473 -- kernel security and bug fix update

2015-06-27  CVE-2015-4225  Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors,...
  CVE-2015-4199  Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent...

2015-06-26  CVE-2015-4224  Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

2015-06-25  CVE-2015-4223  Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.

2015-06-24  OVAL28971  Vulnerability in Active Directory Federation Services could allow elevation of privilege
  CVE-2015-4213  Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.
  CVE-2015-4215  Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6...

2015-06-23  CVE-2015-4200  Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation,...
  CVE-2015-4203  Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed...
  CVE-2015-4204  Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests...
  CVE-2015-4205  Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.

2015-06-20  CVE-2015-4197  Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.
  CVE-2015-4202  Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization...

2015-06-18  CVE-2015-4191  Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
  CVE-2015-4195  Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.

2015-06-16  OVAL28910  Windows Media Player RCE via DataObject vulnerability
  OVAL28531  Microsoft Office uninitialized memory use vulnerability –
  OVAL29067  Microsoft Windows Station use after free vulnerability
  OVAL28769  Internet Explorer memory corruption vulnerability
  OVAL29057  Internet Explorer memory corruption vulnerability
  OVAL29060  Internet Explorer memory corruption vulnerability
  OVAL28610  Internet Explorer memory corruption vulnerability
  OVAL28508  Win32k memory corruption elevation of privilege vulnerability
  OVAL29142  Internet Explorer elevation of privilege vulnerability
  OVAL29093  Microsoft Windows Kernel information disclosure vulnerability –
  OVAL28889  Internet Explorer memory corruption vulnerability
  OVAL29072  Microsoft common control use after free vulnerability
  OVAL29119  Internet Explorer memory corruption vulnerability
  OVAL29005  Internet Explorer elevation of privilege vulnerability
  OVAL29145  Win32k Null pointer dereference vulnerability
  OVAL28525  Windows LoadLibrary EoP vulnerability
  OVAL29113  Internet Explorer memory corruption vulnerability
  OVAL28201  Microsoft Windows Kernel Brush Object use after free vulnerability
  OVAL29050  Win32k Pool buffer overflow vulnerability
  OVAL29124  Microsoft Windows Kernel Object use after free vulnerability
  OVAL29115  Exchange Cross-Site Request Forgery vulnerability
  OVAL28806  Microsoft Windows Kernel Bitmap handling use after free vulnerability
  OVAL29081  Internet Explorer memory corruption vulnerability
  OVAL28512  Internet Explorer memory corruption vulnerability
  OVAL28928  Exchange HTML injection vulnerability
  OVAL28593  Internet Explorer memory corruption vulnerability
  OVAL29118  Microsoft Windows Kernel use after free vulnerability –
  OVAL28513  Microsoft Office memory corruption vulnerability –
  OVAL28518  Internet Explorer memory corruption vulnerability
  OVAL28848  Internet Explorer memory corruption vulnerability
  OVAL28530  Internet Explorer memory corruption vulnerability
  OVAL28665  Win32k buffer overflow vulnerability
  OVAL28429  Internet Explorer information disclosure vulnerability
  OVAL28724  Internet Explorer memory corruption vulnerability
  OVAL28948  Internet Explorer memory corruption vulnerability
  OVAL29076  Internet Explorer memory corruption vulnerability
  OVAL29033  Internet Explorer memory corruption vulnerability
  OVAL29061  Internet Explorer memory corruption vulnerability
  OVAL28650  Internet Explorer memory corruption vulnerability
  OVAL28994  Win32k elevation of privilege vulnerability
  OVAL28607  Exchange Server-Side Request Forgery vulnerability
  OVAL29123  Internet Explorer memory corruption vulnerability
  OVAL29147  Internet Explorer elevation of privilege vulnerability
  OVAL28744  Microsoft Office memory corruption vulnerability –
  OVAL28643  ELSA-2015-1115 -- Oracle openssl
  OVAL29099  CESA-2015:1115 -- centos 7 openssl
  OVAL28440  RHSA-2015:1115-01 -- Redhat openssl
  OVAL28674  CESA-2015:1115 -- centos 6 openssl
  OVAL29126  ELSA-2015-1115 -- Oracle openssl

2015-06-13  CVE-2015-4185  The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.

2015-06-12  CVE-2015-0771  The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID...
  CVE-2015-0775  The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000...
  CVE-2015-0776  telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.

2015-06-02  OVAL28198  CESA-2015:1003 -- centos 5 kvm
  OVAL28893  ELSA-2015-0999 -- Oracle qemu-kvm
  OVAL28949  ELSA-2015-1003 -- Oracle kvm-83
  OVAL28600  CESA-2015:0999 -- centos 7 qemu-kvm,libcacard
  OVAL29004  ELSA-2015-0998 -- Oracle qemu-kvm_qemu-guest-agent
  OVAL28702  RHSA-2015:0998-01 -- Redhat qemu-kvm, qemu-guest-agent
  OVAL28974  ELSA-2015-1002 -- Oracle xen
  OVAL28106  RHSA-2015:0999-01 -- Redhat qemu-kvm, libcacard
  OVAL28937  CESA-2015:1002 -- centos 5 xen
  OVAL28912  CESA-2015:0998 -- centos 6 qemu-kvm,qemu-guest-agent
  OVAL28539  RHSA-2015:1002-01 -- Redhat xen

2015-05-29  CVE-2015-0751  Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.
  CVE-2015-0756  Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.

2015-05-27  CVE-2015-1157  CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications...

2015-05-20  OVAL28742  Windows Journal remote code execution vulnerability
  OVAL28815  Internet Explorer elevation of privilege vulnerability
  OVAL29000  Internet Explorer memory corruption vulnerability
  OVAL28680  Internet Explorer memory corruption vulnerability
  OVAL28883  Microsoft windows kernel memory disclosure vulnerability
  OVAL28936  Windows Journal remote code execution vulnerability
  OVAL28517  Windows Journal remote code execution vulnerability
  OVAL29001  Microsoft windows kernel memory disclosure vulnerability
  OVAL29016  Internet Explorer ASLR bypass vulnerability
  OVAL28993  Internet Explorer memory corruption vulnerability
  OVAL28405  Internet Explorer memory corruption vulnerability
  OVAL28950  Windows forms elevation of privilege vulnerability
  OVAL28649  Windows Journal remote code execution vulnerability
  OVAL28362  OpenType Font parsing vulnerability
  OVAL28645  Microsoft Office memory corruption vulnerability –
  OVAL28829  Internet Explorer elevation of privilege vulnerability
  OVAL28867  VBScript memory corruption vulnerability
  OVAL28473  Internet Explorer memory corruption vulnerability
  OVAL28932  Service control manager elevation of privilege vulnerability
  OVAL28876  Microsoft windows kernel memory disclosure vulnerability
  OVAL28745  VBScript and JScript ASLR bypass vulnerability
  OVAL28739  .NET XML decryption denial of service vulnerability
  OVAL28340  Internet Explorer memory corruption vulnerability
  OVAL28699  Windows Kernel security feature bypass vulnerability
  OVAL28672  Schannel information disclosure vulnerability
  OVAL28984  Internet Explorer memory corruption vulnerability
  OVAL28555  Microsoft windows kernel memory disclosure vulnerability
  OVAL28917  Internet Explorer memory corruption vulnerability
  OVAL28723  Microsoft Office memory corruption vulnerability –
  OVAL28924  Microsoft SharePoint page content vulnerabilities –
  OVAL29018  Microsoft Management Console file format denial of service vulnerability
  OVAL28162  Internet Explorer memory corruption vulnerability
  OVAL28822  Internet Explorer clipboard information disclosure vulnerability
  OVAL28390  Windows Journal remote code execution vulnerability
  OVAL28710  Windows Journal remote code execution vulnerability
  OVAL28692  Internet Explorer elevation of privilege vulnerability
  OVAL28808  Microsoft windows kernel memory disclosure vulnerability
  OVAL28207  TrueType font parsing vulnerability
  OVAL28167  Internet Explorer memory corruption vulnerability
  OVAL28068  Microsoft windows kernel memory disclosure vulnerability
  OVAL28951  Internet Explorer memory corruption vulnerability
  OVAL28641  Internet Explorer memory corruption vulnerability
  OVAL28840  Internet Explorer memory corruption vulnerability
  OVAL28576  Internet Explorer memory corruption vulnerability
  OVAL28753  Internet Explorer memory corruption vulnerability
  OVAL28985  Microsoft Silverlight out of browser application vulnerability

2015-05-16  CVE-2015-0717  Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.
  CVE-2015-0723  The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.
  CVE-2015-0726  The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via...

2015-05-15  CVE-2015-0731  The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890.

2015-05-12  OVAL28575  Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 could allow attackers to execute arbitrary code on Windows

2015-05-07  CVE-2015-1152  WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1153  WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1155  The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
  CVE-2015-1156  The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same...

2015-05-01  CVE-2014-8361  The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

2015-04-28  CVE-2015-0708  Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.
  CVE-2015-0709  Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348.
  CVE-2015-0710  The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling,...

2015-04-24  OVAL29009  MSXML3 same origin policy SFB vulnerability

2015-04-21  OVAL28565  Microsoft SharePoint XSS vulnerability –
  OVAL27899  Internet Explorer memory corruption vulnerability
  OVAL28523  Microsoft SharePoint XSS vulnerability –
  OVAL28861  Internet Explorer memory corruption vulnerability
  OVAL28709  Internet Explorer memory corruption vulnerability
  OVAL28895  Internet Explorer memory corruption vulnerability
  OVAL28865  Internet Explorer memory corruption vulnerability
  OVAL28821  Internet Explorer ASLR bypass vulnerability
  OVAL28574  Internet Explorer memory corruption vulnerability
  OVAL28783  Internet Explorer memory corruption vulnerability
  OVAL27908  Internet Explorer memory corruption vulnerability
  OVAL28704  Internet Explorer memory corruption vulnerability

2015-04-17  OVAL28752  Microsoft office component use after free vulnerability
  OVAL28116  ASP.NET information disclosure vulnerability
  OVAL28623  HTTP.sys Remote code execution vulnerability
  OVAL28831  NtCreateTransactionManager type confusion vulnerability
  OVAL27878  Microsoft office memory corruption vulnerability –
  OVAL28690  Microsoft office component use after free vulnerability
  OVAL28101  EMF processing remote code execution vulnerability
  OVAL28397  Windows Hyper-V DoS vulnerability
  OVAL28561  Microsoft office component use after free vulnerability
  OVAL28603  Windows MS-DOS device name vulnerability
  OVAL28782  Active Directory Federation Services information disclosure vulnerability

2015-04-16  CVE-2015-0695  Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card...

2015-04-10  CVE-2015-3002  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port...
  CVE-2015-3003  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users...
  CVE-2015-3004  J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3...
  CVE-2015-3005  Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject...
  CVE-2015-1085  AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
  CVE-2015-1086  The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2015-1087  Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
  CVE-2015-1088  CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
  CVE-2015-1089  CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
  CVE-2015-1090  CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1091  The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin...
  CVE-2015-1092  NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity...
  CVE-2015-1093  FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
  CVE-2015-1094  IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1095  IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
  CVE-2015-1096  IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1097  IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1098  iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-1099  Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
  CVE-2015-1100  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
  CVE-2015-1101  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-1102  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
  CVE-2015-1103  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain...
  CVE-2015-1104  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering...
  CVE-2015-1105  The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial...
  CVE-2015-1106  The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
  CVE-2015-1107  The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making...
  CVE-2015-1108  The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
  CVE-2015-1109  NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
  CVE-2015-1110  The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
  CVE-2015-1111  Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1112  Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive...
  CVE-2015-1113  The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
  CVE-2015-1114  The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
  CVE-2015-1115  The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
  CVE-2015-1116  The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
  CVE-2015-1117  The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to...
  CVE-2015-1118  libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
  CVE-2015-1119  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1120  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1121  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1122  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1123  WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-1124  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1125  The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
  CVE-2015-1126  WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource...
  CVE-2015-1129  Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

2015-04-06  CVE-2015-0690  Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.

2015-04-03  CVE-2015-0688  Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.

2015-04-02  CVE-2015-0685  Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.
  CVE-2015-0686  The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID...
  CVE-2015-0687  The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka...

2015-03-27  CVE-2015-0658  The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on...
  CVE-2015-0679  The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.
  CVE-2015-0680  Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.

2015-03-26  CVE-2015-0640  The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0642  Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0635  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA)...
  CVE-2015-0636  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via...
  CVE-2015-0637  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN...
  CVE-2015-0638  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.
  CVE-2015-0639  The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S,...
  CVE-2015-0641  Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted...
  CVE-2015-0643  Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0644  AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service...
  CVE-2015-0645  The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0646  Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of...
  CVE-2015-0647  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371.
  CVE-2015-0648  Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.
  CVE-2015-0649  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514.
  CVE-2015-0650  The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote...
  CVE-2015-0672  The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.

2015-03-20  CVE-2015-0669  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN)...

2015-03-18  CVE-2015-1068  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1069  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1070  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1071  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1072  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1073  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1074  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1076  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1077  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1078  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1079  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1080  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1081  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1082  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1083  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1084  The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

2015-03-17  OVAL28562  Vulnerability in Microsoft Schannel could allow security feature bypass
  OVAL28631  Microsoft office component use after free vulnerability
  OVAL28356  Microsoft office memory corruption vulnerability –
  OVAL28851  Microsoft word local zone remote code execution vulnerability –
  OVAL27875  Microsoft SharePoint xss vulnerability –
  OVAL28658  Microsoft SharePoint xss vulnerability –

2015-03-16  OVAL28811  OWA modified canary parameter cross site scripting vulnerability
  OVAL28487  Internet Explorer memory corruption vulnerability
  OVAL28797  VBScript memory corruption vulnerability
  OVAL28836  Internet Explorer memory corruption vulnerability
  OVAL28524  Audit report cross site scripting vulnerability
  OVAL28605  Internet Explorer elevation of privilege vulnerability
  OVAL28748  ExchangeDLP cross site scripting vulnerability
  OVAL28863  NETLOGON spoofing vulnerability
  OVAL28294  Exchange forged meeting request spoofing vulnerability
  OVAL28670  Internet Explorer memory corruption vulnerability
  OVAL28803  Microsoft windows kernel memory disclosure vulnerability
  OVAL28684  Adobe font driver remote code execution vulnerability
  OVAL28813  Win32k elevation of privilege vulnerability
  OVAL28768  Internet Explorer memory corruption vulnerability
  OVAL28469  Adobe font driver information disclosure vulnerability
  OVAL28675  JPEG XR parser information disclosure vulnerability
  OVAL28667  Microsoft windows kernel memory disclosure vulnerability
  OVAL28816  Registry virtualization elevation of privilege vulnerability
  OVAL28807  Adobe font driver remote code execution vulnerability
  OVAL27900  Exchange error message cross site scripting vulnerability
  OVAL28771  Adobe font driver remote code execution vulnerability
  OVAL28843  Internet Explorer memory corruption vulnerability
  OVAL28844  Impersonation level check elevation of privilege vulnerability
  OVAL27987  WTS remote code execution vulnerability
  OVAL28770  Adobe font driver remote code execution vulnerability
  OVAL28464  Internet Explorer memory corruption vulnerability
  OVAL28781  Internet Explorer memory corruption vulnerability
  OVAL28549  Adobe font driver information disclosure vulnerability
  OVAL28757  Internet Explorer memory corruption vulnerability
  OVAL28738  Adobe font driver remote code execution vulnerability
  OVAL28730  Adobe font driver denial of service vulnerability
  OVAL28569  Internet Explorer memory corruption vulnerability
  OVAL28737  Internet Explorer elevation of privilege vulnerability
  OVAL28428  Malformed PNG parsing information disclosure vulnerability
  OVAL28847  Remote desktop protocol
  OVAL28609  DLL planting remote code execution vulnerability
  OVAL28780  Task scheduler security feature bypass vulnerability
  OVAL28656  Microsoft windows kernel memory disclosure vulnerability

2015-03-12  CVE-2015-1061  IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
  CVE-2015-1062  MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
  CVE-2015-1063  CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
  CVE-2015-1064  Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
  CVE-2015-1065  Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.

2015-03-10  CVE-2015-1067  Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to...

2015-03-05  CVE-2015-0598  The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.
  CVE-2015-0607  The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that...
  CVE-2015-0657  Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.
  CVE-2015-0659  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
  CVE-2015-0661  The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.

2015-03-04  CVE-2015-0204  FREAK: SSL/TLS vulnerability

2015-02-26  CVE-2015-0632  Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

2015-02-21  CVE-2015-0618  Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with...

2015-02-20  CVE-2015-2077  MITM installed: Superfish adware
  CVE-2015-2078  MITM installed: Superfish certificate

2015-02-18  CVE-2015-0622  The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the...

2015-02-15  CVE-2015-0609  Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via...
  CVE-2015-1474  Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption)...

2015-02-13  OVAL28663  Internet Explorer memory corruption vulnerability
  OVAL28731  TIFF Processing information disclosure vulnerability
  OVAL28653  Internet Explorer memory corruption vulnerability
  OVAL28668  Microsoft Office component use after free vulnerability
  OVAL28604  Excel remote code execution vulnerability
  OVAL28590  Internet Explorer memory corruption vulnerability
  OVAL28548  Internet Explorer use-after-free vulnerability
  OVAL28718  Internet Explorer memory corruption vulnerability
  OVAL28272  Internet Explorer memory corruption vulnerability
  OVAL28475  Internet Explorer memory corruption vulnerability
  OVAL28384  Internet Explorer memory corruption vulnerability
  OVAL28633  TrueType font parsing remote code execution vulnerability
  OVAL28691  Internet Explorer memory corruption vulnerability
  OVAL28337  Internet Explorer memory corruption vulnerability
  OVAL28021  Internet Explorer memory corruption vulnerability
  OVAL28402  Internet Explorer memory corruption vulnerability
  OVAL28711  Internet Explorer memory corruption vulnerability
  OVAL28558  Internet Explorer memory corruption vulnerability
  OVAL28767  Group Policy security feature bypass vulnerability
  OVAL27977  Internet Explorer memory corruption vulnerability
  OVAL28018  Internet Explorer cross-domain information disclosure vulnerability
  OVAL28074  Office remote code execution vulnerability
  OVAL28689  Win32k elevation of privilege vulnerability
  OVAL27780  Microsoft schannel remote code execution vulnerability
  OVAL28394  Internet Explorer memory corruption vulnerability
  OVAL28764  Windows create process elevation of privilege vulnerability
  OVAL28735  Internet Explorer memory corruption vulnerability
  OVAL28540  Internet Explorer memory corruption vulnerability
  OVAL28573  Internet Explorer memory corruption vulnerability
  OVAL28714  Internet Explorer memory corruption vulnerability
  OVAL27957  Internet Explorer memory corruption vulnerability
  OVAL28666  Internet Explorer memory corruption vulnerability
  OVAL28383  Internet Explorer memory corruption vulnerability
  OVAL28193  Internet Explorer elevation of privilege vulnerability
  OVAL28732  Internet Explorer memory corruption vulnerability
  OVAL28486  Internet Explorer ASLR bypass vulnerability
  OVAL27772  Internet Explorer memory corruption vulnerability
  OVAL28395  Internet Explorer memory corruption vulnerability
  OVAL28728  Internet Explorer elevation of privilege vulnerability
  OVAL28700  Group Policy remote code execution vulnerability
  OVAL28750  Internet Explorer memory corruption vulnerability
  OVAL28413  Internet Explorer memory corruption vulnerability
  OVAL28522  Internet Explorer memory corruption vulnerability
  OVAL28695  Internet Explorer memory corruption vulnerability
  OVAL28688  Windows font driver denial of service vulnerability
  OVAL28639  Internet Explorer memory corruption vulnerability
  OVAL28683  Internet Explorer memory corruption vulnerability
  OVAL28257  Internet Explorer ASLR bypass vulnerability
  OVAL28598  OneTableDocumentStream remote code execution vulnerability
  OVAL28202  CNG security feature bypass vulnerability
  OVAL28347  Internet Explorer memory corruption vulnerability
  OVAL28449  Internet Explorer ASLR bypass vulnerability
  OVAL28762  Microsoft schannel remote code execution vulnerability
  OVAL28382  Internet Explorer memory corruption vulnerability
  OVAL27765  Internet Explorer memory corruption vulnerability

2015-02-12  CVE-2015-0593  The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003.

2015-02-11  CVE-2015-0592  The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.
  CVE-2015-0606  The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696.
  CVE-2015-0608  Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper...
  CVE-2015-0610  Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco...

2015-02-05  OVAL28471  Adobe Flash Player 14.x though 16.0.0.287 and 13.x through 13.0.0.262 can cause a crash and potentially allow an attacker to take control of the Windows platform
  OVAL28602  Adobe Flash Player 14.x though 16.0.0.296 and 13.x through 13.0.0.264 could crash and potentially allow system takeover on the Windows platform
  OVAL28646  Adobe Flash Player 14.x though 16.0.0.257 and 13.x through 13.0.0.260 could be used to circumvent memory randomization mitigations on the Windows platform

2015-02-03  CVE-2014-8013  The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.

2015-01-30  CVE-2014-4467  WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
  CVE-2014-4476  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4477  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4479  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4480  Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
  CVE-2014-4481  Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
  CVE-2014-4483  Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file...
  CVE-2014-4484  FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
  CVE-2014-4485  Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a...
  CVE-2014-4486  IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a...
  CVE-2014-4487  Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2014-4488  IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2014-4489  IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of...
  CVE-2014-4491  The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for...
  CVE-2014-4492  libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via...
  CVE-2014-4493  The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
  CVE-2014-4494  Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging...
  CVE-2014-4495  The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass...
  CVE-2014-4496  The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR...
  CVE-2014-8840  The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.

2015-01-28  OVAL28638  ELSA-2015-0090 -- glibc security update
  OVAL28360  RHSA-2015:0090 -- glibc security update
  OVAL28622  ELSA-2015-0092 -- glibc security update
  OVAL28438  RHSA-2015:0092 -- glibc security update
  CVE-2015-0586  The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR...

2015-01-22  CVE-2014-8008  Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

2015-01-16  OVAL28330  Microsoft user profile service elevation of privilege vulnerability
  OVAL28297  NLA Security Feature Bypass Vulnerability
  OVAL28554  Windows Telnet service buffer overflow vulnerability
  OVAL28664  Graphics component information disclosure vulnerability
  OVAL28478  Network policy server RADIUS implementation denial of service vulnerability
  OVAL28717  Directory Traversal elevation of privilege vulnerability
  OVAL27743  WebDAV elevation of privilege vulnerability
  OVAL28634  Windows Error Reporting security feature bypass vulnerability
  CVE-2014-6384  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle...
  CVE-2014-6385  Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1...
  CVE-2014-6386  Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before...
  CVE-2014-6382  The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of...
  CVE-2014-6383  The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.

2015-01-09  CVE-2015-0582  The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.

2014-12-30  OVAL28176  SUSE-SU-2014:1623-1 -- Security update for pidgin
  OVAL28588  RHSA-2014:1984 -- bind security update
  OVAL28630  RHSA-2014:2010 -- kernel security update
  OVAL28661  RHSA-2014:1974 -- rpm security update
  OVAL28314  SUSE-SU-2014:1615-1 -- Security update for pidgin
  OVAL28385  RHSA-2014:1999 -- mailx security update
  OVAL28585  SUSE-SU-2014:1652-1 -- Security update for cpio
  OVAL28591  SUSE-SU-2014:1595-1 -- Security update for ImageMagick
  OVAL27703  RHSA-2014:1997 -- kernel security and bug fix update
  OVAL28483  RHSA-2014:2024 -- ntp security update
  OVAL28498  RHSA-2014:1985 -- bind97 security update
  OVAL28613  RHSA-2014:1983 -- xorg-x11-server security update
  OVAL28652  RHSA-2014:1982 -- xorg-x11-server security update
  OVAL28466  SUSE-SU-2014:1555-1 -- Security update for file
  OVAL28399  RHSA-2014:1971 -- kernel security and bug fix update
  OVAL28460  RHSA-2014:2025 -- ntp security update
  OVAL28453  RHSA-2014:2008 -- kernel security update
  OVAL28439  RHSA-2014:2023 -- glibc security and bug fix update
  OVAL28044  SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g
  OVAL28659  SUSE-SU-2014:1649-1 -- Security update for flash-player
  OVAL28532  RHSA-2014:2021 -- jasper security update
  OVAL28676  SUSE-SU-2014:1592-1 -- Security update for tigervnc
  OVAL28437  RHSA-2014:1976 -- rpm security update
  OVAL28097  SUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm
  OVAL28685  SUSE-SU-2014:1628-1 -- Security update for gnutls
  OVAL28499  SUSE-SU-2014:1545-1 -- Security update for flash-player
  OVAL28571  SUSE-SU-2014:1650-1 -- Security update for flash-player

2014-12-22  OVAL28482  ELSA-2014-3104 -- Unbreakable Enterprise kernel security update
  OVAL27915  ELSA-2014-3106 -- Unbreakable Enterprise kernel security update
  OVAL28324  ELSA-2014-1999 -- mailx security update
  OVAL28615  ELSA-2014-1976 -- rpm security update
  OVAL28616  ELSA-2014-2008-1 -- kernel security update
  OVAL28543  ELSA-2014-1983 -- xorg-x11-server security update
  OVAL28079  ELSA-2014-1985 -- bind97 security update
  OVAL28387  ELSA-2014-2008 -- kernel security update
  OVAL28612  ELSA-2014-1997 -- kernel security and bug fix update
  OVAL28192  ELSA-2014-2025 -- ntp security update
  OVAL28647  ELSA-2014-3108 -- Unbreakable Enterprise kernel security update
  OVAL28261  ELSA-2014-1974 -- rpm security update
  OVAL28420  ELSA-2014-2021 -- jasper security update
  OVAL28492  ELSA-2014-3107 -- Unbreakable Enterprise kernel security update
  OVAL28418  ELSA-2014-1971 -- kernel security and bug fix update
  OVAL28485  ELSA-2014-1984 -- bind security update
  OVAL28310  ELSA-2014-2010 -- kernel security update
  OVAL28577  ELSA-2014-1982 -- xorg-x11-server security update
  OVAL28305  ELSA-2014-3103 -- Unbreakable Enterprise kernel security update
  OVAL28088  ELSA-2014-2023 -- glibc security and bug fix update
  OVAL28304  ELSA-2014-2024 -- ntp security update
  OVAL27668  ELSA-2014-3105 -- Unbreakable Enterprise kernel security update

2014-12-18  CVE-2014-8014  Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.

2014-12-17  CVE-2014-9322  arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that...

2014-12-15  CVE-2014-8610  AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or...
  CVE-2014-7911  luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization,...
  CVE-2014-8507  Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary...
  CVE-2014-8609  The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for...

2014-12-12  OVAL28084  Graphics component information disclosure vulnerability
  OVAL28376  Internet Explorer memory corruption vulnerability
  OVAL28368  Internet Explorer memory corruption vulnerability
  OVAL28430  Internet Explorer memory corruption vulnerability
  OVAL27932  Internet Explorer XSS filter bypass vulnerability
  OVAL27937  Microsoft Office component use after free vulnerability
  OVAL28291  OWA XSS vulnerability () - MS14-075
  OVAL28329  Internet Explorer memory corruption vulnerability
  OVAL28280  Global free remote code execution in excel vulnerability
  OVAL28425  Outlook Web App token spoofing vulnerability () - MS14-075
  OVAL28349  Internet Explorer memory corruption vulnerability
  OVAL28392  Internet Explorer memory corruption vulnerability
  OVAL28404  Internet Explorer memory corruption vulnerability
  OVAL28408  Internet Explorer memory corruption vulnerability
  OVAL28415  Exchange URL redirection vulnerability () - MS14-075
  OVAL27704  Internet Explorer memory corruption vulnerability
  OVAL27446  Excel invalid pointer remote code execution vulnerability
  OVAL28377  Internet Explorer memory corruption vulnerability
  OVAL28328  OWA XSS vulnerability () - MS14-075
  OVAL28416  Internet Explorer memory corruption vulnerability
  OVAL28299  Invalid index remote code execution vulnerability
  OVAL28172  Internet Explorer XSS filter bypass vulnerability
  OVAL28006  Use After Free Word Remote Code Execution Vulnerability
  OVAL28401  Internet Explorer memory corruption vulnerability

2014-12-10  CVE-2014-4465  WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of...
  CVE-2014-4466  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4468  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4469  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4470  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4471  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4472  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4473  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4474  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4475  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...

2014-12-08  OVAL28273  SUSE-SU-2014:1524-1 -- Security update for openssl
  OVAL28237  ELSA-2014-3092 -- bash security update
  OVAL28030  RHSA-2014:1767 -- php security update
  OVAL27526  SUSE-SU-2014:1360-1 -- Security update for flash-player
  OVAL28391  ELSA-2014-1956 -- wpa_supplicant security update
  OVAL28374  RHSA-2014:1803 -- mod_auth_mellon security update
  OVAL27895  RHSA-2014:1846 -- gnutls security update
  OVAL28432  SUSE-SU-2014:1438-1 -- update for rsyslog
  OVAL28325  SUSE-SU-2014:1422-1 -- Security update for java-1_7_0-openjdk
  OVAL28378  ELSA-2014-1873 -- libvirt security and bug fix update
  OVAL28254  ELSA-2014-1924 -- thunderbird security update
  OVAL28252  SUSE-SU-2014:1542-1 -- Security update for flash-player
  OVAL28459  RHSA-2014:1924 -- thunderbird security update
  OVAL27477  ELSA-2014-1861 -- mariadb security update
  OVAL28481  SUSE-SU-2014:1512-1 -- Security update for compat-openssl098
  OVAL27540  SUSE-SU-2014:1511-1 -- Security update for python, python-base, python-doc
  OVAL28393  ELSA-2014-1870 -- libXfont security update
  OVAL28186  RHSA-2014:1824 -- php security update
  OVAL27990  ELSA-2014-1959 -- kernel security and bug fix update
  OVAL28375  RHSA-2014:1795 -- cups-filters security update
  OVAL28277  SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK
  OVAL28363  SUSE-SU-2014:1494-1 -- Security update for libreoffice
  OVAL28250  SUSE-SU-2014:1465-1 -- Security update for flash-player
  OVAL27775  ELSA-2014-1959-1 -- kernel security and bug fix update
  OVAL28315  SUSE-SU-2014:1178-1 -- Update for update-test-security
  OVAL28457  SUSE-SU-2014:1387-1 -- Security update for OpenSSL
  OVAL28112  ELSA-2014-1919 -- firefox security update
  OVAL27507  RHSA-2014:1956 -- wpa_supplicant security update
  OVAL27935  RHSA-2014:1912 -- ruby security update
  OVAL28507  SUSE-SU-2014:1408-1 -- Security update for wget
  OVAL27983  RHSA-2014:1919 -- firefox security update
  OVAL27738  ELSA-2014-1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  OVAL28414  ELSA-2014-1893 -- libXfont security update
  OVAL28369  ELSA-2014-1859 -- mysql55-mysql security update
  OVAL28150  SUSE-SU-2014:1510-1 -- Security update for MozillaFirefox and mozilla-nss
  OVAL27981  SUSE-SU-2014:1259-1 -- bash
  OVAL27716  RHSA-2014:1893 -- libXfont security update
  OVAL27600  SUSE-SU-2014:1458-3 -- Security update for MozillaFirefox
  OVAL27549  ELSA-2014-3095 -- docker security and bug fix update
  OVAL28039  RHSA-2014:1827 -- kdenetwork security update
  OVAL28373  ELSA-2014-3096 -- Unbreakable Enterprise kernel security update
  OVAL27830  SUSE-SU-2014:1260-1 -- bash
  OVAL28194  SUSE-SU-2014:1442-1 -- Security update for flash-player
  OVAL28139  RHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  OVAL28263  ELSA-2014-3094 -- bash security update
  OVAL27610  RHSA-2014:1861 -- mariadb security update
  OVAL28443  SUSE-SU-2014:1464-1 -- Security update for wget
  OVAL28472  SUSE-SU-2014:1544-1 -- Security update for LibreOffice
  OVAL27461  ELSA-2014-3093 -- bash security update
  OVAL28142  RHSA-2014:1911 -- ruby security update
  OVAL28354  RHSA-2014:1764 -- wget security update
  OVAL28295  RHSA-2014:1959 -- kernel security and bug fix update
  OVAL28090  RHSA-2014:1724 -- kernel security and bug fix update
  OVAL28303  ELSA-2014-1912 -- ruby security update
  OVAL28389  RHSA-2014:1859 -- mysql55-mysql security update
  OVAL28461  SUSE-SU-2014:1423-1 -- Security update for flash-player
  OVAL28435  RHSA-2014:1870 -- libXfont security update
  OVAL28313  RHSA-2014:1873 -- libvirt security and bug fix update
  OVAL27612  RHSA-2014:1801 -- shim security update
  OVAL27992  RHSA-2014:1843 -- kernel security and bug fix update
  OVAL28326  RHSA-2014:1768 -- php53 security update
  OVAL27707  RHSA-2014:1885 -- libxml2 security update
  OVAL28208  RHSA-2014:1826 -- libvncserver security update
  OVAL28027  ELSA-2014-1911 -- ruby security update
  OVAL28050  ELSA-2014-1885 -- libxml2 security update

2014-11-25  CVE-2014-8004  Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.
  CVE-2014-8005  Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

2014-11-18  OVAL28177  Internet Explorer memory corruption vulnerability
  OVAL28266  Internet Explorer elevation of privilege vulnerability
  OVAL28204  Internet Explorer cross-domain information disclosure vulnerability
  OVAL27897  Internet Explorer elevation of privilege vulnerability
  OVAL27356  Internet Explorer memory corruption vulnerability
  OVAL28358  Internet Explorer memory corruption vulnerability
  OVAL28334  Internet Explorer Clipboard Information Disclosure Vulnerability
  OVAL27601  Internet Explorer memory corruption vulnerability
  OVAL27372  Internet Explorer memory corruption vulnerability
  OVAL28339  Internet Explorer cross-domain information disclosure vulnerability.
  OVAL28290  Internet Explorer cross-domain information disclosure vulnerability
  OVAL28205  Internet Explorer memory corruption vulnerability
  CVE-2014-4453  Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via...
  CVE-2014-4455  dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
  CVE-2014-4457  The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time...
  CVE-2014-4459  Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
  CVE-2014-4460  CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-4461  The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
  CVE-2014-4462  WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-4463  Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.
  CVE-2014-4451  Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
  CVE-2014-4452  WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...

2014-11-17  OVAL28173  Active Directory Federation Services information disclosure vulnerability
  CVE-2014-7992  The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

2014-11-14  OVAL27794  Microsoft schannel remote code execution vulnerability
  OVAL28056  TypeFilterLevel vulnerability
  OVAL28219  ELSA-2014-1827 -- kdenetwork security update
  OVAL27974  ELSA-2014-3089 -- Unbreakable Enterprise kernel security update
  OVAL28227  ELSA-2014-3087 -- Unbreakable Enterprise kernel security update
  CVE-2014-7997  The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by...
  CVE-2014-7998  Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.

2014-11-13  CVE-2014-7991  The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS...

2014-11-05  OVAL27818  ELSA-2012-0690-1 -- kernel security and bug fix update
  OVAL26519  ELSA-2014-3081 -- Unbreakable Enterprise kernel security update
  OVAL27535  ELSA-2012-1174-1 -- kernel security and bug fix update
  OVAL28092  ELSA-2011-2033 -- Unbreakable Enterprise kernel security update
  OVAL27194  ELSA-2012-1061-1 -- kernel security and bug fix update
  OVAL27029  ELSA-2014-0685 -- java-1.6.0-openjdk security update
  OVAL27587  ELSA-2010-2008 -- Unbreakable enterprise kernel security update
  OVAL27596  ELSA-2012-2038 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27341  ELSA-2014-3048 -- unbreakable enterprise kernel security update
  OVAL26512  ELSA-2013-2542 -- unbreakable enterprise kernel security update
  OVAL27318  ELSA-2014-3021 -- Unbreakable Enterprise kernel security update
  OVAL26901  ELSA-2013-0747-1 -- kernel security and bug fix update
  OVAL27016  ELSA-2014-1669 -- qemu-kvm security and bug fix update
  OVAL26883  ELSA-2014-3014 -- unbreakable enterprise kernel security update
  OVAL27123  ELSA-2014-0679 -- openssl security update
  OVAL27227  ELSA-2014-3083 -- Unbreakable Enterprise kernel Security update
  OVAL27232  ELSA-2014-0108-1 -- kernel security and bug fix update
  OVAL28004  ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL26940  ELSA-2014-0926 -- kernel security and bug fix update
  OVAL26673  ELSA-2013-1790-1 -- kernel security and bug fix update
  OVAL27092  ELSA-2014-3023 -- Unbreakable Enterprise kernel security update
  OVAL27247  ELSA-2014-0704 -- qemu-kvm security and bug fix update
  OVAL27502  ELSA-2013-2577 -- unbreakable enterprise kernel security update
  OVAL27071  ELSA-2012-2041 -- Unbreakable Enterprise kernel Security update
  OVAL27466  ELSA-2013-2534 -- Unbreakable Enterprise kernel Security update
  OVAL27823  ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update
  OVAL27903  ELSA-2011-2021 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL27698  ELSA-2012-2014 -- Unbreakable Enterprise kernel security update
  OVAL27877  ELSA-2012-0150-1 -- Oracle Linux 5.8 kernel security and bug update
  OVAL27955  ELSA-2011-2038 -- Unbreakable Enterprise kernel security update
  OVAL26995  ELSA-2014-0890 -- java-1.7.0-openjdk security update
  OVAL27342  ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update
  OVAL27735  ELSA-2012-2026 -- Unbreakable Enterprise kernel Security update
  OVAL27648  ELSA-2012-2035 -- Unbreakable Enterprise kernel security update
  OVAL27338  ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update
  OVAL28158  ELSA-2011-2029 -- Unbreakable Enterprise kernel security update
  OVAL27250  ELSA-2014-3043 -- unbreakable enterprise kernel security update
  OVAL27518  ELSA-2011-2019 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL28038  ELSA-2011-2024 -- Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update
  OVAL27622  ELSA-2013-2520 -- Unbreakable Enterprise kernel security update
  OVAL27812  ELSA-2012-1445-1 -- kernel security and bug fix update
  OVAL27378  ELSA-2013-2575 -- unbreakable enterprise kernel security update
  OVAL27688  ELSA-2012-1323-1 -- kernel security and bug fix update
  OVAL26661  ELSA-2013-1034-1 -- kernel security and bug fix update
  OVAL27278  ELSA-2014-3011 -- Unbreakable Enterprise kernel security update
  OVAL27240  ELSA-2010-2009 -- Oracle Linux 5 Unbreakable Enterprise kernel security fix update
  OVAL26804  ELSA-2014-1004 -- yum-updatesd security update
  OVAL27337  ELSA-2014-0702 -- mariadb security update
  OVAL26983  ELSA-2012-2044 -- Unbreakable Enterprise kernel security update
  OVAL27275  ELSA-2014-0285-1 -- kernel security, bug fix, and enhancement update
  OVAL27141  ELSA-2014-0889 -- java-1.7.0-openjdk security update
  OVAL27635  ELSA-2012-0721-1 -- kernel security update
  OVAL27281  ELSA-2013-1348-1 -- Oracle Linux 5 kernel update
  OVAL27702  ELSA-2010-2011 -- Unbreakable enterprise kernel security and bug fix update
  OVAL26514  ELSA-2014-3049 -- unbreakable enterprise kernel security update
  OVAL27331  ELSA-2014-0675 -- java-1.7.0-openjdk security update
  OVAL27959  ELSA-2011-2010 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL27255  ELSA-2013-1348 -- Oracle linux 5 kernel update
  OVAL27425  ELSA-2013-1166-1 -- kernel security and bug fix update
  OVAL27842  ELSA-2012-2001 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27550  ELSA-2012-2020 -- Unbreakable Enterprise kernel security and bugfix update
  OVAL27657  ELSA-2013-2504 -- Unbreakable Enterprise kernel security update
  OVAL27316  ELSA-2014-3037 -- Unbreakable Enterprise kernel security update
  OVAL27233  ELSA-2014-1052 -- openssl security update
  OVAL26595  ELSA-2014-0926-1 -- kernel security and bug fix update
  OVAL28028  ELSA-2010-2010 -- kernel security update
  OVAL27093  ELSA-2014-3039 -- Unbreakable Enterprise kernel security update
  OVAL27236  ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update
  OVAL27158  ELSA-2014-3054 -- unbreakable enterprise kernel security update
  OVAL27623  ELSA-2013-0594-1 -- kernel security and bug fix update
  OVAL27793  ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update
  OVAL27200  ELSA-2014-3046 -- unbreakable enterprise kernel security update
  OVAL27047  ELSA-2013-2512 -- Unbreakable Enterprise kernel Security update
  OVAL27629  ELSA-2012-2048 -- Unbreakable Enterprise kernel security update
  OVAL27343  ELSA-2013-2589 -- unbreakable enterprise kernel security update
  OVAL26359  ELSA-2014-3052 -- unbreakable enterprise kernel security update
  OVAL27491  ELSA-2013-1292-1 -- kernel security and bug fix update
  OVAL28005  ELSA-2011-2014 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  OVAL27060  ELSA-2014-0920 -- httpd security update
  OVAL27347  ELSA-2014-3016 -- Unbreakable Enterprise kernel security update
  OVAL26531  ELSA-2014-0790 -- dovecot security update
  OVAL26620  ELSA-2014-3086 -- Unbreakable Enterprise kernel security update
  OVAL27433  ELSA-2013-2537 -- unbreakable enterprise kernel security update
  OVAL26951  ELSA-2014-3067 -- unbreakable enterprise kernel security update
  OVAL27334  ELSA-2013-0847-1 -- kernel security and bug fix update
  OVAL27375  ELSA-2012-1540-1 -- kernel security, bug fix, and enhancement update
  OVAL27358  ELSA-2013-2585 -- Unbreakable Enterprise Kernel security update
  OVAL27266  ELSA-2014-3070 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27323  ELSA-2014-0740-1 -- kernel security and bug fix update
  OVAL26800  ELSA-2013-0621-1 -- kernel security update
  OVAL27381  ELSA-2013-1449-1 -- kernel security and bug fix update
  OVAL27215  ELSA-2014-3069 -- unbreakable enterprise kernel security update
  OVAL26880  ELSA-2014-1075 -- qemu-kvm security and bug fix update
  OVAL27388  ELSA-2013-2587 -- unbreakable enterprise kernel security update
  OVAL26365  ELSA-2014-3034 -- Unbreakable Enterprise kernel security update
  OVAL28157  ELSA-2011-2025 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27296  ELSA-2014-0433-1 -- kernel security, bug fix, and enhancement update
  OVAL27351  ELSA-2014-0921 -- httpd security update
  OVAL27352  ELSA-2014-3041 -- unbreakable enterprise kernel security update
  OVAL27916  ELSA-2011-2037 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27242  ELSA-2014-3010 -- Unbreakable Enterprise kernel security update
  OVAL27914  ELSA-2012-2003 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL26522  ELSA-2014-3002 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27051  ELSA-2013-0168-1 -- kernel security and bug fix update
  OVAL27249  ELSA-2012-2007 -- Unbreakable Enterprise kernel security and bug fix update
  OVAL27160  ELSA-2014-0927 -- qemu-kvm security and bug fix update

2014-10-31  CVE-2014-3366  SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
  CVE-2014-3372  Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
  CVE-2014-3373  Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug...
  CVE-2014-3374  Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
  CVE-2014-3375  Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

2014-10-28  OVAL27022  RHSA-2014:1669 -- qemu-kvm security and bug fix update
  OVAL27220  RHSA-2013:1353 -- sudo security and bug fix update
  OVAL27070  RHSA-2013:0519 -- openssh security, bug fix and enhancement update

2014-10-25  CVE-2014-3409  The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

2014-10-22  CVE-2014-4448  House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
  CVE-2014-4449  iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
  CVE-2014-4450  The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading...

2014-10-17  OVAL26757  .NET Framework remote code execution vulnerability
  OVAL26910  .NET ClickOnce elevation of privilege vulnerability
  OVAL26605  RHSA-2014:1391: glibc security, bug fix, and enhancement update
  OVAL26390  RHSA-2014:1390: luci security, bug fix, and enhancement update
  OVAL26947  RHSA-2014:1636: java-1.8.0-openjdk security update
  OVAL27084  ELSA-2014-1652 -- openssl security update
  OVAL26917  RHSA-2014:1389: krb5 security and bug fix update
  OVAL27085  ELSA-2014-1552 -- openssh security, bug fix, and enhancement update
  OVAL26570  ELSA-2014-1388 -- cups security and bug fix update
  OVAL27086  RHSA-2014:1392: kernel security, bug fix, and enhancement update
  OVAL26805  RHSA-2014:1552: openssh security, bug fix, and enhancement update
  OVAL27149  RHSA-2014:1655: libxml2 security update
  OVAL27056  RHSA-2014:1388: cups security and bug fix update
  OVAL26767  RHSA-2014:1654: rsyslog7 security update
  OVAL26759  RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update
  OVAL26915  RHSA-2014:1657: java-1.7.0-oracle security update
  OVAL26179  ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
  OVAL26796  ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update
  OVAL27068  RHSA-2014:1658: java-1.6.0-sun security update
  OVAL26716  ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update
  OVAL27101  RHSA-2014:1606: file security and bug fix update
  OVAL26927  RHSA-2014:1507: trousers security, bug fix, and enhancement update

2014-10-16  CVE-2014-3566  POODLE: SSLv3 vulnerability

2014-10-14  CVE-2014-3818  Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49...
  CVE-2014-3825  The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote...
  CVE-2014-6378  Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5,...
  CVE-2014-6379  Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2...
  CVE-2014-6380  Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before...

2014-10-09  CVE-2014-3403  The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
  CVE-2014-3404  The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677.
  CVE-2014-3405  Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct...

2014-10-08  CVE-2014-3187  Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device...

2014-10-01  OVAL26892  ELSA-2014-1148 -- squid security update
  OVAL26644  ELSA-2014-1147 -- squid security update
  OVAL26806  ELSA-2014-3072 -- Unbreakable Enterprise kernel security update
  OVAL26189  ELSA-2014-3073 -- Unbreakable Enterprise kernel security update
  OVAL26970  ELSA-2014-1244 -- bind97 security and bug fix update
  OVAL27050  ELSA-2014-1166 -- jakarta-commons-httpclient security update

2014-09-29  OVAL26919  ELSA-2014-3018 -- Unbreakable Enterprise kernel security update

2014-09-26  OVAL26451  RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update
  OVAL26777  RHSA-2014:1245: krb5 security and bug fix update
  OVAL26030  RHSA-2014:1244: bind97 security and bug fix update
  OVAL26851  RHSA-2014:1194: conga security and bug fix update
  OVAL26718  RHSA-2014:1255: krb5 security update
  OVAL26641  RHSA-2014:1243: automake security update

2014-09-25  CVE-2014-6271  Bash environment variables code injection
  CVE-2014-7169  Bash environment variables code injection
  CVE-2014-3354  Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a...
  CVE-2014-3355  The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3356  The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3357  Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug...
  CVE-2014-3358  Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface...
  CVE-2014-3359  Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or...
  CVE-2014-3360  Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service...
  CVE-2014-3361  The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.

2014-09-20  CVE-2014-3376  Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.
  CVE-2014-3377  snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.
  CVE-2014-3378  tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.

2014-09-18  CVE-2014-4388  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in...
  CVE-2014-4389  Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
  CVE-2014-4404  Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
  CVE-2014-4405  IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping...
  CVE-2014-4407  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
  CVE-2014-4352  Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
  CVE-2014-4353  Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
  CVE-2014-4354  Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
  CVE-2014-4356  Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.
  CVE-2014-4357  Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
  CVE-2014-4361  The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
  CVE-2014-4362  The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
  CVE-2014-4363  Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509...
  CVE-2014-4364  The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then...
  CVE-2014-4366  Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
  CVE-2014-4367  Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
  CVE-2014-4368  The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
  CVE-2014-4369  The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.
  CVE-2014-4371  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4372  syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
  CVE-2014-4373  The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
  CVE-2014-4374  NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
  CVE-2014-4375  Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
  CVE-2014-4377  Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
  CVE-2014-4378  CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
  CVE-2014-4379  An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.
  CVE-2014-4380  The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
  CVE-2014-4381  Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
  CVE-2014-4383  The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
  CVE-2014-4384  Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
  CVE-2014-4386  Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
  CVE-2014-4408  The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.
  CVE-2014-4409  WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
  CVE-2014-4410  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4411  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4412  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4413  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4414  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4415  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4418  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in...
  CVE-2014-4419  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4420  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4421  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4422  The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using...
  CVE-2014-4423  The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.

2014-09-17  OVAL26708  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  OVAL26301  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  OVAL26551  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL26813  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  OVAL26807  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow remote attackers to bypass the Same Origin Policy
  OVAL26434  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  OVAL26616  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows attackers to execute arbitrary code
  OVAL26758  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection...
  OVAL26668  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  OVAL26603  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  OVAL26312  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  OVAL26818  Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service

2014-09-12  OVAL26601  .NET framework denial of service vulnerability

2014-09-11  CVE-2014-3342  The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
  CVE-2014-3363  Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.

2014-09-10  CVE-2014-3343  Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.

2014-09-04  CVE-2014-3353  Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165.

2014-09-03  OVAL25633  Arbitrary code executing via unknown vectors.
  OVAL26532  Heap-based buffer overflow in KMPlayer 3.0.0.1441
  OVAL26378  Unspecified vulnerability allows remote attackers to bypass Protected Mode

2014-08-29  OVAL26362  Apache Subversion vulnerability Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials
  OVAL25808  Apache Subversion vulnerability 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate

2014-08-19  OVAL26275  CSyncBasePlayer use after free vulnerability

2014-08-18  OVAL26337  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism
  OVAL25856  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows allows attackers to execute arbitrary code
  OVAL26161  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  OVAL26154  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  OVAL26134  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  OVAL26316  Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses

2014-08-12  CVE-2014-3338  The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via...

2014-08-11  CVE-2014-3327  The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101.
  CVE-2014-3332  Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

2014-08-06  OVAL26284  SUSE-SU-2014:0905-1 -- Security update for Mozilla Firefox

2014-08-05  OVAL26244  RHSA-2013-1605: glibc security, bug fix, and enhancement update
  OVAL26218  RHSA-2012:0884: openssh security, bug fix, and enhancement update
  OVAL26186  RHSA-2014:1004: yum-updatesd security update

2014-07-28  OVAL24828  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity
  OVAL24806  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  OVAL25066  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity
  OVAL25160  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  OVAL25136  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity
  OVAL25273  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality
  OVAL25224  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity
  OVAL24827  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality
  OVAL25091  RHSA-2014:0927: qemu-kvm security and bug fix update

2014-07-15  OVAL26212  SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox
  OVAL25231  SUSE-RU-2013:0634-1 -- Recommended update for Xorg
  OVAL25898  SUSE-RU-2013:0703-2 -- Recommended update for ksh
  OVAL25815  SUSE-SU-2013:0306-1 -- Security update for Mozilla Firefox
  OVAL25349  SUSE-SU-2014:0727-1 -- Security update for Mozilla Firefox
  OVAL25341  SUSE-SU-2014:0665-2 -- Security update for Mozilla Firefox
  OVAL25916  SUSE-SU-2013:1183-1 -- Security update for xorg-x11

2014-07-14  CVE-2014-3317  Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
  CVE-2014-3319  Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.

2014-07-11  OVAL24871  Windows journal remote code execution vulnerability
  CVE-2014-3817  Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote...
  CVE-2014-3815  Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.
  CVE-2014-3816  Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before...
  CVE-2014-3819  Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4,...
  CVE-2014-3821  Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote...
  CVE-2014-3822  Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service...

2014-07-10  CVE-2014-3315  Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka...
  CVE-2014-3316  The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
  CVE-2014-3318  Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.

2014-07-09  OVAL24783  Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  OVAL24931  Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  OVAL25191  Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  CVE-2014-3309  The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka...

2014-07-02  CVE-2014-3100  Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended...

2014-07-01  CVE-2014-1325  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1345  WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
  CVE-2014-1348  Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-1349  Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.
  CVE-2014-1350  Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.
  CVE-2014-1351  Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
  CVE-2014-1352  Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
  CVE-2014-1353  Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application,...
  CVE-2014-1354  CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...
  CVE-2014-1355  The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via...
  CVE-2014-1356  Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
  CVE-2014-1357  Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
  CVE-2014-1358  Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
  CVE-2014-1359  Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
  CVE-2014-1360  Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
  CVE-2014-1361  Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive...
  CVE-2014-1362  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1363  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1364  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1365  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1366  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1367  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1368  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1382  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...

2014-06-25  CVE-2014-3299  Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.

2014-06-16  OVAL24854  ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts...
  OVAL24920  Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet
  OVAL24545  Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or...
  OVAL24909  Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct...
  OVAL24929  Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
  OVAL24682  Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file
  OVAL24621  Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.

2014-06-14  CVE-2014-3290  The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a...
  CVE-2014-3295  The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.

2014-06-13  CVE-2014-3813  Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors...
  CVE-2014-3814  The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the...

2014-06-10  CVE-2014-3287  SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL,...
  CVE-2014-3292  The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.

2014-06-08  CVE-2014-3291  Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling,...

2014-05-26  OVAL24567  SharePoint Page Content Vulnerabilities () - MS14-022

2014-05-25  CVE-2013-1191  Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management...
  CVE-2014-3284  Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.
  CVE-2014-2200  Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID...

2014-05-20  CVE-2013-6975  Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
  CVE-2014-3273  The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.
  CVE-2014-3269  The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.
  CVE-2014-3270  The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.
  CVE-2014-3271  The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.

2014-05-16  CVE-2014-3262  The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet...
  CVE-2014-3263  The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.

2014-05-15  OVAL24595  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  OVAL24605  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  OVAL24298  Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism
  OVAL24319  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  OVAL24420  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  OVAL24644  Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy

2014-05-13  CVE-2010-4832  Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate...

2014-05-07  CVE-2014-0684  Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.

2014-04-30  OVAL24683  Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

2014-04-29  CVE-2013-7373  Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
  CVE-2014-2183  The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.
  CVE-2014-2184  The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
  CVE-2014-2185  The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.

2014-04-24  CVE-2012-3946  Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the...
  CVE-2012-5723  Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

2014-04-23  CVE-2012-1366  Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
  CVE-2012-0360  Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.
  CVE-2012-1317  The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
  CVE-2012-3062  Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID...
  CVE-2012-4638  Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.
  CVE-2012-4651  Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.
  CVE-2012-4658  The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.
  CVE-2012-5014  Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.
  CVE-2012-5017  Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268.
  CVE-2012-5032  The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or...
  CVE-2012-5036  Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.
  CVE-2012-5037  The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.
  CVE-2012-5039  The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.
  CVE-2012-5044  Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
  CVE-2012-5427  Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.
  CVE-2014-1295  Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation,...
  CVE-2014-1296  CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass...
  CVE-2014-1320  IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading...

2014-04-21  OVAL24672  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
  OVAL24709  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI
  OVAL24520  Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  OVAL24676  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  OVAL24510  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
  OVAL24441  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
  OVAL23723  The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened,...
  OVAL24523  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  OVAL24712  Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols
  OVAL24502  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries

2014-04-15  CVE-2014-2842  Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.

2014-04-14  CVE-2014-0612  Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote...
  CVE-2014-0614  Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.
  CVE-2014-2711  Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3...
  CVE-2014-2712  Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before...
  CVE-2014-2713  Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of...
  CVE-2014-2714  The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows...

2014-04-11  OVAL24613  Buffer overflow vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  OVAL24368  Cross-site scripting vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  OVAL24561  Vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  OVAL24563  Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  OVAL24657  Use-after-free vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  OVAL24795  Cross-site scripting
  OVAL24066  Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  OVAL24062  Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  OVAL24659  Cross-site scripting
  OVAL24029  Cross-site scripting
  OVAL24718  RHSA-2014:0376: openssl security update
  OVAL24439  RHSA-2014:0380: flash-plugin security update

2014-04-10  CVE-2014-0160  openSSL Vulnerability: Heartbleed
  REF000672  openSSL Vulnerability: Heartbleed - unix

2014-04-07  OVAL24283  Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server
  OVAL24101  Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server

2014-04-05  CVE-2014-2144  Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.

2014-04-04  CVE-2014-2143  The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

2014-03-31  CVE-2013-6770  The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by...

2014-03-28  CVE-2014-2131  The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.

2014-03-27  OVAL24405  Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
  OVAL24141  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and...
  CVE-2014-2106  Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.
  CVE-2014-2107  Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID...
  CVE-2014-2108  Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.
  CVE-2014-2109  The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
  CVE-2014-2111  The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.
  CVE-2014-2112  The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
  CVE-2014-2113  Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet,...

2014-03-24  OVAL23928  RHSA-2014:0289: flash-plugin security update

2014-03-20  CVE-2014-2124  Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.

2014-03-19  OVAL23340  Apache Subversion vulnerability 1.8.0 through 1.8.2 in VisualSVN Server
  OVAL23940  Apache Subversion vulnerability before 1.7.15 and 1.8.x before 1.8.6 in VisualSVN Server allows remote attackers to cause a denial of service
  OVAL24294  Apache Subversion vulnerability 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 in VisualSVN Server allows remote attackers to bypass intended access restrictions and possibly cause a denial of service
  OVAL24245  Apache Subversion vulnerability 1.8.0 through 1.8.1 in VisualSVN Server allows to split "pack file" in the repository
  OVAL24277  Apache Subversion vulnerability 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4 in VisualSVN Server allows remote attackers to cause a denial of service

2014-03-17  OVAL23774  Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

2014-03-14  CVE-2013-5133  Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
  CVE-2013-6835  TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a...
  CVE-2014-2291  Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows...
  CVE-2014-2292  Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via...
  CVE-2014-1275  Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
  CVE-2014-1276  IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.
  CVE-2014-1278  The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.
  CVE-2014-1280  Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.
  CVE-2014-1281  Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a...
  CVE-2014-1282  The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.
  CVE-2014-1285  Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.
  CVE-2014-1286  SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.
  CVE-2014-1287  USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
  CVE-2014-1289  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1290  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1291  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1292  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1293  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1267  The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by...
  CVE-2014-1271  CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
  CVE-2014-1272  CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
  CVE-2014-1273  dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.
  CVE-2014-1274  FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
  CVE-2014-1294  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...

2014-03-13  OVAL22530  Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK and Compiler before 4.0.0.1390 allow attackers to bypass...
  OVAL22228  Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK and Compiler before 4.0.0.1390 allow attackers to defeat the ASLR...
  OVAL22099  Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
  OVAL22171  Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows allows attackers to read the clipboard via unspecified vectors.

2014-03-07  OVAL24162  RHSA-2014:0196: flash-plugin security update

2014-03-06  CVE-2014-0701  Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high...
  CVE-2014-0703  Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by...
  CVE-2014-0704  The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device...
  CVE-2014-0705  The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a...
  CVE-2014-0706  Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
  CVE-2014-0707  Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.

2014-03-02  CVE-2013-4710  Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a...

2014-02-26  CVE-2014-0740  Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to...
  CVE-2014-0741  The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command,...
  CVE-2014-0747  The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
  CVE-2014-0742  The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors,...
  CVE-2014-0743  The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID...

2014-02-25  OVAL22568  Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows attackers to execute...
  OVAL22201  Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows remote attackers to...
  OVAL22445  Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 do not prevent access to address information, which makes it...

2014-02-22  CVE-2014-0731  The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
  CVE-2014-1266  The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and...

2014-02-20  CVE-2014-0734  SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka...
  CVE-2014-0732  The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct...
  CVE-2014-0733  The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a...
  CVE-2014-0735  Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug...
  CVE-2014-0736  Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary...

2014-02-18  CVE-2014-2019  The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this...

2014-02-17  OVAL22065  VBScript Memory Corruption Vulnerability () - MS14-010, MS14-011

2014-02-15  REF000670  End of Windows XP support from Microsoft

2014-02-14  OVAL22390  RHSA-2014:0137: flash-plugin security update
  OVAL22092  RHSA-2014:0136: java-1.5.0-ibm security update
  OVAL22560  RHSA-2014:0135: java-1.6.0-ibm security update
  OVAL22292  RHSA-2014:0134: java-1.7.0-ibm security update

2014-02-13  CVE-2014-0723  Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
  CVE-2014-0724  The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
  CVE-2014-0725  Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.
  CVE-2014-0726  SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
  CVE-2014-0727  SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
  CVE-2014-0728  SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
  CVE-2014-0729  SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.
  CVE-2014-0722  The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka...

2014-02-05  OVAL22436  Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows allows remote attackers to execute arbitrary code via unspecified vectors

2014-02-04  CVE-2014-0686  Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

2014-01-28  OVAL22499  RHSA-2014:0028: flash-plugin security update

2014-01-23  CVE-2013-7313  The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database,...

2014-01-22  CVE-2014-0661  The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a...
  CVE-2014-0676  Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.
  CVE-2014-0677  The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

2014-01-19  CVE-2013-3594  The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.
  CVE-2013-3595  The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL.
  CVE-2013-3606  The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username.

2014-01-17  OVAL22304  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  OVAL22214  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22233  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22289  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22372  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL21384  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  OVAL22270  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22170  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22096  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22227  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22402  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE
  OVAL22200  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  OVAL21979  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE

2014-01-15  OVAL21847  RHSA-2011:0332: scsi-target-utils security update
  OVAL21627  RHSA-2011:0318: libtiff security update
  OVAL21920  RHSA-2011:0506: rdesktop security update
  OVAL21856  RHSA-2011:0337: vsftpd security update
  OVAL21813  RHSA-2011:0154: hplip security update
  OVAL21214  RHSA-2011:0310: firefox security and bug fix update
  OVAL21616  RHSA-2011:0859: cyrus-imapd security update
  OVAL21913  RHSA-2011:0918: curl security update
  OVAL21138  RHSA-2011:0197: postgresql security update
  OVAL21713  RHSA-2011:0214: java-1.6.0-openjdk security update
  OVAL21740  RHSA-2011:0845: bind security update
  OVAL21931  RHSA-2011:0281: java-1.6.0-openjdk security update
  OVAL21899  RHSA-2011:0843: postfix security update
  OVAL21165  RHSA-2011:0433: xorg-x11-server-utils security update
  OVAL21898  RHSA-2011:0305: samba security update
  OVAL21857  RHSA-2011:0206: flash-plugin security update
  OVAL21821  RHSA-2011:0391: libvirt security update
  OVAL21822  RHSA-2011:0324: logwatch security update
  OVAL21435  RHSA-2011:0885: firefox security and bug fix update
  OVAL21712  RHSA-2011:0428: dhcp security update
  OVAL21301  RHSA-2011:0862: subversion security update
  OVAL21758  RHSA-2011:0471: firefox security update
  OVAL21684  RHSA-2011:0472: nss security update
  OVAL21479  RHSA-2011:0180: pango security update
  OVAL21426  RHSA-2011:0373: firefox security update
  OVAL22006  RHSA-2011:0926: bind security update
  CVE-2014-0613  The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before...
  CVE-2014-0615  Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...
  CVE-2014-0616  Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...
  CVE-2014-0617  Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet.

2014-01-14  OVAL21011  RHSA-2012:1466: java-1.6.0-ibm security update
  OVAL21614  RHSA-2012:1465: java-1.5.0-ibm security update
  OVAL20413  RHSA-2012:0144: flash-plugin security update
  OVAL21501  RHSA-2012:1569: flash-plugin security update
  OVAL21376  RHSA-2012:0722: flash-plugin security update
  OVAL21447  RHSA-2012:1238: java-1.6.0-ibm security update
  OVAL21334  RHSA-2012:1245: java-1.5.0-ibm security update
  OVAL21162  RHSA-2012:0688: flash-plugin security update
  OVAL21404  RHSA-2012:0514: java-1.6.0-ibm security update
  OVAL21660  RHSA-2012:1431: flash-plugin security update
  OVAL21594  RHSA-2012:1346: flash-plugin security update
  OVAL21398  RHSA-2012:0508: java-1.5.0-ibm security update

2014-01-10  CVE-2014-0618  Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote...

2014-01-09  OVAL20738  Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK and Compiler before 3.9.0.1380 allow attackers to execute...
  OVAL20871  Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK and Compiler before 3.9.0.1380 allow remote attackers to...
  OVAL20796  RHSA-2013:1402: Adobe Reader - notification of end of updates
  OVAL21241  RHSA-2013:0855: java-1.5.0-ibm security update
  OVAL21078  RHSA-2013:0730: flash-plugin security update
  OVAL20801  RHSA-2013:0254: flash-plugin security update
  OVAL21151  RHSA-2013:1507: java-1.7.0-ibm security update
  OVAL20442  RHSA-2013:0150: acroread security update
  OVAL21219  RHSA-2013:1059: java-1.6.0-ibm security update
  OVAL20942  RHSA-2013:1035: flash-plugin security update
  OVAL21109  RHSA-2013:0624: java-1.5.0-ibm security update
  OVAL20642  RHSA-2013:1509: java-1.5.0-ibm security update
  OVAL21196  RHSA-2013:1081: java-1.5.0-ibm security update
  OVAL21040  RHSA-2013:0626: java-1.7.0-ibm security update
  OVAL20714  RHSA-2013:1518: flash-plugin security update
  OVAL20254  RHSA-2013:0822: java-1.7.0-ibm security update
  OVAL21009  RHSA-2013:0149: flash-plugin security update
  OVAL20926  RHSA-2013:0243: flash-plugin security update
  OVAL21131  RHSA-2013:1060: java-1.7.0-ibm security update
  OVAL20806  RHSA-2013:0643: flash-plugin security update
  OVAL21111  RHSA-2013:0823: java-1.6.0-ibm security update
  OVAL20919  RHSA-2013:1256: flash-plugin security update
  OVAL20740  RHSA-2013:0826: acroread security update
  OVAL20910  RHSA-2013:0941: flash-plugin security update
  OVAL21077  RHSA-2013:0625: java-1.6.0-ibm security update
  OVAL21201  RHSA-2013:0825: flash-plugin security update
  OVAL21240  RHSA-2013:1508: java-1.6.0-ibm security update
  OVAL21081  RHSA-2013:1818: flash-plugin security update
  OVAL20438  RHSA-2013:0574: flash-plugin security update
  OVAL21027  RHSA-2013:0551: acroread security update

2014-01-08  CVE-2014-0657  The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a...
  CVE-2013-6982  The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer...
  CVE-2014-0653  The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.
  CVE-2014-0655  The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID...

2013-12-27  CVE-2013-6981  Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

2013-12-23  CVE-2013-6979  The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source...

2013-12-21  CVE-2012-4131  Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
  CVE-2012-4135  Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
  CVE-2013-6978  The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug...

2013-12-18  CVE-2013-5196  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5197  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5198  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-4775  NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware...
  CVE-2013-4776  NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
  CVE-2013-5199  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5225  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5228  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...

2013-12-14  CVE-2013-6271  Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class...

2013-12-13  CVE-2013-6956  Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web...
  CVE-2013-6958  Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.

2013-12-12  CVE-2013-2751  Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to...
  CVE-2013-2752  Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
  CVE-2013-7030  ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential...

2013-12-10  OVAL20770  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20656  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20893  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20846  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20651  Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow remote attackers to read content from a different domain via a crafted web site
  OVAL20607  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20915  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20318  Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content
  OVAL20693  Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20632  Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors
  OVAL20035  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
  OVAL20434  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20323  Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors
  OVAL20739  Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  OVAL20589  Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows has unknown impact and attack vectors
  OVAL20395  Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20958  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20880  Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service...
  OVAL19970  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20876  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20459  Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20424  Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20963  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20925  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20873  Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL19949  Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20789  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20928  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL19994  Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20964  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20838  Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20954  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20879  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20510  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20559  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20472  Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability"
  OVAL20654  Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20674  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20934  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20859  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20148  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20556  Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs
  OVAL20772  Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  OVAL20274  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20701  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20844  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20688  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20799  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  OVAL20968  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  OVAL20892  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20840  Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors
  OVAL20904  Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL20727  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...

2013-12-05  OVAL19802  Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
  OVAL20078  Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
  OVAL19805  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20044  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20004  Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to obtain sensitive information via unspecified vectors
  OVAL20125  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20073  Integer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL20133  Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
  OVAL19930  Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL20111  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20137  Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling
  OVAL20081  The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content
  OVAL19467  Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code via crafted SWF content
  OVAL19869  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL19913  Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL19966  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL19661  Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  OVAL19410  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL19856  Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
  OVAL19427  Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  OVAL19898  Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows remote attackers to execute arbitrary code via crafted SWF content
  OVAL19629  Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL19907  Integer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19694  Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL19510  Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability...
  OVAL19528  Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  OVAL19826  Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content
  OVAL20079  Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19824  Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors
  OVAL20080  Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
  OVAL20011  Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a...
  OVAL19929  Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  OVAL20006  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20096  Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and in Adobe AIR before 3.5.0.1060, allows attackers to execute arbitrary code via unspecified vectors
  OVAL20025  Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
  OVAL19957  Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19525  Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
  OVAL19896  Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  OVAL19961  Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  OVAL20015  Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...

2013-12-03  CVE-2013-6704  Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
  CVE-2013-6705  The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.

2013-12-02  CVE-2013-6696  Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.

2013-11-28  CVE-2013-6700  The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
  CVE-2013-6706  The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.

2013-11-22  CVE-2013-6694  The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
  CVE-2013-6698  The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,...
  CVE-2013-6699  The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,...

2013-11-21  CVE-2013-6692  Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka...
  CVE-2013-6693  The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID...

2013-11-17  CVE-2013-5193  The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous...
  CVE-2013-5556  The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches...
  CVE-2013-6686  The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
  CVE-2013-6688  Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted...
  CVE-2013-6689  Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

2013-11-13  CVE-2013-5552  Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID...
  CVE-2013-6683  The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
  CVE-2013-6684  The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.

2013-11-07  CVE-2013-5553  Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
  CVE-2013-5565  The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
  CVE-2013-5566  Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.

2013-11-05  CVE-2013-6618  jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

2013-10-31  CVE-2013-5548  The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
  CVE-2013-5543  Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by...
  CVE-2013-5545  The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
  CVE-2013-5546  The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,...
  CVE-2013-5547  Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
  CVE-2013-5555  Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.

2013-10-28  CVE-2013-6012  Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote...
  CVE-2013-6014  Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when...

2013-10-24  OVAL19032  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19188  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
  OVAL18645  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL19207  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL19088  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18874  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL18733  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18990  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19150  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19185  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19002  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18894  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19020  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18436  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19101  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL19024  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL18504  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19189  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19046  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  OVAL18971  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  OVAL19096  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  CVE-2013-5549  Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6...
  CVE-2013-5522  Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.

2013-10-23  CVE-2013-5162  Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
  CVE-2013-5164  Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
  CVE-2013-5144  Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain...

2013-10-19  CVE-2013-6027  Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to...

2013-10-17  CVE-2013-4689  J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site...
  CVE-2013-6013  Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might...
  CVE-2013-6015  Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a...
  CVE-2013-6170  Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing...

2013-10-16  OVAL19136  Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
  OVAL19036  Denial of service vulnerability in Microsoft SharePoint () - MS13-067
  OVAL18750  Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067

2013-10-13  CVE-2012-4076  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
  CVE-2012-4077  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
  CVE-2012-4097  The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
  CVE-2012-4099  The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
  CVE-2012-4121  Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.

2013-10-10  CVE-2013-5499  The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
  CVE-2013-5527  The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
  CVE-2013-5528  Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug...

2013-10-05  CVE-2012-4075  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
  CVE-2012-4090  The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
  CVE-2012-4091  The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
  CVE-2012-4098  The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
  CVE-2012-4122  The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
  CVE-2012-4141  Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.

2013-10-03  CVE-2013-5519  Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

2013-10-02  OVAL18087  Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18790  Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server
  OVAL19016  OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  OVAL18999  Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  OVAL19081  OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  OVAL18889  Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  OVAL19057  Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  OVAL18154  Apache HTTP vulnerability before 2.2.21 in VisualSVN Server
  OVAL18985  OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server
  OVAL18868  OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server
  OVAL18772  Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server
  OVAL18827  Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server
  OVAL18554  Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server
  OVAL18973  Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18538  Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18967  Apache Subversion vulnerability before 1.6.16 in VisualSVN Server
  OVAL18621  Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server
  OVAL18788  Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18986  Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  OVAL18980  Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  OVAL18910  OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server
  OVAL18922  Apache Subversion vulnerability before 1.6.17 in VisualSVN Server
  OVAL18835  Apache HTTP vulnerability before 2.2.25 in VisualSVN Server
  OVAL19039  OpenSSL vulnerability before 1.0.0c in VisualSVN Server
  OVAL19007  Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server
  CVE-2013-5503  The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.

2013-09-30  CVE-2013-5516  The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka...

2013-09-27  OVAL18997  The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
  CVE-2013-5160  Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button...
  CVE-2013-5161  Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened...
  CVE-2013-5472  The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of...
  CVE-2013-5473  Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
  CVE-2013-5474  Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug...
  CVE-2013-5475  Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID...
  CVE-2013-5476  The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID...
  CVE-2013-5477  The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
  CVE-2013-5478  Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
  CVE-2013-5479  The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
  CVE-2013-5480  The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
  CVE-2013-5481  The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
  CVE-2013-5498  The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.

2013-09-19  CVE-2013-5147  Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of...
  CVE-2013-5149  The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification...
  CVE-2013-5150  The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
  CVE-2013-5159  WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
  CVE-2011-2391  The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
  CVE-2013-0957  Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
  CVE-2013-1121  The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
  CVE-2013-1036  Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
  CVE-2013-1037  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1038  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1039  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1040  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1041  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1042  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1043  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1044  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1045  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1046  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1047  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5125  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5126  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5127  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5128  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5129  Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
  CVE-2013-5131  Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  CVE-2013-5137  IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
  CVE-2013-5138  IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
  CVE-2013-5139  The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
  CVE-2013-5140  The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
  CVE-2013-5141  The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer...
  CVE-2013-5142  The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
  CVE-2013-5145  kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
  CVE-2013-5151  Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
  CVE-2013-5152  Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
  CVE-2013-5153  Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
  CVE-2013-5154  The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a...
  CVE-2013-5155  The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
  CVE-2013-5156  The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct...
  CVE-2013-5157  The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
  CVE-2013-5158  The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified...

2013-09-16  CVE-2013-1025  Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
  CVE-2013-1026  Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
  CVE-2013-1028  The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive...
  CVE-2013-5496  Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.

2013-09-13  CVE-2013-5649  Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary...

2013-09-07  CVE-2013-3458  Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID...

2013-08-30  CVE-2013-3474  The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or...
  CVE-2013-5469  The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN...

2013-08-29  CVE-2013-3463  The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use...
  CVE-2013-3470  The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
  CVE-2013-3472  Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,...

2013-08-24  CVE-2013-3460  Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka...
  CVE-2013-3461  Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,...
  CVE-2013-3462  Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified...
  CVE-2013-3459  Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.

2013-08-22  CVE-2013-3453  Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP...

2013-08-19  OVAL18318  Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066

2013-08-13  CVE-2013-3464  Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C...

2013-08-12  CVE-2013-4806  The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link...

2013-08-08  CVE-2013-3454  Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the...

2013-08-05  CVE-2013-3442  The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
  CVE-2013-3450  Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
  CVE-2013-3451  Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug...

2013-08-01  CVE-2012-5460  Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText...

2013-07-30  OVAL16978  Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a...
  OVAL17298  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17144  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16826  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16843  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17170  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17488  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17048  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17167  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16938  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17575  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17427  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17327  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17246  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17207  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17297  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16788  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17486  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17572  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17394  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17377  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17299  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17326  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17413  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17466  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16919  CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)...
  OVAL17359  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17302  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17473  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17357  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17458  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17483  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17288  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17272  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17516  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17372  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17530  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17104  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17018  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17220  Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
  OVAL17435  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17621  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17407  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17340  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16768  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17247  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17355  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16568  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17136  Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning
  OVAL17016  Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist
  OVAL16780  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17081  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16726  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17009  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17559  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17539  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17212  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16756  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16983  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17438  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17161  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17070  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL16488  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17384  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17138  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17367  Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium...
  OVAL17237  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17123  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17548  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL16865  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16941  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17168  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17163  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17400  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL16994  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17605  Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate
  OVAL16907  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  OVAL17331  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17419  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL16784  Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream
  OVAL16871  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17319  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17336  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  OVAL17446  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17250  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17397  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  OVAL17334  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  OVAL17224  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...