LanGuard reports



Supported OVAL/CVE Bulletins

Date Bulletin ID Title

2023-11-29  CVE-2023-6346  Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-11-21  CVE-2023-6207  Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
  CVE-2023-6213  Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.
  CVE-2023-6205  It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

2023-10-25  CVE-2023-5722  Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.
  CVE-2023-5721  It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
  CVE-2023-5728  During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
  CVE-2023-5724  Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
  CVE-2023-5723  An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.
  CVE-2023-5732  An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
  CVE-2023-5729  A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.
  CVE-2023-5725  A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

2023-10-05  CVE-2023-5346  Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-09-28  CVE-2023-5186  Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction.
  CVE-2023-5217  Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-09-12  CVE-2023-4863  Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

2023-09-11  CVE-2023-4580  Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

2023-09-05  CVE-2023-4762  Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
  CVE-2023-4761  Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.

2023-08-29  CVE-2023-4572  Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-08-25  CVE-2022-4452  Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
  CVE-2019-13689  Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file.

2023-08-23  CVE-2023-4430  Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4429  Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4427  Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
  CVE-2023-4431  Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
  CVE-2023-4428  Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

2023-08-15  CVE-2023-2312  Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4351  Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4366  Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4358  Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4349  Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4356  Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4352  Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4355  Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4357  Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page.
  CVE-2023-4363  Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page.
  CVE-2023-4364  Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
  CVE-2023-4365  Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
  CVE-2023-4350  Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox
  CVE-2023-4360  Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page.
  CVE-2023-4361  Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page.
  CVE-2023-4359  Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page.
  CVE-2023-4354  Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-4353  Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-08-01  CVE-2023-32681  RHSA-2023:4350: python-requests security update
  CVE-2023-28484,CVE-2023-29469  RHSA-2023:4349: libxml2 security update

2023-07-31  CVE-2023-30581,CVE-2023-30588,CVE-2023-30589,CVE-2023-30590  RHSA-2023:4331: nodejs security, bug fix, and enhancement update
  CVE-2023-3347  RHSA-2023:4325: samba security and bug fix update

2023-07-20  CVE-2023-22045,CVE-2023-22049  RHSA-2023:4178: java-1.8.0-openjdk security and bug fix update
  CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193  RHSA-2023:4177: java-17-openjdk security and bug fix update
  CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193  RHSA-2023:4158: java-11-openjdk security and bug fix update

2023-07-18  CVE-2023-32435,CVE-2023-32439,CVE-2023-37450  RHSA-2023:4201: webkit2gtk3 security update

2023-07-17  CVE-2023-2828  RHSA-2023:4099: bind security update

2023-07-13  CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211  RHSA-2023:4071: firefox security update
  CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211  RHSA-2023:4064: thunderbird security update
  CVE-2023-33170  RHSA-2023:4060: .NET 6.0 security, bug fix, and enhancement update
  CVE-2023-33170  RHSA-2023:4057: .NET 7.0 security, bug fix, and enhancement update

2023-07-12  CVE-2023-3128  RHSA-2023:4030: grafana security update

2023-05-16  CVE-2023-2721  Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2725  Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2723  Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2722  Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2724  Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2726  Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page.

2023-05-03  CVE-2023-2466  Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page.
  CVE-2023-2462  Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page.
  CVE-2023-2459  Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page.
  CVE-2023-2467  Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page.
  CVE-2023-2468  Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page.
  CVE-2023-2463  Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox

2023-04-19  CVE-2023-2135  Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2134  Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-2137  Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-04-14  CVE-2023-2033  Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-04-04  CVE-2023-1818  Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1811  Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1393  RHSA-2023:1594: tigervnc and xorg-x11-server security update
  CVE-2023-25690  RHSA-2023:1593: httpd security update
  CVE-2023-1393  RHSA-2023:1592: tigervnc security update
  CVE-2023-28154  RHSA-2023:1591: pcs security update
  CVE-2023-1819  Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
  CVE-2023-1812  Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
  CVE-2023-1814  Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page.
  CVE-2023-1817  Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
  CVE-2023-1816  Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page.
  CVE-2023-1822  Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
  CVE-2023-1821  Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox
  CVE-2023-1823  Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
  CVE-2023-1813  Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page.
  CVE-2023-1810  Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

2023-03-21  CVE-2023-1533  Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1530  Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1528  Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1531  Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1532  Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-1534  Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

2023-03-02  CISEC:9468  Multiple vulnerabilities on Adobe Animate 2022, Adobe Animate 2023
  CISEC:9470  Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability.

2023-03-01  CISEC:9466  Multiple vulnerabilities on Adobe Media Encoder
  CISEC:9469  Multiple vulnerabilities on Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1
  CISEC:9471  Multiple vulnerabilites on Photoshop version 23.5.3
  CISEC:9467  Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability.
  CISEC:9472  Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability.

2023-02-22  CVE-2023-0927  Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0929  Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0931  Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0928  Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0941  Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0933  Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
  CVE-2023-0930  Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2023-02-07  CVE-2023-0699  Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown.
  CVE-2023-0696  Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0703  Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions.
  CVE-2023-0698  Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
  CVE-2023-0705  Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page.
  CVE-2023-0704  Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page.
  CVE-2023-0697  Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page.
  CVE-2023-0700  Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox
  CVE-2023-0701  Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction .

2022-11-01  CVE-2022-3661  Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension.

2022-07-22  CISEC:9448  Windows SMB Denial of Service Vulnerability
  CISEC:9439  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9462  Windows Network File System Remote Code Execution Vulnerability
  CISEC:9454  Windows Network Address Translation (NAT) Denial of Service Vulnerability
  CISEC:9440  Windows Media Center Elevation of Privilege Vulnerability
  CISEC:9458  Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9436  Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9438  Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9441  Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9442  Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9445  Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9453  Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  CISEC:9461  Windows Kernel Information Disclosure Vulnerability
  CISEC:9437  Windows Kernel Denial of Service Vulnerability
  CISEC:9456  Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9446  Windows iSCSI Discovery Service Remote Code Execution Vulnerability
  CISEC:9455  Windows Installer Elevation of Privilege Vulnerability
  CISEC:9465  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9457  Windows File History Remote Code Execution Vulnerability
  CISEC:9452  Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
  CISEC:9443  Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability
  CISEC:9449  Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:9463  Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
  CISEC:9451  Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability
  CISEC:9447  Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:9450  Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
  CISEC:9459  Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
  CISEC:9460  Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability
  CISEC:9444  Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
  CISEC:9464  Kerberos AppContainer Security Feature Bypass Vulnerability

2022-06-17  CISEC:9390  Windows WLAN AutoConfig Service Information Disclosure Vulnerability
  CISEC:9414  Windows WLAN AutoConfig Service Denial of Service Vulnerability
  CISEC:9378  Windows Server Service Information Disclosure Vulnerability
  CISEC:9406  Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:9376  Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:9396  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9393  Windows Push Notifications Apps Elevation of Privilege Vulnerability
  CISEC:9409  Windows Print Spooler Information Disclosure Vulnerability
  CISEC:9375  Windows Print Spooler Information Disclosure Vulnerability
  CISEC:9413  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9425  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9387  Windows PlayToManager Elevation of Privilege Vulnerability
  CISEC:9386  Windows NTFS Information Disclosure Vulnerability
  CISEC:9417  Windows Network File System Remote Code Execution Vulnerability
  CISEC:9397  Windows LSA Spoofing Vulnerability
  CISEC:9410  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9381  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9398  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9400  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9402  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9422  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9423  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9424  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9432  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9433  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9434  Windows Kernel Information Disclosure Vulnerability
  CISEC:9427  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9430  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9431  Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9389  Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
  CISEC:9421  Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:9426  Windows Hyper-V Denial of Service Vulnerability
  CISEC:9374  Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:9412  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:9394  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:9418  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:9416  Windows Fax Service Remote Code Execution Vulnerability
  CISEC:9405  Windows Failover Cluster Information Disclosure Vulnerability
  CISEC:9382  Windows Digital Media Receiver Elevation of Privilege Vulnerability
  CISEC:9404  Windows Clustered Shared Volume Information Disclosure Vulnerability
  CISEC:9419  Windows Clustered Shared Volume Information Disclosure Vulnerability
  CISEC:9428  Windows Clustered Shared Volume Information Disclosure Vulnerability
  CISEC:9429  Windows Clustered Shared Volume Information Disclosure Vulnerability
  CISEC:9379  Windows Clustered Shared Volume Elevation of Privilege Vulnerability
  CISEC:9383  Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
  CISEC:9401  Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
  CISEC:9420  Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability
  CISEC:9403  Windows Authentication Security Feature Bypass Vulnerability
  CISEC:9377  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9388  Windows Address Book Remote Code Execution Vulnerability
  CISEC:9435  Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
  CISEC:9384  Storage Spaces Direct Elevation of Privilege Vulnerability
  CISEC:9385  Storage Spaces Direct Elevation of Privilege Vulnerability
  CISEC:9407  Storage Spaces Direct Elevation of Privilege Vulnerability
  CISEC:9380  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9391  Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:9411  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9392  Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
  CISEC:9395  Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
  CISEC:9415  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:9399  BitLocker Security Feature Bypass Vulnerability
  CISEC:9408  Active Directory Domain Services Elevation of Privilege Vulnerability

2022-05-27  CISEC:9302  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:9327  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:9309  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:9303  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:9360  Windows Telephony Server Elevation of Privilege Vulnerability
  CISEC:9328  Windows SMB Remote Code Execution Vulnerability
  CISEC:9316  Windows Server Service Remote Code Execution Vulnerability
  CISEC:9279  Windows Secure Channel Denial of Service Vulnerability
  CISEC:9369  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9373  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9282  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9322  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9323  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9329  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9280  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9292  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9296  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9298  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9304  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9306  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9342  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9343  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9368  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9355  Windows Network File System Remote Code Execution Vulnerability
  CISEC:9278  Windows Network File System Remote Code Execution Vulnerability
  CISEC:9308  Windows Local Security Authority (LSA) Remote Code Execution Vulnerability
  CISEC:9281  Windows LDAP Remote Code Execution Vulnerability
  CISEC:9365  Windows LDAP Denial of Service Vulnerability
  CISEC:9325  Windows Kernel Information Disclosure Vulnerability
  CISEC:9276  Windows Kerberos Remote Code Execution Vulnerability
  CISEC:9354  Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9334  Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9351  Windows iSCSI Target Service Information Disclosure Vulnerability
  CISEC:9312  Windows Installer Elevation of Privilege Vulnerability
  CISEC:9361  Windows Installer Elevation of Privilege Vulnerability
  CISEC:9370  Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
  CISEC:9324  Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
  CISEC:9314  Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
  CISEC:9340  Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
  CISEC:9277  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9286  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9295  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9358  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9336  Windows Hyper-V Denial of Service Vulnerability
  CISEC:9362  Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:9359  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:9284  Windows File Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:9363  Windows File Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:9357  Windows File Explorer Elevation of Privilege Vulnerability
  CISEC:9294  Windows Fax Compose Form Remote Code Execution Vulnerability
  CISEC:9345  Windows Fax Compose Form Remote Code Execution Vulnerability
  CISEC:9367  Windows Fax Compose Form Remote Code Execution Vulnerability
  CISEC:9349  Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability
  CISEC:9310  Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9372  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9289  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9326  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9290  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9297  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9301  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9315  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9318  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9319  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9320  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9330  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9333  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9337  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9338  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9341  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9347  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9364  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9344  Windows DNS Server Information Disclosure Vulnerability
  CISEC:9331  Windows Direct Show - Remote Code Execution Vulnerability
  CISEC:9288  Windows Digital Media Receiver Elevation of Privilege Vulnerability
  CISEC:9285  Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:9287  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9348  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9307  Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
  CISEC:9313  Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
  CISEC:9317  Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
  CISEC:9300  Windows Bluetooth Driver Elevation of Privilege Vulnerability
  CISEC:9335  Windows AppX Package Manager Elevation of Privilege Vulnerability
  CISEC:9371  Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:9353  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9356  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9311  Win32k Elevation of Privilege Vulnerability
  CISEC:9283  Win32 Stream Enumeration Remote Code Execution Vulnerability
  CISEC:9291  Win32 Stream Enumeration Remote Code Execution Vulnerability
  CISEC:9366  Win32 File Enumeration Remote Code Execution Vulnerability
  CISEC:9321  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9352  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9305  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9332  Remote Desktop Protocol Remote Code Execution Vulnerability
  CISEC:9299  PowerShell Elevation of Privilege Vulnerability
  CISEC:9293  Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
  CISEC:9350  Local Security Authority (LSA) Elevation of Privilege Vulnerability
  CISEC:9275  DiskUsage.exe Remote Code Execution Vulnerability
  CISEC:9346  Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
  CISEC:9339  Cluster Client Failover (CCF) Elevation of Privilege Vulnerability

2022-05-18  CVE-2022-22965  Spring4Shell - Windows
  CVE-2022-22965  Spring4Shell - Unix

2022-04-15  CISEC:9258  Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability
  CISEC:9273  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:9246  Windows SMBv3 Client/Server Remote Code Execution Vulnerability
  CISEC:9271  Windows Security Support Provider Interface Elevation of Privilege Vulnerability
  CISEC:9250  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9256  Windows PDEV Elevation of Privilege Vulnerability
  CISEC:9263  Windows NT OS Kernel Elevation of Privilege Vulnerability
  CISEC:9267  Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
  CISEC:9266  Windows Media Center Update Denial of Service Vulnerability
  CISEC:9268  Windows Installer Elevation of Privilege Vulnerability
  CISEC:9247  Windows Inking COM Elevation of Privilege Vulnerability
  CISEC:9272  Windows Hyper-V Denial of Service Vulnerability
  CISEC:9270  Windows HTML Platforms Security Feature Bypass Vulnerability
  CISEC:9251  Windows Fax and Scan Service Elevation of Privilege Vulnerability
  CISEC:9265  Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
  CISEC:9253  Windows Event Tracing Remote Code Execution Vulnerability
  CISEC:9243  Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9261  Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9245  Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:9255  Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:9252  Windows CD-ROM Driver Elevation of Privilege Vulnerability
  CISEC:9260  Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:9244  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9254  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9257  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:9264  Tablet Windows User Interface Application Elevation of Privilege Vulnerability
  CISEC:9274  Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:9262  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9269  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9248  Point-to-Point Tunneling Protocol Denial of Service Vulnerability
  CISEC:9249  Media Foundation Information Disclosure Vulnerability
  CISEC:9259  Media Foundation Information Disclosure Vulnerability

2022-03-18  CISEC:9229  Windows User Account Profile Picture Denial of Service Vulnerability
  CISEC:9241  Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:9227  Windows Runtime Remote Code Execution Vulnerability
  CISEC:9226  Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:9214  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9209  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9230  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9231  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9235  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9221  Windows Mobile Device Management Remote Code Execution Vulnerability
  CISEC:9234  Windows Mobile Device Management Elevation of Privilege Vulnerability
  CISEC:9239  Windows Kernel Information Disclosure Vulnerability
  CISEC:9215  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9236  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9240  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:9213  Windows Hyper-V Denial of Service Vulnerability
  CISEC:9223  Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9220  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:9225  Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:9212  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9238  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9222  Windows Common Log File System Driver Denial of Service Vulnerability
  CISEC:9232  Win32k Elevation of Privilege Vulnerability
  CISEC:9233  Win32k Elevation of Privilege Vulnerability
  CISEC:9237  Roaming Security Rights Management Services Remote Code Execution Vulnerability
  CISEC:9228  Named Pipe File System Elevation of Privilege Vulnerability

2022-03-04  CISEC:9137  Workstation Service Remote Protocol Security Feature Bypass Vulnerability
  CISEC:9129  Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
  CISEC:9190  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:9155  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:9142  Windows UI Immersive Server API Elevation of Privilege Vulnerability
  CISEC:9157  Windows System Launcher Elevation of Privilege Vulnerability
  CISEC:9161  Windows Storage Elevation of Privilege Vulnerability
  CISEC:9187  Windows StateRepository API Server file Elevation of Privilege Vulnerability
  CISEC:9189  Windows Security Center API Remote Code Execution Vulnerability
  CISEC:9184  Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9186  Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9198  Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9144  Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9136  Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9149  Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9162  Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9176  Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
  CISEC:9191  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9131  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9207  Windows Push Notifications Apps Elevation Of Privilege Vulnerability
  CISEC:9183  Windows Modern Execution Server Remote Code Execution Vulnerability
  CISEC:9196  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9126  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9173  Windows Kerberos Elevation of Privilege Vulnerability
  CISEC:9166  Windows Installer Elevation of Privilege Vulnerability
  CISEC:9192  Windows IKE Extension Remote Code Execution Vulnerability
  CISEC:9185  Windows IKE Extension Denial of Service Vulnerability
  CISEC:9193  Windows IKE Extension Denial of Service Vulnerability
  CISEC:9160  Windows IKE Extension Denial of Service Vulnerability
  CISEC:9168  Windows IKE Extension Denial of Service Vulnerability
  CISEC:9178  Windows IKE Extension Denial of Service Vulnerability
  CISEC:9140  Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:9177  Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:9143  Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:9201  Windows Hyper-V Denial of Service Vulnerability
  CISEC:9188  Windows Geolocation Service Remote Code Execution Vulnerability
  CISEC:9133  Windows GDI+ Information Disclosure Vulnerability
  CISEC:9169  Windows GDI+ Information Disclosure Vulnerability
  CISEC:9204  Windows GDI Information Disclosure Vulnerability
  CISEC:9146  Windows GDI Elevation of Privilege Vulnerability
  CISEC:9154  Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
  CISEC:9174  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:9171  Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
  CISEC:9147  Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9158  Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9175  Windows DWM Core Library Elevation of Privilege Vulnerability
  CISEC:9167  Windows Devices Human Interface Elevation of Privilege Vulnerability
  CISEC:9199  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9203  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9159  Windows Cleanup Manager Elevation of Privilege Vulnerability
  CISEC:9151  Windows Certificate Spoofing Vulnerability
  CISEC:9163  Windows Bind Filter Driver Elevation of Privilege Vulnerability
  CISEC:9200  Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
  CISEC:9170  Windows Application Model Core API Elevation of Privilege Vulnerability
  CISEC:9197  Windows AppContracts API Server Elevation of Privilege Vulnerability
  CISEC:9152  Windows Accounts Control Elevation of Privilege Vulnerability
  CISEC:9132  Win32k Information Disclosure Vulnerability
  CISEC:9127  Win32k Elevation of Privilege Vulnerability
  CISEC:9179  Virtual Machine IDE Drive Elevation of Privilege Vulnerability
  CISEC:9134  Tile Data Repository Elevation of Privilege Vulnerability
  CISEC:9181  Task Flow Data Engine Elevation of Privilege Vulnerability
  CISEC:9180  Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
  CISEC:9206  Storage Spaces Controller Information Disclosure Vulnerability
  CISEC:9156  Secure Boot Security Feature Bypass Vulnerability
  CISEC:9139  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:9153  Remote Desktop Protocol Remote Code Execution Vulnerability
  CISEC:9135  Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
  CISEC:9208  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9145  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9172  Open Source Curl Remote Code Execution Vulnerability
  CISEC:9164  Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
  CISEC:9195  Microsoft Cryptographic Services Elevation of Privilege Vulnerability
  CISEC:9205  Microsoft Cluster Port Driver Elevation of Privilege Vulnerability
  CISEC:9148  Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
  CISEC:9182  Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass
  CISEC:9165  Libarchive Remote Code Execution Vulnerability
  CISEC:9141  HTTP Protocol Stack Remote Code Execution Vulnerability
  CISEC:9128  DirectX Graphics Kernel Remote Code Execution Vulnerability
  CISEC:9150  DirectX Graphics Kernel Remote Code Execution Vulnerability
  CISEC:9138  DirectX Graphics Kernel File Denial of Service Vulnerability
  CISEC:9130  Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:9202  Clipboard User Service Elevation of Privilege Vulnerability
  CISEC:9194  Active Directory Domain Services Elevation of Privilege Vulnerability

2022-01-14  CISEC:9100  Windows TCP/IP Driver Elevation of Privilege Vulnerability
  CISEC:9110  Windows Setup Elevation of Privilege Vulnerability
  CISEC:9096  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:9098  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:9107  Windows Recovery Environment Agent Elevation of Privilege Vulnerability
  CISEC:9105  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:9097  Windows NTFS Elevation of Privilege Vulnerability
  CISEC:9112  Windows NTFS Elevation of Privilege Vulnerability
  CISEC:9122  Windows NTFS Elevation of Privilege Vulnerability
  CISEC:9123  Windows Media Center Elevation of Privilege Vulnerability
  CISEC:9101  Windows Kernel Information Disclosure Vulnerability
  CISEC:9103  Windows Installer Elevation of Privilege Vulnerability
  CISEC:9104  Windows Hyper-V Denial of Service Vulnerability
  CISEC:9099  Windows Fax Service Remote Code Execution Vulnerability
  CISEC:9117  Windows Event Tracing Remote Code Execution Vulnerability
  CISEC:9115  Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
  CISEC:9094  Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
  CISEC:9121  Windows Digital TV Tuner Elevation of Privilege Vulnerability
  CISEC:9118  Windows Digital Media Receiver Elevation of Privilege Vulnerability
  CISEC:9109  Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:9106  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9108  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9120  SymCrypt Denial of Service Vulnerability
  CISEC:9102  Storage Spaces Controller Information Disclosure Vulnerability
  CISEC:9116  Storage Spaces Controller Information Disclosure Vulnerability
  CISEC:9125  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9095  NTFS Set Short Name Elevation of Privilege Vulnerability
  CISEC:9119  Microsoft Message Queuing Information Disclosure Vulnerability
  CISEC:9124  Microsoft Message Queuing Information Disclosure Vulnerability
  CISEC:9113  Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability
  CISEC:9111  iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution
  CISEC:9114  DirectX Graphics Kernel File Denial of Service Vulnerability

2021-12-21  CVE-2021-45105  Log4j: multiple vulnerabilities - Windows

2021-12-20  CVE-2021-45105  Log4j: multiple vulnerabilities - Linux

2021-12-10  CISEC:9071  Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:9090  Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:9092  Windows NTFS Remote Code Execution Vulnerability
  CISEC:9068  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:9081  Windows Installer Elevation of Privilege Vulnerability
  CISEC:9077  Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
  CISEC:9079  Windows Hyper-V Denial of Service Vulnerability
  CISEC:9083  Windows Hello Security Feature Bypass Vulnerability
  CISEC:9093  Windows Feedback Hub Elevation of Privilege Vulnerability
  CISEC:9080  Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
  CISEC:9063  Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:9076  Windows Denial of Service Vulnerability
  CISEC:9074  Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
  CISEC:9067  Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:9088  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:9062  NTFS Elevation of Privilege Vulnerability
  CISEC:9078  NTFS Elevation of Privilege Vulnerability
  CISEC:9084  NTFS Elevation of Privilege Vulnerability
  CISEC:9086  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:9066  Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
  CISEC:9061  Microsoft COM for Windows Remote Code Execution Vulnerability
  CISEC:9089  Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
  CISEC:9069  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:9065  Active Directory Domain Services Elevation of Privilege Vulnerability
  CISEC:9070  Active Directory Domain Services Elevation of Privilege Vulnerability
  CISEC:9072  Active Directory Domain Services Elevation of Privilege Vulnerability
  CISEC:9087  Active Directory Domain Services Elevation of Privilege Vulnerability

2021-11-19  CISEC:9023  Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 21.007.20095 (and earlier), Acrobat 2020 and Acrobat Reader 2020 version 20.004.30015 (and earlier), Acrobat 2017 and Acrobat Reader 2017 version...
  CISEC:9022  Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 21.005.20060 (and earlier), Acrobat 2020 and Acrobat Reader 2020 version 20.004.30006 (and earlier), Acrobat 2017 and Acrobat Reader 2017 version...

2021-11-12  CISEC:8988  Windows Text Shaping Remote Code Execution Vulnerability
  CISEC:9018  Windows TCP/IP Denial of Service Vulnerability
  CISEC:9006  Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
  CISEC:9014  Windows Print Spooler Spoofing Vulnerability
  CISEC:8994  Windows Print Spooler Information Disclosure Vulnerability
  CISEC:8979  Windows Nearby Sharing Elevation of Privilege Vulnerability
  CISEC:9012  Windows NAT Denial of Service Vulnerability
  CISEC:8992  Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8995  Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
  CISEC:9007  Windows Media Audio Decoder Remote Code Execution Vulnerability
  CISEC:8996  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8984  Windows Installer Spoofing Vulnerability
  CISEC:9004  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:8985  Windows HTTP.sys Elevation of Privilege Vulnerability
  CISEC:8986  Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:9021  Windows Fast FAT File System Driver Information Disclosure Vulnerability
  CISEC:8980  Windows Fast FAT File System Driver Information Disclosure Vulnerability
  CISEC:9017  Windows exFAT File System Information Disclosure Vulnerability
  CISEC:9008  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:9002  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8989  Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:9001  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9015  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9016  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:9011  Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
  CISEC:8999  Windows Bind Filter Driver Information Disclosure Vulnerability
  CISEC:8982  Windows AppX Deployment Service Elevation of Privilege Vulnerability
  CISEC:9013  Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
  CISEC:8993  Windows AppContainer Elevation Of Privilege Vulnerability
  CISEC:8981  Windows AD FS Security Feature Bypass Vulnerability
  CISEC:8998  Win32k Elevation of Privilege Vulnerability
  CISEC:9000  Win32k Elevation of Privilege Vulnerability
  CISEC:8983  Win32k Elevation of Privilege Vulnerability
  CISEC:9003  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:9010  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:9020  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8978  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8987  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8991  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:9005  Microsoft DWM Core Library Elevation of Privilege Vulnerability
  CISEC:8990  DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:8997  Console Window Host Security Feature Bypass Vulnerability
  CISEC:9009  Active Directory Security Feature Bypass Vulnerability
  CISEC:9019  Active Directory Federation Server Spoofing Vulnerability

2021-10-22  CISEC:8975  Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
  CISEC:8949  Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
  CISEC:8948  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:8976  Windows Storage Information Disclosure Vulnerability
  CISEC:8968  Windows SMB Information Disclosure Vulnerability
  CISEC:8973  Windows SMB Information Disclosure Vulnerability
  CISEC:8965  Windows SMB Elevation of Privilege Vulnerability
  CISEC:8977  Windows Scripting Engine Memory Corruption Vulnerability
  CISEC:8962  Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
  CISEC:8963  Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
  CISEC:8969  Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
  CISEC:8971  Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
  CISEC:8956  Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8942  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8964  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8974  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8966  Windows Key Storage Provider Security Feature Bypass Vulnerability
  CISEC:8945  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8959  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8960  Windows Installer Information Disclosure Vulnerability
  CISEC:8967  Windows Installer Denial of Service Vulnerability
  CISEC:8947  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8958  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8961  Windows DNS Elevation of Privilege Vulnerability
  CISEC:8943  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8944  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8951  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8952  Windows Bind Filter Driver Elevation of Privilege Vulnerability
  CISEC:8950  Windows Authenticode Spoofing Vulnerability
  CISEC:8953  Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
  CISEC:8954  Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:8972  Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:8946  Win32k Elevation of Privilege Vulnerability
  CISEC:8970  Win32k Elevation of Privilege Vulnerability
  CISEC:8957  Microsoft Windows Update Client Elevation of Privilege Vulnerability
  CISEC:8941  Microsoft MSHTML Remote Code Execution Vulnerability
  CISEC:8955  BitLocker Security Feature Bypass Vulnerability

2021-10-08  CISEC:8937  Multiple vulnerabilities on Creative Cloud Desktop Application versions 4.6.1 and earlier
  CISEC:8938  Multiple vulnerabilities on Adobe Media Encoder versions 13.1 and earlier
  CISEC:8939  Multiple vulnerabilities on Adobe Digital Editions versions 4.5.10 and below
  CISEC:8940  Creative Cloud Desktop Application

2021-09-24  CISEC:8935  Multiple vulnerabilities on Creative Cloud Desktop Application versions 5.1 and earlier
  CISEC:8934  Multiple vulnerabilities on Adobe Media Encoder versions 14.2 and earlier
  CISEC:8933  Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration

2021-09-17  CISEC:8929  Multiple vulnerabilities on Creative Cloud Desktop Application version 5.3
  CISEC:8931  Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2020.009.20074?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.001.30002, Acrobat 2017 and Acrobat Reader 2017 version...
  CISEC:8922  InCopy version 15.1.1
  CISEC:8925  Adobe Prelude version 9.0.1
  CISEC:8924  Adobe Lightroom Classic version 10.0
  CISEC:8927  Adobe Illustrator version 25.0

2021-09-10  CISEC:8903  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:8915  Windows User Account Profile Picture Elevation of Privilege Vulnerability
  CISEC:8899  Windows Update Medic Service Elevation of Privilege Vulnerability
  CISEC:8909  Windows TCP/IP Remote Code Execution Vulnerability
  CISEC:8894  Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
  CISEC:8895  Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:8902  Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:8911  Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:8914  Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
  CISEC:8908  Windows Recovery Environment Agent Elevation of Privilege Vulnerability
  CISEC:8898  Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8900  Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8913  Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8916  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8912  Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8897  Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
  CISEC:8906  Windows LSA Spoofing Vulnerability
  CISEC:8920  Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:8907  Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
  CISEC:8893  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8905  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8921  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8917  Windows Elevation of Privilege Vulnerability
  CISEC:8919  Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
  CISEC:8896  Windows Cryptographic Primitives Library Information Disclosure Vulnerability
  CISEC:8918  Windows Bluetooth Driver Elevation of Privilege Vulnerability
  CISEC:8904  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8910  Scripting Engine Memory Corruption Vulnerability
  CISEC:8901  Remote Desktop Client Remote Code Execution Vulnerability

2021-08-27  CISEC:8885  Multiple vulnerabilities on Illustrator 2021 version 25.2.3 and?earlier?versions
  CISEC:8890  Multiple vulnerabilities on Adobe Bridge version 11.0.2 and earlier versions
  CISEC:8888  Multiple vulnerabilities on Adobe Animate version 21.0.6 and?earlier versions
  CISEC:8891  Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2021.005.20054?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.004.30005 and earlier versions, Acrobat 2017 and Acrobat Reader...
  CISEC:8892  Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2021.001.20155?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.001.30025 and earlier versions, Acrobat 2017 and Acrobat Reader...
  CISEC:8887  Adobe Robohelp version 2020.0.3
  CISEC:8889  Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file (CVE-2021-28548, CVE-2021-28549).

2021-08-13  CISEC:8815  Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8817  Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8837  Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8791  Windows SMB Information Disclosure Vulnerability
  CISEC:8826  Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability
  CISEC:8806  Windows Secure Kernel Mode Security Feature Bypass Vulnerability
  CISEC:8824  Windows Remote Assistance Information Disclosure Vulnerability
  CISEC:8839  Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:8840  Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:8858  Windows Remote Access Connection Manager Information Disclosure Vulnerability
  CISEC:8866  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:8823  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:8827  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:8836  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
  CISEC:8844  Windows Projected File System Elevation of Privilege Vulnerability
  CISEC:8860  Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8796  Windows Partition Management Driver Elevation of Privilege Vulnerability
  CISEC:8868  Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8789  Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8813  Windows Media Remote Code Execution Vulnerability
  CISEC:8829  Windows LSA Security Feature Bypass Vulnerability
  CISEC:8838  Windows LSA Denial of Service Vulnerability
  CISEC:8797  Windows Key Distribution Center Information Disclosure Vulnerability
  CISEC:8853  Windows Kernel Remote Code Execution Vulnerability
  CISEC:8870  Windows Kernel Remote Code Execution Vulnerability
  CISEC:8825  Windows Kernel Memory Information Disclosure Vulnerability
  CISEC:8816  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8828  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8833  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8846  Windows InstallService Elevation of Privilege Vulnerability
  CISEC:8834  Windows Installer Spoofing Vulnerability
  CISEC:8805  Windows Installer Elevation of Privilege Vulnerability
  CISEC:8848  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:8832  Windows Hyper-V Denial of Service Vulnerability
  CISEC:8798  Windows Hyper-V Denial of Service Vulnerability
  CISEC:8831  Windows HTML Platforms Security Feature Bypass Vulnerability
  CISEC:8859  Windows Hello Security Feature Bypass Vulnerability
  CISEC:8863  Windows GDI Information Disclosure Vulnerability
  CISEC:8862  Windows GDI Elevation of Privilege Vulnerability
  CISEC:8793  Windows Font Driver Host Remote Code Execution Vulnerability
  CISEC:8812  Windows File History Service Elevation of Privilege Vulnerability
  CISEC:8865  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8807  Windows DNS Snap-in Remote Code Execution Vulnerability
  CISEC:8822  Windows DNS Snap-in Remote Code Execution Vulnerability
  CISEC:8842  Windows DNS Snap-in Remote Code Execution Vulnerability
  CISEC:8787  Windows DNS Snap-in Remote Code Execution Vulnerability
  CISEC:8864  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8820  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8850  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8856  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8794  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8819  Windows DNS Server Denial of Service Vulnerability
  CISEC:8857  Windows DNS Server Denial of Service Vulnerability
  CISEC:8800  Windows DNS Server Denial of Service Vulnerability
  CISEC:8799  Windows DNS Server Denial of Service Vulnerability
  CISEC:8803  Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:8808  Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
  CISEC:8810  Windows Console Driver Elevation of Privilege Vulnerability
  CISEC:8854  Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8861  Windows Certificate Spoofing Vulnerability
  CISEC:8801  Windows Authenticode Spoofing Vulnerability
  CISEC:8811  Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8821  Windows AppContainer Elevation Of Privilege Vulnerability
  CISEC:8843  Windows AF_UNIX Socket Provider Denial of Service Vulnerability
  CISEC:8788  Windows ADFS Security Feature Bypass Vulnerability
  CISEC:8852  Windows Address Book Remote Code Execution Vulnerability
  CISEC:8835  Win32k Information Disclosure Vulnerability
  CISEC:8841  Win32k Elevation of Privilege Vulnerability
  CISEC:8851  Win32k Elevation of Privilege Vulnerability
  CISEC:8855  Storage Spaces Controller Information Disclosure Vulnerability
  CISEC:8809  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8814  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8830  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8790  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8795  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8792  Scripting Engine Memory Corruption Vulnerability
  CISEC:8802  Raw Image Extension Remote Code Execution Vulnerability
  CISEC:8867  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8847  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8786  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8818  Media Foundation Information Disclosure Vulnerability
  CISEC:8849  GDI+ Information Disclosure Vulnerability
  CISEC:8804  DirectWrite Remote Code Execution Vulnerability
  CISEC:8869  Bowser.sys Denial of Service Vulnerability
  CISEC:8845  Active Directory Security Feature Bypass Vulnerability

2021-08-03  CVE-2021-30560  Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2021-07-23  CISEC:8779  Out-of-Bounds Read vulnerability on Adobe Media Encoder 15.1 and earlier versions
  CISEC:8773  Multiple vulnerabilities on Illustrator 2021 version 25.2 and earlier versions
  CISEC:8778  Multiple vulnerabilities on Adobe InDesign 16.0 and earlier versions
  CISEC:8774  Multiple vulnerabilities on Adobe Animate 21.0.5 and earlier versions
  CISEC:8777  Multiple vulnerabilities on Acrobat DC Continuous and Acrobat Reader DC Continuous versions 2021.001.20150 and earlier, Acrobat 2020 and Acrobat Reader 2020 versions 2020.001.30020 and earlier versions, Acrobat 2017 and...

2021-07-09  CISEC:8754  Windows TCP/IP Driver Security Feature Bypass Vulnerability
  CISEC:8762  Windows Remote Desktop Services Denial of Service Vulnerability
  CISEC:8760  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8771  Windows NTLM Elevation of Privilege Vulnerability
  CISEC:8769  Windows NTFS Elevation of Privilege Vulnerability
  CISEC:8745  Windows MSHTML Platform Remote Code Execution Vulnerability
  CISEC:8751  Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
  CISEC:8750  Windows Kernel Information Disclosure Vulnerability
  CISEC:8757  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8755  Windows Hyper-V Denial of Service Vulnerability
  CISEC:8756  Windows HTML Platform Security Feature Bypass Vulnerability
  CISEC:8763  Windows GPSVC Elevation of Privilege Vulnerability
  CISEC:8752  Windows Filter Manager Elevation of Privilege Vulnerability
  CISEC:8766  Windows DCOM Server Security Feature Bypass
  CISEC:8746  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8761  Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8748  Windows Bind Filter Driver Information Disclosure Vulnerability
  CISEC:8753  Server for NFS Information Disclosure Vulnerability
  CISEC:8768  Server for NFS Information Disclosure Vulnerability
  CISEC:8758  Server for NFS Denial of Service Vulnerability
  CISEC:8749  Scripting Engine Memory Corruption Vulnerability
  CISEC:8747  Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  CISEC:8764  Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
  CISEC:8765  Microsoft DWM Core Library Elevation of Privilege Vulnerability
  CISEC:8767  Kerberos AppContainer Security Feature Bypass Vulnerability
  CISEC:8770  Event Tracing for Windows Information Disclosure Vulnerability

2021-07-02  CISEC:8740  Multiple vulnerabilities in Adobe Acrobat and Reader versions 2020.013.20074 and earlier, 2020.001.30018 and earlier, and 2017.011.30188 and earlier
  CISEC:8741  Multiple vulnerabilities in Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier

2021-06-11  CISEC:8723  Windows Wireless Networking Spoofing Vulnerability
  CISEC:8725  Windows Wireless Networking Spoofing Vulnerability
  CISEC:8721  Windows Wireless Networking Information Disclosure Vulnerability
  CISEC:8730  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8734  Windows SSDP Service Elevation of Privilege Vulnerability
  CISEC:8715  Windows SMB Client Security Feature Bypass Vulnerability
  CISEC:8724  Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:8726  Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
  CISEC:8728  Windows Media Foundation Core Remote Code Execution Vulnerability
  CISEC:8722  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8732  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8718  Windows Desktop Bridge Denial of Service Vulnerability
  CISEC:8719  Windows CSC Service Information Disclosure Vulnerability
  CISEC:8717  Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8720  Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8727  Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8729  Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8737  Windows Container Manager Service Elevation of Privilege Vulnerability
  CISEC:8735  Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
  CISEC:8733  OLE Automation Remote Code Execution Vulnerability
  CISEC:8731  Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
  CISEC:8716  Microsoft Bluetooth Driver Spoofing Vulnerability
  CISEC:8736  Hyper-V Remote Code Execution Vulnerability
  CISEC:8738  HTTP Protocol Stack Remote Code Execution Vulnerability

2021-05-14  CISEC:8691  Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
  CISEC:8677  Windows TCP/IP Information Disclosure Vulnerability
  CISEC:8684  Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8709  Windows TCP/IP Driver Denial of Service Vulnerability
  CISEC:8665  Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8700  Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8706  Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8644  Windows SMB Information Disclosure Vulnerability
  CISEC:8701  Windows SMB Information Disclosure Vulnerability
  CISEC:8687  Windows Services and Controller App Elevation of Privilege Vulnerability
  CISEC:8663  Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  CISEC:8678  Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
  CISEC:8688  Windows Portmapping Information Disclosure Vulnerability
  CISEC:8692  Windows Overlay Filter Information Disclosure Vulnerability
  CISEC:8651  Windows NTFS Denial of Service Vulnerability
  CISEC:8649  Windows Network File System Remote Code Execution Vulnerability
  CISEC:8696  Windows Media Video Decoder Remote Code Execution Vulnerability
  CISEC:8705  Windows Media Video Decoder Remote Code Execution Vulnerability
  CISEC:8680  Windows Media Photo Codec Information Disclosure Vulnerability
  CISEC:8645  Windows Kernel Information Disclosure Vulnerability
  CISEC:8661  Windows Kernel Information Disclosure Vulnerability
  CISEC:8671  Windows Installer Spoofing Vulnerability
  CISEC:8652  Windows Installer Information Disclosure Vulnerability
  CISEC:8682  Windows Installer Elevation of Privilege Vulnerability
  CISEC:8699  Windows Installer Elevation of Privilege Vulnerability
  CISEC:8693  Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:8657  Windows Hyper-V Information Disclosure Vulnerability
  CISEC:8676  Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:8640  Windows Hyper-V Denial of Service Vulnerability
  CISEC:8666  Windows GDI+ Remote Code Execution Vulnerability
  CISEC:8702  Windows GDI+ Remote Code Execution Vulnerability
  CISEC:8707  Windows GDI+ Remote Code Execution Vulnerability
  CISEC:8675  Windows GDI+ Information Disclosure Vulnerability
  CISEC:8660  Windows Event Tracing Information Disclosure Vulnerability
  CISEC:8642  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8653  Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
  CISEC:8697  Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
  CISEC:8674  Windows DNS Information Disclosure Vulnerability
  CISEC:8683  Windows DNS Information Disclosure Vulnerability
  CISEC:8638  Windows Console Driver Denial of Service Vulnerability
  CISEC:8690  Windows Console Driver Denial of Service Vulnerability
  CISEC:8712  Windows AppX Deployment Server Denial of Service Vulnerability
  CISEC:8670  Windows Application Compatibility Cache Denial of Service Vulnerability
  CISEC:8641  Win32k Elevation of Privilege Vulnerability
  CISEC:8668  Win32k Elevation of Privilege Vulnerability
  CISEC:8639  RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
  CISEC:8643  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8646  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8647  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8648  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8650  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8655  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8656  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8658  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8659  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8662  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8667  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8669  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8672  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8679  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8681  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8685  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8686  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8689  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8694  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8695  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8698  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8703  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8704  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8708  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8711  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8713  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8714  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8654  NTFS Elevation of Privilege Vulnerability
  CISEC:8673  Microsoft Windows Codecs Library Information Disclosure Vulnerability
  CISEC:8710  Microsoft Internet Messaging API Remote Code Execution Vulnerability
  CISEC:8664  Azure AD Web Sign-in Security Feature Bypass Vulnerability

2021-04-16  CISEC:8621  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8623  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8603  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8610  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8629  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8600  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8636  Windows Virtual Registry Provider Elevation of Privilege Vulnerability
  CISEC:8616  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:8611  Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:8635  Windows Update Stack Setup Elevation of Privilege Vulnerability
  CISEC:8615  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:8628  Windows Update Service Elevation of Privilege Vulnerability
  CISEC:8612  Windows Projected File System Elevation of Privilege Vulnerability
  CISEC:8627  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8631  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8595  Windows Overlay Filter Elevation of Privilege Vulnerability
  CISEC:8591  Windows NAT Denial of Service Vulnerability
  CISEC:8607  Windows Media Photo Codec Information Disclosure Vulnerability
  CISEC:8626  Windows Installer Elevation of Privilege Vulnerability
  CISEC:8604  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:8625  Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:8594  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8633  Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
  CISEC:8613  Windows Event Tracing Information Disclosure Vulnerability
  CISEC:8637  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8597  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8609  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8632  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:8614  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8624  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8592  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8598  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8605  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8617  Windows DNS Server Denial of Service Vulnerability
  CISEC:8602  Windows DNS Server Denial of Service Vulnerability
  CISEC:8618  Windows Container Execution Agent Elevation of Privilege Vulnerability
  CISEC:8630  Windows Container Execution Agent Elevation of Privilege Vulnerability
  CISEC:8608  Windows App-V Overlay Filter Elevation of Privilege Vulnerability
  CISEC:8599  Windows ActiveX Installer Service Information Disclosure Vulnerability
  CISEC:8606  Windows 10 Update Assistant Elevation of Privilege Vulnerability
  CISEC:8601  User Profile Service Denial of Service Vulnerability
  CISEC:8622  Storage Spaces Controller Elevation of Privilege Vulnerability
  CISEC:8590  Remote Access API Elevation of Privilege Vulnerability
  CISEC:8634  OpenType Font Parsing Remote Code Execution Vulnerability
  CISEC:8596  Microsoft Windows Security Feature Bypass Vulnerability
  CISEC:8620  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8619  DirectX Elevation of Privilege Vulnerability
  CISEC:8593  Application Virtualization Remote Code Execution Vulnerability

2021-03-17  CISEC:8562  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8589  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8580  Windows Trust Verification API Denial of Service Vulnerability
  CISEC:8576  Windows TCP/IP Remote Code Execution Vulnerability
  CISEC:8579  Windows TCP/IP Remote Code Execution Vulnerability
  CISEC:8577  Windows TCP/IP Denial of Service Vulnerability
  CISEC:8586  Windows Remote Procedure Call Information Disclosure Vulnerability
  CISEC:8574  Windows PKU2U Elevation of Privilege Vulnerability
  CISEC:8584  Windows Network File System Denial of Service Vulnerability
  CISEC:8569  Windows Mobile Device Management Information Disclosure Vulnerability
  CISEC:8563  Windows Local Spooler Remote Code Execution Vulnerability
  CISEC:8582  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8566  Windows Installer Elevation of Privilege Vulnerability
  CISEC:8585  Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:8573  Windows Fax Service Remote Code Execution Vulnerability
  CISEC:8581  Windows Fax Service Remote Code Execution Vulnerability
  CISEC:8570  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8583  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8567  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8564  Windows DirectX Information Disclosure Vulnerability
  CISEC:8571  Windows Console Driver Denial of Service Vulnerability
  CISEC:8565  Windows Camera Codec Pack Remote Code Execution Vulnerability
  CISEC:8575  Windows Backup Engine Information Disclosure Vulnerability
  CISEC:8588  Windows Address Book Remote Code Execution Vulnerability
  CISEC:8572  PFX Encryption Security Feature Bypass Vulnerability
  CISEC:8587  Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
  CISEC:8578  Microsoft Windows VMSwitch Information Disclosure Vulnerability
  CISEC:8568  Microsoft Windows Codecs Library Remote Code Execution Vulnerability

2021-02-12  CISEC:8545  Windows WLAN Service Elevation of Privilege Vulnerability
  CISEC:8516  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8505  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8528  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8550  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8559  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8537  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:8529  Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
  CISEC:8532  Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
  CISEC:8542  Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
  CISEC:8503  Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
  CISEC:8513  Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
  CISEC:8523  Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
  CISEC:8522  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8555  Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
  CISEC:8515  Windows Multipoint Management Elevation of Privilege Vulnerability
  CISEC:8548  Windows LUAFV Elevation of Privilege Vulnerability
  CISEC:8534  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8560  Windows InstallService Elevation of Privilege Vulnerability
  CISEC:8506  Windows Installer Elevation of Privilege Vulnerability
  CISEC:8538  Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:8527  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:8554  Windows GDI+ Information Disclosure Vulnerability
  CISEC:8518  Windows Fax Compose Form Remote Code Execution Vulnerability
  CISEC:8543  Windows Event Tracing Elevation of Privilege Vulnerability
  CISEC:8541  Windows Event Logging Service Elevation of Privilege Vulnerability
  CISEC:8552  Windows Docker Information Disclosure Vulnerability
  CISEC:8540  Windows DNS Query Information Disclosure Vulnerability
  CISEC:8504  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8510  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8519  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8535  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8553  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8556  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8561  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8520  Windows CryptoAPI Denial of Service Vulnerability
  CISEC:8536  Windows Bluetooth Security Feature Bypass Vulnerability
  CISEC:8530  Windows Bluetooth Security Feature Bypass Vulnerability
  CISEC:8557  Windows Bluetooth Security Feature Bypass Vulnerability
  CISEC:8512  Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8524  Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8511  Windows (modem.sys) Information Disclosure Vulnerability
  CISEC:8507  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8539  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8517  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8521  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8525  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8526  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8533  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8546  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8547  Remote Procedure Call Runtime Remote Code Execution Vulnerability
  CISEC:8549  NTLM Security Feature Bypass Vulnerability
  CISEC:8531  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:8558  Microsoft splwow64 Elevation of Privilege Vulnerability
  CISEC:8514  Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
  CISEC:8508  Hyper-V Denial of Service Vulnerability
  CISEC:8551  Hyper-V Denial of Service Vulnerability
  CISEC:8509  GDI+ Remote Code Execution Vulnerability
  CISEC:8544  Active Template Library Elevation of Privilege Vulnerability

2021-01-08  CISEC:8502  Windows SMB Information Disclosure Vulnerability
  CISEC:8482  Windows Overlay Filter Security Feature Bypass Vulnerability
  CISEC:8487  Windows NTFS Remote Code Execution Vulnerability
  CISEC:8498  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:8492  Windows Lock Screen Security Feature Bypass Vulnerability
  CISEC:8489  Windows GDI+ Information Disclosure Vulnerability
  CISEC:8481  Windows Error Reporting Information Disclosure Vulnerability
  CISEC:8500  Windows Error Reporting Information Disclosure Vulnerability
  CISEC:8483  Windows Digital Media Receiver Elevation of Privilege Vulnerability
  CISEC:8488  Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8490  Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8501  Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  CISEC:8484  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8485  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8491  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8493  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8495  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8497  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8499  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8494  Kerberos Security Feature Bypass Vulnerability
  CISEC:8496  Hyper-V Remote Code Execution Vulnerability
  CISEC:8486  DirectX Graphics Kernel Elevation of Privilege Vulnerability

2020-12-23  CVE-2020-10148  Solarwinds Orion SUNBURST infection

2020-12-11  CISEC:8473  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8437  Windows WalletService Information Disclosure Vulnerability
  CISEC:8451  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8425  Windows USO Core Worker Elevation of Privilege Vulnerability
  CISEC:8472  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:8450  Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:8431  Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:8433  Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:8440  Windows Update Medic Service Elevation of Privilege Vulnerability
  CISEC:8463  Windows Spoofing Vulnerability
  CISEC:8454  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8467  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8469  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8475  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8428  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8429  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8439  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8462  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8464  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8478  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8480  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8474  Windows Print Spooler Remote Code Execution Vulnerability
  CISEC:8446  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8426  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8471  Windows Print Configuration Elevation of Privilege Vulnerability
  CISEC:8455  Windows Port Class Library Elevation of Privilege Vulnerability
  CISEC:8479  Windows Network File System Remote Code Execution Vulnerability
  CISEC:8476  Windows Network File System Information Disclosure Vulnerability
  CISEC:8448  Windows Network File System Denial of Service Vulnerability
  CISEC:8424  Windows NDIS Information Disclosure Vulnerability
  CISEC:8435  Windows MSCTF Server Information Disclosure Vulnerability
  CISEC:8423  Windows KernelStream Information Disclosure Vulnerability
  CISEC:8444  Windows Kernel Local Elevation of Privilege Vulnerability
  CISEC:8434  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8436  Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:8427  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:8438  Windows GDI+ Remote Code Execution Vulnerability
  CISEC:8456  Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
  CISEC:8432  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:8461  Windows Error Reporting Denial of Service Vulnerability
  CISEC:8458  Windows Delivery Optimization Information Disclosure Vulnerability
  CISEC:8453  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8468  Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
  CISEC:8466  Windows Canonical Display Driver Information Disclosure Vulnerability
  CISEC:8470  Windows Camera Codec Information Disclosure Vulnerability
  CISEC:8445  Windows Bind Filter Driver Elevation of Privilege Vulnerability
  CISEC:8442  Win32k Information Disclosure Vulnerability
  CISEC:8449  Win32k Elevation of Privilege Vulnerability
  CISEC:8460  Win32k Elevation of Privilege Vulnerability
  CISEC:8441  Remote Desktop Protocol Server Information Disclosure Vulnerability
  CISEC:8443  Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:8459  Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
  CISEC:8430  Kerberos Security Feature Bypass Vulnerability
  CISEC:8465  DirectX Elevation of Privilege Vulnerability

2020-11-13  CISEC:8381  Windows Text Services Framework Information Disclosure Vulnerability
  CISEC:8386  Windows TCP/IP Remote Code Execution Vulnerability
  CISEC:8413  Windows TCP/IP Denial of Service Vulnerability
  CISEC:8392  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:8414  Windows Storage VSP Driver Elevation of Privilege Vulnerability
  CISEC:8397  Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:8376  Windows Spoofing Vulnerability
  CISEC:8419  Windows SMBv3 Client/Server Denial of Service Vulnerability
  CISEC:8374  Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
  CISEC:8373  Windows Security Feature Bypass Vulnerability
  CISEC:8415  Windows Remote Desktop Service Denial of Service Vulnerability
  CISEC:8385  Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
  CISEC:8398  Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:8363  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:8369  Windows NAT Remote Code Execution Vulnerability
  CISEC:8402  Windows KernelStream Information Disclosure Vulnerability
  CISEC:8379  Windows Kernel Information Disclosure Vulnerability
  CISEC:8407  Windows Kernel Information Disclosure Vulnerability
  CISEC:8404  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8411  Windows iSCSI Target Service Elevation of Privilege Vulnerability
  CISEC:8420  Windows Installer Elevation of Privilege Vulnerability
  CISEC:8391  Windows Image Elevation of Privilege Vulnerability
  CISEC:8377  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:8370  Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:8401  Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:8395  Windows Hyper-V Denial of Service Vulnerability
  CISEC:8393  Windows GDI+ Information Disclosure Vulnerability
  CISEC:8410  Windows Event System Elevation of Privilege Vulnerability
  CISEC:8368  Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:8418  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:8405  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:8421  Windows Enterprise App Management Service Information Disclosure Vulnerability
  CISEC:8390  Windows Elevation of Privilege Vulnerability
  CISEC:8365  Windows COM Server Elevation of Privilege Vulnerability
  CISEC:8387  Windows COM Server Elevation of Privilege Vulnerability
  CISEC:8384  Windows Camera Codec Pack Remote Code Execution Vulnerability
  CISEC:8406  Windows Camera Codec Pack Remote Code Execution Vulnerability
  CISEC:8412  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8416  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8367  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8380  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8382  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8383  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8388  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8364  Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
  CISEC:8366  Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
  CISEC:8409  Windows - User Profile Service Elevation of Privilege Vulnerability
  CISEC:8378  Win32k Elevation of Privilege Vulnerability
  CISEC:8389  Win32k Elevation of Privilege Vulnerability
  CISEC:8417  Projected Filesystem Security Feature Bypass Vulnerability
  CISEC:8394  NetBT Information Disclosure Vulnerability
  CISEC:8371  Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8400  Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8372  Media Foundation Memory Corruption Vulnerability
  CISEC:8396  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8408  Group Policy Elevation of Privilege Vulnerability
  CISEC:8403  GDI+ Remote Code Execution Vulnerability
  CISEC:8422  Connected User Experiences and Telemetry Service Denial of Service Vulnerability

2020-10-09  CISEC:8314  Windows Win32k Elevation of Privilege Vulnerability
  CISEC:8344  Windows UPnP Service Elevation of Privilege Vulnerability
  CISEC:8353  Windows Text Service Module Remote Code Execution Vulnerability
  CISEC:8329  Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:8341  Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:8326  Windows State Repository Service Information Disclosure Vulnerability
  CISEC:8292  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8350  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8288  Windows RSoP Service Application Elevation of Privilege Vulnerability
  CISEC:8340  Windows Routing Utilities Denial of Service
  CISEC:8317  Windows Remote Code Execution Vulnerability
  CISEC:8318  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8320  Windows Modules Installer Elevation of Privilege Vulnerability
  CISEC:8304  Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
  CISEC:8325  Windows Media Audio Decoder Remote Code Execution Vulnerability
  CISEC:8349  Windows Media Audio Decoder Remote Code Execution Vulnerability
  CISEC:8293  Windows Language Pack Installer Elevation of Privilege Vulnerability
  CISEC:8290  Windows Kernel Information Disclosure Vulnerability
  CISEC:8309  Windows Kernel Information Disclosure Vulnerability
  CISEC:8310  Windows Kernel Information Disclosure Vulnerability
  CISEC:8319  Windows Kernel Information Disclosure Vulnerability
  CISEC:8345  Windows Kernel Information Disclosure Vulnerability
  CISEC:8298  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8301  Windows InstallService Elevation of Privilege Vulnerability
  CISEC:8335  Windows Information Disclosure Vulnerability
  CISEC:8308  Windows Hyper-V Denial of Service Vulnerability
  CISEC:8322  Windows Hyper-V Denial of Service Vulnerability
  CISEC:8352  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:8354  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:8303  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8315  Windows GDI Information Disclosure Vulnerability
  CISEC:8332  Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
  CISEC:8295  Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:8327  Windows Elevation of Privilege Vulnerability
  CISEC:8333  Windows Elevation of Privilege Vulnerability
  CISEC:8334  Windows Elevation of Privilege Vulnerability
  CISEC:8302  Windows dnsrslvr.dll Elevation of Privilege Vulnerability
  CISEC:8342  Windows DNS Denial of Service Vulnerability
  CISEC:8359  Windows DNS Denial of Service Vulnerability
  CISEC:8328  Windows DHCP Server Information Disclosure Vulnerability
  CISEC:8312  Windows Defender Application Control Security Feature Bypass Vulnerability
  CISEC:8307  Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
  CISEC:8296  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:8357  Windows CloudExperienceHost Elevation of Privilege Vulnerability
  CISEC:8336  Windows Camera Codec Pack Remote Code Execution Vulnerability
  CISEC:8299  Win32k Information Disclosure Vulnerability
  CISEC:8316  Win32k Information Disclosure Vulnerability
  CISEC:8291  Win32k Elevation of Privilege Vulnerability
  CISEC:8348  TLS Information Disclosure Vulnerability
  CISEC:8323  Shell infrastructure component Elevation of Privilege Vulnerability
  CISEC:8311  Projected Filesystem Information Disclosure Vulnerability
  CISEC:8300  NTFS Elevation of Privilege Vulnerability
  CISEC:8346  Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  CISEC:8356  Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  CISEC:8297  Microsoft Store Runtime Elevation of Privilege Vulnerability
  CISEC:8358  Microsoft Store Runtime Elevation of Privilege Vulnerability
  CISEC:8324  Microsoft splwow64 Information Disclosure Vulnerability
  CISEC:8339  Microsoft splwow64 Elevation of Privilege Vulnerability
  CISEC:8313  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:8338  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:8305  Microsoft COM for Windows Remote Code Execution Vulnerability
  CISEC:8294  Microsoft COM for Windows Elevation of Privilege Vulnerability
  CISEC:8289  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8306  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8330  Group Policy Elevation of Privilege Vulnerability
  CISEC:8355  GDI+ Remote Code Execution Vulnerability
  CISEC:8343  DirectX Elevation of Privilege Vulnerability
  CISEC:8347  DirectX Elevation of Privilege Vulnerability
  CISEC:8351  Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:8331  ADFS Spoofing Vulnerability
  CISEC:8321  Active Directory Remote Code Execution Vulnerability
  CISEC:8337  Active Directory Remote Code Execution Vulnerability
  CISEC:8286  Active Directory Information Disclosure Vulnerability
  CISEC:8287  Active Directory Information Disclosure Vulnerability

2020-09-18  CISEC:8248  Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:8262  Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:8284  Vulnerability in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB before 5.5.52, and 10.0.x before 10.0.28, and 10.1.x before 10.1.18
  CISEC:8260  Vulnerability in Oracle MySQL before 5.7.3 and MariaDB before 5.5.44
  CISEC:8267  Vulnerability in Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier
  CISEC:8279  Vulnerability in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6
  CISEC:8258  Vulnerability in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier
  CISEC:8265  Vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions
  CISEC:8257  Vulnerability in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8264  Vulnerability in MariaDB before 10.1.30 and 10.2.x before 10.2.10
  CISEC:8285  Vulnerability in MariaDB 10.4.7 through 10.4.11
  CISEC:8276  Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14
  CISEC:8263  Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9
  CISEC:8256  Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier
  CISEC:8268  Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier
  CISEC:8255  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14
  CISEC:8271  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14
  CISEC:8275  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49 and 10.0.0 before 10.0.25 and 10.1.0 before 10.1.14
  CISEC:8246  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8250  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8254  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8259  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8273  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8277  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48 and 10.0.0 before 10.0.24 and 10.1.0 before 10.1.12
  CISEC:8249  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8251  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8252  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8261  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8269  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8274  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8278  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8280  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8282  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8253  Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10
  CISEC:8247  Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14
  CISEC:8283  Multiple SQL injection vulnerabilities in Oracle MySQL
  CISEC:8270  Buffer overflow in Oracle MySQL and MariaDB before 5.5.35

2020-09-11  CISEC:8123  Windows Work Folders Service Elevation of Privilege Vulnerability
  CISEC:8143  Windows Work Folders Service Elevation of Privilege Vulnerability
  CISEC:8171  Windows Work Folders Service Elevation of Privilege Vulnerability
  CISEC:8133  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:8166  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8167  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8155  Windows WaasMedic Service Information Disclosure Vulnerability
  CISEC:8161  Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:8168  Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:8163  Windows Telephony Server Elevation of Privilege Vulnerability
  CISEC:8165  Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:8100  Windows State Repository Service Information Disclosure Vulnerability
  CISEC:8147  Windows Spoofing Vulnerability
  CISEC:8119  Windows Speech Shell Components Elevation of Privilege Vulnerability
  CISEC:8095  Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8134  Windows Speech Runtime Elevation of Privilege Vulnerability
  CISEC:8141  Windows Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:8160  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8136  Windows RRAS Service Information Disclosure Vulnerability
  CISEC:8137  Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
  CISEC:8117  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8125  Windows Remote Access Elevation of Privilege Vulnerability
  CISEC:8108  Windows Registry Elevation of Privilege Vulnerability
  CISEC:8142  Windows Registry Elevation of Privilege Vulnerability
  CISEC:8132  Windows Radio Manager API Elevation of Privilege Vulnerability
  CISEC:8130  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:8102  Windows Network Connection Broker Elevation of Privilege Vulnerability
  CISEC:8154  Windows Media Remote Code Execution Vulnerability
  CISEC:8099  Windows Kernel Information Disclosure Vulnerability
  CISEC:8101  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8145  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8175  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8104  Windows Image Acquisition Service Information Disclosure Vulnerability
  CISEC:8109  Windows Image Acquisition Service Information Disclosure Vulnerability
  CISEC:8094  Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:8111  Windows GDI Elevation of Privilege Vulnerability
  CISEC:8146  Windows GDI Elevation of Privilege Vulnerability
  CISEC:8162  Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
  CISEC:8170  Windows Font Driver Host Remote Code Execution Vulnerability
  CISEC:8105  Windows File Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:8116  Windows File Server Resource Management Service Elevation of Privilege Vulnerability
  CISEC:8126  Windows Elevation of Privilege Vulnerability
  CISEC:8097  Windows dnsrslvr.dll Elevation of Privilege Vulnerability
  CISEC:8153  Windows Custom Protocol Engine Elevation of Privilege Vulnerability
  CISEC:8113  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8120  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:8144  Windows CDP User Components Elevation of Privilege Vulnerability
  CISEC:8150  Windows CDP User Components Elevation of Privilege Vulnerability
  CISEC:8149  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:8093  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8098  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8115  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8122  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8135  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8139  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8140  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8148  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8151  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8152  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8169  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8173  Windows Backup Engine Elevation of Privilege Vulnerability
  CISEC:8157  Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8138  Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  CISEC:8159  Windows Accounts Control Elevation of Privilege Vulnerability
  CISEC:8103  Win32k Information Disclosure Vulnerability
  CISEC:8206  Vulnerability PostgreSQL before 12.2, before 11.7, before 10.12 and before 9.6.17.
  CISEC:8216  Vulnerability insufficiently random numbers
  CISEC:8185  Vulnerability in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5
  CISEC:8227  Vulnerability in Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24
  CISEC:8211  Vulnerability in PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24
  CISEC:8218  Vulnerability in PostgreSQL before 9.5.x before 9.5.2
  CISEC:8240  Vulnerability in PostgreSQL before 9.5.x before 9.5.2
  CISEC:8242  Vulnerability in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5
  CISEC:8225  Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4
  CISEC:8219  Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4
  CISEC:8202  Vulnerability in PostgreSQL before 9.2.22, 9.3.x before 9.3.18, 9.4.x before 9.4.13, 9.5.x before 9.5.8, and 9.6.x before 9.6.4
  CISEC:8224  Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3
  CISEC:8236  Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3
  CISEC:8190  Vulnerability in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3
  CISEC:8222  Vulnerability in PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4
  CISEC:8207  Vulnerability in PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4
  CISEC:8234  Vulnerability in PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1
  CISEC:8210  Vulnerability in PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1
  CISEC:8208  Vulnerability in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5
  CISEC:8179  Vulnerability in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8180  Vulnerability in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8237  Vulnerability in PostgreSQL before 11.1, 10.6
  CISEC:8193  Vulnerability in PostgreSQL 9.3.x before 9.3.22, 9.4.x before 9.4.17, 9.5.x before 9.5.12, 9.6.x before 9.6.8 and 10.x before 10.3
  CISEC:8198  Vulnerability in PostgreSQL 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2
  CISEC:8199  Vulnerability in PostgreSQL 9.3.3 and earlier
  CISEC:8197  Vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23
  CISEC:8177  Vulnerability in PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9
  CISEC:8200  Vulnerability in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23
  CISEC:8205  Vulnerability in PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
  CISEC:8183  Vulnerability in PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4
  CISEC:8232  Vulnerability in PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2
  CISEC:8184  Vulnerability in PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2
  CISEC:8189  Vulnerability in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4
  CISEC:8220  Vulnerability in PostgreSQL 11.x prior to 11.3
  CISEC:8192  Vulnerability in PostgreSQL 11.x before 11.5, 10.x before 10.10, 9.6.x before 9.6.15, 9.5.x before 9.5.19, 9.4.x before 9.4.24
  CISEC:8212  Vulnerability in PostgreSQL 11.x before 11.5
  CISEC:8196  Vulnerability in PostgreSQL 11.x before 11.3, 10.xbefore 10.8, 9.6.x before 9.6.13, 9.5.x before 9.5.17
  CISEC:8181  Vulnerability in PostgreSQL 10.x before 10.4, 9.6.x before 9.6.9
  CISEC:8187  Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10
  CISEC:8204  Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20
  CISEC:8223  Vulnerability in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24
  CISEC:8221  Vulnerability in PostgreSQL
  CISEC:8229  Vulnerability in PostgreSQL
  CISEC:8186  Vulnerability in PostgreSQL
  CISEC:8194  Vulnerability in PostgreSQL
  CISEC:8195  Vulnerability in PostgreSQL
  CISEC:8203  Vulnerability in PHP through 5.3.13, PostgreSQL 8.4 before 8.4.12, PostgreSQL 9.0 before 9.0.8, PostgreSQL 9.1 before 9.1.4
  CISEC:8213  Vulnerability in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5
  CISEC:8182  Unanticipated errors from the standard library in PostgreSQL
  CISEC:8226  Race condition INDEX and
  CISEC:8201  pgcrypto has multiple error messages for decryption with an incorrect key in PostgreSQL
  CISEC:8114  Netlogon Elevation of Privilege Vulnerability
  CISEC:8176  Multiple stack-based buffer overflows in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5
  CISEC:8188  Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8191  Multiple integer overflows in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8245  Multiple integer overflows in PostgreSQL
  CISEC:8241  Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
  CISEC:8106  Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8110  Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8244  Memory errors in the pgcrypto extension in PostgreSQL
  CISEC:8178  Memory disclosure vulnerability in PostgreSQL 10.x before 10.2
  CISEC:8096  Media Foundation Memory Corruption Vulnerability
  CISEC:8129  Media Foundation Memory Corruption Vulnerability
  CISEC:8131  Media Foundation Memory Corruption Vulnerability
  CISEC:8156  Media Foundation Memory Corruption Vulnerability
  CISEC:8158  Media Foundation Memory Corruption Vulnerability
  CISEC:8174  Media Foundation Memory Corruption Vulnerability
  CISEC:8112  Media Foundation Information Disclosure Vulnerability
  CISEC:8172  Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
  CISEC:8118  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8121  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8127  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8128  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8215  Integer overflow in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2
  CISEC:8243  EnterpriseDB Windows installer bundled OpenSSL executes code from unprotected directory
  CISEC:8235  Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2
  CISEC:8164  DirectX Elevation of Privilege Vulnerability
  CISEC:8107  DirectWrite Information Disclosure Vulnerability
  CISEC:8217  CRLF injection vulnerability in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
  CISEC:8228  CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
  CISEC:8238  Constraint violation errors in PostgreSQL
  CISEC:8124  Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:8209  Buffer overruns in PostgreSQL
  CISEC:8239  Buffer overrun in PostgreSQL
  CISEC:8230  Buffer overflow intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20
  CISEC:8214  Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13
  CISEC:8231  Arbitrary code execution vulnerability in PostgreSQL 9.3 through 11.2
  CISEC:8233  An error in PostgreSQL

2020-08-21  CISEC:8065  Vulnerability in JetBrains Hub versions earlier than 2019.1.11738
  CISEC:8064  Vulnerability in JetBrains Hub before 2020.1.12099
  CISEC:8062  Vulnerability in JetBrains Hub before 2018.4.11436
  CISEC:8066  Vulnerability in JetBrains Hub before 2018.4.11298
  CISEC:8061  Vulnerability in Bitdefender Total Security 21.0.24.62
  CISEC:8058  Vulnerability in Bitdefender Total Security 2020 prior to 24.9
  CISEC:8048  Vulnerability in Bitdefender Total Security 2020 prior to 24.0.20.116
  CISEC:8052  Vulnerability in Bitdefender Total Security 2020 prior to 24.0.12.69
  CISEC:8050  Vulnerability in Bitdefender Safepay before 23.0.10.34
  CISEC:8057  Vulnerability in Bitdefender Safepay before 23.0.10.34
  CISEC:8060  Vulnerability in Bitdefender Safepay before 23.0.10.34
  CISEC:8053  Vulnerability in Bitdefender products
  CISEC:8059  Vulnerability in Bitdefender Endpoint Security Tools prior to 6.6.11.163
  CISEC:8051  Vulnerability in Bitdefender Antivirus Free prior to 1.0.17.178
  CISEC:8045  Vulnerability in Bitdefender Antivirus Free prior to 1.0.17
  CISEC:8054  Vulnerability in Bitdefender Antivirus Free prior to 1.0.15.138
  CISEC:8047  Code injection vulnerability in Bitdefender

2020-08-13  CISEC:7959  Windows WalletService Information Disclosure Vulnerability
  CISEC:8022  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8037  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:7997  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:8010  Windows WalletService Denial of Service Vulnerability
  CISEC:7996  Windows USO Core Worker Elevation of Privilege Vulnerability
  CISEC:8033  Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:7968  Windows UPnP Device Host Elevation of Privilege Vulnerability
  CISEC:7958  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7974  Windows System Events Broker Elevation of Privilege Vulnerability
  CISEC:8025  Windows Sync Host Service Elevation of Privilege Vulnerability
  CISEC:7976  Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:7993  Windows Spatial Data Service Elevation of Privilege Vulnerability
  CISEC:7970  Windows SharedStream Library Elevation of Privilege Vulnerability
  CISEC:8015  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8017  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8021  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8039  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7960  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7975  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7987  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7990  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7991  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:8028  Windows Resource Policy Information Disclosure Vulnerability
  CISEC:7988  Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:8006  Windows Profile Service Elevation of Privilege Vulnerability
  CISEC:7963  Windows Print Workflow Service Elevation of Privilege Vulnerability
  CISEC:8018  Windows Picker Platform Elevation of Privilege Vulnerability
  CISEC:8029  Windows Network Location Awareness Service Elevation of Privilege Vulnerability
  CISEC:8042  Windows Network List Service Elevation of Privilege Vulnerability
  CISEC:8008  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:8011  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7995  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7979  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7981  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7986  Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
  CISEC:7973  Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
  CISEC:7983  Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
  CISEC:8041  Windows Lockscreen Elevation of Privilege Vulnerability
  CISEC:8016  Windows Kernel Information Disclosure Vulnerability
  CISEC:8026  Windows Kernel Information Disclosure Vulnerability
  CISEC:8036  Windows Kernel Information Disclosure Vulnerability
  CISEC:7964  Windows Kernel Information Disclosure Vulnerability
  CISEC:7961  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7966  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:8027  Windows iSCSI Target Service Elevation of Privilege Vulnerability
  CISEC:7977  Windows Imaging Component Information Disclosure Vulnerability
  CISEC:8007  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:8013  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7998  Windows GDI Information Disclosure Vulnerability
  CISEC:7962  Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:7985  Windows Font Library Remote Code Execution Vulnerability
  CISEC:8012  Windows Font Driver Host Remote Code Execution Vulnerability
  CISEC:8032  Windows Event Logging Service Elevation of Privilege Vulnerability
  CISEC:7980  Windows Event Logging Service Elevation of Privilege Vulnerability
  CISEC:8019  Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:7972  Windows Error Reporting Information Disclosure Vulnerability
  CISEC:8002  Windows Elevation of Privilege Vulnerability
  CISEC:8009  Windows Elevation of Privilege Vulnerability
  CISEC:8023  Windows Elevation of Privilege Vulnerability
  CISEC:8000  Windows Elevation of Privilege Vulnerability
  CISEC:8030  Windows DNS Server Remote Code Execution Vulnerability
  CISEC:8040  Windows Diagnostics Hub Elevation of Privilege Vulnerability
  CISEC:8001  Windows Credential Picker Elevation of Privilege Vulnerability
  CISEC:7994  Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
  CISEC:7969  Windows COM Server Elevation of Privilege Vulnerability
  CISEC:7989  Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
  CISEC:7992  Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
  CISEC:7967  Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:8035  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:8034  Windows Agent Activation Runtime Information Disclosure Vulnerability
  CISEC:8004  Windows Address Book Remote Code Execution Vulnerability
  CISEC:7971  Windows ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:8003  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:8005  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:7982  Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:8020  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7965  Local Security Authority Subsystem Service Denial of Service Vulnerability
  CISEC:8031  LNK Remote Code Execution Vulnerability
  CISEC:8014  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8024  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:8038  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7999  Group Policy Services Policy Processing Elevation of Privilege Vulnerability
  CISEC:7984  GDI+ Remote Code Execution Vulnerability
  CISEC:7978  Connected User Experiences and Telemetry Service Information Disclosure Vulnerability

2020-07-31  CISEC:7936  Vulnerability in Avira Antivirus through 15.0.2005.1866
  CISEC:7935  Vulnerability in Avira Antivirus before 8.3.54.138
  CISEC:7933  Vulnerability in Avira Antivirus before 15.0.2004.1825
  CISEC:7934  Vulnerability in Avira Antivirus before 15.0.2003.1821
  CISEC:7932  Vulnerability in Avira Antivirus
  CISEC:7937  Vulnerability in Avira Antivirus
  CISEC:7939  Vulnerability in Avira Antivirus

2020-07-24  CISEC:7925  Vulnerability in Kaspersky products
  CISEC:7904  Vulnerability in Kaspersky Password Manager before 8.0.6.538
  CISEC:7921  Vulnerability in Kaspersky Embedded Systems Security 1.2.0.300 and 2.0.0.385
  CISEC:7905  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7906  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7908  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7912  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7916  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7919  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7923  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7927  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7928  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7929  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7930  Vulnerability in Kaspersky Anti-Virus products
  CISEC:7924  Vulnerability in AhnLab V3 Internet Security 2011.01.18.00, avast! Antivirus 4.8.1351.0 and 5.0.677.0, Kaspersky Anti-Virus 7.0.0.125, ClamAV 0.96.4, Emsisoft Anti-Malware 5.1.0.1

2020-07-17  CISEC:7856  Vulnerability index error in Google Chrome before 41.0.2272.76
  CISEC:7825  Vulnerability in Skia, as used in Google Chrome before 41.0.2272.76
  CISEC:7896  Vulnerability in Skia, as used in Google Chrome before 41.0.2272.76
  CISEC:7822  Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7839  Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7848  Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7854  Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7881  Vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7866  Vulnerability in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings
  CISEC:7819  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7837  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7838  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7844  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7847  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7863  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7867  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7869  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7898  Vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7864  Vulnerability in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute
  CISEC:7872  Vulnerability in Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value
  CISEC:7821  Vulnerability in Google Chrome before 43.0.2357.65
  CISEC:7855  Vulnerability in Google Chrome before 43.0.2357.65
  CISEC:7901  Vulnerability in Google Chrome before 43.0.2357.65
  CISEC:7824  Vulnerability in Google Chrome before 43.0.2357.130
  CISEC:7829  Vulnerability in Google Chrome before 43.0.2357.130
  CISEC:7841  Vulnerability in Google Chrome before 43.0.2357.130
  CISEC:7885  Vulnerability in Google Chrome before 43.0.2357.130
  CISEC:7812  Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7818  Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7826  Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7832  Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7840  Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7874  Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7891  Vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7813  Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7817  Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7853  Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7859  Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7861  Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7884  Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7897  Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7902  Vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7845  Vulnerability in Google Chrome before 41.0.2272.118
  CISEC:7870  Vulnerability in Google Chrome before 40.0.2214.91
  CISEC:7889  Vulnerability in Google Chrome before 40.0.2214.111
  CISEC:7890  Vulnerability in Blink, as used initialize a certain width field
  CISEC:7852  Vulnerability in Blink, as used in Google Chrome before 45.0.2454.85
  CISEC:7830  Vulnerability in Blink, as used in Google Chrome before 43.0.2357.65
  CISEC:7892  Vulnerability in Blink, as used in Google Chrome before 43.0.2357.65
  CISEC:7873  Vulnerability in Blink, as used in Google Chrome before 42.0.2311.90
  CISEC:7883  Vulnerability in Blink, as used in Google Chrome before 42.0.2311.90
  CISEC:7835  Vulnerability in Blink, as used in Google Chrome before 40.0.2214.111
  CISEC:7882  Use-after-free vulnerability IndexedDB implementation in Google Chrome before 44.0.2403.89
  CISEC:7880  Use-after-free vulnerability in the Speech subsystem in Google Chrome before 43.0.2357.65
  CISEC:7879  Use-after-free vulnerability in Google Chrome before 45.0.2454.85
  CISEC:7850  Use-after-free vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7886  Use-after-free vulnerability in Google Chrome before 44.0.2403.89
  CISEC:7851  Use-after-free vulnerability in Google Chrome before 43.0.2357.65
  CISEC:7816  Use-after-free vulnerability in Google Chrome before 42.0.2311.90
  CISEC:7820  Use-after-free vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7878  Use-after-free vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7900  Use-after-free vulnerability in Google Chrome before 41.0.2272.76
  CISEC:7831  Use-after-free vulnerability in Blink, as used in Google Chrome before 45.0.2454.85
  CISEC:7877  Use-after-free vulnerability in Blink, as used in Google Chrome before 43.0.2357.65
  CISEC:7828  Use-after-free vulnerability in Blink, as used in Google Chrome before 42.0.2311.135
  CISEC:7893  Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76
  CISEC:7815  Use-after-free vulnerability in Blink, as used in Google Chrome before 40.0.2214.111
  CISEC:7868  Race condition in Google Chrome before 41.0.2272.118
  CISEC:7875  Multiple use-after-free vulnerabilities in Google Chrome before 45.0.2454.85
  CISEC:7899  Multiple use-after-free vulnerabilities in Google Chrome before 44.0.2403.89
  CISEC:7827  Multiple use-after-free vulnerabilities in Google Chrome before 43.0.2357.65
  CISEC:7849  Multiple use-after-free vulnerabilities in Google Chrome before 41.0.2272.76
  CISEC:7894  Multiple use-after-free vulnerabilities in Blink, as used in Google Chrome before 41.0.2272.76
  CISEC:7895  Multiple use-after-free vulnerabilities in Blink, as used in Google Chrome before 41.0.2272.76
  CISEC:7871  Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89
  CISEC:7836  Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65
  CISEC:7903  Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90
  CISEC:7860  Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135
  CISEC:7865  Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76
  CISEC:7876  Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91
  CISEC:7823  Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111
  CISEC:7814  Multiple integer overflows in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products
  CISEC:7887  Memory corruption in V8 in Google Chrome before 44.0.2403.89
  CISEC:7842  Integer overflow in Skia, as used in Google Chrome before 41.0.2272.76
  CISEC:7843  Integer overflow in Google Chrome before 44.0.2403.89
  CISEC:7888  Integer overflow in Google Chrome before 41.0.2272.76
  CISEC:7834  Heap-based buffer overflow in PDFium in Google Chrome before 44.0.2403.89
  CISEC:7862  Double-free vulnerability in Google Chrome 41.0.2251.0
  CISEC:7846  Cross-site scripting
  CISEC:7857  Cross-site scripting

2020-07-10  CISEC:7785  Windows WLAN Service Elevation of Privilege Vulnerability
  CISEC:7782  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:7719  Windows WalletService Elevation of Privilege Vulnerability
  CISEC:7776  Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:7777  Windows Text Service Framework Elevation of Privilege Vulnerability
  CISEC:7766  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7718  Windows SMBv3 Client/Server Information Disclosure Vulnerability
  CISEC:7727  Windows SMB Remote Code Execution Vulnerability
  CISEC:7778  Windows Shell Remote Code Execution Vulnerability
  CISEC:7757  Windows Service Information Disclosure Vulnerability
  CISEC:7763  Windows Runtime Information Disclosure Vulnerability
  CISEC:7797  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7758  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7715  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7731  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7738  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7746  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7750  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7779  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7752  Windows Remote Code Execution Vulnerability
  CISEC:7760  Windows Registry Denial of Service Vulnerability
  CISEC:7795  Windows Print Configuration Elevation of Privilege Vulnerability
  CISEC:7717  Windows OLE Remote Code Execution Vulnerability
  CISEC:7787  Windows Now Playing Session Manager Elevation of Privilege Vulnerability
  CISEC:7774  Windows Network List Service Elevation of Privilege Vulnerability
  CISEC:7728  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7780  Windows Modules Installer Service Elevation of Privilege Vulnerability
  CISEC:7720  Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
  CISEC:7764  Windows Lockscreen Elevation of Privilege Vulnerability
  CISEC:7722  Windows Kernel Security Feature Bypass Vulnerability
  CISEC:7789  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7790  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7791  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7723  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7724  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7725  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7726  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7730  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7734  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7735  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7736  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7742  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7769  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7796  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7748  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7751  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7762  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7793  Windows Host Guardian Service Security Feature Bypass Vulnerability
  CISEC:7786  Windows GDI Information Disclosure Vulnerability
  CISEC:7714  Windows GDI Elevation of Privilege Vulnerability
  CISEC:7744  Windows GDI Elevation of Privilege Vulnerability
  CISEC:7747  Windows Feedback Hub Elevation of Privilege Vulnerability
  CISEC:7775  Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:7792  Windows Error Reporting Information Disclosure Vulnerability
  CISEC:7759  Windows Error Reporting Information Disclosure Vulnerability
  CISEC:7773  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7799  Windows Elevation of Privilege Vulnerability
  CISEC:7756  Windows Elevation of Privilege Vulnerability
  CISEC:7741  Windows Diagnostics & feedback Information Disclosure Vulnerability
  CISEC:7765  Windows Denial of Service Vulnerability
  CISEC:7767  Windows Bluetooth Service Elevation of Privilege Vulnerability
  CISEC:7753  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:7716  Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
  CISEC:7743  Win32k Information Disclosure Vulnerability
  CISEC:7732  Win32k Elevation of Privilege Vulnerability
  CISEC:7737  Win32k Elevation of Privilege Vulnerability
  CISEC:7739  Win32k Elevation of Privilege Vulnerability
  CISEC:7740  Win32k Elevation of Privilege Vulnerability
  CISEC:7770  Win32k Elevation of Privilege Vulnerability
  CISEC:7749  OpenSSH for Windows Elevation of Privilege Vulnerability
  CISEC:7772  OLE Automation Elevation of Privilege Vulnerability
  CISEC:7781  Microsoft Store Runtime Elevation of Privilege Vulnerability
  CISEC:7798  Microsoft Store Runtime Elevation of Privilege Vulnerability
  CISEC:7794  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7783  Media Foundation Memory Corruption Vulnerability
  CISEC:7771  Media Foundation Memory Corruption Vulnerability
  CISEC:7755  Media Foundation Information Disclosure Vulnerability
  CISEC:7729  LNK Remote Code Execution Vulnerability
  CISEC:7745  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7768  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7754  Group Policy Elevation of Privilege Vulnerability
  CISEC:7733  GDI+ Remote Code Execution Vulnerability
  CISEC:7721  DirectX Elevation of Privilege Vulnerability
  CISEC:7784  Connected User Experiences and Telemetry Service Denial of Service Vulnerability
  CISEC:7788  Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7761  Component Object Model Elevation of Privilege Vulnerability

2020-07-03  CISEC:7663  Vulnerability in Acronis True Image up to and including version 2017 Build 8053
  CISEC:7666  Untrusted search path vulnerability in Amazon Kindle before 1.19
  CISEC:7653  Microsoft Office Remote Code Execution Vulnerability

2020-06-12  CISEC:7576  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7585  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7590  Windows Task Scheduler Security Feature Bypass Vulnerability
  CISEC:7609  Windows Subsystem for Linux Information Disclosure Vulnerability
  CISEC:7619  Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:7564  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7584  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7596  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7599  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7600  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7602  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7603  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7604  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7606  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7617  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7618  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7558  Windows State Repository Service Elevation of Privilege Vulnerability
  CISEC:7569  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7578  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7591  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7594  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7605  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7611  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7613  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7623  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7560  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7561  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7552  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7555  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:7550  Windows Remote Code Execution Vulnerability
  CISEC:7620  Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
  CISEC:7551  Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7597  Windows Printer Service Elevation of Privilege Vulnerability
  CISEC:7607  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:7546  Windows Print Spooler Elevation of Privilege Vulnerability
  CISEC:7579  Windows Kernel Information Disclosure Vulnerability
  CISEC:7573  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7595  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7574  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7622  Windows Hyper-V Denial of Service Vulnerability
  CISEC:7554  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7588  Windows GDI Information Disclosure Vulnerability
  CISEC:7601  Windows GDI Information Disclosure Vulnerability
  CISEC:7548  Windows GDI Information Disclosure Vulnerability
  CISEC:7549  Windows GDI Information Disclosure Vulnerability
  CISEC:7570  Windows GDI Elevation of Privilege Vulnerability
  CISEC:7562  Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:7587  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7589  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7621  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7553  Windows Denial of Service Vulnerability
  CISEC:7608  Windows CSRSS Information Disclosure Vulnerability
  CISEC:7571  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:7565  Windows Clipboard Service Elevation of Privilege Vulnerability
  CISEC:7568  Windows Clipboard Service Elevation of Privilege Vulnerability
  CISEC:7556  Windows Clipboard Service Elevation of Privilege Vulnerability
  CISEC:7559  Windows Clipboard Service Elevation of Privilege Vulnerability
  CISEC:7592  Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
  CISEC:7598  Win32k Elevation of Privilege Vulnerability
  CISEC:7612  Win32k Elevation of Privilege Vulnerability
  CISEC:7580  Microsoft Windows Transport Layer Security Denial of Service Vulnerability
  CISEC:7567  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:7610  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:7547  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:7581  Microsoft Script Runtime Remote Code Execution Vulnerability
  CISEC:7582  Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:7615  Microsoft Color Management Remote Code Execution Vulnerability
  CISEC:7577  Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
  CISEC:7572  Media Foundation Memory Corruption Vulnerability
  CISEC:7583  Media Foundation Memory Corruption Vulnerability
  CISEC:7614  Media Foundation Memory Corruption Vulnerability
  CISEC:7557  Media Foundation Memory Corruption Vulnerability
  CISEC:7566  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7575  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7586  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7563  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7616  DirectX Elevation of Privilege Vulnerability
  CISEC:7593  Connected User Experiences and Telemetry Service Denial of Service Vulnerability
  CISEC:7545  Connected User Experiences and Telemetry Service Denial of Service Vulnerability

2020-05-29  CISEC:7516  Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:7515  VBScript Remote Code Execution Vulnerability
  CISEC:7513  Scripting Engine Memory Corruption Vulnerability
  CISEC:7518  Scripting Engine Memory Corruption Vulnerability
  CISEC:7519  Scripting Engine Memory Corruption Vulnerability
  CISEC:7506  Scripting Engine Memory Corruption Vulnerability
  CISEC:7507  Scripting Engine Memory Corruption Vulnerability
  CISEC:7508  Scripting Engine Memory Corruption Vulnerability
  CISEC:7512  Scripting Engine Memory Corruption Vulnerability
  CISEC:7509  Microsoft Edge Memory Corruption Vulnerability
  CISEC:7517  Internet Explorer Memory Corruption Vulnerability
  CISEC:7514  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:7510  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:7511  Chakra Scripting Engine Memory Corruption Vulnerability

2020-05-22  CISEC:7427  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7443  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7487  Windows Update Stack Elevation of Privilege Vulnerability
  CISEC:7488  Windows Token Security Feature Bypass Vulnerability
  CISEC:7455  Windows SMBv3 Client/Server Remote Code Execution Vulnerability
  CISEC:7480  Windows Scheduled Task Elevation of Privilege Vulnerability
  CISEC:7454  Windows Push Notification Service Information Disclosure Vulnerability
  CISEC:7436  Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7469  Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7482  Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7486  Windows Push Notification Service Elevation of Privilege Vulnerability
  CISEC:7426  Windows Kernel Information Disclosure Vulnerability
  CISEC:7493  Windows Kernel Information Disclosure Vulnerability
  CISEC:7477  Windows Kernel Information Disclosure in CPU Memory Access
  CISEC:7430  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7466  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7472  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7490  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7438  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:7428  Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:7464  Windows Hyper-V Elevation of Privilege Vulnerability
  CISEC:7424  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7437  Windows GDI Information Disclosure Vulnerability
  CISEC:7433  Windows Elevation of Privilege Vulnerability
  CISEC:7440  Windows Elevation of Privilege Vulnerability
  CISEC:7444  Windows Elevation of Privilege Vulnerability
  CISEC:7449  Windows Elevation of Privilege Vulnerability
  CISEC:7450  Windows Elevation of Privilege Vulnerability
  CISEC:7489  Windows Elevation of Privilege Vulnerability
  CISEC:7475  Windows DNS Denial of Service Vulnerability
  CISEC:7432  Windows Denial of Service Vulnerability
  CISEC:7452  Win32k Information Disclosure Vulnerability
  CISEC:7481  Win32k Information Disclosure Vulnerability
  CISEC:7445  Win32k Elevation of Privilege Vulnerability
  CISEC:7484  Win32k Elevation of Privilege Vulnerability
  CISEC:7491  Win32k Elevation of Privilege Vulnerability
  CISEC:7448  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:7483  Microsoft Windows Update Client Elevation of Privilege Vulnerability
  CISEC:7470  Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  CISEC:7447  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:7457  Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:7429  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7456  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7468  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7434  Media Foundation Memory Corruption Vulnerability
  CISEC:7446  Media Foundation Memory Corruption Vulnerability
  CISEC:7459  Media Foundation Memory Corruption Vulnerability
  CISEC:7431  Media Foundation Information Disclosure Vulnerability
  CISEC:7453  Media Foundation Information Disclosure Vulnerability
  CISEC:7461  Media Foundation Information Disclosure Vulnerability
  CISEC:7465  Media Foundation Information Disclosure Vulnerability
  CISEC:7471  Media Foundation Information Disclosure Vulnerability
  CISEC:7425  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7439  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7458  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7460  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7463  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7473  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7474  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7476  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7479  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7492  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:7451  GDI+ Remote Code Execution Vulnerability
  CISEC:7467  DirectX Elevation of Privilege Vulnerability
  CISEC:7478  DirectX Elevation of Privilege Vulnerability
  CISEC:7435  Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:7442  Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:7462  Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:7441  Adobe Font Manager Library Remote Code Execution Vulnerability
  CISEC:7485  Adobe Font Manager Library Remote Code Execution Vulnerability

2020-04-17  CISEC:7340  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7370  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7387  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7398  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7402  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7328  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7330  Windows Work Folder Service Elevation of Privilege Vulnerability
  CISEC:7374  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:7347  Windows UPnP Service Elevation of Privilege Vulnerability
  CISEC:7359  Windows UPnP Service Elevation of Privilege Vulnerability
  CISEC:7365  Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:7329  Windows Update Orchestrator Service Elevation of Privilege Vulnerability
  CISEC:7384  Windows Tile Object Service Denial of Service Vulnerability
  CISEC:7339  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7334  Windows Network List Service Elevation of Privilege Vulnerability
  CISEC:7364  Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
  CISEC:7350  Windows Network Connections Service Information Disclosure Vulnerability
  CISEC:7343  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7366  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7367  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7368  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7375  Windows Network Connections Service Elevation of Privilege Vulnerability
  CISEC:7338  Windows Modules Installer Service Information Disclosure Vulnerability
  CISEC:7381  Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
  CISEC:7344  Windows Language Pack Installer Elevation of Privilege Vulnerability
  CISEC:7327  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7361  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7377  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7395  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7400  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7333  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7385  Windows Imaging Component Information Disclosure Vulnerability
  CISEC:7341  Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:7355  Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:7358  Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:7331  Windows Hard Link Elevation of Privilege Vulnerability
  CISEC:7372  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:7342  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7383  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7369  Windows GDI Information Disclosure Vulnerability
  CISEC:7382  Windows GDI Information Disclosure Vulnerability
  CISEC:7389  Windows GDI Information Disclosure Vulnerability
  CISEC:7393  Windows GDI Information Disclosure Vulnerability
  CISEC:7337  Windows GDI Information Disclosure Vulnerability
  CISEC:7376  Windows Error Reporting Information Disclosure Vulnerability
  CISEC:7360  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7399  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7352  Windows Elevation of Privilege Vulnerability
  CISEC:7388  Windows Elevation of Privilege Vulnerability
  CISEC:7351  Windows Device Setup Manager Elevation of Privilege Vulnerability
  CISEC:7378  Windows Defender Security Center Elevation of Privilege Vulnerability
  CISEC:7379  Windows Defender Security Center Elevation of Privilege Vulnerability
  CISEC:7348  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:7401  Windows CSC Service Elevation of Privilege Vulnerability
  CISEC:7363  Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
  CISEC:7332  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:7357  Windows ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:7362  Windows ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:7391  Windows ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:7354  Win32k Information Disclosure Vulnerability
  CISEC:7349  Win32k Elevation of Privilege Vulnerability
  CISEC:7371  Win32k Elevation of Privilege Vulnerability
  CISEC:7336  Win32k Elevation of Privilege Vulnerability
  CISEC:7386  Provisioning Runtime Elevation of Privilege Vulnerability
  CISEC:7373  Microsoft IIS Server Tampering Vulnerability
  CISEC:7380  Media Foundation Memory Corruption Vulnerability
  CISEC:7392  Media Foundation Memory Corruption Vulnerability
  CISEC:7394  Media Foundation Memory Corruption Vulnerability
  CISEC:7335  Media Foundation Memory Corruption Vulnerability
  CISEC:7353  Media Foundation Information Disclosure Vulnerability
  CISEC:7346  LNK Remote Code Execution Vulnerability
  CISEC:7396  GDI+ Remote Code Execution Vulnerability
  CISEC:7397  GDI+ Remote Code Execution Vulnerability
  CISEC:7390  DirectX Elevation of Privilege Vulnerability
  CISEC:7356  Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
  CISEC:7345  Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

2020-04-05  CVE-2019-20781  oval:com.altx-soft.win:def:68524: Vulnerability in LG Bridge before 1.2.54

2020-03-27  CISEC:7274  Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a heap corruption vulnerability

2020-03-20  CISEC:7273  Multiple vulnerabilities on Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier
  CISEC:7271  Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier.
  CISEC:7270  Internet Explorer Memory Corruption Vulnerability

2020-03-13  CISEC:7212  Windows Wireless Network Manager Elevation of Privilege Vulnerability
  CISEC:7253  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:7243  Windows SSH Elevation of Privilege Vulnerability
  CISEC:7193  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7217  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7247  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7264  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7219  Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:7203  Windows Remote Code Execution Vulnerability
  CISEC:7258  Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
  CISEC:7210  Windows Modules Installer Service Information Disclosure Vulnerability
  CISEC:7194  Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7202  Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7205  Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7228  Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7239  Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7251  Windows Key Isolation Service Information Disclosure Vulnerability
  CISEC:7265  Windows Kernel Information Disclosure Vulnerability
  CISEC:7192  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7215  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7245  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7249  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7261  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:7197  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7263  Windows Installer Elevation of Privilege Vulnerability
  CISEC:7240  Windows Information Disclosure Vulnerability
  CISEC:7188  Windows IME Elevation of Privilege Vulnerability
  CISEC:7241  Windows Imaging Library Remote Code Execution Vulnerability
  CISEC:7196  Windows Hyper-V Denial of Service Vulnerability
  CISEC:7227  Windows Hyper-V Denial of Service Vulnerability
  CISEC:7201  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7222  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7250  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:7208  Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:7254  Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:7257  Windows Function Discovery Service Elevation of Privilege Vulnerability
  CISEC:7237  Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:7252  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7260  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:7207  Windows Elevation of Privilege Vulnerability
  CISEC:7226  Windows Elevation of Privilege Vulnerability
  CISEC:7191  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:7214  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:7231  Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:7259  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:7262  Windows COM Server Elevation of Privilege Vulnerability
  CISEC:7195  Windows Client License Service Elevation of Privilege Vulnerability
  CISEC:7206  Windows Backup Service Elevation of Privilege Vulnerability
  CISEC:7233  Win32k Information Disclosure Vulnerability
  CISEC:7235  Win32k Information Disclosure Vulnerability
  CISEC:7198  Win32k Elevation of Privilege Vulnerability
  CISEC:7199  Win32k Elevation of Privilege Vulnerability
  CISEC:7204  Win32k Elevation of Privilege Vulnerability
  CISEC:7211  Win32k Elevation of Privilege Vulnerability
  CISEC:7218  Win32k Elevation of Privilege Vulnerability
  CISEC:7221  Win32k Elevation of Privilege Vulnerability
  CISEC:7223  Win32k Elevation of Privilege Vulnerability
  CISEC:7225  Win32k Elevation of Privilege Vulnerability
  CISEC:7242  Win32k Elevation of Privilege Vulnerability
  CISEC:7244  Win32k Elevation of Privilege Vulnerability
  CISEC:7216  Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:7232  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:7255  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:7229  Microsoft Secure Boot Security Feature Bypass Vulnerability
  CISEC:7234  Microsoft Graphics Components Information Disclosure Vulnerability
  CISEC:7213  Media Foundation Memory Corruption Vulnerability
  CISEC:7236  LNK Remote Code Execution Vulnerability
  CISEC:7190  DirectX Information Disclosure Vulnerability
  CISEC:7189  DirectX Elevation of Privilege Vulnerability
  CISEC:7209  DirectX Elevation of Privilege Vulnerability
  CISEC:7266  Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
  CISEC:7200  Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7224  Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7238  Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7246  Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7248  Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7256  Connected Devices Platform Service Elevation of Privilege Vulnerability
  CISEC:7220  Active Directory Elevation of Privilege Vulnerability

2020-03-06  CISEC:7174  Brackets versions 1.14 and earlier have a command injection vulnerability

2020-02-28  CISEC:7173  Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability

2020-02-21  CISEC:7160  VBScript Remote Code Execution Vulnerability
  CISEC:7164  Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier.
  CISEC:7162  Microsoft Browser Spoofing Vulnerability
  CISEC:7163  Microsoft Browser Security Feature Bypass Vulnerability
  CISEC:7161  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:7158  Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability
  CISEC:7157  Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability

2020-02-14  CISEC:7138  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:7128  Windows Security Feature Bypass Vulnerability
  CISEC:7122  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7124  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7135  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7136  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7137  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7139  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7142  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7146  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7148  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7149  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7154  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7155  Windows Search Indexer Elevation of Privilege Vulnerability
  CISEC:7133  Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
  CISEC:7134  Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
  CISEC:7151  Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
  CISEC:7145  Windows GDI+ Information Disclosure Vulnerability
  CISEC:7125  Windows Elevation of Privilege Vulnerability
  CISEC:7152  Windows Elevation of Privilege Vulnerability
  CISEC:7156  Windows CryptoAPI Spoofing Vulnerability
  CISEC:7143  Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:7144  Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:7132  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:7121  Win32k Information Disclosure Vulnerability
  CISEC:7123  Win32k Elevation of Privilege Vulnerability
  CISEC:7130  Win32k Elevation of Privilege Vulnerability
  CISEC:7147  Update Notification Manager Elevation of Privilege Vulnerability
  CISEC:7126  Remote Desktop Web Access Information Disclosure Vulnerability
  CISEC:7140  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:7150  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:7129  Microsoft Windows Denial of Service Vulnerability
  CISEC:7153  Microsoft Graphics Components Information Disclosure Vulnerability
  CISEC:7141  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:7127  Microsoft Cryptographic Services Elevation of Privilege Vulnerability
  CISEC:7131  Hyper-V Denial of Service Vulnerability

2020-01-17  CISEC:6833  Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:6830  Windows Printer Service Elevation of Privilege Vulnerability
  CISEC:6836  Windows OLE Remote Code Execution Vulnerability
  CISEC:6828  Windows Media Player Information Disclosure Vulnerability
  CISEC:6829  Windows Media Player Information Disclosure Vulnerability
  CISEC:6840  Windows Kernel Information Disclosure Vulnerability
  CISEC:6842  Windows Kernel Information Disclosure Vulnerability
  CISEC:6844  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6839  Windows Hyper-V Information Disclosure Vulnerability
  CISEC:6826  Windows GDI Information Disclosure Vulnerability
  CISEC:6831  Windows GDI Information Disclosure Vulnerability
  CISEC:6834  Windows GDI Information Disclosure Vulnerability
  CISEC:6832  Windows Elevation of Privilege Vulnerability
  CISEC:6835  Windows Elevation of Privilege Vulnerability
  CISEC:6838  Windows COM Server Elevation of Privilege Vulnerability
  CISEC:6827  Win32k Information Disclosure Vulnerability
  CISEC:6843  Win32k Graphics Remote Code Execution Vulnerability
  CISEC:6841  Win32k Elevation of Privilege Vulnerability
  CISEC:6837  Microsoft Defender Security Feature Bypass Vulnerability

2019-12-20  CISEC:6767  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:6770  Windows UPnP Service Elevation of Privilege Vulnerability
  CISEC:6778  Windows TCP/IP Information Disclosure Vulnerability
  CISEC:6788  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6780  Windows Remote Procedure Call Information Disclosure Vulnerability
  CISEC:6781  Windows Modules Installer Service Information Disclosure Vulnerability
  CISEC:6760  Windows Kernel Information Disclosure Vulnerability
  CISEC:6758  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6763  Windows Installer Elevation of Privilege Vulnerability
  CISEC:6739  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6743  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6772  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6750  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6786  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6793  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6794  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6755  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6746  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6756  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6773  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6789  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:6792  Windows GDI Information Disclosure Vulnerability
  CISEC:6764  Windows Error Reporting Information Disclosure Vulnerability
  CISEC:6740  Windows Elevation of Privilege Vulnerability
  CISEC:6748  Windows Elevation of Privilege Vulnerability
  CISEC:6759  Windows Elevation of Privilege Vulnerability
  CISEC:6742  Windows Denial of Service Vulnerability
  CISEC:6768  Windows Denial of Service Vulnerability
  CISEC:6745  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6757  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6782  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6777  Windows Certificate Dialog Elevation of Privilege Vulnerability
  CISEC:6741  Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
  CISEC:6752  Win32k Information Disclosure Vulnerability
  CISEC:6754  Win32k Information Disclosure Vulnerability
  CISEC:6747  Win32k Graphics Remote Code Execution Vulnerability
  CISEC:6753  Win32k Elevation of Privilege Vulnerability
  CISEC:6744  Win32k Elevation of Privilege Vulnerability
  CISEC:6761  Win32k Elevation of Privilege Vulnerability
  CISEC:6762  Win32k Elevation of Privilege Vulnerability
  CISEC:6769  Win32k Elevation of Privilege Vulnerability
  CISEC:6790  Win32k Elevation of Privilege Vulnerability
  CISEC:6749  OpenType Font Parsing Remote Code Execution Vulnerability
  CISEC:6784  OpenType Font Parsing Remote Code Execution Vulnerability
  CISEC:6771  OpenType Font Driver Information Disclosure Vulnerability
  CISEC:6785  NetLogon Security Feature Bypass Vulnerability
  CISEC:6812  Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497...
  CISEC:6815  Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and...
  CISEC:6814  Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier.
  CISEC:6810  Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier.
  CISEC:6791  Microsoft Windows Security Feature Bypass Vulnerability
  CISEC:6774  Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  CISEC:6775  Microsoft Windows Information Disclosure Vulnerability
  CISEC:6783  Microsoft splwow64 Elevation of Privilege Vulnerability
  CISEC:6779  Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability
  CISEC:6776  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6751  Hyper-V Remote Code Execution Vulnerability
  CISEC:6787  Hyper-V Remote Code Execution Vulnerability
  CISEC:6765  DirectWrite Information Disclosure Vulnerability
  CISEC:6766  DirectWrite Information Disclosure Vulnerability

2019-12-06  CISEC:6648  XmlLite Runtime Denial of Service Vulnerability
  CISEC:6534  Winlogon Elevation of Privilege Vulnerability
  CISEC:6505  Windows WLAN Service Elevation of Privilege Vulnerability
  CISEC:6523  Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:6524  Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:6641  Windows User Profile Service Elevation of Privilege Vulnerability
  CISEC:6392  Windows Update Delivery Optimization Elevation of Privilege Vulnerability
  CISEC:6611  Windows Update Client Information Disclosure Vulnerability
  CISEC:6513  Windows Transaction Manager Information Disclosure Vulnerability
  CISEC:6649  Windows Text Service Framework Elevation of Privilege Vulnerability
  CISEC:6607  Windows TCP/IP Information Disclosure Vulnerability
  CISEC:6516  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6553  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6558  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6408  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6581  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6637  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:6554  Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:6664  Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:6450  Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:6565  Windows SMB Information Disclosure Vulnerability
  CISEC:6667  Windows SMB Information Disclosure Vulnerability
  CISEC:6631  Windows SMB Information Disclosure Vulnerability
  CISEC:6633  Windows SMB Client Driver Information Disclosure Vulnerability
  CISEC:6466  Windows Shell Elevation of Privilege Vulnerability
  CISEC:6477  Windows Security Feature Bypass Vulnerability
  CISEC:6418  Windows Secure Kernel Mode Security Feature Bypass Vulnerability
  CISEC:6374  Windows Secure Boot Security Feature Bypass Vulnerability
  CISEC:6398  Windows Secure Boot Security Feature Bypass Vulnerability
  CISEC:6635  Windows RPCSS Elevation of Privilege Vulnerability
  CISEC:6416  Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:6645  Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:6679  Windows Remote Code Execution Vulnerability
  CISEC:6675  Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
  CISEC:6356  Windows Print Spooler Information Disclosure Vulnerability
  CISEC:6445  Windows Power Service Elevation of Privilege Vulnerability
  CISEC:6414  Windows OLE Remote Code Execution Vulnerability
  CISEC:6542  Windows NTLM Tampering Vulnerability
  CISEC:6455  Windows NTLM Tampering Vulnerability
  CISEC:6647  Windows NTLM Security Feature Bypass Vulnerability
  CISEC:6357  Windows NTFS Elevation of Privilege Vulnerability
  CISEC:6629  Windows Network File System Elevation of Privilege Vulnerability
  CISEC:6555  Windows Network Connectivity Assistant Elevation of Privilege Vulnerability
  CISEC:6578  Windows NDIS Elevation of Privilege Vulnerability
  CISEC:6351  Windows Media Elevation of Privilege Vulnerability
  CISEC:6529  Windows Kernel Information Disclosure Vulnerability
  CISEC:6559  Windows Kernel Information Disclosure Vulnerability
  CISEC:6564  Windows Kernel Information Disclosure Vulnerability
  CISEC:6697  Windows Kernel Information Disclosure Vulnerability
  CISEC:6346  Windows Kernel Information Disclosure Vulnerability
  CISEC:6349  Windows Kernel Information Disclosure Vulnerability
  CISEC:6375  Windows Kernel Information Disclosure Vulnerability
  CISEC:6684  Windows Kernel Information Disclosure Vulnerability
  CISEC:6688  Windows Kernel Information Disclosure Vulnerability
  CISEC:6402  Windows Kernel Information Disclosure Vulnerability
  CISEC:6425  Windows Kernel Information Disclosure Vulnerability
  CISEC:6470  Windows Kernel Information Disclosure Vulnerability
  CISEC:6473  Windows Kernel Information Disclosure Vulnerability
  CISEC:6573  Windows Kernel Information Disclosure Vulnerability
  CISEC:6574  Windows Kernel Information Disclosure Vulnerability
  CISEC:6626  Windows Kernel Information Disclosure Vulnerability
  CISEC:6651  Windows Kernel Information Disclosure Vulnerability
  CISEC:6541  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6545  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6696  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6662  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6478  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6602  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6660  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:6652  Windows IOleCvt Interface Remote Code Execution Vulnerability
  CISEC:6381  Windows Installer Elevation of Privilege Vulnerability
  CISEC:6501  Windows Information Disclosure Vulnerability
  CISEC:6400  Windows Information Disclosure Vulnerability
  CISEC:6597  Windows Information Disclosure Vulnerability
  CISEC:6487  Windows Imaging API Remote Code Execution Vulnerability
  CISEC:6539  Windows Image Elevation of Privilege Vulnerability
  CISEC:6405  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6439  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6440  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6615  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6517  Windows Hyper-V Information Disclosure Vulnerability
  CISEC:6677  Windows Hyper-V Information Disclosure Vulnerability
  CISEC:6590  Windows Hyper-V Information Disclosure Vulnerability
  CISEC:6494  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6480  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6515  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6531  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6543  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6666  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6436  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6458  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6606  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6571  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6625  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6636  Windows Hyper-V Denial of Service Vulnerability
  CISEC:6486  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:6444  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:6658  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:6481  Windows GDI Information Disclosure Vulnerability
  CISEC:6511  Windows GDI Information Disclosure Vulnerability
  CISEC:6532  Windows GDI Information Disclosure Vulnerability
  CISEC:6546  Windows GDI Information Disclosure Vulnerability
  CISEC:6548  Windows GDI Information Disclosure Vulnerability
  CISEC:6557  Windows GDI Information Disclosure Vulnerability
  CISEC:6693  Windows GDI Information Disclosure Vulnerability
  CISEC:6342  Windows GDI Information Disclosure Vulnerability
  CISEC:6343  Windows GDI Information Disclosure Vulnerability
  CISEC:6347  Windows GDI Information Disclosure Vulnerability
  CISEC:6348  Windows GDI Information Disclosure Vulnerability
  CISEC:6358  Windows GDI Information Disclosure Vulnerability
  CISEC:6360  Windows GDI Information Disclosure Vulnerability
  CISEC:6370  Windows GDI Information Disclosure Vulnerability
  CISEC:6371  Windows GDI Information Disclosure Vulnerability
  CISEC:6377  Windows GDI Information Disclosure Vulnerability
  CISEC:6383  Windows GDI Information Disclosure Vulnerability
  CISEC:6661  Windows GDI Information Disclosure Vulnerability
  CISEC:6678  Windows GDI Information Disclosure Vulnerability
  CISEC:6399  Windows GDI Information Disclosure Vulnerability
  CISEC:6394  Windows GDI Information Disclosure Vulnerability
  CISEC:6419  Windows GDI Information Disclosure Vulnerability
  CISEC:6427  Windows GDI Information Disclosure Vulnerability
  CISEC:6446  Windows GDI Information Disclosure Vulnerability
  CISEC:6467  Windows GDI Information Disclosure Vulnerability
  CISEC:6476  Windows GDI Information Disclosure Vulnerability
  CISEC:6604  Windows GDI Information Disclosure Vulnerability
  CISEC:6579  Windows GDI Information Disclosure Vulnerability
  CISEC:6585  Windows GDI Information Disclosure Vulnerability
  CISEC:6598  Windows GDI Information Disclosure Vulnerability
  CISEC:6601  Windows GDI Information Disclosure Vulnerability
  CISEC:6475  Windows File Signature Security Feature Bypass Vulnerability
  CISEC:6685  Windows Event Viewer Information Disclosure Vulnerability
  CISEC:6484  Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:6376  Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:6397  Windows Error Reporting Manager Elevation of Privilege Vulnerability
  CISEC:6550  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:6412  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:6420  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:6492  Windows Elevation of Privilege Vulnerability
  CISEC:6485  Windows Elevation of Privilege Vulnerability
  CISEC:6504  Windows Elevation of Privilege Vulnerability
  CISEC:6525  Windows Elevation of Privilege Vulnerability
  CISEC:6535  Windows Elevation of Privilege Vulnerability
  CISEC:6552  Windows Elevation of Privilege Vulnerability
  CISEC:6563  Windows Elevation of Privilege Vulnerability
  CISEC:6568  Windows Elevation of Privilege Vulnerability
  CISEC:6698  Windows Elevation of Privilege Vulnerability
  CISEC:6350  Windows Elevation of Privilege Vulnerability
  CISEC:6355  Windows Elevation of Privilege Vulnerability
  CISEC:6422  Windows Elevation of Privilege Vulnerability
  CISEC:6429  Windows Elevation of Privilege Vulnerability
  CISEC:6431  Windows Elevation of Privilege Vulnerability
  CISEC:6432  Windows Elevation of Privilege Vulnerability
  CISEC:6452  Windows Elevation of Privilege Vulnerability
  CISEC:6462  Windows Elevation of Privilege Vulnerability
  CISEC:6468  Windows Elevation of Privilege Vulnerability
  CISEC:6474  Windows Elevation of Privilege Vulnerability
  CISEC:6582  Windows Elevation of Privilege Vulnerability
  CISEC:6583  Windows Elevation of Privilege Vulnerability
  CISEC:6612  Windows Elevation of Privilege Vulnerability
  CISEC:6627  Windows Elevation of Privilege Vulnerability
  CISEC:6654  Windows Elevation of Privilege Vulnerability
  CISEC:6655  Windows Elevation of Privilege Vulnerability
  CISEC:6407  Windows dnsrlvr.dll Elevation of Privilege Vulnerability
  CISEC:6691  Windows DNS Server Denial of Service Vulnerability
  CISEC:6561  Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:6417  Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:6457  Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:6521  Windows DHCP Server Denial of Service Vulnerability
  CISEC:6442  Windows DHCP Server Denial of Service Vulnerability
  CISEC:6522  Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:6361  Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:6384  Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:6593  Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:6368  Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
  CISEC:6490  Windows Denial of Service Vulnerability
  CISEC:6530  Windows Denial of Service Vulnerability
  CISEC:6676  Windows Denial of Service Vulnerability
  CISEC:6409  Windows Denial of Service Vulnerability
  CISEC:6646  Windows Denial of Service Vulnerability
  CISEC:6656  Windows Denial of Service Vulnerability
  CISEC:6586  Windows CSRSS Elevation of Privilege Vulnerability
  CISEC:6639  Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:6533  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:6682  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:6464  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:6617  Windows Code Integrity Module Information Disclosure Vulnerability
  CISEC:6488  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6506  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6556  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6672  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6438  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6471  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6589  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6592  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6596  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6616  Windows Audio Service Elevation of Privilege Vulnerability
  CISEC:6495  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:6472  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:6584  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:6650  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:6387  Windows ActiveX Remote Code Execution Vulnerability
  CISEC:6500  Win32k Information Disclosure Vulnerability
  CISEC:6518  Win32k Information Disclosure Vulnerability
  CISEC:6372  Win32k Information Disclosure Vulnerability
  CISEC:6603  Win32k Information Disclosure Vulnerability
  CISEC:6498  Win32k Elevation of Privilege Vulnerability
  CISEC:6537  Win32k Elevation of Privilege Vulnerability
  CISEC:6544  Win32k Elevation of Privilege Vulnerability
  CISEC:6547  Win32k Elevation of Privilege Vulnerability
  CISEC:6369  Win32k Elevation of Privilege Vulnerability
  CISEC:6388  Win32k Elevation of Privilege Vulnerability
  CISEC:6663  Win32k Elevation of Privilege Vulnerability
  CISEC:6683  Win32k Elevation of Privilege Vulnerability
  CISEC:6396  Win32k Elevation of Privilege Vulnerability
  CISEC:6390  Win32k Elevation of Privilege Vulnerability
  CISEC:6428  Win32k Elevation of Privilege Vulnerability
  CISEC:6461  Win32k Elevation of Privilege Vulnerability
  CISEC:6594  Win32k Elevation of Privilege Vulnerability
  CISEC:6618  Win32k Elevation of Privilege Vulnerability
  CISEC:6624  Win32k Elevation of Privilege Vulnerability
  CISEC:6332  VBScript Remote Code Execution Vulnerability
  CISEC:6327  VBScript Remote Code Execution Vulnerability
  CISEC:6344  Unified Write Filter Elevation of Privilege Vulnerability
  CISEC:6680  Task Scheduler Elevation of Privilege Vulnerability
  CISEC:6634  SymCrypt Information Disclosure Vulnerability
  CISEC:6395  SymCrypt Denial of Service Vulnerability
  CISEC:6512  Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6671  Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6674  Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6435  Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6572  Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6580  Remote Desktop Services Remote Code Execution Vulnerability
  CISEC:6441  Remote Desktop Protocol Server Information Disclosure Vulnerability
  CISEC:6642  Remote Desktop Protocol Server Information Disclosure Vulnerability
  CISEC:6577  Remote Desktop Protocol Client Information Disclosure Vulnerability
  CISEC:6378  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6690  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6595  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6628  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6643  Remote Desktop Client Remote Code Execution Vulnerability
  CISEC:6367  OLE Automation Remote Code Execution Vulnerability
  CISEC:6493  MS XML Remote Code Execution Vulnerability
  CISEC:6527  MS XML Remote Code Execution Vulnerability
  CISEC:6694  MS XML Remote Code Execution Vulnerability
  CISEC:6665  MS XML Remote Code Execution Vulnerability
  CISEC:6668  MS XML Remote Code Execution Vulnerability
  CISEC:6411  MS XML Remote Code Execution Vulnerability
  CISEC:6469  MS XML Remote Code Execution Vulnerability
  CISEC:6576  MS XML Remote Code Execution Vulnerability
  CISEC:6502  Microsoft Windows Update Client Elevation of Privilege Vulnerability
  CISEC:6519  Microsoft Windows Update Client Elevation of Privilege Vulnerability
  CISEC:6386  Microsoft Windows Transport Layer Security Spoofing Vulnerability
  CISEC:6352  Microsoft Windows Store Installer Elevation of Privilege Vulnerability
  CISEC:6423  Microsoft Windows Security Feature Bypass Vulnerability
  CISEC:6456  Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability
  CISEC:6497  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6499  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6669  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6591  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6614  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6653  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6659  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:6562  Microsoft Windows Denial of Service Vulnerability
  CISEC:6608  Microsoft Windows CloudStore Elevation of Privilege Vulnerability
  CISEC:6569  Microsoft unistore.dll Information Disclosure Vulnerability
  CISEC:6620  Microsoft splwow64 Elevation of Privilege Vulnerability
  CISEC:6587  Microsoft Speech API Remote Code Execution Vulnerability
  CISEC:6599  Microsoft IIS Server Elevation of Privilege Vulnerability
  CISEC:6345  Microsoft IIS Server Denial of Service Vulnerability
  CISEC:6538  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:6540  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:6363  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:6403  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:6373  Microsoft Graphics Components Information Disclosure Vulnerability
  CISEC:6681  Microsoft Graphics Components Information Disclosure Vulnerability
  CISEC:6453  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:6382  Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability
  CISEC:6424  Local Security Authority Subsystem Service Denial of Service Vulnerability
  CISEC:6508  LNK Remote Code Execution Vulnerability
  CISEC:6401  LNK Remote Code Execution Vulnerability
  CISEC:6496  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6482  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6503  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6507  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6520  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6536  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6560  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6695  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6353  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6364  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6379  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6380  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6670  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6673  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6687  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6692  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6391  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6393  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6404  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6413  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6426  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6433  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6434  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6437  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6448  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6449  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6451  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6465  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6479  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6605  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6575  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6588  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6600  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6613  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6619  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6621  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6630  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6632  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6640  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6644  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6329  Internet Explorer Memory Corruption Vulnerability
  CISEC:6389  Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:6354  Hyper-V Remote Code Execution Vulnerability
  CISEC:6489  Hyper-V Information Disclosure Vulnerability
  CISEC:6514  HTTP/2 Server Denial of Service Vulnerability
  CISEC:6366  HTTP/2 Server Denial of Service Vulnerability
  CISEC:6430  HTTP/2 Server Denial of Service Vulnerability
  CISEC:6460  HTTP/2 Server Denial of Service Vulnerability
  CISEC:6610  HTTP/2 Server Denial of Service Vulnerability
  CISEC:6362  GDI+ Remote Code Execution Vulnerability
  CISEC:6447  GDI+ Remote Code Execution Vulnerability
  CISEC:6609  GDI+ Remote Code Execution Vulnerability
  CISEC:6567  DirectX Information Disclosure Vulnerability
  CISEC:6463  DirectX Information Disclosure Vulnerability
  CISEC:6406  DirectX Elevation of Privilege Vulnerability
  CISEC:6443  DirectX Elevation of Privilege Vulnerability
  CISEC:6459  DirectX Elevation of Privilege Vulnerability
  CISEC:6638  DirectX Elevation of Privilege Vulnerability
  CISEC:6491  DirectWrite Remote Code Execution Vulnerability
  CISEC:6526  DirectWrite Remote Code Execution Vulnerability
  CISEC:6551  DirectWrite Remote Code Execution Vulnerability
  CISEC:6686  DirectWrite Remote Code Execution Vulnerability
  CISEC:6410  DirectWrite Remote Code Execution Vulnerability
  CISEC:6415  DirectWrite Remote Code Execution Vulnerability
  CISEC:6421  DirectWrite Remote Code Execution Vulnerability
  CISEC:6454  DirectWrite Remote Code Execution Vulnerability
  CISEC:6623  DirectWrite Remote Code Execution Vulnerability
  CISEC:6657  DirectWrite Remote Code Execution Vulnerability
  CISEC:6528  DirectWrite Information Disclosure Vulnerability
  CISEC:6549  DirectWrite Information Disclosure Vulnerability
  CISEC:6566  DirectWrite Information Disclosure Vulnerability
  CISEC:6570  DirectWrite Information Disclosure Vulnerability
  CISEC:6622  DirectWrite Information Disclosure Vulnerability
  CISEC:6483  ADFS Security Feature Bypass Vulnerability
  CISEC:6359  ADFS Security Feature Bypass Vulnerability
  CISEC:6689  ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
  CISEC:6510  Active Directory Federation Services XSS Vulnerability
  CISEC:6385  Active Directory Elevation of Privilege Vulnerability

2019-07-26  CVE-2019-13962  VLC avcodec picture copy heap-buffer-overflow

2019-03-29  CISEC:5972  Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:5996  Windows Theme API Remote Code Execution Vulnerability
  CISEC:5926  Windows TCP/IP Information Disclosure Vulnerability
  CISEC:5968  Windows Subsystem for Linux Information Disclosure Vulnerability
  CISEC:5986  Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:5935  Windows Storage Service Elevation of Privilege Vulnerability
  CISEC:5980  Windows SMB Remote Code Execution Vulnerability
  CISEC:5920  Windows SMB Remote Code Execution Vulnerability
  CISEC:6005  Windows Shell Remote Code Execution Vulnerability
  CISEC:5994  Windows Security Feature Bypass Vulnerability
  CISEC:5997  Windows Security Feature Bypass Vulnerability
  CISEC:5919  Windows Security Feature Bypass Vulnerability
  CISEC:5924  Windows Security Feature Bypass Vulnerability
  CISEC:5923  Windows Search Remote Code Execution Vulnerability
  CISEC:5984  Windows Runtime Elevation of Privilege Vulnerability
  CISEC:5948  Windows Remote Code Execution Vulnerability
  CISEC:5918  Windows Registry Elevation of Privilege Vulnerability
  CISEC:5929  Windows Media Player Information Disclosure Vulnerability
  CISEC:5932  Windows Media Player Information Disclosure Vulnerability
  CISEC:5946  Windows Kernel Information Disclosure Vulnerability
  CISEC:5947  Windows Kernel Information Disclosure Vulnerability
  CISEC:5965  Windows Kernel Information Disclosure Vulnerability
  CISEC:5981  Windows Kernel Information Disclosure Vulnerability
  CISEC:5992  Windows Kernel Information Disclosure Vulnerability
  CISEC:6015  Windows Kernel Information Disclosure Vulnerability
  CISEC:6020  Windows Kernel Information Disclosure Vulnerability
  CISEC:5917  Windows Kernel Information Disclosure Vulnerability
  CISEC:5921  Windows Kernel Information Disclosure Vulnerability
  CISEC:5930  Windows Kernel Information Disclosure Vulnerability
  CISEC:5944  Windows Kernel Information Disclosure Vulnerability
  CISEC:6016  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5928  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5937  Windows Information Disclosure Vulnerability
  CISEC:5950  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5956  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5958  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:6004  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5931  Windows Hyper-V Information Disclosure Vulnerability
  CISEC:5961  Windows Hyper-V Denial of Service Vulnerability
  CISEC:5951  Windows GDI Information Disclosure Vulnerability
  CISEC:5964  Windows GDI Information Disclosure Vulnerability
  CISEC:5974  Windows GDI Information Disclosure Vulnerability
  CISEC:5975  Windows GDI Information Disclosure Vulnerability
  CISEC:5976  Windows GDI Information Disclosure Vulnerability
  CISEC:5998  Windows GDI Information Disclosure Vulnerability
  CISEC:5940  Windows GDI Information Disclosure Vulnerability
  CISEC:5941  Windows GDI Information Disclosure Vulnerability
  CISEC:5973  Windows Elevation of Privilege Vulnerability
  CISEC:5991  Windows Elevation Of Privilege Vulnerability
  CISEC:5988  Windows DNS Server Heap Overflow Vulnerability
  CISEC:5957  Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:6011  Windows DHCP Client Remote Code Execution Vulnerability
  CISEC:5915  Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
  CISEC:5967  Windows Denial of Service Vulnerability
  CISEC:5916  Windows Denial of Service Vulnerability
  CISEC:5970  Windows Defender Firewall Security Feature Bypass Vulnerability
  CISEC:5977  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6009  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:6014  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:5938  Windows Data Sharing Service Elevation of Privilege Vulnerability
  CISEC:5966  Windows COM Elevation of Privilege Vulnerability
  CISEC:5922  Windows COM Elevation of Privilege Vulnerability
  CISEC:5983  Windows Code Integrity Module Denial of Service Vulnerability
  CISEC:5979  Win32k Information Disclosure Vulnerability
  CISEC:5993  Win32k Information Disclosure Vulnerability
  CISEC:6003  Win32k Information Disclosure Vulnerability
  CISEC:5989  Win32k Elevation of Privilege Vulnerability
  CISEC:5990  Win32k Elevation of Privilege Vulnerability
  CISEC:6008  Win32k Elevation of Privilege Vulnerability
  CISEC:6021  Win32k Elevation of Privilege Vulnerability
  CISEC:5934  Win32k Elevation of Privilege Vulnerability
  CISEC:6012  Remote Procedure Call runtime Information Disclosure Vulnerability
  CISEC:5927  Remote Procedure Call runtime Information Disclosure Vulnerability
  CISEC:5995  MS XML Remote Code Execution Vulnerability
  CISEC:5969  Microsoft XmlDocument Elevation of Privilege Vulnerability
  CISEC:5943  Microsoft Windows Elevation of Privilege Vulnerability
  CISEC:5982  Microsoft Text-To-Speech Remote Code Execution Vulnerability
  CISEC:5999  Microsoft JScript Security Feature Bypass Vulnerability
  CISEC:5945  Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:5978  Microsoft Graphics Components Remote Code Execution Vulnerability
  CISEC:6013  Microsoft Filter Manager Elevation Of Privilege Vulnerability
  CISEC:6007  Microsoft Cortana Elevation of Privilege Vulnerability
  CISEC:5952  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5953  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5955  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5959  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5960  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5963  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5985  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6000  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6001  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6006  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:6010  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5914  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5925  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5939  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5942  Jet Database Engine Remote Code Execution Vulnerability
  CISEC:5954  HID Information Disclosure Vulnerability
  CISEC:5987  HID Information Disclosure Vulnerability
  CISEC:6018  GDI+ Remote Code Execution Vulnerability
  CISEC:6019  GDI+ Remote Code Execution Vulnerability
  CISEC:6002  DirectX Information Disclosure Vulnerability
  CISEC:5949  DirectX Elevation of Privilege Vulnerability
  CISEC:5962  DirectX Elevation of Privilege Vulnerability
  CISEC:6017  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5936  Cortana Elevation of Privilege Vulnerability
  CISEC:5971  Connected User Experiences and Telemetry Service Denial of Service Vulnerability
  CISEC:5933  Active Directory Federation Services XSS Vulnerability

2019-01-11  CISEC:5860  Vulnerability

2018-12-21  CISEC:5856  Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows 81, Windows 7, Windows Server 2019
  CISEC:5858  Microsoft Outlook Remote Code Execution Vulnerability This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576
  CISEC:5854  DirectX Information Disclosure Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows 81, Windows Server 2008 R2
  CISEC:5853  DirectX Elevation of Privilege Vulnerability This affects Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 81, Windows 10, Windows 10 Servers This CVE ID is...
  CISEC:5855  Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557,...

2018-12-14  CISEC:5838  Windows Win32k Elevation of Privilege Vulnerability This affects Windows Server 2008, Windows 7, Windows Server 2008 R2
  CISEC:5840  Windows Audio Service Information Disclosure Vulnerability This affects Windows 10 Servers, Windows 10, Windows Server 2019
  CISEC:5841  Windows ALPC Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers
  CISEC:5835  Vulnerability
  CISEC:5837  MS XML Remote Code Execution Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 81, Windows Server 2016, Windows Server...
  CISEC:5836  Microsoft Edge Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8509
  CISEC:5839  Microsoft Edge Elevation of Privilege Vulnerability This affects Microsoft Edge
  CISEC:5842  Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556,...

2018-12-07  CISEC:5823  Windows GDI Information Disclosure Vulnerability
  CISEC:5825  Win32k Elevation of Privilege Vulnerability
  CISEC:5826  NTFS Elevation of Privilege Vulnerability
  CISEC:5833  Linux On Windows Elevation Of Privilege Vulnerability
  CISEC:5832  DirectX Information Disclosure Vulnerability
  CISEC:5834  DirectX Information Disclosure Vulnerability
  CISEC:5822  DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5827  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5828  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5829  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5830  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5831  Chakra Scripting Engine Memory Corruption Vulnerability

2018-11-30  CISEC:5764  Vulnerability
  CISEC:5765  Vulnerability
  CISEC:5767  Vulnerability
  CISEC:5768  Vulnerability
  CISEC:5769  Vulnerability
  CISEC:5770  Vulnerability
  CISEC:5771  Vulnerability
  CISEC:5772  Vulnerability

2018-11-26  CISEC:5751  Vulnerability
  CISEC:5752  Vulnerability
  CISEC:5749  Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:5750  Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:5757  Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability
  CISEC:5753  Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5754  Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5755  Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5756  Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5758  Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
  CISEC:5759  Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability

2018-11-16  CISEC:5746  Windows Information Disclosure Vulnerability
  CISEC:5747  Win32k Graphics Remote Code Execution Vulnerability
  CISEC:5748  .NET Framework Remote Code Execution Vulnerability

2018-11-02  CISEC:5722  Windows SMB Information Disclosure Vulnerability
  CISEC:5721  Windows SMB Denial of Service Vulnerability
  CISEC:5736  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:5733  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5734  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5735  Microsoft Office SharePoint XSS Vulnerability
  CISEC:5723  DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5724  Device Guard Security Feature Bypass Vulnerability

2018-10-26  CISEC:5702  Windows Subsystem for Linux Security Feature Bypass Vulnerability
  CISEC:5703  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:5685  Windows Hyper-V Information Disclosure Vulnerability
  CISEC:5697  Windows GDI Information Disclosure Vulnerability
  CISEC:5699  Windows GDI Information Disclosure Vulnerability
  CISEC:5693  Scripting Engine Memory Corruption Vulnerability
  CISEC:5694  Scripting Engine Memory Corruption Vulnerability
  CISEC:5695  Scripting Engine Memory Corruption Vulnerability
  CISEC:5696  Scripting Engine Memory Corruption Vulnerability
  CISEC:5701  Scripting Engine Memory Corruption Vulnerability
  CISEC:5700  Scripting Engine Information Disclosure Vulnerability
  CISEC:5720  Microsoft Scripting Engine Information Disclosure Vulnerability
  CISEC:5698  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:5719  Microsoft Edge PDF Remote Code Execution Vulnerability

2018-10-19  CISEC:5668  Windows Kernel Information Disclosure Vulnerability
  CISEC:5669  Windows Kernel Information Disclosure Vulnerability
  CISEC:5670  Windows Kernel Information Disclosure Vulnerability
  CISEC:5671  Windows Kernel Information Disclosure Vulnerability
  CISEC:5672  Windows Kernel Information Disclosure Vulnerability
  CISEC:5673  Windows Kernel Information Disclosure Vulnerability
  CISEC:5674  Windows Kernel Information Disclosure Vulnerability
  CISEC:5684  Windows Hyper-V Security Feature Bypass Vulnerability
  CISEC:5683  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5688  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:5686  Windows Hyper-V Denial of Service Vulnerability
  CISEC:5687  Windows Hyper-V Denial of Service Vulnerability
  CISEC:5675  Microsoft Edge Spoofing Vulnerability
  CISEC:5677  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5678  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:5676  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:5690  Internet Explorer Security Feature Bypass Vulnerability
  CISEC:5691  Internet Explorer Memory Corruption Vulnerability
  CISEC:5692  Internet Explorer Memory Corruption Vulnerability
  CISEC:5679  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5680  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5681  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5682  Chakra Scripting Engine Memory Corruption Vulnerability

2018-10-05  CISEC:5615  Windows PDF Remote Code Execution Vulnerability
  CISEC:5610  Windows GDI Information Disclosure Vulnerability
  CISEC:5611  Windows GDI Information Disclosure Vulnerability
  CISEC:5613  Windows GDI Information Disclosure Vulnerability
  CISEC:5616  Scripting Engine Memory Corruption Vulnerability
  CISEC:5617  Scripting Engine Memory Corruption Vulnerability
  CISEC:5618  Scripting Engine Memory Corruption Vulnerability
  CISEC:5619  Scripting Engine Memory Corruption Vulnerability
  CISEC:5620  Scripting Engine Memory Corruption Vulnerability
  CISEC:5621  Scripting Engine Memory Corruption Vulnerability
  CISEC:5622  Scripting Engine Memory Corruption Vulnerability
  CISEC:5623  Scripting Engine Memory Corruption Vulnerability
  CISEC:5624  Scripting Engine Memory Corruption Vulnerability
  CISEC:5607  OpenType Font Driver Elevation of Privilege Vulnerability
  CISEC:5656  Microsoft SQL Server Remote Code Execution Vulnerability
  CISEC:5638  Microsoft PowerPoint Remote Code Execution Vulnerability
  CISEC:5639  Microsoft Office Information Disclosure Vulnerability
  CISEC:5654  Microsoft Exchange Server Tampering Vulnerability
  CISEC:5651  Microsoft Exchange Memory Corruption Vulnerability
  CISEC:5625  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5627  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5626  Microsoft Excel Information Disclosure Vulnerability
  CISEC:5614  Microsoft COM for Windows Remote Code Execution Vulnerability
  CISEC:5609  Microsoft Browser Memory Corruption Vulnerability
  CISEC:5606  Microsoft Browser Information Disclosure Vulnerability
  CISEC:5608  Microsoft Browser Elevation of Privilege Vulnerability
  CISEC:5612  GDI+ Remote Code Execution Vulnerability
  CISEC:5629  Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability
  CISEC:5628  Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability
  CISEC:5632  .NET Framework Information Disclosure Vulnerability

2018-09-28  CISEC:5588  Internet Explorer Remote Code Execution Vulnerability
  CISEC:5602  DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5603  DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5604  DirectX Graphics Kernel Elevation of Privilege Vulnerability
  CISEC:5605  DirectX Graphics Kernel Elevation of Privilege Vulnerability

2018-09-21  CISEC:5582  Windows NDIS Elevation of Privilege Vulnerability
  CISEC:5583  Windows NDIS Elevation of Privilege Vulnerability
  CISEC:5572  Microsoft Edge Spoofing Vulnerability
  CISEC:5575  Microsoft Edge Spoofing Vulnerability
  CISEC:5578  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:5579  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5581  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5580  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5586  LNK Remote Code Execution Vulnerability
  CISEC:5587  LNK Remote Code Execution Vulnerability
  CISEC:5573  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5574  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5576  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5577  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5584  AD FS Security Feature Bypass Vulnerability

2018-09-14  CISEC:5569  Windows Shell Remote Code Execution Vulnerability
  CISEC:5516  Windows Kernel Information Disclosure Vulnerability
  CISEC:5517  Windows Kernel Information Disclosure Vulnerability
  CISEC:5518  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5566  Windows Installer Elevation of Privilege Vulnerability
  CISEC:5571  Win32k Elevation of Privilege Vulnerability
  CISEC:5568  Win32k Elevation of Privilege Vulnerability
  CISEC:5489  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5490  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5491  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5492  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5493  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5494  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5495  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5496  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5497  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5498  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5499  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5500  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5501  Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5419  Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5421  Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5418  Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5420  Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5422  Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5415  Security Bypass Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5473  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5474  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5475  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5476  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5478  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5479  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5480  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5481  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5484  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5485  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5486  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5488  Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5423  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5424  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5425  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5426  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5427  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5428  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5429  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5430  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5431  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5432  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5433  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5434  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5435  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5436  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5437  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5438  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5439  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5440  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5441  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5442  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5443  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5444  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5445  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5446  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5447  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5448  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5449  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5450  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5451  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5452  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5453  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5454  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5455  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5456  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5457  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5458  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5459  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5460  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5461  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5462  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5463  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5464  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5465  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5466  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5467  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5468  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5469  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5470  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5471  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5472  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5477  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5482  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5483  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5487  Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5508  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5509  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5510  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5511  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5512  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5502  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5503  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5504  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5505  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5506  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5507  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5513  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5514  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5515  Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5414  Double Free Vulnerability in Adobe Acrobat Reader 2018.011.20055 and earlier versions, 2017.011.30096 and earlier versions, and 2015.006.30434 and earlier versions
  CISEC:5570  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5567  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5411  Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5412  Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5413  Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5416  Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
  CISEC:5553  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability
  CISEC:5538  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability
  CISEC:5519  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5524  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5529  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5531  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5534  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5539  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5541  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5542  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5544  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5547  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5549  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5552  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5556  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5558  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5560  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5561  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5562  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5563  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5564  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
  CISEC:5545  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability
  CISEC:5522  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5527  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5528  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5530  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5532  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5533  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5535  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5536  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5548  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5551  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5554  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5555  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5557  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
  CISEC:5550  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability
  CISEC:5525  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability
  CISEC:5537  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability
  CISEC:5520  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5521  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5523  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5526  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5546  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5559  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5565  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
  CISEC:5417  Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability
  CISEC:5543  Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability
  CISEC:5540  Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability

2018-09-11  MITRE:61  Windows NT Remote Access Service Phonebook Buffer Overflow
  MITRE:158  Windows NT Process Handle Duplication Privilege Escalation
  MITRE:94  Solaris 8 mibiisa Remote Buffer Overflow Vulnerability
  MITRE:179  Solaris 7 LBXProxy Display Name Buffer Overflow
  MITRE:10  Heap Overflow in Solaris 8 xlock

2018-09-07  CISEC:5394  Windows Denial of Service Vulnerability
  CISEC:5368  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client
  CISEC:5356  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles
  CISEC:5364  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:5371  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:5379  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:5372  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption
  CISEC:5333  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:5360  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:5361  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options
  CISEC:5337  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5380  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5374  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached
  CISEC:5359  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:5369  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:5339  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5346  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5357  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5358  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5363  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5370  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5375  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:5341  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
  CISEC:5345  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
  CISEC:5373  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM
  CISEC:5334  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5335  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5338  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5342  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5347  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5366  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5367  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5376  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5340  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension
  CISEC:5336  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
  CISEC:5343  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
  CISEC:5365  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump
  CISEC:5381  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log
  CISEC:5362  Vulnerability in the MySQL Server 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior
  CISEC:5344  Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin
  CISEC:5378  Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs
  CISEC:5350  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency
  CISEC:5353  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries
  CISEC:5351  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE
  CISEC:5354  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL
  CISEC:5349  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security
  CISEC:5348  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX
  CISEC:5355  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB
  CISEC:5352  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:5382  Skype for Business and Lync Security Feature Bypass Vulnerability

2018-08-31  CISEC:5290  WordPad Security Feature Bypass Vulnerability
  CISEC:5332  Windows Firewall Denial of Service Vulnerability
  CISEC:5330  Windows Elevation of Privilege Vulnerability
  CISEC:5327  Windows DNSAPI Denial of Service Vulnerability
  CISEC:5328  Windows Denial of Service Vulnerability
  CISEC:5331  Windows Denial of Service Vulnerability
  CISEC:5326  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
  CISEC:5311  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
  CISEC:5302  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5306  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5313  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5315  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5317  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5324  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:5320  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking
  CISEC:5325  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:5299  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection
  CISEC:5298  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5300  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5308  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5309  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:5307  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS
  CISEC:5303  Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security
  CISEC:5314  Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI
  CISEC:5312  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization
  CISEC:5316  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security
  CISEC:5321  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security
  CISEC:5301  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX
  CISEC:5310  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP
  CISEC:5304  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency
  CISEC:5297  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT
  CISEC:5305  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security
  CISEC:5319  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot
  CISEC:5322  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries
  CISEC:5323  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries
  CISEC:5318  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install
  CISEC:5329  Remote Code Execution Vulnerability in Skype For Business and Lync
  CISEC:5294  Microsoft SharePoint Remote Code Execution Vulnerability
  CISEC:5292  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5293  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5289  Microsoft Office Tampering Vulnerability
  CISEC:5291  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

2018-08-24  CISEC:5284  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5278  Win32k Elevation of Privilege Vulnerability
  CISEC:5281  Scripting Engine Security Feature Bypass Vulnerability
  CISEC:5286  Python Integer Overflow vulnerability
  CISEC:5288  Python Heap-Buffer-Overflow vulnerability
  CISEC:5279  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5280  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5282  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5283  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5285  Buffer overflow vulnerability in os.symlink on Windows

2018-08-17  CISEC:5236  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5253  Microsoft Edge Spoofing Vulnerability
  CISEC:5237  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5238  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5239  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5240  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5241  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5242  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5244  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5245  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5246  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5247  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5248  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5249  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5250  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5251  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5252  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5254  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5255  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5257  Internet Explorer Security Feature Bypass Vulnerability
  CISEC:5275  .NET Framework Security Feature Bypass Vulnerability
  CISEC:5274  .NET Framework Remote Code Injection Vulnerability
  CISEC:5277  .NET Framework Remote Code Execution Vulnerability
  CISEC:5276  .NET Framework Elevation of Privilege Vulnerability

2018-08-10  CISEC:5235  Microsoft Excel Remote Code Execution Vulnerability

2018-08-03  CISEC:5234  Windows Wireless Network Profile Information Disclosure Vulnerability
  CISEC:5228  Windows Remote Code Execution Vulnerability
  CISEC:5229  Windows Remote Code Execution Vulnerability
  CISEC:5232  Windows Hyper-V Denial of Service Vulnerability
  CISEC:5224  Windows GDI Information Disclosure Vulnerability
  CISEC:5231  Windows DNSAPI Remote Code Execution Vulnerability
  CISEC:5222  Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:5223  Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:5217  Win32k Elevation of Privilege Vulnerability
  CISEC:5227  WEBDAV Denial of Service Vulnerability
  CISEC:5219  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5220  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5226  Microsoft Publisher Remote Code Execution Vulnerability
  CISEC:5225  Microsoft Office Elevation of Privilege Vulnerability
  CISEC:5233  Media Foundation Memory Corruption Vulnerability
  CISEC:5230  Hypervisor Code Integrity Elevation of Privilege Vulnerability
  CISEC:5218  HTTP.sys Denial of Service Vulnerability
  CISEC:5216  HTTP Protocol Stack Remote Code Execution Vulnerability
  CISEC:5221  HIDParser Elevation of Privilege Vulnerability

2018-07-27  CISEC:5183  Windows Kernel Information Disclosure Vulnerability
  CISEC:5194  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5184  Windows Elevation of Privilege Vulnerability
  CISEC:5185  Windows Elevation of Privilege Vulnerability
  CISEC:5187  Scripting Engine Memory Corruption Vulnerability
  CISEC:5188  Scripting Engine Memory Corruption Vulnerability
  CISEC:5198  NTFS Elevation of Privilege Vulnerability
  CISEC:5173  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:5178  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5180  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5174  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5181  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5176  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5177  Internet Explorer Security Feature Bypass Vulnerability
  CISEC:5179  Internet Explorer Memory Corruption Vulnerability
  CISEC:5175  Internet Explorer Memory Corruption Vulnerability
  CISEC:5190  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5191  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5192  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5193  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5195  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5196  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5197  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:5186  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5189  Chakra Scripting Engine Memory Corruption Vulnerability

2018-07-20  CISEC:5133  Microsoft Office Remote Code Execution Vulnerability
  CISEC:5132  Microsoft Office Remote Code Execution Vulnerability
  CISEC:5138  Git OS Command Injection Vulnerability
  CISEC:5141  Git OS Command Injection Vulnerability
  CISEC:5139  Git Input Validation Error Vulnerability
  CISEC:5140  Git Input Validation Error Vulnerability

2018-07-13  CISEC:5128  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:5129  Microsoft SharePoint Elevation of Privilege Vulnerabilit
  CISEC:5130  Microsoft SharePoint Elevation of Privilege Vulnerabilit
  CISEC:5131  Microsoft SharePoint Elevation of Privilege Vulnerabilit
  CISEC:5110  .NET and .NET Core Denial Of Service Vulnerability

2018-07-06  CISEC:5102  Scripting Engine Memory Corruption Vulnerability
  CISEC:5103  Scripting Engine Memory Corruption Vulnerability
  CISEC:5104  Scripting Engine Memory Corruption Vulnerability
  CISEC:5105  Scripting Engine Memory Corruption Vulnerability
  CISEC:5106  Scripting Engine Memory Corruption Vulnerability
  CISEC:5107  Scripting Engine Memory Corruption Vulnerability
  CISEC:5108  Scripting Engine Memory Corruption Vulnerability
  CISEC:5109  Scripting Engine Memory Corruption Vulnerability
  CISEC:5124  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5125  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5127  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:5126  Microsoft Excel Information Disclosure Vulnerability
  CISEC:5114  Git Arbitrary Code Execution Vulnerability
  CISEC:5112  .NET and .NET Core Denial Of Service Vulnerability

2018-06-29  CISEC:5057  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:5097  Scripting Engine Memory Corruption Vulnerability
  CISEC:5098  Scripting Engine Memory Corruption Vulnerability
  CISEC:5099  Scripting Engine Memory Corruption Vulnerability
  CISEC:5101  Scripting Engine Memory Corruption Vulnerability
  CISEC:5055  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:5054  Microsoft Edge Memory Corruption Vulnerability
  CISEC:5053  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5094  Microsoft Edge Information Disclosure Vulnerability
  CISEC:5095  Microsoft Browser Memory Corruption Vulnerability
  CISEC:5093  Microsoft Browser Information Disclosure Vulnerability
  CISEC:5096  Internet Explorer Security Feature Bypass Vulnerability
  CISEC:5050  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5051  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5052  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5056  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:5100  Chakra Scripting Engine Memory Corruption Vulnerability

2018-06-22  CISEC:5024  Windows Security Feature Bypass Vulnerability
  CISEC:5025  Windows Security Feature Bypass Vulnerability
  CISEC:5026  Windows Security Feature Bypass Vulnerability
  CISEC:5027  Windows Security Feature Bypass Vulnerability
  CISEC:5033  Windows Security Feature Bypass Vulnerability
  CISEC:5035  Windows Security Feature Bypass Vulnerability
  CISEC:5034  Windows Remote Code Execution Vulnerability
  CISEC:5048  Windows Image Elevation of Privilege Vulnerability
  CISEC:5032  Windows Elevation of Privilege Vulnerability
  CISEC:5049  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:5030  Microsoft COM for Windows Remote Code Execution Vulnerability
  CISEC:5029  Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:5028  Hyper-V Remote Code Execution Vulnerability
  CISEC:5036  DirectX Graphics Kernel Elevation of Privilege Vulnerability

2018-06-15  CISEC:5020  Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:5022  Windows Kernel Information Disclosure Vulnerability
  CISEC:5023  Windows Kernel Information Disclosure Vulnerability

2018-06-08  CISEC:4997  Windows VBScript Engine Remote Code Execution Vulnerability
  CISEC:5015  Win32k Elevation of Privilege Vulnerability
  CISEC:5017  Win32k Elevation of Privilege Vulnerability
  CISEC:5018  Win32k Elevation of Privilege Vulnerability
  CISEC:5019  Win32k Elevation of Privilege Vulnerability
  CISEC:4994  Microsoft Office Remote Code Execution Vulnerability
  CISEC:4995  Microsoft Office Remote Code Execution Vulnerability
  CISEC:4992  Microsoft Office Information Disclosure Vulnerability
  CISEC:4993  Microsoft Office Information Disclosure Vulnerability
  CISEC:4998  Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:4996  Microsoft Excel Remote Code Execution Vulnerability

2018-06-01  CISEC:4978  Scripting Engine Memory Corruption Vulnerability
  CISEC:4980  Scripting Engine Memory Corruption Vulnerability
  CISEC:4982  Scripting Engine Memory Corruption Vulnerability
  CISEC:4983  Scripting Engine Information Disclosure Vulnerability
  CISEC:4977  Scripting Engine Information Disclosure Vulnerability
  CISEC:4979  Scripting Engine Information Disclosure Vulnerability
  CISEC:4981  Scripting Engine Information Disclosure Vulnerability
  CISEC:4984  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4985  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4986  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4987  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4973  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:4974  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:4975  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:4964  Microsoft Edge Information Disclosure Vulnerability
  CISEC:4965  Microsoft Edge Information Disclosure Vulnerability
  CISEC:4926  Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
  CISEC:4976  Microsoft Browser Memory Corruption Vulnerability
  CISEC:4988  Internet Explorer Memory Corruption Vulnerability
  CISEC:4929  Internet Explorer Memory Corruption Vulnerability
  CISEC:4930  Internet Explorer Memory Corruption Vulnerability
  CISEC:4931  Internet Explorer Memory Corruption Vulnerability
  CISEC:4927  Internet Explorer Memory Corruption Vulnerability
  CISEC:4928  Internet Explorer Memory Corruption Vulnerability
  CISEC:4966  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4967  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4968  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4969  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4970  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4971  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4972  Chakra Scripting Engine Memory Corruption Vulnerability

2018-05-25  CISEC:4909  Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:4910  Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:4924  Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:4905  Microsoft Graphics Component Denial of Service Vulnerability
  CISEC:4906  Hyper-V Information Disclosure Vulnerability
  CISEC:4907  Hyper-V Information Disclosure Vulnerability
  CISEC:4908  Active Directory Security Feature Bypass Vulnerability

2018-05-18  CISEC:4899  Windows SNMP Service Denial of Service Vulnerability
  CISEC:4859  Windows Kernel Information Disclosure Vulnerability
  CISEC:4860  Windows Kernel Information Disclosure Vulnerability
  CISEC:4861  Windows Kernel Information Disclosure Vulnerability
  CISEC:4862  Windows Kernel Information Disclosure Vulnerability
  CISEC:4863  Windows Kernel Information Disclosure Vulnerability
  CISEC:4864  Windows Kernel Information Disclosure Vulnerability
  CISEC:4865  Windows Kernel Information Disclosure Vulnerability
  CISEC:4867  Windows Kernel Information Disclosure Vulnerability
  CISEC:4868  Windows Kernel Information Disclosure Vulnerability
  CISEC:4869  Windows Kernel Information Disclosure Vulnerability
  CISEC:4866  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4870  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4900  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4901  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4902  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4903  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4904  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:4898  HTTP.sys Denial of Service Vulnerability
  CISEC:4897  Device Guard Security Feature Bypass Vulnerability

2018-05-11  CISEC:4858  XSS in interstitials
  CISEC:4853  Use after free in Flash
  CISEC:4852  Use after free in Flash
  CISEC:4854  URL Spoof in OmniBox
  CISEC:4855  Timing attack using SVG filters
  CISEC:4856  Information disclosure via texture data in WebGL
  CISEC:4857  Information disclosure in IPC call
  CISEC:4850  Incorrect processing of AppManifests
  CISEC:4851  Circumvention of port blocking

2018-05-04  CISEC:4751  Microsoft Office Memory Corruption Vulnerability
  CISEC:4753  Microsoft Office Information Disclosure Vulnerability
  CISEC:4755  Microsoft Office Excel Security Feature Bypass
  CISEC:4749  Microsoft Exchange Information Disclosure Vulnerability
  CISEC:4756  Microsoft Exchange Elevation of Privilege Vulnerability
  CISEC:4757  Microsoft Exchange Elevation of Privilege Vulnerability
  CISEC:4752  Microsoft Access Remote Code Execution Vulnerability

2018-05-02  CVE-2013-6272  The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi...

2018-04-27  CISEC:4727  Windows Kernel Information Disclosure Vulnerability
  CISEC:4729  Use after free in Blink
  CISEC:4731  Type confusion in V8
  CISEC:4732  Same Origin Bypass via canvas
  CISEC:4737  Race condition in V8
  CISEC:4723  Microsoft Edge Information Disclosure Vulnerability
  CISEC:4724  Microsoft Browser Information Disclosure Vulnerability
  CISEC:4726  Microsoft Browser Information Disclosure Vulnerability
  CISEC:4725  Internet Explorer Information Disclosure Vulnerability
  CISEC:4722  Internet Explorer Elevation of Privilege Vulnerability
  CISEC:4735  Integer overflow in V8
  CISEC:4730  Incorrect permissions on shared memory
  CISEC:4733  Incorrect permissions on shared memory
  CISEC:4736  Heap buffer overflow in Skia
  CISEC:4734  Buffer overflow in Skia

2018-04-20  CISEC:4707  Windows Security Feature Bypass Vulnerability
  CISEC:4706  Windows Remote Assistance Information Disclosure Vulnerability
  CISEC:4639  Windows Kernel Information Disclosure Vulnerability
  CISEC:4641  Windows Kernel Information Disclosure Vulnerability
  CISEC:4642  Windows Kernel Information Disclosure Vulnerability
  CISEC:4643  Windows Kernel Information Disclosure Vulnerability
  CISEC:4644  Windows Kernel Information Disclosure Vulnerability
  CISEC:4645  Windows Kernel Information Disclosure Vulnerability
  CISEC:4647  Windows Kernel Information Disclosure Vulnerability
  CISEC:4648  Windows Kernel Information Disclosure Vulnerability
  CISEC:4649  Windows Kernel Information Disclosure Vulnerability
  CISEC:4650  Windows Kernel Information Disclosure Vulnerability
  CISEC:4651  Windows Kernel Information Disclosure Vulnerability
  CISEC:4653  Windows Kernel Information Disclosure Vulnerability
  CISEC:4654  Windows Installer Elevation of Privilege Vulnerability
  CISEC:4640  Windows GDI Elevation of Privilege Vulnerability
  CISEC:4646  Windows GDI Elevation of Privilege Vulnerability
  CISEC:4652  Windows GDI Elevation of Privilege Vulnerability
  CISEC:4688  Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
  CISEC:4687  Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:4689  Windows Desktop Bridge Elevation of Privilege Vulnerability
  CISEC:4678  Use-after-free write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4662  Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4682  Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4686  Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4670  Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CVE-2014-0900  The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.
  CISEC:4665  Security Mitigation Bypass vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4720  Scripting Engine Memory Corruption Vulnerability
  CISEC:4690  Scripting Engine Memory Corruption Vulnerability
  CISEC:4694  Scripting Engine Memory Corruption Vulnerability
  CISEC:4699  Scripting Engine Memory Corruption Vulnerability
  CISEC:4719  Scripting Engine Memory Corruption Vulnerability
  CISEC:4721  Scripting Engine Information Disclosure Vulnerability
  CISEC:4702  Scripting Engine Information Disclosure Vulnerability
  CISEC:4660  Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4669  Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4676  Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4677  Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4655  Microsoft Video Control Elevation of Privilege Vulnerability
  CISEC:4705  Microsoft Video Control Elevation of Privilege Vulnerability
  CISEC:4661  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4663  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4683  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4685  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4664  Microsoft Sharepoint Elevation of Privilege Vulnerability
  CISEC:4667  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4668  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4671  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4672  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4673  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4674  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4675  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4680  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4703  Hyper-V Information Disclosure Vulnerability
  CISEC:4704  Hyper-V Information Disclosure Vulnerability
  CISEC:4684  Heap Overflow write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4659  Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4681  Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4679  Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
  CISEC:4709  CNG Security Feature Bypass Vulnerability
  CISEC:4691  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4692  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4693  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4695  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4696  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4697  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4698  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4700  Chakra Scripting Engine Memory Corruption Vulnerability
  CISEC:4701  Chakra Scripting Engine Memory Corruption Vulnerability

2018-04-06  CISEC:4618  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4619  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4620  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4621  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4622  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4599  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4600  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4601  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4602  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4603  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4604  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4616  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4617  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4624  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4625  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4626  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier

2018-04-05  CVE-2015-9016  In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege....

2018-04-04  CVE-2015-9011  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
  CVE-2014-9953  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.
  CVE-2015-9015  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.
  CVE-2015-9014  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.
  CVE-2015-9009  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
  CVE-2015-9013  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.
  CVE-2015-9010  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
  CVE-2014-9956  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
  CVE-2014-9954  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.
  CVE-2014-9957  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.
  CVE-2014-9958  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.
  CVE-2015-9012  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.
  CVE-2015-9008  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
  CVE-2014-9955  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.
  CVE-2014-9959  An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.

2018-03-30  CISEC:4169  Windows Storage Services Elevation of Privilege Vulnerability
  CISEC:4170  Windows Security Feature Bypass Vulnerability
  CISEC:4163  Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
  CISEC:4165  Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
  CISEC:4172  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4173  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4174  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4164  Windows Elevation of Privilege Vulnerability
  CISEC:4166  Windows Elevation of Privilege Vulnerability
  CISEC:4167  Windows Elevation of Privilege Vulnerability
  CISEC:4161  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:4162  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:4160  Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4168  StructuredQuery Remote Code Execution Vulnerability
  CISEC:4171  Scripting Engine Memory Corruption Vulnerability
  CISEC:4588  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4589  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4590  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4591  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4592  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4593  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4594  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4595  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4596  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4597  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier
  CISEC:4154  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4147  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:4146  Microsoft Outlook Memory Corruption Vulnerability
  CISEC:4155  Microsoft Outlook Elevation of Privilege Vulnerability
  CISEC:4152  Microsoft Office Memory Corruption Vulnerability
  CISEC:4153  Microsoft Office Memory Corruption Vulnerability
  CISEC:4156  Microsoft Office Memory Corruption Vulnerability
  CISEC:4149  Microsoft Office Memory Corruption Vulnerability
  CISEC:4150  Microsoft Office Memory Corruption Vulnerability
  CISEC:4148  Microsoft Office Information Disclosure Vulnerability
  CISEC:4151  Microsoft Excel Remote Code Execution Vulnerability

2018-03-27  CVE-2014-4959  **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.

2018-03-23  CISEC:4127  Windows Kernel Information Disclosure Vulnerability
  CISEC:4133  Windows Kernel Information Disclosure Vulnerability
  CISEC:4135  Windows Kernel Information Disclosure Vulnerability
  CISEC:4136  Windows Kernel Information Disclosure Vulnerability
  CISEC:4137  Windows Kernel Information Disclosure Vulnerability
  CISEC:4139  Windows Kernel Information Disclosure Vulnerability
  CISEC:4125  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4134  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4138  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:4142  Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:4143  Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:4144  Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:4145  Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:4140  Scripting Engine Memory Corruption Vulnerability
  CISEC:4141  Scripting Engine Memory Corruption Vulnerability
  CISEC:4121  Scripting Engine Memory Corruption Vulnerability
  CISEC:4122  Scripting Engine Memory Corruption Vulnerability
  CISEC:4123  Scripting Engine Memory Corruption Vulnerability
  CISEC:4124  Scripting Engine Memory Corruption Vulnerability
  CISEC:4126  Scripting Engine Memory Corruption Vulnerability
  CISEC:4128  Scripting Engine Memory Corruption Vulnerability
  CISEC:4129  Scripting Engine Memory Corruption Vulnerability
  CISEC:4130  Scripting Engine Memory Corruption Vulnerability
  CISEC:4131  Scripting Engine Memory Corruption Vulnerability
  CISEC:4132  Scripting Engine Memory Corruption Vulnerability

2018-03-16  CISEC:4088  XSS in DevTools
  CISEC:4066  WCP dissector crash
  CISEC:4077  Use after free in WebUI
  CISEC:4089  Use after free in PDFium
  CISEC:4076  URL spoof in OmniBox
  CISEC:4078  URL spoof in OmniBox
  CISEC:4091  URL spoof in Navigation
  CISEC:4072  UI spoof in Permissions
  CISEC:4106  Scripting Engine Memory Corruption Vulnerability
  CISEC:4086  Same origin bypass in Shared Worker
  CISEC:4073  Referrer policy bypass in Blink
  CISEC:4087  Referrer leak in XSS Auditor
  CISEC:4070  Race when opening downloaded files
  CISEC:4065  Multiple dissectors could crash
  CISEC:4107  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:4108  Microsoft Edge Information Disclosure Vulnerability
  CISEC:4109  Microsoft Edge Information Disclosure Vulnerability
  CISEC:4075  Leak of page thumbnails in New Tab Page
  CISEC:4064  IxVeriWave file parser crash
  CISEC:4074  Integer underflow in WebAssembly
  CISEC:4069  Integer overflow in Blink
  CISEC:4079  Insufficient user gesture requirements in autofill
  CISEC:4081  Insufficient isolation of devtools from extensions
  CISEC:4082  Insufficient isolation of devtools from extensions
  CISEC:4084  Insufficient isolation of devtools from extensions
  CISEC:4085  Insufficient escaping with external URL handlers
  CISEC:4071  Incomplete no-referrer policy implementation
  CISEC:4068  ImageMagick memory leaks in MontageImageCommand in MagickWand/montage
  CISEC:4103  ImageMagick memory leak vulnerability
  CISEC:4105  ImageMagick memory exhaustion vulnerability
  CISEC:4067  ImageMagick CPU exhaustion vulnerability
  CISEC:4104  ImageMagick CPU exhaustion vulnerability
  CISEC:4096  IBM WebSphere MQ is affected by a privilege escalation vulnerability
  CISEC:4095  IBM MQ is affected by a potential denial of service to channel processes
  CISEC:4092  IBM MQ could allow an authenticated user to insert messages with malformed data into the channel, which would cause it to restart
  CISEC:4093  IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed
  CISEC:4094  IBM MQ and IBM MQ Appliance could allow a local user to crash the queue manager agent thread and expose some sensitive information
  CISEC:4090  Heap buffer overflow in WebGL
  CISEC:4083  Cross origin URL leak in WebGL
  CISEC:4080  Content security policy bypass

2018-03-09  CISEC:4040  Stack overflow in V8
  CISEC:4025  OpenSSL Security Bypass Vulnerability
  CISEC:4026  OpenSSL Security Bypass Vulnerability
  CISEC:4027  OpenSSL Security Bypass Vulnerability
  CISEC:4059  ImageMagick Memory Leaks Vulnerability
  CISEC:4060  ImageMagick memory leaks in ReadPWPImage
  CISEC:4063  ImageMagick Memory Leaks
  CISEC:4058  ImageMagick Information Disclosure Vulnerability
  CISEC:4061  ImageMagick Information Disclosure Vulnerability
  CISEC:4062  ImageMagick heap buffer overflow in sixel_decode

2018-03-02  CISEC:4019  Use after free in V8
  CISEC:4010  Universal Cross-Site Scripting in V8
  CISEC:4018  Stack buffer overflow in QUIC
  CISEC:4011  Out of bounds read in V8

2018-02-23  CISEC:3921  Windows IPSec Denial of Service Vulnerability
  CISEC:3913  Windows GDI Information Disclosure Vulnerability
  CISEC:3914  Windows Elevation of Privilege Vulnerability
  CISEC:3920  Windows Elevation of Privilege Vulnerability
  CISEC:3982  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure
  CISEC:3993  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:3987  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
  CISEC:3998  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
  CISEC:4001  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging (OpenSSL
  CISEC:3988  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3991  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3992  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3995  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3996  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3985  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB
  CISEC:3990  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS
  CISEC:3983  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:3986  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:4000  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:3989  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:3981  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
  CISEC:3984  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
  CISEC:3997  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition
  CISEC:3999  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition
  CISEC:3994  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
  CISEC:3960  Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization
  CISEC:3908  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3909  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3910  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3911  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3912  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3903  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3904  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3905  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3906  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3907  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE
  CISEC:3958  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS
  CISEC:3954  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n
  CISEC:3953  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot
  CISEC:3957  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT
  CISEC:3951  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT
  CISEC:3955  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX
  CISEC:3952  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer
  CISEC:3956  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:3959  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:3947  Use of uninitialized value in Skia
  CISEC:3937  Use after free in PDFium
  CISEC:3949  Use after free in PDFium
  CISEC:3930  Use after free in libXML
  CISEC:3942  URL spoofing in Omnibox
  CISEC:3933  URL Spoof in Omnibox
  CISEC:3935  URL Spoof in Omnibox
  CISEC:3946  URL Spoof in Omnibox
  CISEC:3939  Unsafe navigation in Chromecast Plugin
  CISEC:3936  Type confusion in WebAssembly
  CISEC:3902  Scripting Engine Information Disclosure Vulnerability
  CISEC:3925  Rogue Data Cache Load Vulnerability
  CISEC:3941  Pointer information disclosure in IPC call
  CISEC:3940  Out of bounds write in Skia
  CISEC:3934  Out of bounds write in QUIC
  CISEC:3931  Out of bounds read in Blink
  CISEC:3918  OpenType Font Driver Information Disclosure Vulnerability
  CISEC:3919  OpenType Font Driver Elevation of Privilege Vulnerability
  CISEC:3932  Issue with SPAKE implementation in BoringSSL
  CISEC:3948  Integer overflow in ICU
  CISEC:3938  Insufficient blocking of JavaScript in Omnibox
  CISEC:3945  Heap buffer overflow in PDFium
  CISEC:3915  Guidance to mitigate speculative execution side-channel vulnerabilities
  CISEC:3950  Cross origin leak of redirect URL in Blink
  CISEC:3944  Cross origin information disclosure in Skia
  CISEC:3924  Branch Target Injection Vulnerability
  CISEC:3928  .NET Security Feature Bypass Vulnerability
  CISEC:3927  .NET and .NET Core Denial Of Service Vulnerability

2018-02-16  CISEC:3900  Windows Elevation of Privilege Vulnerability
  CISEC:3890  Microsoft Word Remote Code Execution Vulnerability
  CISEC:3891  Microsoft Word Remote Code Execution Vulnerability
  CISEC:3892  Microsoft Word Remote Code Execution Vulnerability
  CISEC:3896  Microsoft Word Remote Code Execution Vulnerability
  CISEC:3893  Microsoft Word Memory Corruption Vulnerability
  CISEC:3901  Microsoft Word Memory Corruption Vulnerability
  CISEC:3889  Microsoft Office Remote Code Execution Vulnerability
  CISEC:3898  Microsoft Office Remote Code Execution Vulnerability
  CISEC:3894  Microsoft Office Memory Corruption Vulnerability
  CISEC:3895  Microsoft Office Memory Corruption Vulnerability
  CISEC:3899  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:3897  Microsoft Access Tampering Vulnerability

2018-02-09  CISEC:3872  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:3883  Windows Information Disclosure Vulnerability
  CISEC:3884  Windows Information Disclosure Vulnerability
  CISEC:3886  Windows Information Disclosure Vulnerability
  CISEC:3882  Windows Elevation of Privilege Vulnerability
  CISEC:3885  Windows Elevation of Privilege Vulnerability
  CISEC:3860  Scripting Engine Security Feature Bypass
  CISEC:3853  Scripting Engine Memory Corruption Vulnerability
  CISEC:3855  Scripting Engine Memory Corruption Vulnerability
  CISEC:3856  Scripting Engine Memory Corruption Vulnerability
  CISEC:3857  Scripting Engine Memory Corruption Vulnerability
  CISEC:3858  Scripting Engine Memory Corruption Vulnerability
  CISEC:3859  Scripting Engine Memory Corruption Vulnerability
  CISEC:3862  Scripting Engine Memory Corruption Vulnerability
  CISEC:3863  Scripting Engine Memory Corruption Vulnerability
  CISEC:3864  Scripting Engine Memory Corruption Vulnerability
  CISEC:3865  Scripting Engine Memory Corruption Vulnerability
  CISEC:3866  Scripting Engine Memory Corruption Vulnerability
  CISEC:3867  Scripting Engine Memory Corruption Vulnerability
  CISEC:3869  Scripting Engine Memory Corruption Vulnerability
  CISEC:3870  Scripting Engine Memory Corruption Vulnerability
  CISEC:3854  Scripting Engine Information Disclosure Vulnerability
  CISEC:3887  Microsoft Word Remote Code Execution Vulnerability
  CISEC:3888  Microsoft Word Remote Code Execution Vulnerability
  CISEC:3850  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:3849  Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
  CISEC:3851  Microsoft Outlook Remote Code Execution Vulnerability
  CISEC:3852  Microsoft Outlook Remote Code Execution Vulnerability
  CISEC:3861  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3868  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:3871  Microsoft Color Management Information Disclosure Vulnerability

2018-02-02  CISEC:3833  Cumulative Security Update for Internet Explorer

2018-01-26  CISEC:3808  Windows RRAS Service Remote Code Execution Vulnerability
  CISEC:3811  Scripting Engine Memory Corruption Vulnerability
  CISEC:3812  Scripting Engine Memory Corruption Vulnerability
  CISEC:3813  Scripting Engine Memory Corruption Vulnerability
  CISEC:3814  Scripting Engine Memory Corruption Vulnerability
  CISEC:3816  Scripting Engine Memory Corruption Vulnerability
  CISEC:3818  Scripting Engine Memory Corruption Vulnerability
  CISEC:3819  Scripting Engine Memory Corruption Vulnerability
  CISEC:3820  Scripting Engine Memory Corruption Vulnerability
  CISEC:3821  Scripting Engine Memory Corruption Vulnerability
  CISEC:3815  Scripting Engine Information Disclosure Vulnerability
  CISEC:3817  Scripting Engine Information Disclosure Vulnerability
  CISEC:3807  Microsoft SharePoint Elevation of Privilege Vulnerability
  CISEC:3822  Microsoft PowerPoint Information Disclosure Vulnerability
  CISEC:3806  Microsoft Office Information Disclosure Vulnerability
  CISEC:3810  Microsoft Exchange Spoofing Vulnerability

2018-01-19  CISEC:3789  Scripting Engine Memory Corruption Vulnerability
  CISEC:3790  Scripting Engine Memory Corruption Vulnerability
  CISEC:3791  Scripting Engine Memory Corruption Vulnerability
  CISEC:3792  Scripting Engine Memory Corruption Vulnerability
  CISEC:3794  Scripting Engine Memory Corruption Vulnerability
  CISEC:3795  Scripting Engine Memory Corruption Vulnerability
  CISEC:3796  Scripting Engine Memory Corruption Vulnerability
  CISEC:3797  Scripting Engine Memory Corruption Vulnerability
  CISEC:3798  Scripting Engine Memory Corruption Vulnerability
  CISEC:3799  Scripting Engine Memory Corruption Vulnerability
  CISEC:3793  Scripting Engine Information Disclosure Vulnerability
  CISEC:3802  Microsoft Windows Security Feature Bypass Vulnerability
  CISEC:3801  Microsoft Windows Information Disclosure Vulnerability
  CISEC:3803  Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:3804  Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:3805  Microsoft Excel Remote Code Execution Vulnerability
  CISEC:3800  Microsoft Edge Memory Corruption Vulnerability

2018-01-12  CVE-2014-7952  The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
  CISEC:3772  Scripting Engine Memory Corruption Vulnerability

2018-01-05  CISEC:3734  Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3736  Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3742  Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3738  Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3739  Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3740  Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3733  Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3743  Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3735  Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3737  Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3744  Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3741  Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3762  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability
  CISEC:3766  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability
  CISEC:3758  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability
  CISEC:3759  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability
  CISEC:3746  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3747  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3750  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3752  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3753  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3755  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
  CISEC:3763  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability
  CISEC:3764  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability
  CISEC:3751  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3760  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3761  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3756  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3765  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3767  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
  CISEC:3745  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
  CISEC:3748  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
  CISEC:3749  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
  CISEC:3754  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
  CISEC:3757  Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability

2017-12-29  CISEC:3713  Windows Wireless WPA Group Key Reinstallation Vulnerability
  CISEC:3721  Vulnerability in the MySQL Serverk component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3709  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:3718  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
  CISEC:3719  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
  CISEC:3710  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3707  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3717  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:3722  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached
  CISEC:3720  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB
  CISEC:3723  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
  CISEC:3708  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:3706  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
  CISEC:3711  Vulnerability in MySQL Server 5.6.35 and earlier, 5.7.18 and earlier
  CISEC:3724  Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3725  Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3727  Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3726  Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3675  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3714  Microsoft Office Memory Corruption Vulnerability
  CISEC:3705  Microsoft Office Memory Corruption Vulnerability
  CISEC:3716  Microsoft Excel Security Feature Bypass Vulnerability
  CISEC:3715  Microsoft Excel Memory Corruption Vulnerability

2017-12-27  CVE-2015-7889  The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote...

2017-12-22  CISEC:3654  Windows Search Denial of Service Vulnerability
  CISEC:3648  Windows Media Player Information Disclosure Vulnerability
  CISEC:3653  Windows Kernel Information Disclosure Vulnerability
  CISEC:3655  Windows Kernel Information Disclosure Vulnerability
  CISEC:3656  Windows Kernel Information Disclosure Vulnerability
  CISEC:3657  Windows Kernel Information Disclosure Vulnerability
  CISEC:3658  Windows Kernel Information Disclosure Vulnerability
  CISEC:3642  Windows Information Disclosure Vulnerability
  CISEC:3644  Windows Information Disclosure Vulnerability
  CISEC:3652  Windows GDI Information Disclosure Vulnerability
  CISEC:3641  Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:3643  Windows EOT Font Engine Information Disclosure Vulnerability
  CISEC:3635  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS
  CISEC:3637  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc
  CISEC:3638  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:3636  Vulnerability in Java SE: 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3639  Stack overflow in V8
  CISEC:3669  Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3674  Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3684  Scripting Engine Memory Corruption Vulnerability
  CISEC:3682  Scripting Engine Memory Corruption Vulnerability
  CISEC:3683  Scripting Engine Memory Corruption Vulnerability
  CISEC:3685  Scripting Engine Information Disclosure Vulnerability
  CISEC:3677  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3678  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3679  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3680  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3681  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3659  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3660  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3665  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3666  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3667  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3668  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3661  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3662  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3663  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3664  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3670  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3671  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3672  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3673  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3676  Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
  CISEC:3704  Microsoft Word Memory Corruption Vulnerability
  CISEC:3650  Microsoft Project Server Elevation of Privilege Vulnerability
  CISEC:3651  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:3649  Microsoft Browser Memory Corruption Vulnerability
  CISEC:3646  Internet Explorer Memory Corruption Vulnerability
  CISEC:3647  Internet Explorer Memory Corruption Vulnerability
  CISEC:3645  Internet Explorer Information Disclosure Vulnerability
  CISEC:3640  Device Guard Security Feature Bypass Vulnerability

2017-12-15  CISEC:3634  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO
  CISEC:3613  Scripting Engine Memory Corruption Vulnerability
  CISEC:3614  Scripting Engine Memory Corruption Vulnerability
  CISEC:3615  Scripting Engine Memory Corruption Vulnerability
  CISEC:3616  Scripting Engine Memory Corruption Vulnerability
  CISEC:3617  Scripting Engine Memory Corruption Vulnerability
  CISEC:3618  Scripting Engine Memory Corruption Vulnerability
  CISEC:3619  Scripting Engine Memory Corruption Vulnerability
  CISEC:3620  Scripting Engine Memory Corruption Vulnerability
  CISEC:3621  Scripting Engine Memory Corruption Vulnerability
  CISEC:3622  Scripting Engine Memory Corruption Vulnerability
  CISEC:3623  Scripting Engine Memory Corruption Vulnerability
  CISEC:3624  Scripting Engine Memory Corruption Vulnerability
  CISEC:3626  Scripting Engine Memory Corruption Vulnerability
  CISEC:3625  Scripting Engine Information Disclosure Vulnerability
  CISEC:3627  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3630  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3632  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3629  Microsoft Edge Memory Corruption Vulnerability
  CISEC:3628  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3631  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3633  Microsoft Edge Information Disclosure Vulnerability

2017-12-08  CISEC:3579  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:3577  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
  CISEC:3576  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
  CISEC:3578  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS
  CISEC:3553  Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:3554  Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:3555  Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:3575  Vulnerability in the MySQL Server component of Oracle MySQL
  CISEC:3573  Vulnerability in Java SE: 6u161, 7u151, 8u144; Java SE Embedded: 8u144
  CISEC:3562  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3563  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3565  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3567  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3574  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
  CISEC:3564  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3566  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3568  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3569  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3570  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3571  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3572  Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
  CISEC:3559  URL spoofing in OmniBox
  CISEC:3558  URL spoofing in extensions UI
  CISEC:3560  Referrer leak in Devtools
  CISEC:3557  Null pointer dereference in ImageCapture
  CISEC:3561  Incorrect registry key handling in PlatformIntegration
  CISEC:3544  Incorrect handling of picture ID in WebRTC
  CISEC:3556  Extension limitation bypass in Extensions
  CISEC:3550  Blink in Google Chrome
  CISEC:3545  An out-of-bounds read in V8
  CISEC:3547  An out-of-bounds read in V8
  CISEC:3546  An incorrect assumption about block structure in Blink
  CISEC:3543  Address spoofing in Omnibox
  CISEC:3548  A use after free in printing
  CISEC:3549  A use after free in Blink

2017-12-01  CISEC:3518  URL spoofing in OmniBox
  CISEC:3519  UI spoofing in Blink
  CISEC:3523  The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY...
  CISEC:3525  The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange
  CISEC:3520  Out of bounds write in Skia
  CISEC:3522  Out of bounds write in Skia
  CISEC:3521  Out of bounds read in Skia
  CISEC:3516  Heap overflow in libxml2
  CISEC:3517  Content security bypass
  CISEC:3524  An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites...

2017-11-24  CISEC:3502  UXSS with MHTML
  CISEC:3498  Use after free in WebAudio
  CISEC:3495  Use after free in PDFium
  CISEC:3503  Use after free in PDFium
  CISEC:3492  Use after free in Chrome Apps
  CISEC:3485  URL spoofing in OmniBox
  CISEC:3490  URL spoofing in OmniBox
  CISEC:3493  URL spoofing in OmniBox
  CISEC:3488  Uninitialized use in Skia
  CISEC:3489  Uninitialized use in Skia
  CISEC:3491  UI spoofing in payments dialog
  CISEC:3494  UI spoofing in browser
  CISEC:3486  Type confusion in PDFium
  CISEC:3512  The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message
  CISEC:3513  The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times
  CISEC:3514  The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths
  CISEC:3496  Out of bounds read in V8
  CISEC:3515  Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service
  CISEC:3511  Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service
  CISEC:3497  Incorrect stack manipulation in WebAssembly
  CISEC:3504  Heap overflow in WebGL
  CISEC:3501  Heap overflow in Skia

2017-11-17  CISEC:3426  Windows Update Delivery Optimization Elevation of Privilege Vulnerability
  CISEC:3421  Windows Subsystem for Linux Denial of Service Vulnerability
  CISEC:3465  Windows Storage Security Feature Bypass Vulnerability
  CISEC:3410  Windows SMB Remote Code Execution Vulnerability
  CISEC:3416  Windows SMB Information Disclosure Vulnerability
  CISEC:3466  Windows SMB Elevation of Privilege Vulnerability
  CISEC:3413  Windows SMB Denial of Service Vulnerability
  CISEC:3429  Windows Shell Remote Code Execution Vulnerability
  CISEC:3427  Windows Shell Memory Corruption Vulnerability
  CISEC:3432  Windows Security Feature Bypass Vulnerability
  CISEC:3431  Windows Search Remote Code Execution Vulnerability
  CISEC:3411  Windows Kernel Information Disclosure Vulnerability
  CISEC:3412  Windows Kernel Information Disclosure Vulnerability
  CISEC:3414  Windows Kernel Information Disclosure Vulnerability
  CISEC:3415  Windows Kernel Information Disclosure Vulnerability
  CISEC:3422  Windows Information Disclosure Vulnerability
  CISEC:3474  Windows GDI Information Disclosure Vulnerability
  CISEC:3424  Windows Elevation of Privilege Vulnerability
  CISEC:3428  Windows DNSAPI Remote Code Execution Vulnerability
  CISEC:3484  User information leak via SVG
  CISEC:3470  Use after free in V8
  CISEC:3441  Use after free in print preview
  CISEC:3445  Use after free in credit card autofill
  CISEC:3439  Use after free in Apps Bluetooth
  CISEC:3436  UI spoofing in Blink
  CISEC:3440  UI spoofing in Blink
  CISEC:3434  Type confusion in V8
  CISEC:3430  TRIE Remote Code Execution Vulnerability
  CISEC:3460  Skype for Business Elevation of Privilege Vulnerability
  CISEC:3447  Scripting Engine Memory Corruption Vulnerability
  CISEC:3448  Scripting Engine Memory Corruption Vulnerability
  CISEC:3449  Scripting Engine Memory Corruption Vulnerability
  CISEC:3450  Scripting Engine Memory Corruption Vulnerability
  CISEC:3451  Scripting Engine Memory Corruption Vulnerability
  CISEC:3452  Scripting Engine Memory Corruption Vulnerability
  CISEC:3453  Scripting Engine Memory Corruption Vulnerability
  CISEC:3454  Scripting Engine Memory Corruption Vulnerability
  CISEC:3455  Scripting Engine Memory Corruption Vulnerability
  CISEC:3456  Scripting Engine Memory Corruption Vulnerability
  CISEC:3457  Scripting Engine Memory Corruption Vulnerability
  CISEC:3417  Scripting Engine Memory Corruption Vulnerability
  CISEC:3418  Scripting Engine Memory Corruption Vulnerability
  CISEC:3419  Scripting Engine Memory Corruption Vulnerability
  CISEC:3420  Scripting Engine Memory Corruption Vulnerability
  CISEC:3438  Possible command injection in mailto handling
  CISEC:3444  Out of bounds read in V8
  CISEC:3425  Microsoft Windows Security Feature Bypass
  CISEC:3423  Microsoft Search Information Disclosure Vulnerability
  CISEC:3464  Microsoft Outlook Security Feature Bypass Vulnerability
  CISEC:3459  Microsoft Outlook Information Disclosure Vulnerability
  CISEC:3461  Microsoft Office SharePoint XSS Vulnerability
  CISEC:3462  Microsoft Office SharePoint XSS Vulnerability
  CISEC:3463  Microsoft Office SharePoint XSS Vulnerability
  CISEC:3467  Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:3468  Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:3472  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3473  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3446  Information leak in CSP reporting
  CISEC:3442  Heap buffer overflow in Skia
  CISEC:3435  Extension verification bypass
  CISEC:3437  Address spoofing in Omnibox

2017-11-10  CISEC:3397  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:3390  Win32k Elevation of Privilege Vulnerability
  CISEC:3391  Win32k Elevation of Privilege Vulnerability
  CISEC:3378  Use after free in PPAPI
  CISEC:3379  Use after free in IndexedDB
  CISEC:3384  UI spoofing in Blink
  CISEC:3386  Type confusion in extensions
  CISEC:3408  Scripting Engine Memory Corruption Vulnerability
  CISEC:3409  Scripting Engine Memory Corruption Vulnerability
  CISEC:3385  Out-of-bounds write in PDFium
  CISEC:3377  OpenSSL Security Bypass Vulnerability
  CISEC:3394  Microsoft Office Remote Code Execution Vulnerability
  CISEC:3395  Microsoft Office Memory Corruption Vulnerability
  CISEC:3392  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:3396  Microsoft Graphics Remote Code Execution Vulnerability
  CISEC:3393  Microsoft Graphics Information Disclosure Vulnerability
  CISEC:3387  Internet Explorer Information Disclosure Vulnerability
  CISEC:3388  Internet Explorer Information Disclosure Vulnerability
  CISEC:3389  Internet Explorer Information Disclosure Vulnerability

2017-11-03  CISEC:3353  Remote Code Execution Vulnerability in Apache Tomcat 7.0.0 to 7.0.79
  CISEC:3358  RAR decompression memory corruption
  CISEC:3357  RAR Decompression Denial Of Service Vulnerability
  CISEC:3355  Out-of-bounds access in V8
  CISEC:3356  Out-of-bounds access in V8
  CISEC:3354  Information Disclosure Vulnerability in Apache Tomcat 7.0.0 to 7.0.80
  CISEC:3351  IBM WebSphere MQ and IBM MQ Appliance proliferation of channel agents causes denial of service
  CISEC:3352  IBM MQ Java clients might send a password in clear text
  CISEC:3311  IBM MQ cluster channel definition causes denial of service to cluster
  CISEC:3350  IBM MQ and IBM WebSphere MQ Trace enablement could cause denial of service
  CISEC:3310  IBM MQ administration command could cause denial of service

2017-10-27  CISEC:3264  Windows Shell Remote Code Execution Vulnerability
  CISEC:3267  Windows Security Feature Bypass Vulnerability
  CISEC:3257  Windows Information Disclosure Vulnerability
  CISEC:3256  Windows Elevation of Privilege Vulnerability
  CISEC:3270  Windows DHCP Server Remote Code Execution Vulnerability
  CISEC:3268  Uniscribe Remote Code Execution Vulnerability
  CISEC:3259  Scripting Engine Memory Corruption Vulnerability
  CISEC:3260  Scripting Engine Memory Corruption Vulnerability
  CISEC:3261  Scripting Engine Memory Corruption Vulnerability
  CISEC:3262  Scripting Engine Memory Corruption Vulnerability
  CISEC:3263  Scripting Engine Memory Corruption Vulnerability
  CISEC:3269  Remote Desktop Virtual Host Remote Code Execution Vulnerability
  CISEC:3286  Plaintext Credentials Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
  CISEC:3251  Microsoft Office Publisher Remote Code Execution
  CISEC:3252  Microsoft Office Memory Corruption Vulnerability
  CISEC:3258  Microsoft Bluetooth Driver Spoofing Vulnerability
  CISEC:3280  Local Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
  CISEC:3254  Internet Explorer Spoofing Vulnerability
  CISEC:3253  Internet Explorer Memory Corruption Vulnerability
  CISEC:3255  Internet Explorer Memory Corruption Vulnerability
  CISEC:3309  IBM MQ Invalid channel protocol flows cause denial of service on HP-UX
  CISEC:3307  IBM MQ Channel data conversion denial of service
  CISEC:3308  IBM MQ and IBM WebSphere MQ invalid requests could cause denial of service to MQXR listener
  CISEC:3266  Device Guard Security Feature Bypass Vulnerability
  CISEC:3276  Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
  CISEC:3281  Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
  CISEC:3271  Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x
  CISEC:3278  Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600
  CISEC:3265  .NET Framework Remote Code Execution Vulnerability

2017-10-20  CISEC:3221  Windows GDI+ Information Disclosure Vulnerability
  CISEC:3236  Scripting Engine Memory Corruption Vulnerability
  CISEC:3240  Scripting Engine Memory Corruption Vulnerability
  CISEC:3241  Scripting Engine Memory Corruption Vulnerability
  CISEC:3242  Scripting Engine Memory Corruption Vulnerability
  CISEC:3245  Scripting Engine Memory Corruption Vulnerability
  CISEC:3247  Scripting Engine Memory Corruption Vulnerability
  CISEC:3248  Scripting Engine Memory Corruption Vulnerability
  CISEC:3246  Scripting Engine Information Disclosure Vulnerability
  CISEC:3222  PowerPoint Remote Code Execution Vulnerability
  CISEC:3228  PowerPoint Remote Code Execution Vulnerability
  CISEC:3237  NetBIOS Remote Code Execution Vulnerability
  CISEC:3226  Microsoft PDF Remote Code Execution Vulnerability
  CISEC:3229  Microsoft PDF Remote Code Execution Vulnerability
  CISEC:3233  Microsoft Office Memory Corruption Vulnerability
  CISEC:3234  Microsoft Office Memory Corruption Vulnerability
  CISEC:3235  Microsoft Office Memory Corruption Vulnerability
  CISEC:3219  Microsoft Graphics Component Remote Code Execution
  CISEC:3216  Microsoft Edge Spoofing Vulnerability
  CISEC:3215  Microsoft Edge Memory Corruption Vulnerability
  CISEC:3244  Microsoft Edge Memory Corruption Vulnerability
  CISEC:3214  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3243  Microsoft Browser Memory Corruption Vulnerability
  CISEC:3213  Microsoft Browser Information Disclosure Vulnerability
  CISEC:3223  Hyper-V Information Disclosure Vulnerability
  CISEC:3224  Hyper-V Information Disclosure Vulnerability
  CISEC:3230  Hyper-V Information Disclosure Vulnerability
  CISEC:3231  Hyper-V Information Disclosure Vulnerability
  CISEC:3232  Hyper-V Information Disclosure Vulnerability
  CISEC:3227  Hyper-V Denial of Service Vulnerability
  CISEC:3220  Graphics Component Information Disclosure Vulnerability
  CISEC:3238  Broadcom BCM43xx Remote Code Execution Vulnerability

2017-10-18  CVE-2014-3164  cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder...

2017-10-13  CISEC:3203  Windows Kernel Information Disclosure Vulnerability
  CISEC:3205  Windows Kernel Information Disclosure Vulnerability
  CISEC:3197  Windows Kernel Information Disclosure Vulnerability
  CISEC:3200  Windows Kernel Information Disclosure Vulnerability
  CISEC:3210  Windows GDI+ Information Disclosure Vulnerability
  CISEC:3211  Windows GDI+ Information Disclosure Vulnerability
  CISEC:3212  Windows GDI+ Information Disclosure Vulnerability
  CISEC:3204  Win32k Information Disclosure Vulnerability
  CISEC:3192  Win32k Information Disclosure Vulnerability
  CISEC:3196  Win32k Information Disclosure Vulnerability
  CISEC:3198  Win32k Information Disclosure Vulnerability
  CISEC:3199  Win32k Information Disclosure Vulnerability
  CISEC:3191  Win32k Graphics Remote Code Execution Vulnerability
  CISEC:3194  Win32k Graphics Information Disclosure Vulnerability
  CISEC:3193  Win32k Elevation of Privilege Vulnerability
  CISEC:3201  Win32k Elevation of Privilege Vulnerability
  CISEC:3159  Vulnerability in ImageMagick 7.0.5-8
  CISEC:3169  Vulnerability in ImageMagick 7.0.5-7
  CISEC:3175  Vulnerability in ImageMagick 7.0.5-7
  CISEC:3158  Vulnerability in ImageMagick 7.0.5-5
  CISEC:3160  Vulnerability in ImageMagick 7.0.5-5
  CISEC:3168  Vulnerability in ImageMagick 7.0.5-5
  CISEC:3172  Vulnerability in ImageMagick 7.0.5-5
  CISEC:3174  Vulnerability in ImageMagick 7.0.5-5
  CISEC:3163  Use of uninitialized value in Skia
  CISEC:3171  Use of uninitialized value in Skia
  CISEC:3162  Use after free in PDFium
  CISEC:3166  Type confusion in V8
  CISEC:3167  Type confusion in V8
  CISEC:3181  The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file
  CISEC:3186  The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file
  CISEC:3161  Potential HTTPS downgrade during redirect navigation
  CISEC:3202  Microsoft SharePoint XSS Vulnerability
  CISEC:3195  Microsoft SharePoint Cross Site Scripting Vulnerability
  CISEC:3189  Microsoft Exchange Information Disclosure Vulnerability
  CISEC:3187  Microsoft Exchange Cross-Site Scripting Vulnerability
  CISEC:3176  Microsoft Edge Spoofing Vulnerability
  CISEC:3208  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3179  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3207  Microsoft Edge Remote Code Execution Vulnerability
  CISEC:3206  Microsoft Edge Memory Corruption Vulnerability
  CISEC:3178  Microsoft Edge Memory Corruption Vulnerability
  CISEC:3209  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3177  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3173  Memory lifecycle issue in PDFium
  CISEC:3131  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3132  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3133  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3156  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3157  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3129  In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak
  CISEC:3121  In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak
  CISEC:3122  In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak
  CISEC:3123  In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak
  CISEC:3183  In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak
  CISEC:3124  In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak
  CISEC:3127  In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak
  CISEC:3180  In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak
  CISEC:3125  In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak
  CISEC:3128  In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak
  CISEC:3184  In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak
  CISEC:3126  In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak
  CISEC:3185  In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak
  CISEC:3130  In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak
  CISEC:3182  In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak
  CISEC:3155  Heap buffer overflow vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3170  Heap buffer overflow in WebGL
  CISEC:3165  Heap buffer overflow in Skia
  CISEC:3164  Bypass of Content Security Policy in Blink

2017-10-06  CISEC:3105  Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3098  Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3113  Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3109  Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3107  Office Remote Code Execution Vulnerability
  CISEC:3099  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3106  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3108  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3111  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3112  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3114  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3110  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3117  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3116  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3115  Information disclosure vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier

2017-09-29  CISEC:3081  Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3079  Vulnerability in Oracle Java SE: 7u141 and 8u131
  CISEC:3080  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3083  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3084  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3082  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
  CISEC:3054  RPCoRDMA dissector infinite loop
  CISEC:3075  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability
  CISEC:3055  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
  CISEC:3058  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
  CISEC:3068  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
  CISEC:3077  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
  CISEC:3057  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability
  CISEC:3069  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3070  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3071  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3073  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3074  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3056  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3059  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3061  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3064  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3065  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3066  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3067  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3078  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
  CISEC:3060  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
  CISEC:3062  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
  CISEC:3063  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
  CISEC:3076  Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability

2017-09-27  CVE-2015-1526  The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.
  CVE-2015-1537  Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.

2017-09-25  CVE-2014-0997  WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android...
  CVE-2011-4667  The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6),...
  CVE-2010-3050  Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
  CVE-2010-3049  Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).

2017-09-22  CISEC:3008  Windows NetBIOS Denial of Service Vulnerability
  CISEC:3010  Vulnerability in the MySQL Server
  CISEC:3047  Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:3025  Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3037  Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3026  Type Confusion vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3000  Scripting Engine Memory Corruption Vulnerability
  CISEC:3001  Scripting Engine Memory Corruption Vulnerability
  CISEC:3002  Scripting Engine Memory Corruption Vulnerability
  CISEC:3009  Scripting Engine Memory Corruption Vulnerability
  CISEC:3013  Scripting Engine Memory Corruption Vulnerability
  CISEC:3019  Scripting Engine Memory Corruption Vulnerability
  CISEC:3046  Scripting Engine Memory Corruption Vulnerability
  CISEC:3048  Scripting Engine Memory Corruption Vulnerability
  CISEC:3018  Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
  CISEC:3007  Microsoft JET Database Engine Remote Code Execution Vulnerability
  CISEC:3016  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:3011  Microsoft Edge Memory Corruption Vulnerability
  CISEC:3012  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3014  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3015  Microsoft Edge Information Disclosure Vulnerability
  CISEC:3003  Microsoft Browser Memory Corruption Vulnerability
  CISEC:3004  Microsoft Browser Memory Corruption Vulnerability
  CISEC:3020  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3021  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3022  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3023  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3024  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3027  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3028  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3029  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3030  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3032  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3033  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3034  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3035  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3036  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3038  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3039  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3040  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3042  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3043  Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3044  Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
  CISEC:3005  Internet Explorer Security Feature Bypass Vulnerability
  CISEC:3006  Internet Explorer Memory Corruption Vulnerability
  CISEC:3052  IMAP dissector crash
  CISEC:3053  DOF dissector infinite loop

2017-09-15  CISEC:2987  Windows Subsystem for Linux Elevation of Privilege Vulnerability
  CISEC:2988  Windows Subsystem for Linux Denial of Service Vulnerability
  CISEC:2959  Windows Search Remote Code Execution Vulnerability
  CISEC:2968  Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
  CISEC:2980  Windows PDF Remote Code Execution Vulnerability
  CISEC:2985  Windows IME Remote Code Execution Vulnerability
  CISEC:2958  Windows Hyper-V Remote Code Execution Vulnerability
  CISEC:2956  Windows Hyper-V Denial of Service Vulnerability
  CISEC:2974  Windows Error Reporting Elevation of Privilege Vulnerability
  CISEC:2986  Windows CLFS Elevation of Privilege Vulnerability
  CISEC:2957  Win32k Information Disclosure Vulnerability
  CISEC:2955  Win32k Elevation of Privilege Vulnerability
  CISEC:2983  Vulnerability in the MySQL Server
  CISEC:2972  Volume Manager Extension Driver Information Disclosure Vulnerability
  CISEC:2984  Scripting Engine Memory Corruption Vulnerability
  CISEC:2989  Scripting Engine Memory Corruption Vulnerability
  CISEC:2982  Scripting Engine Memory Corruption Vulnerability
  CISEC:2960  Scripting Engine Memory Corruption Vulnerability
  CISEC:2961  Scripting Engine Memory Corruption Vulnerability
  CISEC:2962  Scripting Engine Memory Corruption Vulnerability
  CISEC:2963  Scripting Engine Memory Corruption Vulnerability
  CISEC:2964  Scripting Engine Memory Corruption Vulnerability
  CISEC:2975  Scripting Engine Memory Corruption Vulnerability
  CISEC:2978  Scripting Engine Memory Corruption Vulnerability
  CISEC:2979  Scripting Engine Memory Corruption Vulnerability
  CISEC:2981  Scripting Engine Information Disclosure Vulnerability
  CISEC:2971  Microsoft Office SharePoint XSS Vulnerability
  CISEC:2969  Microsoft Office Outlook Security Feature Bypass Vulnerability
  CISEC:2967  Microsoft Office Outlook Memory Corruption Vulnerability
  CISEC:2973  Microsoft Office Outlook Information Disclosure Vulnerability
  CISEC:2976  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:2977  Microsoft Edge Elevation of Privilege Vulnerability
  CVE-2015-1527  Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.
  CISEC:2970  Express Compressed Fonts Remote Code Execution Vulnerability

2017-09-08  CISEC:2923  Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2924  Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2926  Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2927  Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2932  Vulnerability in MySQL Server 5.7.18 and earlier
  CISEC:2925  Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2928  Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2929  Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2931  Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier
  CISEC:2930  Vulnerability in MySQL Cluster 7.3.5 and earlier
  CISEC:2938  Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131
  CISEC:2935  Vulnerability in Java SE: 7u141, 8u131
  CISEC:2933  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:2934  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:2936  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:2937  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
  CISEC:2940  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
  CISEC:2941  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
  CISEC:2939  Vulnerability in Java SE: 6u151, 7u141, 8u131
  CISEC:2942  Vulnerability in Java SE: 6u151, 7u141, 8u131
  CISEC:2843  Unspecified vulnerability in Oracle Java SE 8u131
  CISEC:2847  Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2838  Unspecified vulnerability in Oracle Java SE 7u141, and 8u131
  CISEC:2839  Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14
  CISEC:2841  Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2842  Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2845  Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2846  Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
  CISEC:2840  Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131
  CISEC:2844  Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131

2017-09-01  CISEC:2867  WBXML dissector infinite loop
  CISEC:2850  Vulnerability in the MySQL Server
  CISEC:2853  Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2857  Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2859  Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2861  Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2862  Vulnerability in Oracle MySQL 5.7.18 and earlier
  CISEC:2858  Vulnerability in Oracle MySQL 5.7.16 and earlier
  CISEC:2854  Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2860  Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2855  Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2856  Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
  CISEC:2852  Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
  CISEC:2848  Scripting Engine Memory Corruption Vulnerability
  CISEC:2849  Scripting Engine Memory Corruption Vulnerability
  CISEC:2864  Scripting Engine Memory Corruption Vulnerability
  CISEC:2865  Scripting Engine Memory Corruption Vulnerability
  CISEC:2866  Scripting Engine Memory Corruption Vulnerability
  CISEC:2863  NetScaler file parser infinite loop
  CISEC:2851  Microsoft Browser Security Feature Bypass

2017-08-25  CISEC:2816  Windows PowerShell Remote Code Execution Vulnerability
  CISEC:2802  Windows IME Elevation of Privilege Vulnerability
  CISEC:2795  Windows Explorer Remote Code Execution Vulnerability
  CISEC:2796  Windows Elevation of Privilege Vulnerability
  CISEC:2803  Windows CLFS Elevation of Privilege Vulnerability
  CISEC:2799  Windows ALPC Elevation of Privilege Vulnerability
  CISEC:2827  Use after free in Blink
  CISEC:2798  SharePoint Server XSS Vulnerability
  CISEC:2837  Scripting Engine Memory Corruption Vulnerability
  CISEC:2805  Scripting Engine Memory Corruption Vulnerability
  CISEC:2806  Scripting Engine Memory Corruption Vulnerability
  CISEC:2817  Scripting Engine Memory Corruption Vulnerability
  CISEC:2818  Scripting Engine Memory Corruption Vulnerability
  CISEC:2819  Scripting Engine Memory Corruption Vulnerability
  CISEC:2820  Scripting Engine Memory Corruption Vulnerability
  CISEC:2801  Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2813  Local Information Disclosure Vulnerability in ImageMagick before 7.0.5-2
  CISEC:2809  Local Denial of Service Vulnerability in ImageMagick 7.0.5-7
  CISEC:2825  Incorrect UI in Blink
  CISEC:2824  Incorrect signature handing in Networking
  CISEC:2797  Https.sys Information Disclosure Vulnerability
  CISEC:2804  HoloLens Remote Code Execution Vulnerability
  CISEC:2828  Heap overflow in Skia
  CISEC:2800  DirectX Elevation of Privilege Vulnerability
  CISEC:2812  Denial of Service Vulnerability in ImageMagick 7.0.5-7
  CISEC:2808  Denial of Service Vulnerability in ImageMagick 7.0.5-6
  CISEC:2811  Denial of Service Vulnerability in ImageMagick 7.0.5-6
  CISEC:2815  Denial of Service Vulnerability in ImageMagick 7.0.5-6
  CISEC:2807  Denial of Service Vulnerability in ImageMagick 7.0.5-5
  CISEC:2810  Denial of Service Vulnerability in ImageMagick 7.0.5-5
  CISEC:2814  Denial of Service Vulnerability in ImageMagick 7.0.5-5
  CISEC:2826  Cross-origin bypass in Blink

2017-08-18  CISEC:2781  WordPad Remote Code Execution Vulnerability
  CISEC:2757  Windows System Information Console Information Disclosure Vulnerability
  CISEC:2782  Windows Search Remote Code Execution Vulnerability
  CISEC:2756  Windows Performance Monitor Information Disclosure Vulnerability
  CISEC:2751  Windows Kernel Information Disclosure Vulnerability
  CISEC:2749  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2742  Windows Explorer Denial of Service Vulnerability
  CISEC:2745  Win32k Information Disclosure Vulnerability
  CISEC:2747  Win32k Information Disclosure Vulnerability
  CISEC:2743  Win32k Elevation of Privilege Vulnerability
  CISEC:2744  Win32k Elevation of Privilege Vulnerability
  CISEC:2746  Win32k Elevation of Privilege Vulnerability
  CISEC:2748  Win32k Elevation of Privilege Vulnerability
  CISEC:2750  Win32k Elevation of Privilege Vulnerability
  CISEC:2775  Scripting Engine Memory Corruption Vulnerability
  CISEC:2779  Scripting Engine Memory Corruption Vulnerability
  CISEC:2729  Office Remote Code Execution Vulnerability
  CISEC:2730  Office Remote Code Execution Vulnerability
  CISEC:2731  Office Remote Code Execution Vulnerability
  CISEC:2732  Office Remote Code Execution Vulnerability
  CISEC:2738  Microsoft Office Remote Code Execution Vulnerability
  CISEC:2739  Microsoft Office Remote Code Execution Vulnerability
  CISEC:2740  Microsoft Office Memory Corruption Vulnerability
  CISEC:2741  Microsoft Office Memory Corruption Vulnerability
  CISEC:2761  Microsoft Graphics Component Information Disclosure Vulnerability
  CISEC:2758  Microsoft Graphics Component Elevation of Privilege Vulnerability
  CISEC:2759  Microsoft Graphics Component Elevation of Privilege Vulnerability
  CISEC:2760  Microsoft Graphics Component Elevation of Privilege Vulnerability
  CISEC:2762  Microsoft Graphics Component Elevation of Privilege Vulnerability
  CISEC:2733  Microsoft Exchange Open Redirect Vulnerability
  CISEC:2734  Microsoft Exchange Cross-Site Scripting Vulnerability
  CISEC:2736  Microsoft Exchange Cross-Site Scripting Vulnerability
  CISEC:2776  Microsoft Edge Spoofing Vulnerability
  CISEC:2777  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2778  Microsoft Edge Remote Code Execution Vulnerability
  CISEC:2752  Microsoft Browser Security Feature Bypass
  CISEC:2755  Kerberos SNAME Security Feature Bypass Vulnerability
  CISEC:2780  Internet Explorer Memory Corruption Vulnerability
  CISEC:2763  In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference
  CISEC:2772  In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash
  CISEC:2768  In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer
  CISEC:2769  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop
  CISEC:2773  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash
  CISEC:2764  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory
  CISEC:2765  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer
  CISEC:2774  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop
  CISEC:2767  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop
  CISEC:2766  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer
  CISEC:2771  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero
  CISEC:2770  In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop
  CISEC:2754  .NET Denial of Service Vulnerability

2017-08-11  CISEC:2719  WSP infinite loop in Wireshark
  CISEC:2718  RTMPT dissector infinite loop in Wireshark
  CISEC:2722  NetScaler file parser infinite loop in Wireshark
  CISEC:2727  Netscaler file parser infinite loop in Wireshark
  CISEC:2723  NetScaler file parser crash in Wireshark
  CISEC:2713  NCP dissector crash in Wireshark
  CISEC:2725  LDSS dissector crash in Wireshark
  CISEC:2716  K12 file parser crash in Wireshark
  CISEC:2720  IAX2 infinite loop in Wireshark
  CISEC:2726  DHCPv6 large loop in Wireshark
  CISEC:2715  Denial of Service Vulnerability in Wireshark 2.2.7
  CISEC:2721  Denial of Service Vulnerability in Wireshark 2.2.7
  CISEC:2724  Denial of Service Vulnerability in Wireshark 2.2.7
  CISEC:2714  Denial of Service Vulnerability in Wireshark
  CISEC:2728  Bluetooth L2CAP dissector crash in Wireshark
  CISEC:2717  ASTERIX infinite loop in Wireshark

2017-08-07  CISEC:2697  Windows VAD Cloning Denial of Service Vulnerability
  CISEC:2687  Windows Security Feature Bypass Vulnerability
  CISEC:2677  Windows Kernel Information Disclosure Vulnerability
  CISEC:2678  Windows Kernel Information Disclosure Vulnerability
  CISEC:2684  Windows Kernel Information Disclosure Vulnerability
  CISEC:2690  Windows Elevation of Privilege Vulnerability
  CISEC:2694  Windows Default Folder Tampering Vulnerability
  CISEC:2691  Windows Cursor Elevation of Privilege Vulnerability
  CISEC:2692  Windows COM Session Elevation of Privilege Vulnerability
  CVE-2015-3839  The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).
  CISEC:2686  Sandbox Escape in IndexedDB vulnerability in Google Chrome versions
  CISEC:2698  Microsoft SharePoint Reflective XSS Vulnerability
  CISEC:2683  Hypervisor Code Integrity Elevation of Privilege Vulnerability
  CISEC:2685  GDI Information Disclosure Vulnerablity
  CISEC:2688  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:2689  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:2693  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:2695  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  CISEC:2696  Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

2017-08-02  CVE-2012-5030  Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.

2017-07-28  CISEC:2665  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:2667  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:2662  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2666  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2668  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2670  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2671  Windows TDX Elevation of Privilege Vulnerability
  CISEC:2674  Windows Remote Code Execution Vulnerability
  CISEC:2669  Windows PDF Remote Code Execution Vulnerability
  CISEC:2672  Windows PDF Remote Code Execution Vulnerability
  CISEC:2664  Windows PDF Information Disclosure Vulnerability
  CISEC:2629  Windows Kernel Information Disclosure Vulnerability
  CISEC:2631  Windows Kernel Information Disclosure Vulnerability
  CISEC:2632  Windows Kernel Information Disclosure Vulnerability
  CISEC:2633  Windows Kernel Information Disclosure Vulnerability
  CISEC:2634  Windows Kernel Information Disclosure Vulnerability
  CISEC:2635  Windows Kernel Information Disclosure Vulnerability
  CISEC:2636  Windows Kernel Information Disclosure Vulnerability
  CISEC:2637  Windows Kernel Information Disclosure Vulnerability
  CISEC:2638  Windows Kernel Information Disclosure Vulnerability
  CISEC:2639  Windows Kernel Information Disclosure Vulnerability
  CISEC:2640  Windows Kernel Information Disclosure Vulnerability
  CISEC:2641  Windows Kernel Information Disclosure Vulnerability
  CISEC:2642  Windows Kernel Information Disclosure Vulnerability
  CISEC:2643  Windows Kernel Information Disclosure Vulnerability
  CISEC:2644  Windows Kernel Information Disclosure Vulnerability
  CISEC:2630  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2604  Win32k Information Disclosure Vulnerability
  CISEC:2605  Win32k Information Disclosure Vulnerability
  CISEC:2606  Win32k Information Disclosure Vulnerability
  CISEC:2608  Win32k Information Disclosure Vulnerability
  CISEC:2609  Win32k Information Disclosure Vulnerability
  CISEC:2610  Win32k Information Disclosure Vulnerability
  CISEC:2611  Win32k Information Disclosure Vulnerability
  CISEC:2603  Win32k Elevation of Privilege Vulnerability
  CISEC:2607  Win32k Elevation of Privilege Vulnerability
  CISEC:2628  Win32k Elevation of Privilege Vulnerability
  CISEC:2663  Skype for Business Remote Code Execution Vulnerability
  CISEC:2675  Microsoft SharePoint XSS vulnerability
  CISEC:2673  Microsoft PowerPoint Remote Code Execution Vulnerability

2017-07-21  CISEC:2538  Windows Search Remote Code Execution Vulnerability
  CISEC:2543  Windows Search Remote Code Execution Vulnerability
  CISEC:2542  Windows Search Information Disclosure Vulnerability
  CISEC:2573  Windows Graphics Remote Code Execution Vulnerability
  CISEC:2571  Windows Graphics Information Disclosure Vulnerability
  CISEC:2572  Windows Graphics Information Disclosure Vulnerability
  CISEC:2574  Windows Graphics Information Disclosure Vulnerability
  CISEC:2575  Windows Graphics Information Disclosure Vulnerability
  CISEC:2576  Windows Graphics Information Disclosure Vulnerability
  CISEC:2577  Windows Graphics Information Disclosure Vulnerability
  CISEC:2578  Windows Graphics Information Disclosure Vulnerability
  CISEC:2541  Use after free in Chrome Apps
  CISEC:2535  URL spoofing in Omnibox
  CISEC:2536  URL spoofing in Omnibox
  CISEC:2544  URL spoofing in Omnibox
  CISEC:2540  Type confusion in PDFium
  CISEC:2537  Type confusion in Blink
  CISEC:2525  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2528  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2530  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2531  Microsoft Edge Memory Corruption Vulnerability
  CISEC:2532  Microsoft Edge Memory Corruption Vulnerability
  CISEC:2526  Microsoft Edge Information Disclosure Vulnerability
  CISEC:2527  Microsoft Edge Information Disclosure Vulnerability
  CISEC:2529  Microsoft Browser Information Disclosure Vulnerability
  CISEC:2533  Internet Explorer Memory Corruption Vulnerability
  CISEC:2534  Internet Explorer Memory Corruption Vulnerability
  CISEC:2539  Heap use after free in Print Preview

2017-07-18  CISEC:2753  RHSA-2016:2098 -- kernel security update

2017-07-14  CISEC:2508  Scripting Engine Memory Corruption Vulnerability
  CISEC:2509  Scripting Engine Memory Corruption Vulnerability
  CISEC:2510  Scripting Engine Memory Corruption Vulnerability
  CISEC:2511  Scripting Engine Memory Corruption Vulnerability
  CISEC:2512  Scripting Engine Memory Corruption Vulnerability
  CISEC:2513  Scripting Engine Memory Corruption Vulnerability
  CISEC:2506  Scripting Engine Memory Corruption Vulnerability
  CISEC:2507  Scripting Engine Memory Corruption Vulnerability

2017-07-07  CISEC:2425  XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2429  V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CVE-2014-7953  Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target...
  CISEC:2432  Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2417  Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2431  Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2416  Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2418  Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2419  Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2424  Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2427  Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation
  CVE-2014-7954  Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files...
  CISEC:2423  Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView
  CISEC:2428  Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2420  An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2421  An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2422  An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2426  An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2430  An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux

2017-06-30  CISEC:2406  Use after free in PDFium
  CISEC:2408  Use after free in PDFium
  CISEC:2409  Use after free in PDFium
  CISEC:2414  Use after free in GuestView
  CISEC:2404  Use after free in ANGLE
  CISEC:2411  Out of bounds write in PDFium
  CISEC:2413  Multiple out of bounds writes in ChunkDemuxer
  CISEC:2401  Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2402  Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2399  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:2407  Memory corruption in V8
  CISEC:2412  Integer overflow in libxslt
  CISEC:2405  Information disclosure in V8
  CISEC:2410  Incorrect security UI in Omnibox
  CISEC:2403  Bypass of Content Security Policy in Blink

2017-06-28  CISEC:2627  Security Update for Windows Vista, Windows Server 2008
  CISEC:2621  Security Update for Windows Server 2008, Windows Vista for x64-based Systems
  CISEC:2612  Security Update for Microsoft Office 2007
  CISEC:2616  April, 2017 Security Only Quality Update for Windows Server 2012
  CISEC:2620  April, 2017 Security Only Quality Update for Windows 7 for x64-based Systems
  CISEC:2625  April, 2017 Security Only Quality Update for Windows 7
  CISEC:2622  April, 2017 Security Monthly Quality Rollup for Windows Server 2012
  CISEC:2615  April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems
  CISEC:2617  April, 2017 Security Monthly Quality Rollup for Windows 7

2017-06-27  CVE-2015-3840  The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

2017-06-23  CISEC:2377  Windows Kernel Information Disclosure Vulnerability
  CISEC:2378  Windows Kernel Information Disclosure Vulnerability
  CISEC:2379  Windows Kernel Information Disclosure Vulnerability
  CISEC:2384  Windows Kernel Information Disclosure Vulnerability
  CISEC:2380  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2373  Windows Hyper-V vSMB Elevation of Privilege Vulnerability
  CISEC:2385  Windows GDI Information Disclosure Vulnerability
  CISEC:2390  Windows DNS Server Denial of Service Vulnerability
  CISEC:2375  Windows COM Elevation of Privilege Vulnerability
  CISEC:2376  Windows COM Elevation of Privilege Vulnerability
  CISEC:2383  Win32k Information Disclosure Vulnerability
  CISEC:2381  Win32k Elevation of Privilege Vulnerability
  CISEC:2382  Win32k Elevation of Privilege Vulnerability
  CISEC:2389  Microsoft SharePoint XSS Vulnerability
  CISEC:2394  Microsoft Office Remote Code Execution Vulnerability
  CISEC:2392  Microsoft Office Memory Corruption Vulnerability
  CISEC:2372  Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2391  Microsoft ActiveX Information Disclosure Vulnerability
  CISEC:2374  Dxgkrnl.sys Elevation of Privilege Vulnerability
  CISEC:2393  .Net Security Feature Bypass Vulnerability

2017-06-16  CISEC:2338  Windows SMB Remote Code Execution Vulnerability
  CISEC:2342  Windows SMB Remote Code Execution Vulnerability
  CISEC:2344  Windows SMB Remote Code Execution Vulnerability
  CISEC:2347  Windows SMB Remote Code Execution Vulnerability
  CISEC:2337  Windows SMB Information Disclosure Vulnerability
  CISEC:2339  Windows SMB Information Disclosure Vulnerability
  CISEC:2340  Windows SMB Information Disclosure Vulnerability
  CISEC:2343  Windows SMB Information Disclosure Vulnerability
  CISEC:2334  Windows SMB Information Disclosure Vulnerability
  CISEC:2336  Windows SMB Information Disclosure Vulnerability
  CISEC:2346  Windows SMB Information Disclosure Vulnerability
  CISEC:2341  Windows SMB Denial of Service Vulnerability
  CISEC:2345  Windows SMB Denial of Service Vulnerability
  CISEC:2335  Windows SMB Denial of Service Vulnerability
  CISEC:2352  Scripting Engine Memory Corruption Vulnerability
  CISEC:2353  Scripting Engine Memory Corruption Vulnerability
  CISEC:2354  Scripting Engine Memory Corruption Vulnerability
  CISEC:2355  Scripting Engine Memory Corruption Vulnerability
  CISEC:2357  Scripting Engine Memory Corruption Vulnerability
  CISEC:2359  Scripting Engine Memory Corruption Vulnerability
  CISEC:2360  Scripting Engine Memory Corruption Vulnerability
  CISEC:2361  Scripting Engine Memory Corruption Vulnerability
  CISEC:2365  Scripting Engine Memory Corruption Vulnerability
  CISEC:2332  Microsoft Office Remote Code Execution Vulnerability
  CISEC:2333  Microsoft Office Remote Code Execution Vulnerability
  CISEC:2362  Microsoft Edge Remote Code Execution Vulnerability
  CISEC:2351  Microsoft Edge Memory Corruption Vulnerability
  CISEC:2363  Microsoft Edge Memory Corruption Vulnerability
  CISEC:2364  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:2350  Microsoft Browser Spoofing Vulnerability
  CISEC:2366  Internet Explorer Security Feature Bypass Vulnerability
  CISEC:2356  Internet Explorer Memory Corruption Vulnerability
  CISEC:2358  Internet Explorer Memory Corruption Vulnerability
  CISEC:2349  Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

2017-06-14  CISEC:2505  Vulnerable version of JetBrains TeamCity

2017-06-09  CISEC:2269  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2270  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2271  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2272  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2273  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2274  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2275  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2276  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2277  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2278  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2279  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2280  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2281  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2282  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2283  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2284  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2285  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2286  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2287  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2288  Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier

2017-06-08  CVE-2014-7919  b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).

2017-06-06  CVE-2015-3830  The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.
  CVE-2014-9929  In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.
  CVE-2014-9930  In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9927  In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9949  In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.
  CVE-2015-9005  In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
  CVE-2014-9947  In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist.
  CVE-2014-9951  In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.
  CVE-2014-9948  In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.
  CVE-2014-9945  In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
  CVE-2015-9007  In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
  CVE-2014-9944  In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
  CVE-2014-9952  In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.
  CVE-2014-9941  In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
  CVE-2015-9006  In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
  CVE-2014-9923  In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9925  In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9926  In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9928  In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9950  In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
  CVE-2014-9946  In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9943  In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.
  CVE-2014-9942  In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.
  CVE-2014-9924  In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.

2017-06-02  CISEC:2235  Scripting Engine Memory Corruption Vulnerability
  CISEC:2222  libjpeg Information Disclosure Vulnerability
  CISEC:2232  LDAP Elevation of Privilege Vulnerability
  CISEC:2224  Hyper-V Remote Code Execution Vulnerability
  CISEC:2226  Hyper-V Remote Code Execution Vulnerability
  CISEC:2229  Hyper-V Remote Code Execution Vulnerability
  CISEC:2239  Hyper-V Remote Code Execution Vulnerability
  CISEC:2225  Hyper-V Information Disclosure Vulnerability
  CISEC:2231  Hyper-V Information Disclosure Vulnerability
  CISEC:2227  Hyper-V Denial of Service Vulnerability
  CISEC:2228  Hyper-V Denial of Service Vulnerability
  CISEC:2230  Hyper-V Denial of Service Vulnerability
  CISEC:2233  Hyper-V Denial of Service Vulnerability
  CISEC:2234  Hyper-V Denial of Service Vulnerability
  CISEC:2236  Hyper-V Denial of Service Vulnerability
  CISEC:2237  Hyper-V Denial of Service Vulnerability
  CISEC:2250  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2256  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2242  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2251  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2252  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2255  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2264  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2266  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2257  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2260  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2261  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2267  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2240  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2243  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2244  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2258  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability
  CISEC:2246  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2248  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2265  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2245  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2247  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2249  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2253  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2254  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2262  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2263  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2241  Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2223  ADFS Security Feature Bypass Vulnerability
  CISEC:2238  Active Directory Denial of Service Vulnerability

2017-05-26  CISEC:2195  Windows Elevation of Privilege Vulnerability
  CISEC:2194  Windows Denial of Service Vulnerability
  CISEC:2215  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2216  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2217  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2211  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption
  CISEC:2209  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
  CISEC:2212  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:2210  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API
  CISEC:2218  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump
  CISEC:2179  Vulnerability in the MySQL Cluster 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier – CVE-2016-3304
  CISEC:2176  Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2177  Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2182  Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2189  Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2191  Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2193  Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2190  Vulnerability in Oracle MySQL 5.7.11 to 5.7.17
  CISEC:2183  Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2192  Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2184  Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2185  Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2186  Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2187  Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2178  Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2188  Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2180  Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier
  CISEC:2181  Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.20 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:2206  Vulnerability in Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JCE
  CISEC:2221  Vulnerability in Java SE: 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT
  CISEC:2214  Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking
  CISEC:2220  Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking
  CISEC:2219  Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JAXP
  CISEC:2208  Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Security
  CISEC:2207  Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Networking
  CISEC:2213  Vulnerability in Java SE: 6u141, 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT
  CISEC:2174  Microsoft Office XSS Elevation of Privilege Vulnerability
  CISEC:2175  Microsoft Office XSS Elevation of Privilege Vulnerability
  CISEC:2204  ATMFD.dll Information Disclosure Vulnerability
  CISEC:2205  .NET Remote Code Execution Vulnerability

2017-05-19  CISEC:2171  Windows OLE Elevation of Privilege Vulnerability
  CISEC:2161  Windows Kernel Information Disclosure Vulnerability
  CISEC:2130  Windows HelpPane Elevation of Privilege Vulnerability
  CISEC:2163  Windows Graphics Elevation of Privilege Vulnerability
  CISEC:2165  Windows Graphics Component Elevation of Privilege Vulnerability
  CISEC:2126  Windows DNS Query Information Disclosure Vulnerability
  CISEC:2128  Windows DLL Loading Remote Code Execution Vulnerability
  CISEC:2170  Win32k Information Disclosure Vulnerability
  CISEC:2162  Win32k Information Disclosure Vulnerability
  CISEC:2169  Win32k Elevation of Privilege Vulnerability
  CISEC:2127  SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability
  CISEC:2155  Scripting Engine Memory Corruption Vulnerability
  CISEC:2156  Scripting Engine Memory Corruption Vulnerability
  CISEC:2158  Scripting Engine Information Disclosure Vulnerability
  CISEC:2164  Microsoft Outlook Remote Code Execution Vulnerability
  CISEC:2160  Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API
  CISEC:2168  Microsoft Office Security Feature Bypass Vulnerability
  CISEC:2173  Microsoft Office Memory Corruption Vulnerability
  CISEC:2135  Microsoft Exchange Server Elevation of Privilege Vulnerability
  CISEC:2159  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2152  Microsoft Edge Memory Corruption Vulnerability
  CISEC:2154  Microsoft Edge Memory Corruption Vulnerability
  CISEC:2131  iSNS Server Memory Corruption Vulnerability
  CISEC:2153  Internet Explorer Memory Corruption Vulnerability
  CISEC:2157  Internet Explorer Elevation of Privilege Vulnerability
  CISEC:2129  Device Guard Security Feature Bypass Vulnerability

2017-05-16  CVE-2014-9932  In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.
  CVE-2014-9933  Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.
  CVE-2014-9934  A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.
  CVE-2014-9931  A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.

2017-05-14  CISEC:2367  Security Update for Windows XP
  CISEC:2369  Security Update for Windows Server 2003 for x64-based Systems
  CISEC:2370  Security Update for Windows Server 2003
  CISEC:2371  Security Update for Windows 8 for x64-based Systems
  CISEC:2368  Security Update for Windows 8

2017-05-12  CISEC:2089  Windows SMB Remote Code Execution Vulnerability
  CISEC:2094  Windows SMB Remote Code Execution Vulnerability
  CISEC:2095  Windows SMB Remote Code Execution Vulnerability
  CISEC:2096  Windows SMB Remote Code Execution Vulnerability
  CISEC:2099  Windows SMB Remote Code Execution Vulnerability
  CISEC:2101  Windows SMB Remote Code Execution Vulnerability
  CISEC:2090  Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:2106  Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:2100  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:2098  Windows GDI+ Information Disclosure Vulnerability
  CISEC:2103  Windows GDI+ Information Disclosure Vulnerability
  CISEC:2105  Windows GDI+ Information Disclosure Vulnerability
  CISEC:2093  Windows GDI Elevation of Privilege Vulnerability
  CISEC:2097  Windows GDI Elevation of Privilege Vulnerability
  CISEC:2104  Windows GDI Elevation of Privilege Vulnerability
  CISEC:2107  Windows DVD Maker Cross-Site Request Forgery Vulnerability
  CISEC:2081  Windows DirectShow Information Disclosure Vulnerability
  CISEC:2125  Microsoft SharePoint XSS Vulnerability
  CISEC:2115  Microsoft Office Memory Corruption Vulnerability
  CISEC:2116  Microsoft Office Memory Corruption Vulnerability
  CISEC:2117  Microsoft Office Memory Corruption Vulnerability
  CISEC:2118  Microsoft Office Memory Corruption Vulnerability
  CISEC:2120  Microsoft Office Memory Corruption Vulnerability
  CISEC:2123  Microsoft Office Memory Corruption Vulnerability
  CISEC:2124  Microsoft Office Memory Corruption Vulnerability
  CISEC:2119  Microsoft Office Information Disclosure Vulnerability
  CISEC:2121  Microsoft Office Information Disclosure Vulnerability
  CISEC:2122  Microsoft Office Denial of Service Vulnerability
  CISEC:2114  Microsoft IIS Server XSS Elevation of Privilege Vulnerability
  CISEC:2074  Microsoft Hyper-V Network Switch Denial of Service Vulnerability
  CISEC:2091  Microsoft Color Management Information Disclosure Vulnerability
  CISEC:2092  Microsoft Color Management Information Disclosure Vulnerability
  CISEC:2080  Microsoft Active Directory Federation Services Information Disclosure Vulnerability
  CISEC:2075  Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:2078  Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:2069  Hyper-V Remote Code Execution Vulnerability
  CISEC:2076  Hyper-V Remote Code Execution Vulnerability
  CISEC:2071  Hyper-V Information Disclosure Vulnerability
  CISEC:2070  Hyper-V Denial of Service Vulnerability
  CISEC:2072  Hyper-V Denial of Service Vulnerability
  CISEC:2073  Hyper-V Denial of Service Vulnerability
  CISEC:2077  Hyper-V Denial of Service Vulnerability
  CISEC:2079  Hyper-V Denial of Service Vulnerability

2017-05-05  CISEC:2061  Win32k Elevation of Privilege Vulnerability
  CISEC:2062  Win32k Elevation of Privilege Vulnerability
  CISEC:2063  Win32k Elevation of Privilege Vulnerability
  CISEC:2064  Win32k Elevation of Privilege Vulnerability
  CISEC:2065  Win32k Elevation of Privilege Vulnerability
  CISEC:2066  Win32k Elevation of Privilege Vulnerability
  CISEC:2067  Win32k Elevation of Privilege Vulnerability
  CISEC:2068  Win32k Elevation of Privilege Vulnerability

2017-05-02  CVE-2014-9940  The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
  CVE-2015-9004  kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

2017-04-28  CISEC:2059  Windows Registry Elevation of Privilege Vulnerability
  CISEC:2057  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2060  Windows GDI Elevation of Privilege Vulnerability
  CISEC:2056  Windows Elevation of Privilege Vulnerability
  CISEC:2058  Windows Elevation of Privilege Vulnerability

2017-04-24  CVE-2010-1776  Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe...

2017-04-21  CISEC:1970  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1972  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1976  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1977  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1980  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1988  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1989  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1991  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1969  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1971  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1973  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1974  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1975  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1978  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1979  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1981  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1982  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1983  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1984  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1985  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1986  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1987  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1990  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1992  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1993  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1994  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1995  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1996  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1997  Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2006  Scripting Engine Memory Corruption Vulnerability
  CISEC:2011  Scripting Engine Memory Corruption Vulnerability
  CISEC:2012  Scripting Engine Memory Corruption Vulnerability
  CISEC:2013  Scripting Engine Memory Corruption Vulnerability
  CISEC:2014  Scripting Engine Memory Corruption Vulnerability
  CISEC:2016  Scripting Engine Memory Corruption Vulnerability
  CISEC:2017  Scripting Engine Memory Corruption Vulnerability
  CISEC:2018  Scripting Engine Memory Corruption Vulnerability
  CISEC:2020  Scripting Engine Memory Corruption Vulnerability
  CISEC:2021  Scripting Engine Memory Corruption Vulnerability
  CISEC:2023  Scripting Engine Memory Corruption Vulnerability
  CISEC:2024  Scripting Engine Memory Corruption Vulnerability
  CISEC:2027  Scripting Engine Memory Corruption Vulnerability
  CISEC:2031  Scripting Engine Memory Corruption Vulnerability
  CISEC:2033  Scripting Engine Memory Corruption Vulnerability
  CISEC:2036  Scripting Engine Memory Corruption Vulnerability
  CISEC:2038  Scripting Engine Memory Corruption Vulnerability
  CISEC:2001  Scripting Engine Memory Corruption Vulnerability
  CISEC:2004  Scripting Engine Memory Corruption Vulnerability
  CISEC:2005  Scripting Engine Memory Corruption Vulnerability
  CISEC:1998  Microsoft XML Core Services Information Disclosure Vulnerability
  CISEC:2010  Microsoft PDF Memory Corruption Vulnerability
  CISEC:2015  Microsoft Internet Explorer Memory Corruption Vulnerability
  CISEC:2022  Microsoft Edge Spoofing Vulnerability
  CISEC:2025  Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2029  Microsoft Edge Security Feature Bypass
  CISEC:2030  Microsoft Edge Security Feature Bypass
  CISEC:2039  Microsoft Edge Security Feature Bypass
  CISEC:2028  Microsoft Edge Memory Corruption Vulnerability
  CISEC:2008  Microsoft Edge Information Disclosure Vulnerability
  CISEC:2009  Microsoft Edge Information Disclosure Vulnerability
  CISEC:2037  Microsoft Edge Information Disclosure Vulnerability
  CISEC:2035  Microsoft Browser Spoofing Vulnerability
  CISEC:2000  Microsoft Browser Spoofing Vulnerability
  CISEC:2026  Microsoft Browser Memory Corruption Vulnerability
  CISEC:2019  Microsoft Browser Information Disclosure Vulnerability
  CISEC:2034  Microsoft Browser Information Disclosure Vulnerability
  CISEC:2032  Internet Explorer Memory Corruption Vulnerability
  CISEC:1999  Internet Explorer Information Disclosure Vulnerability
  CISEC:2002  Internet Explorer Information Disclosure Vulnerability
  CISEC:2003  Internet Explorer Information Disclosure Vulnerability
  CISEC:2007  Internet Explorer Elevation of Privilege Vulnerability

2017-04-13  CVE-2014-7921  mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
  CVE-2014-7920  mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.

2017-04-07  CISEC:1950  Vulnerability in OpenSSL 1.1.0 before 1.1.0d and OpenSSL 1.0.2 before 1.0.2k
  CISEC:1949  Vulnerability in OpenSSL 1.1.0 before 1.1.0d
  CISEC:1942  UI spoofing
  CISEC:1943  Truncated packet could crash via OOB read in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0d
  CISEC:1948  statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length
  CISEC:1952  PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1944  Montgomery multiplication may produce incorrect results in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0c
  CISEC:1947  Encrypt-Then-Mac renegotiation crash in OpenSSL 1.1.0 before 1.1.0e
  CISEC:1945  CMS Null dereference vulnerability in OpenSSL 1.1.0 before 1.1.0c
  CISEC:1946  ChaCha20/Poly1305 heap-buffer-overflow in OpenSSL 1.1.0 before 1.1.0c
  CISEC:1951  Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1953  Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1954  A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux

2017-04-04  CVE-2014-9922  The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

2017-03-31  CISEC:1927  Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a
  CISEC:1926  Vulnerability in the ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a
  CISEC:1930  Vulnerability in statem/statem.c in OpenSSL 1.1.0a
  CISEC:1931  Vulnerability in crypto/x509/x509_vfy.c in OpenSSL 1.0.2i
  CISEC:1928  Vulnerability in certificate parser in OpenSSL 1.0.1 before 1.0.1u, and 1.0.2 before 1.0.2i
  CISEC:1905  The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service -...
  CISEC:1903  The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length
  CISEC:1900  The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages
  CISEC:1902  The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations
  CISEC:1901  The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results
  CISEC:1906  The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number
  CISEC:1907  OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks
  CISEC:1929  Multiple memory leaks in OpenSSL 1.0.1 before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a
  CISEC:1904  Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service

2017-03-24  CISEC:1884  UI spoofing
  CISEC:1885  Heap overflow in FFmpeg
  CISEC:1865  Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1867  Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs
  CISEC:1866  Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1863  Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs
  CISEC:1868  Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1864  A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android

2017-03-17  CISEC:1852  WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking
  CISEC:1833  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:1830  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1831  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1829  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:1832  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:1846  Vulnerability in the MySQL Cluster 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier
  CISEC:1850  Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3323
  CISEC:1844  Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3322
  CISEC:1847  Vulnerability in the MySQL Cluster 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier – CVE-2016-3321
  CISEC:1827  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control
  CISEC:1826  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:1851  Vulnerability in Java SE 6u131, 7u121 and 8u112; and Java SE Embedded 8u111
  CISEC:1835  Vulnerability in IBM WebSphere MQ 7.0.1 before 7.0.1.13
  CISEC:1856  Use after free in Renderer
  CISEC:1860  Use after free in Extensions
  CISEC:1855  Universal XSS in chrome://downloads
  CISEC:1862  Universal XSS in chrome://apps
  CISEC:1859  Type confusion in metrics
  CISEC:1858  Heap overflow in FFmpeg
  CISEC:1840  Directory traversal vulnerability in Atlassian JIRA before 6.0.5
  CISEC:1842  Directory traversal vulnerability in Atlassian JIRA before 6.0.4
  CISEC:1839  Cross-site scripting
  CISEC:1841  Cross-site scripting
  CISEC:1857  Bypass of Content Security Policy in Blink
  CISEC:1853  Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context
  CISEC:1836  Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page
  CISEC:1837  Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships
  CISEC:1854  Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method

2017-03-10  CISEC:1813  Vulnerability in MySQL Server 5.6.34 and earlier. and 5.7.16 and earlier
  CISEC:1815  Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1818  Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1819  Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1814  Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1816  Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1817  Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1825  Vulnerability in MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4
  CISEC:1822  Vulnerability in MQ Explorer in IBM WebSphere MQ before 8.0.0.3
  CISEC:1823  Vulnerability in cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2
  CISEC:1824  Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2

2017-03-03  CISEC:1796  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB
  CISEC:1795  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:1797  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:1789  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking
  CISEC:1790  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
  CISEC:1791  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
  CISEC:1777  Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1802  Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1778  Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1779  Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1800  Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1801  Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; and Java SE Embedded 8u111
  CISEC:1798  Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5
  CISEC:1799  Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5
  CISEC:1780  Vulnerability in IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5

2017-02-24  CISEC:1774  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption
  CISEC:1772  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1773  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:1770  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries
  CISEC:1769  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS
  CISEC:1771  Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control
  CISEC:1765  Vulnerability in SSL 3.0 as used in OpenSSL through 1.0.1i
  CISEC:1776  Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1775  Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1749  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1750  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1751  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1744  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1745  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1746  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1747  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1748  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1739  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability
  CISEC:1740  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability
  CISEC:1734  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1738  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1742  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1735  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1741  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1743  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1733  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability
  CISEC:1736  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability
  CISEC:1737  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability

2017-02-17  CISEC:1727  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1728  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1729  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1730  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1731  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1732  Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1719  EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1720  EPHEMERAL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1717  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1718  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1716  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability

2017-02-10  CISEC:1703  Vulnerability in Samsung Security Manager
  CISEC:1707  Microsoft Office Memory Corruption Vulnerability
  CISEC:1706  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:1705  Local Security Authority Subsystem Service Denial of Service Vulnerability
  CISEC:1715  Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability

2017-02-07  CVE-2014-9914  Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations...

2017-02-03  CISEC:1681  Windows Kernel Memory Address Information Disclosure Vulnerability
  CISEC:1680  Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:1691  Vulnerability in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18
  CISEC:1688  Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1684  Microsoft Office Memory Corruption Vulnerability
  CISEC:1687  Microsoft Office Information Disclosure Vulnerability
  CISEC:1689  Microsoft Office Information Disclosure Vulnerability

2017-01-27  CISEC:1651  Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1645  Win32k Elevation of Privilege Vulnerability
  CISEC:1646  Win32k Elevation of Privilege Vulnerability
  CISEC:1676  Vulnerability in NVIDIA Graphics Driver
  CISEC:1653  Secure Kernel Mode Elevation of Privilege Vulnerability
  CISEC:1648  Scripting Engine Memory Corruption Vulnerability
  CISEC:1643  Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1644  Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1639  Microsoft Office Memory Corruption Vulnerability
  CISEC:1640  Microsoft Office Information Disclosure Vulnerability
  CISEC:1641  Microsoft Office Information Disclosure Vulnerability
  CISEC:1642  Microsoft Office Information Disclosure Vulnerability
  CISEC:1647  Microsoft Browser – Memory Corruption Vulnerability
  CISEC:1650  Microsoft Browser Security Feature Bypass
  CISEC:1649  Microsoft Browser Information Disclosure Vulnerability
  CISEC:1652  .NET Information Disclosure Vulnerability

2017-01-20  CISEC:1627  Windows Hyperlink Object Library Information Disclosure Vulnerability
  CISEC:1626  Scripting Engine Memory Corruption Vulnerability
  CISEC:1628  Scripting Engine Memory Corruption Vulnerability
  CISEC:1629  Scripting Engine Memory Corruption Vulnerability
  CISEC:1631  Scripting Engine Memory Corruption Vulnerability
  CISEC:1633  Scripting Engine Memory Corruption Vulnerability
  CISEC:1638  Microsoft Office OLE DLL Side Loading Vulnerability
  CISEC:1636  Microsoft Office Memory Corruption Vulnerability
  CISEC:1637  Microsoft Office Information Disclosure Vulnerability
  CISEC:1630  Microsoft Edge Memory Corruption Vulnerability
  CISEC:1625  Microsoft Edge Information Disclosure Vulnerability
  CISEC:1635  Microsoft Edge Information Disclosure Vulnerability
  CISEC:1634  Internet Explorer Memory Corruption Vulnerability
  CISEC:1632  Internet Explorer Information Disclosure Vulnerability

2017-01-18  CVE-2014-9909  An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...
  CVE-2014-9910  An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...

2017-01-13  CISEC:1614  Windows Installer Elevation of Privilege Vulnerability
  CISEC:1603  Windows Graphics Remote Code Execution Vulnerability
  CISEC:1604  Windows Graphics Remote Code Execution Vulnerability
  CISEC:1613  Windows Crypto Driver Information Disclosure Vulnerability
  CISEC:1602  GDI Information Disclosure Vulnerability

2017-01-08  CISEC:1704  Remove OneDrive option located in the navigation panel of File Explorer on Windows 10.

2017-01-06  CISEC:1516  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:1558  Vulnerability in Google Chrome before 55.0.2883.75
  CISEC:1498  VHD Driver Elevation of Privilege Vulnerability
  CISEC:1499  VHD Driver Elevation of Privilege Vulnerability
  CISEC:1500  VHD Driver Elevation of Privilege Vulnerability
  CISEC:1501  VHD Driver Elevation of Privilege Vulnerability
  CISEC:1564  Use after free in V8
  CISEC:1555  Use after free in PDFium
  CISEC:1566  Use after free in PDFium
  CISEC:1554  Universal XSS in Blink
  CISEC:1557  Universal XSS in Blink
  CISEC:1561  Universal XSS in Blink
  CISEC:1563  Universal XSS in Blink
  CISEC:1580  Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1570  The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1574  The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1514  SQL Server Agent Elevation of Privilege Vulnerability
  CISEC:1513  SQL RDBMS Engine EoP vulnerability
  CISEC:1517  Secure Boot Component Vulnerability
  CISEC:1560  Same-origin bypass in PDFium
  CISEC:1562  Private property access in V8
  CISEC:1575  PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1565  Out of bounds write in PDFium
  CISEC:1567  Out of bounds write in Blink
  CISEC:1551  MSL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1556  Local file disclosure in DevTools
  CISEC:1552  LABEL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1568  Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1577  Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1573  Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files
  CISEC:1559  CSP Referrer disclosure
  CISEC:1553  Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service
  CISEC:1569  Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1571  Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows
  CISEC:1579  A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux
  CISEC:1578  A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1576  A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1572  A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows

2016-12-30  CISEC:1496  Windows NTLM Elevation of Privilege Vulnerability
  CISEC:1483  Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218
  CISEC:1482  Windows Animation Manager Memory Corruption Vulnerability
  CISEC:1486  Win32k Information Disclosure Vulnerability
  CISEC:1484  Win32k Elevation of Privilege Vulnerability
  CISEC:1485  Win32k Elevation of Privilege Vulnerability
  CISEC:1487  Win32k Elevation of Privilege Vulnerability
  CISEC:1480  Virtual Secure Mode Information Disclosure Vulnerability
  CISEC:1491  SQL RDBMS Engine EoP vulnerability
  CISEC:1492  SQL RDBMS Engine EoP vulnerability
  CISEC:1490  SQL Analysis Services Information Disclosure Vulnerability
  CISEC:1478  Open Type Font Remote Code Execution Vulnerability
  CISEC:1479  Open Type Font Information Disclosure Vulnerability
  CISEC:1477  Microsoft Video Control Remote Code Execution Vulnerability
  CISEC:1481  Media Foundation Memory Corruption Vulnerability
  CISEC:1488  MDS API XSS Vulnerability
  CISEC:1497  Local Security Authority Subsystem Service Denial of Service Vulnerability

2016-12-23  CISEC:1474  Windows Remote Code Execution Vulnerability
  CISEC:1407  Windows Journal RCE Vulnerability
  CISEC:1409  Windows Journal RCE Vulnerability
  CISEC:1408  Windows Journal Integer Overflow RCE Vulnerability
  CISEC:1475  Windows IME Elevation of Privilege Vulnerability
  CISEC:1455  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1456  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1457  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1458  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1459  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1460  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1461  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1462  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1463  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1464  Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1404  Vulnerability in Symantec Anti-Virus Engine
  CISEC:1476  Task Scheduler Elevation of Privilege Vulnerability
  CISEC:1427  Scripting Engine Memory Corruption Vulnerability
  CISEC:1428  Scripting Engine Memory Corruption Vulnerability
  CISEC:1429  Scripting Engine Memory Corruption Vulnerability
  CISEC:1430  Scripting Engine Memory Corruption Vulnerability
  CISEC:1470  Scripting Engine Memory Corruption Vulnerability
  CISEC:1471  Scripting Engine Memory Corruption Vulnerability
  CISEC:1472  Scripting Engine Memory Corruption Vulnerability
  CISEC:1473  Scripting Engine Memory Corruption Vulnerability
  CISEC:1425  Microsoft Office Memory Corruption Vulnerability
  CISEC:1426  Microsoft Office Memory Corruption Vulnerability
  CISEC:1445  Microsoft Office Memory Corruption Vulnerability
  CISEC:1446  Microsoft Office Memory Corruption Vulnerability
  CISEC:1447  Microsoft Office Memory Corruption Vulnerability
  CISEC:1448  Microsoft Office Memory Corruption Vulnerability
  CISEC:1449  Microsoft Office Memory Corruption Vulnerability
  CISEC:1450  Microsoft Office Memory Corruption Vulnerability
  CISEC:1453  Microsoft Office Memory Corruption Vulnerability
  CISEC:1454  Microsoft Office Memory Corruption Vulnerability
  CISEC:1451  Microsoft Office Information Disclosure Vulnerability
  CISEC:1452  Microsoft Office Denial of Service Vulnerability
  CISEC:1465  Microsoft Edge Spoofing Vulnerability
  CISEC:1467  Microsoft Edge Information Disclosure Vulnerability
  CISEC:1420  Microsoft Browser Memory Corruption Vulnerability
  CISEC:1421  Microsoft Browser Memory Corruption Vulnerability
  CISEC:1422  Microsoft Browser Memory Corruption Vulnerability
  CISEC:1423  Microsoft Browser Memory Corruption Vulnerability
  CISEC:1468  Microsoft Browser Memory Corruption Vulnerability
  CISEC:1466  Microsoft Browser Information Disclosure Vulnerability
  CISEC:1469  Microsoft Browser Information Disclosure Vulnerability
  CISEC:1405  Graphics Component Buffer Overflow Vulnerability

2016-12-09  CISEC:1393  Windows Graphics Component RCE Vulnerability
  CISEC:1378  Scripting Engine Remote Code Execution Vulnerability
  CISEC:1374  Microsoft Office RCE Vulnerability
  CISEC:1375  Microsoft Office Memory Corruption Vulnerability
  CISEC:1380  Memory Corruption Vulnerability
  CISEC:1381  Memory Corruption Vulnerability
  CISEC:1382  Memory Corruption Vulnerability
  CISEC:1383  Memory Corruption Vulnerability
  CISEC:1384  Memory Corruption Vulnerability
  CISEC:1385  Memory Corruption Vulnerability
  CISEC:1386  Memory Corruption Vulnerability
  CISEC:1387  Memory Corruption Vulnerability
  CISEC:1388  Memory Corruption Vulnerability
  CISEC:1389  Memory Corruption Vulnerability
  CISEC:1390  Memory Corruption Vulnerability
  CISEC:1391  Memory Corruption Vulnerability
  CISEC:1392  Memory Corruption Vulnerability
  CISEC:1394  Internet Explorer Information Disclosure Vulnerability

2016-12-08  CVE-2015-8967  arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

2016-11-25  CISEC:1285  Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4
  CISEC:1288  Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  CISEC:1286  Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  CISEC:1312  Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier
  CISEC:1268  Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security
  CISEC:1283  Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1
  CISEC:1293  Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1301  Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1304  Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1306  Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1307  Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1308  Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1309  Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1310  Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1295  Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier
  CISEC:1292  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14
  CISEC:1290  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1291  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1303  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1315  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1311  Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12
  CISEC:1289  Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1305  Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1314  Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1316  Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1302  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  CISEC:1313  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  CISEC:1294  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  CISEC:1296  Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier
  CISEC:1299  The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files
  CISEC:1300  The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges
  CISEC:1298  The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication
  CISEC:1284  SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  CISEC:1287  Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  CISEC:1297  An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files

2016-11-11  CISEC:1250  Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3
  CISEC:1264  Untrusted search path vulnerability in python.exe in Python through 3.5.0
  CISEC:1238  Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  CISEC:1239  Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  CISEC:1263  Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  CISEC:1241  Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33
  CISEC:1258  Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CISEC:1259  Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CISEC:1260  Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CISEC:1261  Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91
  CISEC:1262  Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91
  CISEC:1257  Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92
  CISEC:1240  Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  CISEC:1242  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60
  CISEC:1256  The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails
  CISEC:1255  The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3
  CISEC:1265  The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products
  CISEC:1249  SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4
  CISEC:1266  Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2
  CISEC:1248  Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4
  CISEC:1267  CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4

2016-11-10  CISEC:1219  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1218  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1230  Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65
  CISEC:1231  Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65
  CISEC:1229  Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  CISEC:1233  Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1234  Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1237  Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1235  Unspecified vulnerability in Oracle Java SE 8u92
  CISEC:1232  Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  CISEC:1236  Unspecified vulnerability in Oracle Java SE 7u101 and 8u92

2016-10-28  CISEC:1199  Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17
  CISEC:1180  Use after free in Blink
  CISEC:1181  Use after free in Blink
  CISEC:1197  The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype
  CISEC:1198  Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service
  CISEC:1196  browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests
  CISEC:1182  Arbitrary Memory Read in v8

2016-10-21  CISEC:1179  Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257
  CISEC:1163  Microsoft Browser Information Disclosure Vulnerability

2016-10-14  CISEC:1132  Use after free in PDFium
  CISEC:1133  Use after free in event bindings
  CISEC:1129  Use after free in Blink
  CISEC:1131  Use after destruction in Blink
  CISEC:1128  Universal XSS in Blink
  CISEC:1130  Universal XSS in Blink
  CISEC:1141  The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1138  The download implementation in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1139  The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1145  The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1147  The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1137  Script injection in extensions
  CISEC:1143  Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1142  Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1146  Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1134  Heap overflow in PDFium
  CISEC:1135  Heap overflow in PDFium
  CISEC:1144  Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1140  Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1136  Address bar spoofing

2016-10-10  CVE-2015-8956  The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind...
  CVE-2015-8951  Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a...
  CVE-2015-8955  arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during...

2016-10-06  CVE-2015-6393  Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay...
  CVE-2015-0721  Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access...

2016-10-05  CVE-2015-6392  Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or...

2016-09-23  CISEC:1097  WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1057  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1058  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1059  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1060  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1061  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1062  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1063  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1064  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1065  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1066  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1067  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1068  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1069  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1070  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1074  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1075  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1076  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1077  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1078  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1079  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1080  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1081  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1082  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1083  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1086  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1088  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1094  Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1087  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1053  The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116
  CISEC:1089  The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process
  CISEC:1096  The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1092  The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82
  CISEC:1090  objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82
  CISEC:1095  Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82
  CISEC:1055  Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
  CISEC:1085  Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1054  Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
  CISEC:1093  Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82
  CISEC:1084  Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1091  Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82
  CISEC:1056  Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar

2016-09-22  CVE-2014-2146  The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access...

2016-09-16  CISEC:1026  Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:987  Various fixes from internal audits, fuzzing and other initiatives
  CISEC:995  Use-after-free in libxml
  CISEC:992  Use after free in extensions
  CISEC:997  URL spoofing
  CISEC:996  URL leakage via PAC script
  CISEC:986  Same origin bypass for images in Blink
  CISEC:989  Parameter sanitization failure in DevTools
  CISEC:994  Parameter sanitization failure in DevTools
  CISEC:988  Origin confusion in proxy authentication
  CISEC:993  Limited same-origin bypass in Service Workers
  CISEC:990  History sniffing with HSTS and CSP
  CISEC:991  Content-Security-Policy bypass

2016-09-02  CISEC:982  ZIP decompression memory access violation
  CISEC:984  TNEF integer overflow
  CISEC:983  MIME message modification memory corruption

2016-08-26  CISEC:978  Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:979  Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:963  SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka...
  CISEC:981  Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:980  Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5

2016-08-12  CISEC:940  Windows Virtual PCI Information Disclosure Vulnerability
  CISEC:946  Windows OLE Memory Remote Code Execution Vulnerability
  CISEC:947  Windows OLE Memory Remote Code Execution Vulnerability
  CISEC:945  Windows Media Parsing Remote Code Execution Vulnerability
  CISEC:929  Windows Media Parsing Remote Code Execution Vulnerability
  CISEC:959  Windows Kerberos Security Feature Bypass
  CISEC:942  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:948  Windows DLL Loading Denial of Service Vulnerability
  CISEC:941  Win32k Elevation of Privilege Vulnerability
  CISEC:939  Win32k Elevation of Privilege Vulnerability
  CISEC:943  Win32k Elevation of Privilege Vulnerability
  CISEC:960  WebDAV Elevation of Privilege Vulnerability
  CISEC:930  Silverlight Runtime Remote Code Execution Vulnerability
  CISEC:961  Remote Desktop Protocol
  CISEC:944  ATMFD.DLL Elevation of Privilege Vulnerability

2016-08-07  CVE-2015-3854  packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug...

2016-08-06  CVE-2014-9892  The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which...
  CVE-2015-8938  The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug...
  CVE-2014-9879  The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221...
  CVE-2014-9870  The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges...
  CVE-2015-8944  The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain...
  CVE-2014-9900  The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to...
  CVE-2014-9872  The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9897  sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9890  Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that...
  CVE-2014-9871  Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted...
  CVE-2014-9863  Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android...
  CVE-2014-9873  Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2015-8940  Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and...
  CVE-2014-9883  Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2014-9885  Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string...
  CVE-2014-9880  drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a...
  CVE-2015-8943  drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain...
  CVE-2014-9893  drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a...
  CVE-2015-8939  drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted...
  CVE-2014-9899  drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9878  drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9894  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a...
  CVE-2014-9891  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl...
  CVE-2014-9864  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9884  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9887  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9865  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9881  drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer...
  CVE-2014-9868  drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted...
  CVE-2014-9866  drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via...
  CVE-2014-9877  drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges...
  CVE-2015-8942  drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted...
  CVE-2014-9889  drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted...
  CVE-2014-9869  drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges...
  CVE-2015-8941  drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges...
  CVE-2014-9867  drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges...
  CVE-2014-9895  drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive...
  CVE-2014-9876  drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,...
  CVE-2015-8937  drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9875  drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal...
  CVE-2014-9896  drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a...
  CVE-2014-9874  Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and...
  CVE-2014-9882  Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546...
  CVE-2014-9898  arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information...
  CVE-2014-9886  arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted...

2016-08-05  CVE-2014-9901  The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android...
  CVE-2014-9902  Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in...

2016-07-29  CISEC:861  WPAD Elevation of Privilege Vulnerability
  CISEC:866  Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability
  CISEC:881  Windows SMB Server Elevation of Privilege Vulnerability
  CISEC:884  Windows Search Component Denial of Service Vulnerability
  CISEC:860  Windows PDF Remote Code Execution Vulnerability
  CISEC:868  Windows PDF Information Disclosure Vulnerability
  CISEC:870  Windows PDF Information Disclosure Vulnerability
  CISEC:883  Windows Netlogon Memory Corruption Remote Code Execution Vulnerability
  CISEC:871  Windows DNS Server Use After Free Vulnerability
  CISEC:880  Windows Diagnostics Hub Elevation of Privilege Vulnerability
  CISEC:826  Scripting Engine Memory Corruption Vulnerability
  CISEC:827  Scripting Engine Memory Corruption Vulnerability
  CISEC:828  Scripting Engine Memory Corruption Vulnerability
  CISEC:829  Scripting Engine Memory Corruption Vulnerability
  CISEC:830  Scripting Engine Memory Corruption Vulnerability
  CISEC:862  Scripting Engine Memory Corruption Vulnerability
  CISEC:863  Scripting Engine Memory Corruption Vulnerability
  CISEC:872  Scripting Engine Memory Corruption Vulnerability
  CISEC:907  Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:909  Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:894  Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:879  Microsoft Office OLE DLL Side Loading Vulnerability
  CISEC:874  Microsoft Office Memory Corruption Vulnerability
  CISEC:876  Microsoft Office Memory Corruption Vulnerability
  CISEC:877  Microsoft Office Information Disclosure Vulnerability
  CISEC:885  Microsoft Exchange Information Disclosure Vulnerability
  CISEC:864  Microsoft Edge Security Feature Bypass
  CISEC:869  Internet Explorer XSS Filter Vulnerability
  CISEC:865  Internet Explorer Memory Corruption Vulnerability
  CISEC:867  Internet Explorer Memory Corruption Vulnerability
  CISEC:858  Internet Explorer Memory Corruption Vulnerability
  CISEC:859  Group Policy Elevation of Privilege Vulnerability
  CISEC:882  Active Directory Denial of Service Vulnerability

2016-07-15  CISEC:776  Windows Media Center Remote Code Execution Vulnerability
  CISEC:775  Windows Kernel Elevation of Privilege Vulnerability
  CISEC:781  Windows Graphics Component RCE Vulnerability
  CISEC:779  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:780  Windows Graphics Component Information Disclosure Vulnerability
  CISEC:774  Windows DLL Loading Remote Code Execution Vulnerability
  CISEC:791  Use-after-free in Extensions
  CISEC:787  Use-after-free in Autofill
  CISEC:784  Secondary Logon Elevation of Privilege Vulnerability
  CISEC:817  Scripting Engine Memory Corruption Vulnerability
  CISEC:818  Scripting Engine Memory Corruption Vulnerability
  CISEC:819  Scripting Engine Memory Corruption Vulnerability
  CISEC:771  RPC Network Data Representation Engine Remote Code Execution Vulnerability
  CISEC:788  Parameter sanitization failure in DevTools
  CISEC:820  Padding oracle in AES-NI CBC MAC check
  CISEC:785  Out-of-bounds read in Skia
  CISEC:786  Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79
  CISEC:782  Microsoft Office Memory Corruption Vulnerability
  CISEC:773  Microsoft Office Memory Corruption Vulnerability
  CISEC:772  Microsoft Office Malformed EPS File Vulnerability
  CISEC:821  Memory corruption in the ASN.1 encoder
  CISEC:789  Information leak in Extension bindings
  CISEC:824  EVP_EncryptUpdate overflow
  CISEC:825  EVP_EncodeUpdate overflow
  CISEC:823  EBCDIC overread
  CISEC:783  Cross-origin bypass in extension bindings
  CISEC:792  Cross-origin bypass in extension bindings
  CISEC:790  Cross-origin bypass in Blink
  CISEC:822  ASN.1 BIO excessive memory allocation

2016-07-10  CVE-2013-7457  Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
  CVE-2014-9777  The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers...
  CVE-2014-9778  The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows...
  CVE-2014-9799  The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that...
  CVE-2015-8889  The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm...
  CVE-2014-9789  The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a...
  CVE-2015-8890  platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended...
  CVE-2014-9793  platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9798  platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service...
  CVE-2015-8892  platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug...
  CVE-2014-9801  Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm...
  CVE-2014-9802  Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965...
  CVE-2015-8891  Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal...
  CVE-2014-9788  Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm...
  CVE-2014-9784  Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9800  Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm...
  CVE-2014-9787  Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and...
  CVE-2015-8888  Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka...
  CVE-2014-9786  Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a...
  CVE-2014-9780  drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,...
  CVE-2014-9790  drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted...
  CVE-2014-9785  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9783  drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted...
  CVE-2014-9782  drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to...
  CVE-2014-9781  Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm...
  CVE-2014-9803  arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a...
  CVE-2014-9779  arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug...
  CVE-2014-9792  arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9795  app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size...
  CVE-2014-9796  app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a...
  CVE-2015-8893  app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal...

2016-07-01  CISEC:520  Windows Shell Remote Code Execution Vulnerability
  CISEC:740  Windows Journal Memory Corruption Vulnerability
  CISEC:745  Windows Imaging Component Memory Corruption Vulnerability
  CISEC:762  Win32k Information Disclosure Vulnerability
  CISEC:760  Win32k Elevation of Privilege Vulnerability
  CISEC:761  Win32k Elevation of Privilege Vulnerability
  CISEC:763  Win32k Elevation of Privilege Vulnerability
  CISEC:764  Win32k Elevation of Privilege Vulnerability
  CISEC:604  Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:605  Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:606  Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:607  Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:649  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:650  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:608  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:648  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:652  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:653  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:654  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:655  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:656  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:657  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:670  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:633  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:634  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:629  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:631  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:632  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:635  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:636  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:637  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:667  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:668  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:669  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:672  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:676  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:640  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:639  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:641  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:644  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:645  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:646  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:647  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:678  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:680  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:683  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:686  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:688  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:689  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:690  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:692  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:693  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:661  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:609  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:611  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:612  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:616  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:619  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:621  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:623  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:626  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:658  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:659  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:660  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:663  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:666  Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:651  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:675  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:628  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:638  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:671  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:673  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:674  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:642  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:643  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:679  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:681  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:685  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:691  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:694  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:610  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:613  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:615  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:617  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:618  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:620  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:662  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:665  Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:630  Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:682  Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:624  Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:733  Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2
  CISEC:710  Unspecified vulnerability in Oracle Virtualization VirtualBox before 5.0.18
  CISEC:705  Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier
  CISEC:727  Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier
  CISEC:730  Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
  CISEC:715  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:724  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:729  Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:717  Unspecified vulnerability in Oracle Java SE 8u77
  CISEC:703  Unspecified vulnerability in Oracle Java SE 8u77
  CISEC:711  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:712  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:713  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:718  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:716  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:720  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:721  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:722  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:735  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:736  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:737  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:700  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:701  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:709  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:723  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:732  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:739  TLS/SSL Information Disclosure Vulnerability
  CISEC:768  Microsoft Office Memory Corruption Vulnerability
  CISEC:769  Microsoft Office Graphics RCE Vulnerability
  CISEC:766  Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
  CISEC:767  Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
  CISEC:742  Microsoft Browser Memory Corruption Vulnerability
  CISEC:741  Internet Explorer Security Feature Bypass
  CISEC:743  Internet Explorer Information Disclosure Vulnerability
  CISEC:625  Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:695  Hypervisor Code Integrity Security Feature Bypass
  CISEC:614  Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:664  Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:731  Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g
  CISEC:622  Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056
  CISEC:744  Direct3D Use After Free Vulnerability

2016-06-22  CVE-2015-6289  Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.

2016-06-13  CISEC:501  Windows OLE Remote Code Execution Vulnerability
  CISEC:497  Windows CSRSS Security Feature Bypass Vulnerability
  CISEC:512  Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74
  CISEC:507  Scripting Engine Memory Corruption Vulnerability
  CISEC:509  Scripting Engine Memory Corruption Vulnerability
  CISEC:510  Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
  CISEC:498  Microsoft Office Memory Corruption Vulnerability
  CISEC:502  Microsoft Office Memory Corruption Vulnerability
  CISEC:503  Microsoft Office Memory Corruption Vulnerability
  CISEC:504  Microsoft Office Memory Corruption Vulnerability
  CISEC:519  Microsoft Edge Memory Corruption Vulnerability
  CISEC:508  Microsoft Edge Memory Corruption Vulnerability
  CISEC:511  Microsoft Edge Memory Corruption Vulnerability
  CISEC:505  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:515  Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:514  Microsoft Browser Memory Corruption Vulnerability
  CISEC:500  Graphics Memory Corruption Vulnerability
  CISEC:499  .NET Framework Remote Code Execution Vulnerability

2016-05-27  CISEC:475  Windows SAM and LSAD Downgrade Vulnerability
  CISEC:476  Win32k Elevation of Privilege Vulnerability
  CISEC:479  Win32k Elevation of Privilege Vulnerability
  CISEC:480  Win32k Elevation of Privilege Vulnerability
  CISEC:468  Scripting Engine Memory Corruption Vulnerability
  CISEC:477  MSXML Remote Code Execution Vulnerability
  CISEC:463  Microsoft Office Memory Corruption Vulnerability
  CISEC:474  Internet Explorer Memory Corruption Vulnerability
  CISEC:466  Internet Explorer Memory Corruption Vulnerability
  CISEC:470  Internet Explorer Memory Corruption Vulnerability
  CISEC:472  Internet Explorer Information Disclosure Vulnerability
  CISEC:464  DLL Loading Remote Code Execution Vulnerability

2016-05-14  CISEC:452  Windows Journal DoS Vulnerability
  CISEC:454  Windows Journal DoS Vulnerability
  CISEC:447  Scripting Engine Memory Corruption Vulnerability
  CISEC:450  OpenType Font Parsing Vulnerability
  CISEC:448  Internet Explorer Elevation of Privilege Vulnerability

2016-04-29  CISEC:409  Windows Kernel Memory Information Disclosure Vulnerability
  CISEC:411  Scripting Engine Memory Corruption Vulnerability
  CISEC:418  Microsoft Browser Spoofing Vulnerability
  CISEC:422  Microsoft Browser Memory Corruption Vulnerability
  CISEC:413  Microsoft Browser Memory Corruption Vulnerability
  CISEC:414  Microsoft Browser Memory Corruption Vulnerability
  CISEC:451  Memory Corruption Vulnerability
  CISEC:416  Internet Explorer Memory Corruption Vulnerability
  CISEC:420  Internet Explorer Memory Corruption Vulnerability
  CISEC:421  Internet Explorer Memory Corruption Vulnerability
  CISEC:417  Internet Explorer Memory Corruption Vulnerability
  CISEC:412  Internet Explorer Memory Corruption Vulnerability
  CISEC:424  Internet Explorer Information Disclosure Vulnerability
  CISEC:415  Internet Explorer Elevation of Privilege Vulnerability
  CISEC:419  Internet Explorer Elevation of Privilege Vulnerability
  CISEC:423  DLL Loading Remote Code Execution Vulnerability

2016-04-15  CISEC:410  Windows Kernel Memory Information Disclosure Vulnerability
  CISEC:433  Internet Explorer Memory Corruption Vulnerability
  CISEC:425  Internet Explorer Memory Corruption Vulnerability
  CISEC:426  Internet Explorer Memory Corruption Vulnerability
  CISEC:427  Internet Explorer Memory Corruption Vulnerability
  CISEC:428  Internet Explorer Memory Corruption Vulnerability
  CISEC:429  Internet Explorer Memory Corruption Vulnerability
  CISEC:430  Internet Explorer Memory Corruption Vulnerability
  CISEC:431  Internet Explorer Memory Corruption Vulnerability
  CISEC:432  Internet Explorer Memory Corruption Vulnerability

2016-03-11  CISEC:391  Windows Kernel Memory Elevation of Privilege Vulnerability
  CISEC:392  Windows Kernel Memory Elevation of Privilege Vulnerability
  CISEC:389  Windows Graphics Memory Remote Code Execution Vulnerability
  CISEC:390  Windows Graphics Memory Remote Code Execution Vulnerability
  CISEC:376  Internet Explorer Memory Corruption Vulnerability
  CISEC:381  Internet Explorer Memory Corruption Vulnerability
  CISEC:383  Internet Explorer Memory Corruption Vulnerability
  CISEC:384  Internet Explorer Memory Corruption Vulnerability
  CISEC:385  Internet Explorer Memory Corruption Vulnerability
  CISEC:386  Internet Explorer Memory Corruption Vulnerability
  CISEC:387  Internet Explorer Memory Corruption Vulnerability
  CISEC:388  Internet Explorer Memory Corruption Vulnerability

2016-03-03  CVE-2015-6260  Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

2016-02-08  MITRE:103  Windows RPC Locator Service Buffer Overflow
  MITRE:159  Windows NT Trusted Domain Loophole
  MITRE:161  Windows NT SNMPv1 Trap Handling DoS and Privilege Escalation
  MITRE:145  Windows NT MUP UNC Request Buffer Overflow
  MITRE:37  Windows NT IIS Directory Traversal Command Execution
  MITRE:14  Sun Solaris 8 XSun Color Database File Heap Overflow
  MITRE:33  Sun Solaris 7 XSun Color Database File Heap Overflow
  MITRE:11  String Format Vulnerability in Solaris 8 snmpdx
  MITRE:114  String Format Vulnerability in Solaris 7 snmpdx
  MITRE:56  Solaris 8 rpc.yppasswdd Buffer Overrun Vulnerability
  MITRE:86  Solaris 8 LBXProxy Display Name Buffer Overflow
  MITRE:7  Solaris 8 kcms_configure Command-Line Buffer Overflow
  MITRE:102  Solaris 7 rpc.yppasswdd Buffer Overrun Vulnerability
  MITRE:62  Solaris 7 mibiisa Remote Buffer Overflow Vulnerability
  MITRE:65  Solaris 7 kcms_configure Command-Line Buffer Overflow
  MITRE:87  SNMPv1 Request Handling DoS and Privilege Escalation
  CISEC:311  Internet Explorer Memory Corruption Vulnerability
  CISEC:333  Internet Explorer Memory Corruption Vulnerability
  MITRE:131  Heap Overflow in Solaris 7 xlock

2016-02-07  CVE-2015-6398  Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.

2016-01-14  CVE-2015-6314  Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.

2016-01-08  CVE-2015-7754  Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.

2016-01-07  CVE-2015-6433  SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.

2016-01-06  CVE-2015-5310  The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or...
  CVE-2015-6639  The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
  CVE-2015-6647  The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
  CVE-2015-6646  The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and...
  CVE-2015-6640  The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or...
  CVE-2015-6637  The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
  CVE-2015-6642  The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6638  The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
  CVE-2015-6645  SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
  CVE-2015-6643  Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
  CVE-2015-6636  mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
  CVE-2015-6644  Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
  CVE-2015-6641  Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.

2016-01-04  CVE-2015-6432  Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service...

2015-12-22  MITRE:29327  Windows RPC elevation of privilege vulnerability
  MITRE:29431  Windows installer EoP vulnerability
  MITRE:29280  Windows DLL remote code execution vulnerability
  MITRE:29388  Win32k information disclosure vulnerability
  MITRE:28743  Win32k information disclosure vulnerability
  MITRE:29132  Win32k information disclosure vulnerability
  MITRE:29436  Win32k Elevation of privilege vulnerability
  MITRE:29128  Win32k elevation of privilege vulnerability
  MITRE:29156  Win32k elevation of privilege vulnerability
  MITRE:28938  VBScript Memory corruption vulnerability
  MITRE:29485  SQL Server remote code execution vulnerability
  MITRE:29315  SQL Server remote code execution vulnerability
  MITRE:29452  SQL Server elevation of privilege vulnerability
  MITRE:29392  Remote Desktop Protocol
  MITRE:29493  OpenType font driver vulnerability
  MITRE:28990  OLE Elevation of privilege vulnerability
  MITRE:29198  OLE Elevation of privilege vulnerability
  MITRE:28805  Microsoft Office memory corruption vulnerability
  MITRE:28544  Microsoft Office memory corruption vulnerability
  MITRE:29449  Microsoft Office memory corruption vulnerability
  MITRE:29517  Microsoft Office memory corruption vulnerability
  MITRE:29139  Microsoft Office memory corruption vulnerability
  MITRE:29245  Microsoft Office memory corruption vulnerability
  MITRE:29284  Microsoft Office memory corruption vulnerability
  MITRE:29525  Microsoft Excel DLL remote code execution vulnerability
  MITRE:29316  Jscript9 Memory corruption vulnerability
  MITRE:29075  Internet Explorer XSS filter bypass vulnerability
  MITRE:28804  Internet Explorer memory corruption vulnerability
  MITRE:28818  Internet Explorer memory corruption vulnerability
  MITRE:28834  Internet Explorer memory corruption vulnerability
  MITRE:28529  Internet Explorer memory corruption vulnerability
  MITRE:28614  Internet Explorer memory corruption vulnerability
  MITRE:29357  Internet Explorer memory corruption vulnerability
  MITRE:29360  Internet Explorer memory corruption vulnerability
  MITRE:29395  Internet Explorer memory corruption vulnerability
  MITRE:29414  Internet Explorer memory corruption vulnerability
  MITRE:29470  Internet Explorer memory corruption vulnerability
  MITRE:29487  Internet Explorer memory corruption vulnerability
  MITRE:29010  Internet Explorer memory corruption vulnerability
  MITRE:29015  Internet Explorer memory corruption vulnerability
  MITRE:29087  Internet Explorer memory corruption vulnerability
  MITRE:29159  Internet Explorer memory corruption vulnerability
  MITRE:29164  Internet Explorer memory corruption vulnerability
  MITRE:29219  Internet Explorer memory corruption vulnerability
  MITRE:29247  Internet Explorer memory corruption vulnerability
  MITRE:29278  Internet Explorer memory corruption vulnerability
  MITRE:29292  Internet Explorer memory corruption vulnerability
  MITRE:29295  Internet Explorer memory corruption vulnerability
  MITRE:29296  Internet Explorer memory corruption vulnerability
  MITRE:29324  Internet Explorer memory corruption vulnerability
  MITRE:29422  Internet Explorer information disclosure vulnerability
  MITRE:29454  Internet Explorer elevation of privilege vulnerability
  MITRE:29355  Internet Explorer ASLR bypass vulnerability
  MITRE:29406  Hyper-V system data structure vulnerability
  MITRE:29391  Hyper-V buffer overflow vulnerability
  MITRE:28708  Graphics component EOP vulnerability
  MITRE:28968  Elevation of privilege vulnerability in Netlogon
  MITRE:29149  DLL planting remote code execution vulnerability
  CVE-2015-6431  Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.
  MITRE:29418  Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2
  MITRE:29332  ATMFD.DLL Memory corruption vulnerability
  MITRE:29480  Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code

2015-12-19  CVE-2015-6429  The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.
  CVE-2015-7756  The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18...
  CVE-2015-7755  Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before...

2015-12-16  CVE-2015-6425  The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.

2015-12-15  CVE-2015-6359  The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of...
  CVE-2015-4206  Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.

2015-12-11  CVE-2015-7050  WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
  CVE-2015-7110  The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
  CVE-2015-7080  Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
  CVE-2015-7107  QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-7069  Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
  CVE-2015-7070  Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.
  CVE-2015-7109  IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-7081  iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML...
  CVE-2015-7037  Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
  CVE-2015-7094  CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
  CVE-2015-7062  Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.

2015-12-08  CVE-2015-6623  Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.
  CVE-2015-6629  Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.
  CVE-2015-6622  The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as...
  CVE-2015-6619  The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.
  CVE-2015-6633  The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
  CVE-2015-6634  The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
  CVE-2015-6627  The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka...
  CVE-2015-6630  SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.
  CVE-2015-6621  SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.
  CVE-2015-6624  System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740.
  CVE-2015-6625  System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.
  CVE-2015-6617  Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740.
  CVE-2015-6616  mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and...
  CVE-2015-8506  mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different...
  CVE-2015-8505  mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than...
  CVE-2015-8507  mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than...
  CVE-2015-6628  Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6626  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6631  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6632  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6620  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and...
  CVE-2015-6618  Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992.

2015-12-05  CVE-2015-6783  The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows...

2015-12-04  CVE-2015-6394  The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408.

2015-12-02  CVE-2015-6383  Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.

2015-12-01  CVE-2015-6385  The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment...

2015-11-21  CVE-2015-5787  The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
  CVE-2015-7036  The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API...
  CVE-2015-6375  The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010.
  CVE-2015-5859  The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain...

2015-11-13  CVE-2015-6365  Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID...

2015-11-12  CVE-2015-6366  Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.

2015-11-03  CVE-2015-6614  Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage...
  CVE-2015-6611  mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs...
  CVE-2015-8074  mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a...
  CVE-2015-6608  mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574,...
  CVE-2015-8072  mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug...
  CVE-2015-8073  mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability...
  CVE-2015-6609  libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
  CVE-2015-6610  libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
  CVE-2015-6612  libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
  CVE-2015-6613  Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or...

2015-10-31  CVE-2015-6343  The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.

2015-10-24  CVE-2015-6341  The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.

2015-10-23  CVE-2015-7013  WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5928  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5929  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5930  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7002  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7012  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7014  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-6981  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-6982  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-7005  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-7022  The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.
  CVE-2015-5924  The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
  CVE-2015-6999  The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.
  CVE-2015-6994  The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
  CVE-2015-6988  The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
  CVE-2015-7004  The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.
  CVE-2015-6995  The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-5940  The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a...
  CVE-2015-7000  Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on...
  CVE-2015-6976  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977,...
  CVE-2015-6977  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6990  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6991  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6993  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7008  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7009  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7010  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7018  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6983  Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
  CVE-2015-6975  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-6992  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-7017  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-6986  com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion."
  CVE-2015-7023  CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

2015-10-19  CVE-2015-7752  The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5,...
  CVE-2015-7749  The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."
  CVE-2015-7750  The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a...
  CVE-2015-7751  Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-7748  Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.

2015-10-16  CVE-2014-6449  Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle...
  CVE-2014-6450  Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42,...
  CVE-2014-6451  J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.

2015-10-11  CVE-2015-6263  The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.

2015-10-09  CVE-2015-5923  Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

2015-10-08  CVE-2015-6311  Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID...

2015-10-06  CVE-2015-3874  The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.
  CVE-2015-6606  The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,...
  CVE-2015-3865  The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
  CVE-2015-3877  Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.
  CVE-2015-6596  mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
  CVE-2015-6605  mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.
  CVE-2015-3862  mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.
  CVE-2015-7717  mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
  CVE-2015-7718  mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.
  CVE-2015-3878  Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that...
  CVE-2015-3879  Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.
  CVE-2015-3875  libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.
  CVE-2015-3873  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824,...
  CVE-2015-6599  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.
  CVE-2015-3872  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
  CVE-2015-6598  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.
  CVE-2015-3868  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.
  CVE-2015-6603  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.
  CVE-2015-3867  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
  CVE-2015-6604  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.
  CVE-2015-3869  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.
  CVE-2015-3871  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.
  CVE-2015-6601  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.
  CVE-2015-6600  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.
  CVE-2015-3870  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.
  CVE-2015-3823  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
  CVE-2015-7716  libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than...
  CVE-2015-3847  Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.

2015-10-02  CVE-2015-6308  Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

2015-10-01  CVE-2015-6602  libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
  CVE-2015-3876  libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.

2015-09-30  CVE-2015-3843  The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to...
  CVE-2015-3849  The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via...
  CVE-2015-3836  The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary...
  CVE-2015-3845  The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a...
  CVE-2015-3837  The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute...
  CVE-2015-3827  The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary...
  CVE-2015-3824  The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of...
  CVE-2015-3826  The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3828  The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3833  The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the...
  CVE-2015-3844  The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted...
  CVE-2015-3858  The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation...
  CVE-2015-1541  The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an...
  CVE-2015-6575  SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory...
  CVE-2015-3860  packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to...
  CVE-2015-3829  Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and...
  CVE-2015-1539  Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a...
  CVE-2015-3834  Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption,...
  CVE-2015-3863  Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob...
  CVE-2015-3861  Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device...
  CVE-2015-3842  Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
  CVE-2015-3832  Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.
  CVE-2015-3864  Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka...
  CVE-2015-1538  Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an...
  CVE-2015-1528  Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory...
  CVE-2015-1536  Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server...
  CVE-2014-7916  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
  CVE-2014-7917  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
  CVE-2014-7915  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
  CVE-2015-3831  Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted...
  CVE-2015-3835  Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.

2015-09-27  CVE-2015-6280  The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly...
  CVE-2015-6278  The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...
  CVE-2015-6279  The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...

2015-09-25  CVE-2015-6302  The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419.
  CVE-2015-6282  Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka...

2015-09-20  CVE-2015-6295  Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved...

2015-09-18  CVE-2015-5879  XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption)...
  CVE-2015-5793  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5791  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5814  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5816  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5822  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5823  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5792  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5794  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5795  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5796  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5797  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5799  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5800  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5801  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5789  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5790  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5802  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5803  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5804  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5805  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5806  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5807  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5809  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5810  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5811  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5812  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5813  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5817  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5818  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5819  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5821  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5921  WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
  CVE-2015-5826  WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a...
  CVE-2015-5825  WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via...
  CVE-2015-5820  WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
  CVE-2015-5827  WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
  CVE-2015-5907  WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.
  CVE-2015-5788  The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
  CVE-2015-5764  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
  CVE-2015-5765  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
  CVE-2015-5767  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
  CVE-2015-5832  The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified...
  CVE-2015-5906  The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later...
  CVE-2015-3801  The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
  CVE-2015-6297  The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.
  CVE-2015-5851  The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
  CVE-2015-5912  The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
  CVE-2015-5856  The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.
  CVE-2014-8611  The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a...
  CVE-2015-5838  SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.
  CVE-2015-5861  SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.
  CVE-2015-5892  Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
  CVE-2015-5905  Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.
  CVE-2015-5904  Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.
  CVE-2015-5831  NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-5857  Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
  CVE-2015-5880  CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.
  CVE-2015-6294  Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.
  CVE-2015-5850  AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.
  CVE-2015-5835  Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.

2015-08-31  CVE-2015-6270  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.
  CVE-2015-6269  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.
  CVE-2015-6271  Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and...
  CVE-2015-6272  Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393,...

2015-08-28  CVE-2015-6273  Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash)...
  CVE-2015-6267  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.
  CVE-2015-6268  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.

2015-08-22  CVE-2015-6258  The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.

2015-08-19  CVE-2015-4277  The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory...
  CVE-2015-4296  Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006.
  CVE-2015-4301  Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225.
  CVE-2015-4323  Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices...
  CVE-2015-4324  Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote...

2015-08-16  CVE-2015-3730  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3731  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3732  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3733  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3734  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3735  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3736  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3737  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3738  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3739  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3740  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3741  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3742  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3743  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3744  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3745  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3746  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3747  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3748  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3749  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3753  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the...
  CVE-2015-3750  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy...
  CVE-2015-3755  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
  CVE-2015-3751  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in...
  CVE-2015-5759  WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
  CVE-2015-3758  UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
  CVE-2015-3796  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3797  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3798  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-5749  The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
  CVE-2015-5769  The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
  CVE-2015-5748  The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
  CVE-2015-3766  The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-3800  The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
  CVE-2015-3752  The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report...
  CVE-2015-3756  The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
  CVE-2015-3763  Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site.
  CVE-2015-5773  QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
  CVE-2015-5770  MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
  CVE-2015-3759  Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
  CVE-2015-3795  libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
  CVE-2015-5757  libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with...
  CVE-2015-5776  Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
  CVE-2015-3776  IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
  CVE-2015-3768  Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
  CVE-2015-5782  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
  CVE-2015-5781  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
  CVE-2015-5758  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
  CVE-2015-3804  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5756  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5775  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5766  Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
  CVE-2015-5755  CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5761  CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5777  CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different...
  CVE-2015-5778  CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different...
  CVE-2015-3782  CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
  CVE-2015-3793  CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
  CVE-2015-5774  Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
  CVE-2015-3778  bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
  CVE-2015-5752  Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
  CVE-2015-5746  AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
  CVE-2015-3803  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
  CVE-2015-3802  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
  CVE-2015-3805  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
  CVE-2015-3806  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

2015-08-08  CVE-2015-1805  The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local...

2015-08-03  MITRE:28525  Windows LoadLibrary EoP vulnerability
  MITRE:28971  Vulnerability in Active Directory Federation Services could allow elevation of privilege
  MITRE:28607  Exchange Server-Side Request Forgery vulnerability
  MITRE:28928  Exchange HTML injection vulnerability
  MITRE:29115  Exchange Cross-Site Request Forgery vulnerability

2015-07-31  CVE-2015-4295  The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.
  CVE-2015-4291  Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.

2015-07-30  CVE-2015-4293  The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after...

2015-07-27  MITRE:28910  Windows Media Player RCE via DataObject vulnerability
  MITRE:29050  Win32k Pool buffer overflow vulnerability
  MITRE:29145  Win32k Null pointer dereference vulnerability
  MITRE:28508  Win32k memory corruption elevation of privilege vulnerability
  MITRE:28994  Win32k elevation of privilege vulnerability
  MITRE:28665  Win32k buffer overflow vulnerability
  MITRE:29067  Microsoft Windows Station use after free vulnerability
  MITRE:29118  Microsoft Windows Kernel use after free vulnerability
  MITRE:29124  Microsoft Windows Kernel Object use after free vulnerability
  MITRE:29093  Microsoft Windows Kernel information disclosure vulnerability
  MITRE:28201  Microsoft Windows Kernel Brush Object use after free vulnerability
  MITRE:28806  Microsoft Windows Kernel Bitmap handling use after free vulnerability
  MITRE:28531  Microsoft Office uninitialized memory use vulnerability
  MITRE:28513  Microsoft Office memory corruption vulnerability
  MITRE:28744  Microsoft Office memory corruption vulnerability
  MITRE:29072  Microsoft common control use after free vulnerability
  MITRE:28848  Internet Explorer memory corruption vulnerability
  MITRE:28889  Internet Explorer memory corruption vulnerability
  MITRE:28948  Internet Explorer memory corruption vulnerability
  MITRE:28512  Internet Explorer memory corruption vulnerability
  MITRE:28518  Internet Explorer memory corruption vulnerability
  MITRE:28530  Internet Explorer memory corruption vulnerability
  MITRE:28610  Internet Explorer memory corruption vulnerability
  MITRE:28593  Internet Explorer memory corruption vulnerability
  MITRE:28650  Internet Explorer memory corruption vulnerability
  MITRE:28724  Internet Explorer memory corruption vulnerability
  MITRE:28769  Internet Explorer memory corruption vulnerability
  MITRE:29033  Internet Explorer memory corruption vulnerability
  MITRE:29057  Internet Explorer memory corruption vulnerability
  MITRE:29060  Internet Explorer memory corruption vulnerability
  MITRE:29061  Internet Explorer memory corruption vulnerability
  MITRE:29076  Internet Explorer memory corruption vulnerability
  MITRE:29081  Internet Explorer memory corruption vulnerability
  MITRE:29113  Internet Explorer memory corruption vulnerability
  MITRE:29119  Internet Explorer memory corruption vulnerability
  MITRE:29123  Internet Explorer memory corruption vulnerability
  MITRE:28429  Internet Explorer information disclosure vulnerability
  MITRE:29005  Internet Explorer elevation of privilege vulnerability
  MITRE:29142  Internet Explorer elevation of privilege vulnerability
  MITRE:29147  Internet Explorer elevation of privilege vulnerability

2015-07-24  CVE-2015-0681  The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG,...

2015-07-23  CVE-2015-4285  The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows...

2015-07-22  CVE-2015-4284  The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.

2015-07-16  CVE-2015-5363  The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial...
  CVE-2015-5357  The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified...
  CVE-2015-5360  IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5,...

2015-07-14  CVE-2015-4269  The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
  CVE-2015-3007  The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically...
  CVE-2015-5362  The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-4272  Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID...
  CVE-2015-5358  Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6,...
  CVE-2015-5359  Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before...

2015-07-08  CVE-2015-4243  The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug...

2015-07-06  MITRE:28699  Windows Kernel security feature bypass vulnerability
  MITRE:28936  Windows Journal remote code execution vulnerability
  MITRE:28517  Windows Journal remote code execution vulnerability
  MITRE:28649  Windows Journal remote code execution vulnerability
  MITRE:28710  Windows Journal remote code execution vulnerability
  MITRE:28742  Windows Journal remote code execution vulnerability
  MITRE:28390  Windows Journal remote code execution vulnerability
  MITRE:28950  Windows forms elevation of privilege vulnerability
  MITRE:28867  VBScript memory corruption vulnerability
  MITRE:28745  VBScript and JScript ASLR bypass vulnerability
  MITRE:28207  TrueType font parsing vulnerability
  MITRE:28932  Service control manager elevation of privilege vulnerability
  MITRE:28672  Schannel information disclosure vulnerability
  MITRE:28362  OpenType Font parsing vulnerability
  MITRE:28068  Microsoft windows kernel memory disclosure vulnerability
  MITRE:28876  Microsoft windows kernel memory disclosure vulnerability
  MITRE:28808  Microsoft windows kernel memory disclosure vulnerability
  MITRE:28883  Microsoft windows kernel memory disclosure vulnerability
  MITRE:28555  Microsoft windows kernel memory disclosure vulnerability
  MITRE:29001  Microsoft windows kernel memory disclosure vulnerability
  MITRE:28985  Microsoft Silverlight out of browser application vulnerability
  MITRE:28924  Microsoft SharePoint page content vulnerabilities
  MITRE:28645  Microsoft Office memory corruption vulnerability
  MITRE:28723  Microsoft Office memory corruption vulnerability
  MITRE:29018  Microsoft Management Console file format denial of service vulnerability
  MITRE:28840  Internet Explorer memory corruption vulnerability
  MITRE:28917  Internet Explorer memory corruption vulnerability
  MITRE:28951  Internet Explorer memory corruption vulnerability
  MITRE:28473  Internet Explorer memory corruption vulnerability
  MITRE:28576  Internet Explorer memory corruption vulnerability
  MITRE:28641  Internet Explorer memory corruption vulnerability
  MITRE:28680  Internet Explorer memory corruption vulnerability
  MITRE:28753  Internet Explorer memory corruption vulnerability
  MITRE:28340  Internet Explorer memory corruption vulnerability
  MITRE:28984  Internet Explorer memory corruption vulnerability
  MITRE:28162  Internet Explorer memory corruption vulnerability
  MITRE:28167  Internet Explorer memory corruption vulnerability
  MITRE:28405  Internet Explorer memory corruption vulnerability
  MITRE:28993  Internet Explorer memory corruption vulnerability
  MITRE:29000  Internet Explorer memory corruption vulnerability
  MITRE:28815  Internet Explorer elevation of privilege vulnerability
  MITRE:28829  Internet Explorer elevation of privilege vulnerability
  MITRE:28692  Internet Explorer elevation of privilege vulnerability
  MITRE:28822  Internet Explorer clipboard information disclosure vulnerability
  MITRE:29016  Internet Explorer ASLR bypass vulnerability
  MITRE:28739  .NET XML decryption denial of service vulnerability

2015-07-03  CVE-2015-4231  The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
  CVE-2015-4237  The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491,...
  CVE-2015-4232  Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
  CVE-2015-4234  Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

2015-07-02  CVE-2015-3727  WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access...
  CVE-2015-3719  TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than...
  CVE-2015-3728  The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.
  CVE-2015-3726  The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
  CVE-2015-3659  The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL...
  CVE-2015-3658  The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an...
  CVE-2015-3721  The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-3684  The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
  CVE-2015-3690  The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
  CVE-2015-3725  MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.
  CVE-2015-3710  Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
  CVE-2015-3703  ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.
  CVE-2015-3694  FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
  CVE-2015-3685  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686,...
  CVE-2015-3687  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3688  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3689  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3686  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3723  CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.
  CVE-2015-3724  CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
  CVE-2015-3722  Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.

2015-06-29  MITRE:29136  RHSA-2015:0809 -- java-1.8.0-openjdk security update
  MITRE:29140  RHSA-2015:0808 -- java-1.6.0-openjdk security update
  MITRE:29084  RHSA-2015:0807 -- java-1.7.0-openjdk security update
  MITRE:28599  RHSA-2015:0806 -- java-1.7.0-openjdk security update
  MITRE:29248  RHSA-2015:0803 -- kernel security and bug fix update
  MITRE:28514  RHSA-2015:0800 -- openssl security update
  MITRE:29342  RHSA-2009:1674 -- firefox security update
  MITRE:28862  RHSA-2009:1670 -- kernel security and bug fix update
  MITRE:29266  RHSA-2009:1648 -- ntp security update
  MITRE:29283  RHSA-2009:1646 -- libtool security update
  MITRE:29263  RHSA-2009:1642 -- acpid security update
  MITRE:29347  RHSA-2009:1625 -- expat security update
  MITRE:29109  RHSA-2009:1620 -- bind security update
  MITRE:29382  RHSA-2009:1619 -- dstat security update
  MITRE:29047  RHSA-2009:1615 -- xerces-j2 security update
  MITRE:29365  RHSA-2009:1601 -- kdelibs security update
  MITRE:28898  RHSA-2009:1584 -- java-1.6.0-openjdk security update
  MITRE:29317  RHSA-2009:1579 -- httpd security update
  MITRE:29170  RHSA-2009:1561 -- libvorbis security update
  MITRE:29275  RHSA-2009:1549 -- wget security update
  MITRE:29269  RHSA-2009:1548 -- kernel security and bug fix update
  MITRE:29046  RHSA-2009:1536 -- pidgin security update
  MITRE:29230  RHSA-2009:1530 -- firefox security update
  MITRE:29264  RHSA-2009:1529 -- samba security update
  MITRE:29310  RHSA-2009:1513 -- cups security update
  MITRE:28916  RHSA-2009:1504 -- poppler security and bug fix update
  MITRE:28897  RHSA-2009:1502 -- kdegraphics security update
  MITRE:29190  RHSA-2009:1490 -- squirrelmail security update
  MITRE:28941  RHSA-2009:1484 -- postgresql security update
  MITRE:29340  RHSA-2009:1472 -- xen security and bug fix update
  MITRE:28926  RHSA-2009:1471 -- elinks security update
  MITRE:29271  RHSA-2009:1470 -- openssh security update
  MITRE:29041  RHSA-2009:1463 -- newt security update
  MITRE:28758  RHSA-2009:1459 -- cyrus-imapd security update
  MITRE:28765  RHSA-2009:1453 -- pidgin security update
  MITRE:29270  RHSA-2009:1452 -- neon security update
  MITRE:29331  RHSA-2009:1451 -- freeradius security update
  MITRE:29334  RHSA-2009:1430 -- firefox security update
  MITRE:29320  RHSA-2009:1428 -- xmlsec1 security update
  MITRE:29379  RHSA-2009:1427 -- fetchmail security update
  MITRE:29111  RHSA-2009:1426 -- openoffice.org security update
  MITRE:29259  RHSA-2009:1364 -- gdm security and bug fix update
  MITRE:29052  RHSA-2009:1341 -- cman security, bug fix, and enhancement update
  MITRE:28953  RHSA-2009:1337 -- gfs2-utils security and bug fix update
  MITRE:28749  RHSA-2009:1335 -- openssl security, bug fix, and enhancement update
  MITRE:29369  RHSA-2009:1321 -- nfs-utils security and bug fix update
  MITRE:29358  RHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update
  MITRE:28888  RHSA-2009:1289 -- mysql security and bug fix update
  MITRE:29350  RHSA-2009:1287 -- openssh security, bug fix, and enhancement update
  MITRE:28929  RHSA-2009:1278 -- lftp security and bug fix update
  MITRE:29153  RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update
  MITRE:29359  RHSA-2009:1238 -- dnsmasq security update
  MITRE:29281  RHSA-2009:1232 -- gnutls security update
  MITRE:28627  RHSA-2009:1222 -- kernel security and bug fix update
  MITRE:29217  RHSA-2009:1219 -- libvorbis security update
  MITRE:29222  RHSA-2009:1218 -- pidgin security update
  MITRE:29134  RHSA-2009:1209 -- curl security update
  MITRE:28958  RHSA-2009:1206 -- libxml and libxml2 security update
  MITRE:29077  RHSA-2009:1204 -- apr and apr-util security update
  MITRE:29163  RHSA-2009:1203 -- subversion security update
  MITRE:29205  RHSA-2009:1201 -- java-1.6.0-openjdk security and bug fix update
  MITRE:29154  RHSA-2009:1193 -- kernel security and bug fix update
  MITRE:29169  RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update
  MITRE:28629  RHSA-2009:1179 -- bind security update
  MITRE:29294  RHSA-2009:1176 -- python security update
  MITRE:29179  RHSA-2009:1164 -- tomcat security update
  MITRE:29188  RHSA-2009:1162 -- firefox security update
  MITRE:28879  RHSA-2009:1159 -- libtiff security update
  MITRE:28396  RHSA-2009:1148 -- httpd security update
  MITRE:29258  RHSA-2009:1140 -- ruby security update
  MITRE:29100  RHSA-2009:1139 -- pidgin security and bug fix update
  MITRE:29103  RHSA-2009:1138 -- openswan security update
  MITRE:29125  RHSA-2009:1130 -- kdegraphics security update
  MITRE:29301  RHSA-2009:1127 -- kdelibs security update
  MITRE:29183  RHSA-2009:1126 -- thunderbird security update
  MITRE:29311  RHSA-2009:1123 -- gstreamer-plugins-good security update
  MITRE:28965  RHSA-2009:1122 -- icu security update
  MITRE:29022  RHSA-2009:1116 -- cyrus-imapd security update
  MITRE:29299  RHSA-2009:1107 -- apr-util security update
  MITRE:28617  RHSA-2009:1106 -- kernel security and bug fix update
  MITRE:29254  RHSA-2009:1102 -- cscope security update
  MITRE:28894  RHSA-2009:1100 -- wireshark security update
  MITRE:29396  RHSA-2009:1095 -- firefox security update
  MITRE:29206  RHSA-2009:1082 -- cups security update
  MITRE:28800  RHSA-2009:1075 -- httpd security update
  MITRE:29339  RHSA-2009:1066 -- squirrelmail security update
  MITRE:29091  RHSA-2009:1061 -- freetype security update
  MITRE:29110  RHSA-2009:1060 -- pidgin security update
  MITRE:29463  RHSA-2009:1039 -- ntp security update
  MITRE:28495  RHSA-2009:1036 -- ipsec-tools security update
  MITRE:28869  RHSA-2009:0480 -- poppler security update
  MITRE:29079  RHSA-2009:0479 -- perl-DBD-Pg security update
  MITRE:28946  RHSA-2009:0476 -- pango security update
  MITRE:28838  RHSA-2009:0474 -- acpid security update
  MITRE:29446  RHSA-2009:0473 -- kernel security and bug fix update
  MITRE:29380  RHSA-2009:0457 -- libwmf security update
  MITRE:28736  RHSA-2009:0449 -- firefox security update
  MITRE:29286  RHSA-2009:0444 -- giflib security update
  MITRE:29267  RHSA-2009:0436 -- firefox security update
  MITRE:29193  RHSA-2009:0431 -- kdegraphics security update
  MITRE:28592  RHSA-2009:0429 -- cups security update
  MITRE:28703  RHSA-2009:0427 -- udev security update
  MITRE:29276  RHSA-2009:0421 -- ghostscript security update
  MITRE:29387  RHSA-2009:0411 -- device-mapper-multipath security update
  MITRE:28421  RHSA-2009:0408 -- krb5 security update
  MITRE:28934  RHSA-2009:0402 -- openswan security update
  MITRE:29178  RHSA-2009:0397 -- firefox security update
  MITRE:29277  RHSA-2009:0377 -- java-1.6.0-openjdk security update
  MITRE:28954  RHSA-2009:0373 -- systemtap security update
  MITRE:29262  RHSA-2009:0361 -- NetworkManager security update
  MITRE:28741  RHSA-2009:0354 -- evolution-data-server security update
  MITRE:29319  RHSA-2009:0352 -- gstreamer-plugins-base security update
  MITRE:29171  RHSA-2009:0345 -- ghostscript security update
  MITRE:29371  RHSA-2009:0344 -- libsoup security update
  MITRE:28978  RHSA-2009:0341 -- curl security update
  MITRE:29236  RHSA-2009:0339 -- lcms security update
  MITRE:29345  RHSA-2009:0338 -- php security update
  MITRE:29068  RHSA-2009:0336 -- glib2 security update
  MITRE:29196  RHSA-2009:0333 -- libpng security update
  MITRE:28793  RHSA-2009:0326 -- kernel security and bug fix update
  MITRE:29381  RHSA-2009:0315 -- firefox security update
  MITRE:29088  RHSA-2009:0313 -- wireshark security update
  MITRE:29195  RHSA-2009:0296 -- icu security update
  MITRE:28896  RHSA-2009:0271 -- gstreamer-plugins-good security update
  MITRE:29098  RHSA-2009:0267 -- sudo security update
  MITRE:28966  RHSA-2009:0264 -- kernel security update
  MITRE:29367  RHSA-2009:0261 -- vnc security update
  MITRE:28850  RHSA-2009:0259 -- mod_auth_mysql security update
  MITRE:29166  RHSA-2009:0258 -- thunderbird security update
  MITRE:29045  RHSA-2009:0256 -- firefox security update
  MITRE:29343  RHSA-2009:0225 -- Red Hat Enterprise Linux 5.3 kernel security and bug fix update
  MITRE:29313  RHSA-2009:0205 -- dovecot security and bug fix update
  MITRE:29213  RHSA-2009:0057 -- squirrelmail security update
  MITRE:28923  RHSA-2009:0046 -- ntp security update
  MITRE:28987  RHSA-2009:0020 -- bind security update
  MITRE:29143  RHSA-2009:0018 -- xterm security update
  MITRE:29261  RHSA-2009:0013 -- avahi security update
  MITRE:29253  RHSA-2009:0012 -- netpbm security update
  MITRE:29300  RHSA-2009:0011 -- lcms security update
  MITRE:29372  RHSA-2009:0010 -- squirrelmail security update
  MITRE:29288  RHSA-2009:0008 -- dbus security update
  MITRE:28712  RHSA-2009:0004 -- openssl security update
  MITRE:28776  RHSA-2009:0003 -- xen security and bug fix update
  MITRE:29201  RHSA-2009:0002 -- thunderbird security update
  MITRE:29215  RHSA-2008:1036 -- firefox security update
  MITRE:29137  RHSA-2008:1029 -- cups security update
  MITRE:29210  RHSA-2008:1023 -- pidgin security and bug fix update
  MITRE:29354  RHSA-2008:1017 -- kernel security and bug fix update
  MITRE:28976  RHSA-2008:1016 -- enscript security update
  MITRE:29308  RHSA-2008:1001 -- tog-pegasus security update
  MITRE:29306  RHSA-2008:0988 -- libxml2 security update
  MITRE:29020  RHSA-2008:0982 -- gnutls security update
  MITRE:28686  RHSA-2008:0981 -- ruby security update
  MITRE:29237  RHSA-2008:0978 -- firefox security update
  MITRE:29116  RHSA-2008:0976 -- thunderbird security update
  MITRE:29197  RHSA-2008:0971 -- net-snmp security update
  MITRE:29289  RHSA-2008:0967 -- httpd security and bug fix update
  MITRE:28964  RHSA-2008:0965 -- lynx security update
  MITRE:29265  RHSA-2008:0957 -- kernel security and bug fix update
  MITRE:29199  RHSA-2008:0946 -- ed security update
  MITRE:29069  RHSA-2008:0939 -- openoffice.org security update
  MITRE:29185  RHSA-2008:0937 -- cups security update
  MITRE:28693  RHSA-2008:0908 -- thunderbird security update
  MITRE:29090  RHSA-2008:0907 -- pam_krb5 security update
  MITRE:28242  RHSA-2008:0897 -- ruby security update
  MITRE:29039  RHSA-2008:0893 -- bzip2 security update
  MITRE:28930  RHSA-2008:0892 -- xen security and bug fix update
  MITRE:29012  RHSA-2008:0890 -- wireshark security update
  MITRE:29129  RHSA-2008:0885 -- kernel security and bug fix update
  MITRE:29030  RHSA-2008:0884 -- libxml2 security update
  MITRE:29008  RHSA-2008:0879 -- firefox security update
  MITRE:29192  RHSA-2008:0855 -- openssh security update
  MITRE:29044  RHSA-2008:0849 -- ipsec-tools security update
  MITRE:28973  RHSA-2008:0847 -- libtiff security and bug fix update
  MITRE:28256  RHSA-2008:0839 -- postfix security update
  MITRE:29241  RHSA-2008:0836 -- libxml2 security update
  MITRE:29162  RHSA-2008:0835 -- openoffice.org security update
  MITRE:29133  RHSA-2008:0818 -- hplip security update
  MITRE:28842  RHSA-2008:0815 -- yum-rhn-plugin security update
  MITRE:29167  RHSA-2008:0789 -- dnsmasq security update
  MITRE:29029  RHSA-2008:0649 -- libxslt security update
  MITRE:28407  RHSA-2008:0648 -- tomcat security update
  MITRE:28716  RHSA-2008:0616 -- thunderbird security update
  MITRE:28983  RHSA-2008:0612 -- kernel security and bug fix update
  MITRE:29066  RHSA-2008:0597 -- firefox security update
  MITRE:29144  RHSA-2008:0584 -- pidgin security and bug fix update
  MITRE:29038  RHSA-2008:0583 -- openldap security update
  MITRE:29255  RHSA-2008:0581 -- bluez-libs and bluez-utils security update
  MITRE:29232  RHSA-2008:0580 -- vim security update
  MITRE:29234  RHSA-2008:0575 -- rdesktop security update
  MITRE:29028  RHSA-2008:0569 -- firefox security update
  MITRE:28980  RHSA-2008:0561 -- ruby security update
  MITRE:29150  RHSA-2008:0544 -- php security update
  MITRE:28787  RHSA-2008:0533 -- bind security update
  MITRE:28887  RHSA-2008:0486 -- nfs-utils security update
  MITRE:28823  ELSA-2015-1189 -- kvm security update

2015-06-27  CVE-2015-4199  Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent...
  CVE-2015-4225  Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors,...

2015-06-26  CVE-2015-4224  Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

2015-06-25  CVE-2015-4223  Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.

2015-06-24  CVE-2015-4215  Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6...
  CVE-2015-4213  Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.

2015-06-23  CVE-2015-4203  Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed...
  CVE-2015-4200  Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation,...
  CVE-2015-4204  Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests...
  CVE-2015-4205  Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.

2015-06-22  MITRE:29009  MSXML3 same origin policy SFB vulnerability

2015-06-20  CVE-2015-4197  Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.
  CVE-2015-4202  Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization...

2015-06-18  CVE-2015-4191  Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
  CVE-2015-4195  Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.

2015-06-16  MITRE:28440  RHSA-2015:1115-01 -- Redhat openssl
  MITRE:29126  ELSA-2015-1115 -- Oracle openssl
  MITRE:28643  ELSA-2015-1115 -- Oracle openssl
  MITRE:29099  CESA-2015:1115 -- centos 7 openssl
  MITRE:28674  CESA-2015:1115 -- centos 6 openssl

2015-06-13  CVE-2015-4185  The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.

2015-06-12  CVE-2015-0771  The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID...
  CVE-2015-0775  The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000...
  CVE-2015-0776  telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.

2015-06-02  MITRE:28539  RHSA-2015:1002-01 -- Redhat xen
  MITRE:28106  RHSA-2015:0999-01 -- Redhat qemu-kvm, libcacard
  MITRE:28702  RHSA-2015:0998-01 -- Redhat qemu-kvm, qemu-guest-agent
  MITRE:28949  ELSA-2015-1003 -- Oracle kvm-83
  MITRE:28974  ELSA-2015-1002 -- Oracle xen
  MITRE:28893  ELSA-2015-0999 -- Oracle qemu-kvm
  MITRE:29004  ELSA-2015-0998 -- Oracle qemu-kvm_qemu-guest-agent
  MITRE:28198  CESA-2015:1003 -- centos 5 kvm
  MITRE:28937  CESA-2015:1002 -- centos 5 xen
  MITRE:28600  CESA-2015:0999 -- centos 7 qemu-kvm,libcacard
  MITRE:28912  CESA-2015:0998 -- centos 6 qemu-kvm,qemu-guest-agent

2015-06-01  MITRE:28603  Windows MS-DOS device name vulnerability
  MITRE:28397  Windows Hyper-V DoS vulnerability
  MITRE:28831  NtCreateTransactionManager type confusion vulnerability
  MITRE:28523  Microsoft SharePoint XSS vulnerability
  MITRE:28565  Microsoft SharePoint XSS vulnerability
  MITRE:27878  Microsoft office memory corruption vulnerability
  MITRE:28561  Microsoft office component use after free vulnerability
  MITRE:28690  Microsoft office component use after free vulnerability
  MITRE:28752  Microsoft office component use after free vulnerability
  MITRE:28861  Internet Explorer memory corruption vulnerability
  MITRE:28865  Internet Explorer memory corruption vulnerability
  MITRE:27899  Internet Explorer memory corruption vulnerability
  MITRE:27908  Internet Explorer memory corruption vulnerability
  MITRE:28895  Internet Explorer memory corruption vulnerability
  MITRE:28574  Internet Explorer memory corruption vulnerability
  MITRE:28704  Internet Explorer memory corruption vulnerability
  MITRE:28709  Internet Explorer memory corruption vulnerability
  MITRE:28783  Internet Explorer memory corruption vulnerability
  MITRE:28821  Internet Explorer ASLR bypass vulnerability
  MITRE:28623  HTTP.sys Remote code execution vulnerability
  MITRE:28101  EMF processing remote code execution vulnerability
  MITRE:28116  ASP.NET information disclosure vulnerability
  MITRE:28782  Active Directory Federation Services information disclosure vulnerability

2015-05-29  CVE-2015-0756  Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.
  CVE-2015-0751  Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

2015-05-27  CVE-2015-1157  CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications...

2015-05-16  CVE-2015-0723  The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.
  CVE-2015-0726  The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via...
  CVE-2015-0717  Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.

2015-05-15  CVE-2015-0731  The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890.

2015-05-07  CVE-2015-1152  WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1153  WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1156  The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same...
  CVE-2015-1155  The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

2015-05-01  CVE-2014-8361  The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

2015-04-29  CVE-2015-3447  Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter.

2015-04-28  CVE-2015-0710  The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling,...
  CVE-2015-0709  Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348.
  CVE-2015-0708  Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.

2015-04-27  MITRE:27987  WTS remote code execution vulnerability
  MITRE:28813  Win32k elevation of privilege vulnerability
  MITRE:28562  Vulnerability in Microsoft Schannel could allow security feature bypass
  MITRE:28797  VBScript memory corruption vulnerability
  MITRE:28780  Task scheduler security feature bypass vulnerability
  MITRE:28847  Remote desktop protocol
  MITRE:28816  Registry virtualization elevation of privilege vulnerability
  MITRE:28811  OWA modified canary parameter cross site scripting vulnerability
  MITRE:28863  NETLOGON spoofing vulnerability
  MITRE:28851  Microsoft word local zone remote code execution vulnerability
  MITRE:28803  Microsoft windows kernel memory disclosure vulnerability
  MITRE:28656  Microsoft windows kernel memory disclosure vulnerability
  MITRE:28667  Microsoft windows kernel memory disclosure vulnerability
  MITRE:27875  Microsoft SharePoint xss vulnerability
  MITRE:28658  Microsoft SharePoint xss vulnerability
  MITRE:28356  Microsoft office memory corruption vulnerability
  MITRE:28631  Microsoft office component use after free vulnerability
  MITRE:28428  Malformed PNG parsing information disclosure vulnerability
  MITRE:28675  JPEG XR parser information disclosure vulnerability
  MITRE:28836  Internet Explorer memory corruption vulnerability
  MITRE:28843  Internet Explorer memory corruption vulnerability
  MITRE:28464  Internet Explorer memory corruption vulnerability
  MITRE:28487  Internet Explorer memory corruption vulnerability
  MITRE:28569  Internet Explorer memory corruption vulnerability
  MITRE:28670  Internet Explorer memory corruption vulnerability
  MITRE:28757  Internet Explorer memory corruption vulnerability
  MITRE:28768  Internet Explorer memory corruption vulnerability
  MITRE:28781  Internet Explorer memory corruption vulnerability
  MITRE:28605  Internet Explorer elevation of privilege vulnerability
  MITRE:28737  Internet Explorer elevation of privilege vulnerability
  MITRE:28844  Impersonation level check elevation of privilege vulnerability
  MITRE:28748  ExchangeDLP cross site scripting vulnerability
  MITRE:28294  Exchange forged meeting request spoofing vulnerability
  MITRE:27900  Exchange error message cross site scripting vulnerability
  MITRE:28609  DLL planting remote code execution vulnerability
  MITRE:28524  Audit report cross site scripting vulnerability
  MITRE:28807  Adobe font driver remote code execution vulnerability
  MITRE:28684  Adobe font driver remote code execution vulnerability
  MITRE:28738  Adobe font driver remote code execution vulnerability
  MITRE:28770  Adobe font driver remote code execution vulnerability
  MITRE:28771  Adobe font driver remote code execution vulnerability
  MITRE:28469  Adobe font driver information disclosure vulnerability
  MITRE:28549  Adobe font driver information disclosure vulnerability
  MITRE:28730  Adobe font driver denial of service vulnerability

2015-04-16  CVE-2015-0695  Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card...

2015-04-10  CVE-2015-1126  WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource...
  CVE-2015-1116  The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
  CVE-2015-1125  The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
  CVE-2015-1115  The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
  CVE-2015-1113  The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
  CVE-2015-1106  The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
  CVE-2015-1107  The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making...
  CVE-2015-1108  The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
  CVE-2015-1091  The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin...
  CVE-2015-1111  Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1109  NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
  CVE-2015-3003  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users...
  CVE-2015-3002  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port...
  CVE-2015-3004  J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3...
  CVE-2015-1098  iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-1093  FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
  CVE-2015-1087  Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
  CVE-2015-3005  Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject...
  CVE-2015-1088  CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
  CVE-2015-1090  CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1089  CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
  CVE-2015-1085  AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
  CVE-2015-1112  Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive...
  CVE-2015-1129  Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

2015-04-06  CVE-2015-0690  Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.

2015-04-03  CVE-2015-0688  Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.

2015-04-02  CVE-2015-0686  The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID...
  CVE-2015-0687  The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka...
  CVE-2015-0685  Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.

2015-03-30  MITRE:28688  Windows font driver denial of service vulnerability
  MITRE:28764  Windows create process elevation of privilege vulnerability
  MITRE:28689  Win32k elevation of privilege vulnerability
  MITRE:28633  TrueType font parsing remote code execution vulnerability
  MITRE:28731  TIFF Processing information disclosure vulnerability
  MITRE:28598  OneTableDocumentStream remote code execution vulnerability
  MITRE:28074  Office remote code execution vulnerability
  MITRE:27780  Microsoft schannel remote code execution vulnerability
  MITRE:28762  Microsoft schannel remote code execution vulnerability
  MITRE:28668  Microsoft Office component use after free vulnerability
  MITRE:28548  Internet Explorer use-after-free vulnerability
  MITRE:27765  Internet Explorer memory corruption vulnerability
  MITRE:27772  Internet Explorer memory corruption vulnerability
  MITRE:27957  Internet Explorer memory corruption vulnerability
  MITRE:27977  Internet Explorer memory corruption vulnerability
  MITRE:28021  Internet Explorer memory corruption vulnerability
  MITRE:28475  Internet Explorer memory corruption vulnerability
  MITRE:28522  Internet Explorer memory corruption vulnerability
  MITRE:28540  Internet Explorer memory corruption vulnerability
  MITRE:28558  Internet Explorer memory corruption vulnerability
  MITRE:28573  Internet Explorer memory corruption vulnerability
  MITRE:28590  Internet Explorer memory corruption vulnerability
  MITRE:28639  Internet Explorer memory corruption vulnerability
  MITRE:28653  Internet Explorer memory corruption vulnerability
  MITRE:28663  Internet Explorer memory corruption vulnerability
  MITRE:28666  Internet Explorer memory corruption vulnerability
  MITRE:28683  Internet Explorer memory corruption vulnerability
  MITRE:28691  Internet Explorer memory corruption vulnerability
  MITRE:28695  Internet Explorer memory corruption vulnerability
  MITRE:28711  Internet Explorer memory corruption vulnerability
  MITRE:28714  Internet Explorer memory corruption vulnerability
  MITRE:28718  Internet Explorer memory corruption vulnerability
  MITRE:28732  Internet Explorer memory corruption vulnerability
  MITRE:28735  Internet Explorer memory corruption vulnerability
  MITRE:28750  Internet Explorer memory corruption vulnerability
  MITRE:28337  Internet Explorer memory corruption vulnerability
  MITRE:28347  Internet Explorer memory corruption vulnerability
  MITRE:28272  Internet Explorer memory corruption vulnerability
  MITRE:28382  Internet Explorer memory corruption vulnerability
  MITRE:28383  Internet Explorer memory corruption vulnerability
  MITRE:28384  Internet Explorer memory corruption vulnerability
  MITRE:28394  Internet Explorer memory corruption vulnerability
  MITRE:28395  Internet Explorer memory corruption vulnerability
  MITRE:28402  Internet Explorer memory corruption vulnerability
  MITRE:28413  Internet Explorer memory corruption vulnerability
  MITRE:28728  Internet Explorer elevation of privilege vulnerability
  MITRE:28193  Internet Explorer elevation of privilege vulnerability
  MITRE:28018  Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28449  Internet Explorer ASLR bypass vulnerability
  MITRE:28486  Internet Explorer ASLR bypass vulnerability
  MITRE:28257  Internet Explorer ASLR bypass vulnerability
  MITRE:28767  Group Policy security feature bypass vulnerability
  MITRE:28700  Group Policy remote code execution vulnerability
  MITRE:28604  Excel remote code execution vulnerability
  MITRE:28202  CNG security feature bypass vulnerability

2015-03-27  CVE-2015-0679  The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.
  CVE-2015-0658  The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on...
  CVE-2015-0680  Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.

2015-03-26  CVE-2015-0650  The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote...
  CVE-2015-0645  The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0640  The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0672  The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.
  CVE-2015-0639  The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S,...
  CVE-2015-0635  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA)...
  CVE-2015-0636  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via...
  CVE-2015-0637  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN...
  CVE-2015-0646  Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of...
  CVE-2015-0648  Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.
  CVE-2015-0641  Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted...
  CVE-2015-0638  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.
  CVE-2015-0647  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371.
  CVE-2015-0649  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514.
  CVE-2015-0642  Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0643  Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0644  AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service...

2015-03-20  CVE-2015-0669  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN)...

2015-03-18  CVE-2015-1084  The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

2015-03-12  CVE-2015-1064  Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
  CVE-2015-1065  Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
  CVE-2015-1063  CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.

2015-03-09  MITRE:28554  Windows Telnet service buffer overflow vulnerability

2015-03-05  CVE-2015-0661  The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.
  CVE-2015-0598  The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.
  CVE-2015-0659  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
  CVE-2015-0607  The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that...
  CVE-2015-0657  Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.

2015-03-04  CVE-2015-0204  FREAK: SSL/TLS vulnerability

2015-02-26  CVE-2015-0632  Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

2015-02-23  MITRE:28634  Windows Error Reporting security feature bypass vulnerability
  MITRE:27743  WebDAV elevation of privilege vulnerability
  MITRE:28297  NLA Security Feature Bypass Vulnerability
  MITRE:28478  Network policy server RADIUS implementation denial of service vulnerability
  MITRE:28330  Microsoft user profile service elevation of privilege vulnerability
  MITRE:28664  Graphics component information disclosure vulnerability
  MITRE:28717  Directory Traversal elevation of privilege vulnerability

2015-02-21  CVE-2015-0618  Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with...

2015-02-20  CVE-2015-2078  MITM installed: Superfish certificate
  CVE-2015-2077  MITM installed: Superfish adware

2015-02-18  CVE-2015-0622  The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the...

2015-02-15  CVE-2015-0609  Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via...
  CVE-2015-1474  Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption)...

2015-02-12  CVE-2015-0593  The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003.

2015-02-11  CVE-2015-0592  The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.
  CVE-2015-0606  The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696.
  CVE-2015-0610  Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco...
  CVE-2015-0608  Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper...

2015-02-03  CVE-2014-8013  The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.

2015-01-30  CVE-2014-4467  WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
  CVE-2014-8840  The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.
  CVE-2014-4493  The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
  CVE-2014-4494  Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging...

2015-01-28  CVE-2015-0586  The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR...
  MITRE:28438  RHSA-2015:0092 -- glibc security update
  MITRE:28360  RHSA-2015:0090 -- glibc security update
  MITRE:28622  ELSA-2015-0092 -- glibc security update
  MITRE:28638  ELSA-2015-0090 -- glibc security update

2015-01-26  MITRE:28006  Use After Free Word Remote Code Execution Vulnerability
  MITRE:28328  OWA XSS vulnerability () - MS14-075
  MITRE:28291  OWA XSS vulnerability () - MS14-075
  MITRE:28425  Outlook Web App token spoofing vulnerability () - MS14-075
  MITRE:27937  Microsoft Office component use after free vulnerability
  MITRE:28299  Invalid index remote code execution vulnerability
  MITRE:27932  Internet Explorer XSS filter bypass vulnerability
  MITRE:28172  Internet Explorer XSS filter bypass vulnerability
  MITRE:27704  Internet Explorer memory corruption vulnerability
  MITRE:28329  Internet Explorer memory corruption vulnerability
  MITRE:28430  Internet Explorer memory corruption vulnerability
  MITRE:28349  Internet Explorer memory corruption vulnerability
  MITRE:28368  Internet Explorer memory corruption vulnerability
  MITRE:28376  Internet Explorer memory corruption vulnerability
  MITRE:28377  Internet Explorer memory corruption vulnerability
  MITRE:28392  Internet Explorer memory corruption vulnerability
  MITRE:28401  Internet Explorer memory corruption vulnerability
  MITRE:28404  Internet Explorer memory corruption vulnerability
  MITRE:28408  Internet Explorer memory corruption vulnerability
  MITRE:28416  Internet Explorer memory corruption vulnerability
  MITRE:28084  Graphics component information disclosure vulnerability
  MITRE:28280  Global free remote code execution in excel vulnerability
  MITRE:28415  Exchange URL redirection vulnerability () - MS14-075
  MITRE:27446  Excel invalid pointer remote code execution vulnerability

2015-01-22  CVE-2014-8008  Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

2015-01-16  CVE-2014-6383  The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.
  CVE-2014-6382  The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of...
  CVE-2014-6384  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle...
  CVE-2014-6386  Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before...
  CVE-2014-6385  Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1...

2015-01-09  CVE-2015-0582  The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.

2014-12-30  MITRE:28571  SUSE-SU-2014:1650-1 -- Security update for flash-player
  MITRE:28176  SUSE-SU-2014:1623-1 -- Security update for pidgin
  MITRE:28044  SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g
  MITRE:28499  SUSE-SU-2014:1545-1 -- Security update for flash-player
  MITRE:28460  RHSA-2014:2025 -- ntp security update
  MITRE:28483  RHSA-2014:2024 -- ntp security update
  MITRE:28439  RHSA-2014:2023 -- glibc security and bug fix update
  MITRE:28532  RHSA-2014:2021 -- jasper security update
  MITRE:28630  RHSA-2014:2010 -- kernel security update
  MITRE:28453  RHSA-2014:2008 -- kernel security update
  MITRE:28385  RHSA-2014:1999 -- mailx security update
  MITRE:27703  RHSA-2014:1997 -- kernel security and bug fix update
  MITRE:28498  RHSA-2014:1985 -- bind97 security update
  MITRE:28588  RHSA-2014:1984 -- bind security update
  MITRE:28613  RHSA-2014:1983 -- xorg-x11-server security update
  MITRE:28652  RHSA-2014:1982 -- xorg-x11-server security update
  MITRE:28437  RHSA-2014:1976 -- rpm security update
  MITRE:28661  RHSA-2014:1974 -- rpm security update
  MITRE:28399  RHSA-2014:1971 -- kernel security and bug fix update

2014-12-29  MITRE:28056  TypeFilterLevel vulnerability
  MITRE:27794  Microsoft schannel remote code execution vulnerability
  MITRE:27356  Internet Explorer memory corruption vulnerability
  MITRE:27372  Internet Explorer memory corruption vulnerability
  MITRE:27601  Internet Explorer memory corruption vulnerability
  MITRE:28177  Internet Explorer memory corruption vulnerability
  MITRE:28205  Internet Explorer memory corruption vulnerability
  MITRE:28358  Internet Explorer memory corruption vulnerability
  MITRE:27897  Internet Explorer elevation of privilege vulnerability
  MITRE:28266  Internet Explorer elevation of privilege vulnerability
  MITRE:28339  Internet Explorer cross-domain information disclosure vulnerability.
  MITRE:28204  Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28290  Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28334  Internet Explorer Clipboard Information Disclosure Vulnerability
  MITRE:28173  Active Directory Federation Services information disclosure vulnerability

2014-12-22  MITRE:28647  ELSA-2014-3108 -- Unbreakable Enterprise kernel security update
  MITRE:28492  ELSA-2014-3107 -- Unbreakable Enterprise kernel security update
  MITRE:27915  ELSA-2014-3106 -- Unbreakable Enterprise kernel security update
  MITRE:27668  ELSA-2014-3105 -- Unbreakable Enterprise kernel security update
  MITRE:28482  ELSA-2014-3104 -- Unbreakable Enterprise kernel security update
  MITRE:28305  ELSA-2014-3103 -- Unbreakable Enterprise kernel security update
  MITRE:28192  ELSA-2014-2025 -- ntp security update
  MITRE:28304  ELSA-2014-2024 -- ntp security update
  MITRE:28088  ELSA-2014-2023 -- glibc security and bug fix update
  MITRE:28420  ELSA-2014-2021 -- jasper security update
  MITRE:28310  ELSA-2014-2010 -- kernel security update
  MITRE:28616  ELSA-2014-2008-1 -- kernel security update
  MITRE:28387  ELSA-2014-2008 -- kernel security update
  MITRE:28324  ELSA-2014-1999 -- mailx security update
  MITRE:28612  ELSA-2014-1997 -- kernel security and bug fix update
  MITRE:28079  ELSA-2014-1985 -- bind97 security update
  MITRE:28485  ELSA-2014-1984 -- bind security update
  MITRE:28543  ELSA-2014-1983 -- xorg-x11-server security update
  MITRE:28577  ELSA-2014-1982 -- xorg-x11-server security update
  MITRE:28615  ELSA-2014-1976 -- rpm security update
  MITRE:28261  ELSA-2014-1974 -- rpm security update
  MITRE:28418  ELSA-2014-1971 -- kernel security and bug fix update

2014-12-18  CVE-2014-8014  Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.

2014-12-17  CVE-2014-9322  arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that...

2014-12-15  CVE-2014-8609  The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for...
  CVE-2014-8507  Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary...
  CVE-2014-7911  luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization,...
  CVE-2014-8610  AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or...

2014-12-08  MITRE:28472  SUSE-SU-2014:1544-1 -- Security update for LibreOffice
  MITRE:27600  SUSE-SU-2014:1458-3 -- Security update for MozillaFirefox
  MITRE:28194  SUSE-SU-2014:1442-1 -- Security update for flash-player
  MITRE:28507  SUSE-SU-2014:1408-1 -- Security update for wget
  MITRE:28277  SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK
  MITRE:28457  SUSE-SU-2014:1387-1 -- Security update for OpenSSL
  MITRE:27526  SUSE-SU-2014:1360-1 -- Security update for flash-player
  MITRE:28295  RHSA-2014:1959 -- kernel security and bug fix update
  MITRE:27507  RHSA-2014:1956 -- wpa_supplicant security update
  MITRE:28139  RHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  MITRE:28459  RHSA-2014:1924 -- thunderbird security update
  MITRE:27983  RHSA-2014:1919 -- firefox security update
  MITRE:27935  RHSA-2014:1912 -- ruby security update
  MITRE:28142  RHSA-2014:1911 -- ruby security update
  MITRE:27716  RHSA-2014:1893 -- libXfont security update
  MITRE:27707  RHSA-2014:1885 -- libxml2 security update
  MITRE:28313  RHSA-2014:1873 -- libvirt security and bug fix update
  MITRE:28435  RHSA-2014:1870 -- libXfont security update
  MITRE:27610  RHSA-2014:1861 -- mariadb security update
  MITRE:28389  RHSA-2014:1859 -- mysql55-mysql security update
  MITRE:27895  RHSA-2014:1846 -- gnutls security update
  MITRE:27992  RHSA-2014:1843 -- kernel security and bug fix update
  MITRE:28039  RHSA-2014:1827 -- kdenetwork security update
  MITRE:28208  RHSA-2014:1826 -- libvncserver security update
  MITRE:28186  RHSA-2014:1824 -- php security update
  MITRE:28374  RHSA-2014:1803 -- mod_auth_mellon security update
  MITRE:27612  RHSA-2014:1801 -- shim security update
  MITRE:28375  RHSA-2014:1795 -- cups-filters security update
  MITRE:28326  RHSA-2014:1768 -- php53 security update
  MITRE:28030  RHSA-2014:1767 -- php security update
  MITRE:28354  RHSA-2014:1764 -- wget security update
  MITRE:28090  RHSA-2014:1724 -- kernel security and bug fix update
  MITRE:28373  ELSA-2014-3096 -- Unbreakable Enterprise kernel security update
  MITRE:27549  ELSA-2014-3095 -- docker security and bug fix update
  MITRE:28263  ELSA-2014-3094 -- bash security update
  MITRE:27461  ELSA-2014-3093 -- bash security update
  MITRE:28237  ELSA-2014-3092 -- bash security update
  MITRE:27775  ELSA-2014-1959-1 -- kernel security and bug fix update
  MITRE:27990  ELSA-2014-1959 -- kernel security and bug fix update
  MITRE:28391  ELSA-2014-1956 -- wpa_supplicant security update
  MITRE:27738  ELSA-2014-1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  MITRE:28254  ELSA-2014-1924 -- thunderbird security update
  MITRE:28112  ELSA-2014-1919 -- firefox security update
  MITRE:28303  ELSA-2014-1912 -- ruby security update
  MITRE:28027  ELSA-2014-1911 -- ruby security update
  MITRE:28414  ELSA-2014-1893 -- libXfont security update
  MITRE:28050  ELSA-2014-1885 -- libxml2 security update
  MITRE:28378  ELSA-2014-1873 -- libvirt security and bug fix update
  MITRE:28393  ELSA-2014-1870 -- libXfont security update
  MITRE:27477  ELSA-2014-1861 -- mariadb security update
  MITRE:28369  ELSA-2014-1859 -- mysql55-mysql security update

2014-11-25  CVE-2014-8005  Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
  CVE-2014-8004  Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.

2014-11-24  MITRE:26757  .NET Framework remote code execution vulnerability
  MITRE:26601  .NET framework denial of service vulnerability
  MITRE:26910  .NET ClickOnce elevation of privilege vulnerability

2014-11-18  CVE-2014-4457  The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time...
  CVE-2014-4460  CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-4451  Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
  CVE-2014-4453  Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via...
  CVE-2014-4463  Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

2014-11-17  CVE-2014-7992  The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

2014-11-14  CVE-2014-7997  The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by...
  MITRE:27974  ELSA-2014-3089 -- Unbreakable Enterprise kernel security update
  MITRE:28227  ELSA-2014-3087 -- Unbreakable Enterprise kernel security update
  MITRE:28219  ELSA-2014-1827 -- kdenetwork security update
  CVE-2014-7998  Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.

2014-11-13  CVE-2014-7991  The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS...

2014-11-05  MITRE:26620  ELSA-2014-3086 -- Unbreakable Enterprise kernel security update
  MITRE:27236  ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update
  MITRE:27227  ELSA-2014-3083 -- Unbreakable Enterprise kernel Security update
  MITRE:26519  ELSA-2014-3081 -- Unbreakable Enterprise kernel security update
  MITRE:27266  ELSA-2014-3070 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27215  ELSA-2014-3069 -- unbreakable enterprise kernel security update
  MITRE:26951  ELSA-2014-3067 -- unbreakable enterprise kernel security update
  MITRE:27158  ELSA-2014-3054 -- unbreakable enterprise kernel security update
  MITRE:26359  ELSA-2014-3052 -- unbreakable enterprise kernel security update
  MITRE:26514  ELSA-2014-3049 -- unbreakable enterprise kernel security update
  MITRE:27341  ELSA-2014-3048 -- unbreakable enterprise kernel security update
  MITRE:27200  ELSA-2014-3046 -- unbreakable enterprise kernel security update
  MITRE:27250  ELSA-2014-3043 -- unbreakable enterprise kernel security update
  MITRE:27352  ELSA-2014-3041 -- unbreakable enterprise kernel security update
  MITRE:27093  ELSA-2014-3039 -- Unbreakable Enterprise kernel security update
  MITRE:27316  ELSA-2014-3037 -- Unbreakable Enterprise kernel security update
  MITRE:26365  ELSA-2014-3034 -- Unbreakable Enterprise kernel security update
  MITRE:27092  ELSA-2014-3023 -- Unbreakable Enterprise kernel security update
  MITRE:27318  ELSA-2014-3021 -- Unbreakable Enterprise kernel security update
  MITRE:27347  ELSA-2014-3016 -- Unbreakable Enterprise kernel security update
  MITRE:26883  ELSA-2014-3014 -- unbreakable enterprise kernel security update
  MITRE:27278  ELSA-2014-3011 -- Unbreakable Enterprise kernel security update
  MITRE:27242  ELSA-2014-3010 -- Unbreakable Enterprise kernel security update
  MITRE:26522  ELSA-2014-3002 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27016  ELSA-2014-1669 -- qemu-kvm security and bug fix update
  MITRE:26880  ELSA-2014-1075 -- qemu-kvm security and bug fix update
  MITRE:27233  ELSA-2014-1052 -- openssl security update
  MITRE:26804  ELSA-2014-1004 -- yum-updatesd security update
  MITRE:27160  ELSA-2014-0927 -- qemu-kvm security and bug fix update
  MITRE:26595  ELSA-2014-0926-1 -- kernel security and bug fix update
  MITRE:26940  ELSA-2014-0926 -- kernel security and bug fix update
  MITRE:27351  ELSA-2014-0921 -- httpd security update
  MITRE:27060  ELSA-2014-0920 -- httpd security update
  MITRE:27342  ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update
  MITRE:26995  ELSA-2014-0890 -- java-1.7.0-openjdk security update
  MITRE:27141  ELSA-2014-0889 -- java-1.7.0-openjdk security update
  MITRE:26531  ELSA-2014-0790 -- dovecot security update
  MITRE:27323  ELSA-2014-0740-1 -- kernel security and bug fix update
  MITRE:27247  ELSA-2014-0704 -- qemu-kvm security and bug fix update
  MITRE:27337  ELSA-2014-0702 -- mariadb security update
  MITRE:27029  ELSA-2014-0685 -- java-1.6.0-openjdk security update
  MITRE:27123  ELSA-2014-0679 -- openssl security update
  MITRE:27331  ELSA-2014-0675 -- java-1.7.0-openjdk security update
  MITRE:27296  ELSA-2014-0433-1 -- kernel security, bug fix, and enhancement update
  MITRE:27275  ELSA-2014-0285-1 -- kernel security, bug fix, and enhancement update
  MITRE:27232  ELSA-2014-0108-1 -- kernel security and bug fix update
  MITRE:27343  ELSA-2013-2589 -- unbreakable enterprise kernel security update
  MITRE:27388  ELSA-2013-2587 -- unbreakable enterprise kernel security update
  MITRE:27358  ELSA-2013-2585 -- Unbreakable Enterprise Kernel security update
  MITRE:27338  ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update
  MITRE:27502  ELSA-2013-2577 -- unbreakable enterprise kernel security update
  MITRE:27378  ELSA-2013-2575 -- unbreakable enterprise kernel security update
  MITRE:26512  ELSA-2013-2542 -- unbreakable enterprise kernel security update
  MITRE:27433  ELSA-2013-2537 -- unbreakable enterprise kernel security update
  MITRE:27466  ELSA-2013-2534 -- Unbreakable Enterprise kernel Security update
  MITRE:27622  ELSA-2013-2520 -- Unbreakable Enterprise kernel security update
  MITRE:27047  ELSA-2013-2512 -- Unbreakable Enterprise kernel Security update
  MITRE:27657  ELSA-2013-2504 -- Unbreakable Enterprise kernel security update
  MITRE:26673  ELSA-2013-1790-1 -- kernel security and bug fix update
  MITRE:27381  ELSA-2013-1449-1 -- kernel security and bug fix update
  MITRE:27281  ELSA-2013-1348-1 -- Oracle Linux 5 kernel update
  MITRE:27255  ELSA-2013-1348 -- Oracle linux 5 kernel update
  MITRE:27491  ELSA-2013-1292-1 -- kernel security and bug fix update
  MITRE:27425  ELSA-2013-1166-1 -- kernel security and bug fix update
  MITRE:26661  ELSA-2013-1034-1 -- kernel security and bug fix update
  MITRE:27334  ELSA-2013-0847-1 -- kernel security and bug fix update
  MITRE:26901  ELSA-2013-0747-1 -- kernel security and bug fix update
  MITRE:26800  ELSA-2013-0621-1 -- kernel security update
  MITRE:27623  ELSA-2013-0594-1 -- kernel security and bug fix update
  MITRE:27051  ELSA-2013-0168-1 -- kernel security and bug fix update
  MITRE:27629  ELSA-2012-2048 -- Unbreakable Enterprise kernel security update
  MITRE:26983  ELSA-2012-2044 -- Unbreakable Enterprise kernel security update
  MITRE:27071  ELSA-2012-2041 -- Unbreakable Enterprise kernel Security update
  MITRE:27596  ELSA-2012-2038 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27648  ELSA-2012-2035 -- Unbreakable Enterprise kernel security update
  MITRE:27735  ELSA-2012-2026 -- Unbreakable Enterprise kernel Security update
  MITRE:27550  ELSA-2012-2020 -- Unbreakable Enterprise kernel security and bugfix update
  MITRE:27698  ELSA-2012-2014 -- Unbreakable Enterprise kernel security update
  MITRE:27249  ELSA-2012-2007 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27914  ELSA-2012-2003 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27842  ELSA-2012-2001 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27375  ELSA-2012-1540-1 -- kernel security, bug fix, and enhancement update
  MITRE:27812  ELSA-2012-1445-1 -- kernel security and bug fix update
  MITRE:27688  ELSA-2012-1323-1 -- kernel security and bug fix update
  MITRE:27535  ELSA-2012-1174-1 -- kernel security and bug fix update
  MITRE:27194  ELSA-2012-1061-1 -- kernel security and bug fix update
  MITRE:27635  ELSA-2012-0721-1 -- kernel security update
  MITRE:27818  ELSA-2012-0690-1 -- kernel security and bug fix update
  MITRE:27823  ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update
  MITRE:27877  ELSA-2012-0150-1 -- Oracle Linux 5.8 kernel security and bug update
  MITRE:27955  ELSA-2011-2038 -- Unbreakable Enterprise kernel security update
  MITRE:27916  ELSA-2011-2037 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:28092  ELSA-2011-2033 -- Unbreakable Enterprise kernel security update
  MITRE:28158  ELSA-2011-2029 -- Unbreakable Enterprise kernel security update
  MITRE:28157  ELSA-2011-2025 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:28038  ELSA-2011-2024 -- Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update
  MITRE:27903  ELSA-2011-2021 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27518  ELSA-2011-2019 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27793  ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update
  MITRE:28004  ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:28005  ELSA-2011-2014 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27959  ELSA-2011-2010 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27702  ELSA-2010-2011 -- Unbreakable enterprise kernel security and bug fix update
  MITRE:28028  ELSA-2010-2010 -- kernel security update
  MITRE:27240  ELSA-2010-2009 -- Oracle Linux 5 Unbreakable Enterprise kernel security fix update
  MITRE:27587  ELSA-2010-2008 -- Unbreakable enterprise kernel security update

2014-10-31  CVE-2014-3366  SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
  CVE-2014-3375  Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.
  CVE-2014-3372  Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
  CVE-2014-3373  Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug...
  CVE-2014-3374  Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

2014-10-28  MITRE:27022  RHSA-2014:1669 -- qemu-kvm security and bug fix update
  MITRE:27220  RHSA-2013:1353 -- sudo security and bug fix update
  MITRE:27070  RHSA-2013:0519 -- openssh security, bug fix and enhancement update

2014-10-25  CVE-2014-3409  The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

2014-10-22  CVE-2014-4450  The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading...
  CVE-2014-4449  iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
  CVE-2014-4448  House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

2014-10-20  MITRE:26378  Unspecified vulnerability allows remote attackers to bypass Protected Mode
  MITRE:26532  Heap-based buffer overflow in KMPlayer 3.0.0.1441
  MITRE:25633  Arbitrary code executing via unknown vectors.
  MITRE:26362  Apache Subversion vulnerability Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials
  MITRE:25808  Apache Subversion vulnerability 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate

2014-10-17  MITRE:27068  RHSA-2014:1658: java-1.6.0-sun security update
  MITRE:26915  RHSA-2014:1657: java-1.7.0-oracle security update
  MITRE:27149  RHSA-2014:1655: libxml2 security update
  MITRE:26767  RHSA-2014:1654: rsyslog7 security update
  MITRE:26947  RHSA-2014:1636: java-1.8.0-openjdk security update
  MITRE:27101  RHSA-2014:1606: file security and bug fix update
  MITRE:26805  RHSA-2014:1552: openssh security, bug fix, and enhancement update
  MITRE:26927  RHSA-2014:1507: trousers security, bug fix, and enhancement update
  MITRE:26759  RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update
  MITRE:27086  RHSA-2014:1392: kernel security, bug fix, and enhancement update
  MITRE:26605  RHSA-2014:1391: glibc security, bug fix, and enhancement update
  MITRE:26390  RHSA-2014:1390: luci security, bug fix, and enhancement update
  MITRE:26917  RHSA-2014:1389: krb5 security and bug fix update
  MITRE:27056  RHSA-2014:1388: cups security and bug fix update
  MITRE:27084  ELSA-2014-1652 -- openssl security update
  MITRE:26179  ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
  MITRE:26796  ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update
  MITRE:26716  ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update
  MITRE:27085  ELSA-2014-1552 -- openssh security, bug fix, and enhancement update
  MITRE:26570  ELSA-2014-1388 -- cups security and bug fix update

2014-10-16  CVE-2014-3566  POODLE: SSLv3 vulnerability

2014-10-14  CVE-2014-3825  The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote...
  CVE-2014-3818  Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49...
  CVE-2014-6378  Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5,...
  CVE-2014-6379  Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2...
  CVE-2014-6380  Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before...

2014-10-09  CVE-2014-3404  The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677.
  CVE-2014-3403  The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
  CVE-2014-3405  Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct...

2014-10-08  CVE-2014-3187  Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device...

2014-10-06  MITRE:26275  CSyncBasePlayer use after free vulnerability

2014-10-01  MITRE:26189  ELSA-2014-3073 -- Unbreakable Enterprise kernel security update
  MITRE:26806  ELSA-2014-3072 -- Unbreakable Enterprise kernel security update
  MITRE:26970  ELSA-2014-1244 -- bind97 security and bug fix update
  MITRE:27050  ELSA-2014-1166 -- jakarta-commons-httpclient security update
  MITRE:26892  ELSA-2014-1148 -- squid security update
  MITRE:26644  ELSA-2014-1147 -- squid security update

2014-09-29  MITRE:26919  ELSA-2014-3018 -- Unbreakable Enterprise kernel security update

2014-09-26  MITRE:26718  RHSA-2014:1255: krb5 security update
  MITRE:26451  RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update
  MITRE:26777  RHSA-2014:1245: krb5 security and bug fix update
  MITRE:26030  RHSA-2014:1244: bind97 security and bug fix update
  MITRE:26641  RHSA-2014:1243: automake security update
  MITRE:26851  RHSA-2014:1194: conga security and bug fix update

2014-09-25  CVE-2014-3355  The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3356  The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3361  The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.
  CVE-2014-3359  Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or...
  CVE-2014-3358  Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface...
  CVE-2014-3357  Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug...
  CVE-2014-3360  Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service...
  CVE-2014-3354  Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a...
  CVE-2014-6271  Bash environment variables code injection
  CVE-2014-7169  Bash environment variables code injection

2014-09-20  CVE-2014-3378  tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.
  CVE-2014-3377  snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.
  CVE-2014-3376  Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.

2014-09-18  CVE-2014-4409  WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
  CVE-2014-4362  The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
  CVE-2014-4361  The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
  CVE-2014-4423  The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.
  CVE-2014-4368  The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
  CVE-2014-4363  Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509...
  CVE-2014-4386  Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
  CVE-2014-4353  Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
  CVE-2014-4374  NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
  CVE-2014-4366  Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
  CVE-2014-4384  Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
  CVE-2014-4367  Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
  CVE-2014-4354  Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
  CVE-2014-4356  Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.
  CVE-2014-4352  Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

2014-09-11  CVE-2014-3342  The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
  CVE-2014-3363  Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.

2014-09-10  CVE-2014-3343  Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.

2014-09-08  MITRE:25066  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity
  MITRE:25224  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity
  MITRE:24828  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity
  MITRE:25160  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  MITRE:24806  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  MITRE:25136  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity
  MITRE:25273  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality
  MITRE:24827  Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality

2014-09-04  CVE-2014-3353  Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165.

2014-08-18  MITRE:24871  Windows journal remote code execution vulnerability

2014-08-12  CVE-2014-3338  The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via...

2014-08-11  CVE-2014-3327  The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101.
  CVE-2014-3332  Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

2014-08-06  MITRE:26284  SUSE-SU-2014:0905-1 -- Security update for Mozilla Firefox

2014-08-05  MITRE:26186  RHSA-2014:1004: yum-updatesd security update
  MITRE:26244  RHSA-2013-1605: glibc security, bug fix, and enhancement update
  MITRE:26218  RHSA-2012:0884: openssh security, bug fix, and enhancement update

2014-07-28  MITRE:25091  RHSA-2014:0927: qemu-kvm security and bug fix update

2014-07-21  MITRE:24567  SharePoint Page Content Vulnerabilities () - MS14-022

2014-07-15  MITRE:25349  SUSE-SU-2014:0727-1 -- Security update for Mozilla Firefox
  MITRE:25341  SUSE-SU-2014:0665-2 -- Security update for Mozilla Firefox
  MITRE:25916  SUSE-SU-2013:1183-1 -- Security update for xorg-x11
  MITRE:26212  SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox
  MITRE:25815  SUSE-SU-2013:0306-1 -- Security update for Mozilla Firefox
  MITRE:25898  SUSE-RU-2013:0703-2 -- Recommended update for ksh
  MITRE:25231  SUSE-RU-2013:0634-1 -- Recommended update for Xorg

2014-07-14  CVE-2014-3319  Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
  CVE-2014-3317  Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.

2014-07-11  CVE-2014-3815  Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.
  CVE-2014-3822  Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service...
  CVE-2014-3817  Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote...
  CVE-2014-3816  Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before...
  CVE-2014-3819  Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4,...
  CVE-2014-3821  Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote...

2014-07-10  CVE-2014-3316  The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
  CVE-2014-3318  Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.
  CVE-2014-3315  Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka...

2014-07-09  CVE-2014-3309  The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka...

2014-07-02  CVE-2014-3100  Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended...

2014-07-01  CVE-2014-1345  WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
  CVE-2014-1349  Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.
  CVE-2014-1351  Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
  CVE-2014-1350  Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.
  CVE-2014-1348  Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-1360  Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
  CVE-2014-1353  Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application,...
  CVE-2014-1352  Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
  CVE-2014-1354  CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...

2014-06-25  CVE-2014-3299  Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.

2014-06-14  CVE-2014-3290  The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a...
  CVE-2014-3295  The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.

2014-06-13  CVE-2014-3813  Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors...
  CVE-2014-3814  The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the...

2014-06-10  CVE-2014-3292  The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
  CVE-2014-3287  SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL,...

2014-06-08  CVE-2014-3291  Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling,...

2014-06-02  MITRE:24712  Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols
  MITRE:24520  Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  MITRE:24523  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  MITRE:24709  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI
  MITRE:24672  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
  MITRE:24441  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
  MITRE:24676  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  MITRE:24510  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
  MITRE:24502  Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  MITRE:23723  The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened,...

2014-05-25  CVE-2013-1191  Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management...
  CVE-2014-2200  Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID...
  CVE-2014-3284  Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

2014-05-20  CVE-2014-3269  The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.
  CVE-2014-3273  The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.
  CVE-2014-3270  The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.
  CVE-2014-3271  The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.
  CVE-2013-6975  Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.

2014-05-19  MITRE:24283  Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server
  MITRE:24101  Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server

2014-05-16  CVE-2014-3263  The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.
  CVE-2014-3262  The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet...

2014-05-13  CVE-2010-4832  Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate...

2014-05-07  CVE-2014-0684  Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.

2014-05-05  MITRE:24405  Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
  MITRE:24141  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and...

2014-04-29  CVE-2014-2183  The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.
  CVE-2014-2184  The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
  CVE-2014-2185  The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
  CVE-2013-7373  Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.

2014-04-28  MITRE:23940  Apache Subversion vulnerability before 1.7.15 and 1.8.x before 1.8.6 in VisualSVN Server allows remote attackers to cause a denial of service
  MITRE:23340  Apache Subversion vulnerability 1.8.0 through 1.8.2 in VisualSVN Server
  MITRE:24245  Apache Subversion vulnerability 1.8.0 through 1.8.1 in VisualSVN Server allows to split "pack file" in the repository
  MITRE:24277  Apache Subversion vulnerability 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4 in VisualSVN Server allows remote attackers to cause a denial of service
  MITRE:24294  Apache Subversion vulnerability 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 in VisualSVN Server allows remote attackers to bypass intended access restrictions and possibly cause a denial of service
  MITRE:23774  Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

2014-04-24  CVE-2012-3946  Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the...
  CVE-2012-5723  Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

2014-04-23  CVE-2012-1317  The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
  CVE-2012-4658  The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.
  CVE-2012-5032  The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or...
  CVE-2012-5039  The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.
  CVE-2012-5037  The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.
  CVE-2012-0360  Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.
  CVE-2012-5427  Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.
  CVE-2012-4651  Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.
  CVE-2012-5044  Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
  CVE-2012-5014  Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.
  CVE-2012-5017  Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268.
  CVE-2012-3062  Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID...
  CVE-2012-1366  Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
  CVE-2012-4638  Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.
  CVE-2012-5036  Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.

2014-04-15  CVE-2014-2842  Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.

2014-04-14  CVE-2014-0612  Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote...
  CVE-2014-2714  The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows...
  CVE-2014-2713  Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of...
  CVE-2014-0614  Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.
  CVE-2014-2711  Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3...
  CVE-2014-2712  Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before...

2014-04-11  MITRE:24439  RHSA-2014:0380: flash-plugin security update
  MITRE:24718  RHSA-2014:0376: openssl security update

2014-04-10  REF000672  openSSL Vulnerability: Heartbleed - unix
  CVE-2014-0160  openSSL Vulnerability: Heartbleed

2014-04-05  CVE-2014-2144  Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.

2014-04-04  CVE-2014-2143  The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

2014-03-31  MITRE:22065  VBScript Memory Corruption Vulnerability () - MS14-010, MS14-011
  CVE-2013-6770  The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by...

2014-03-28  CVE-2014-2131  The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.

2014-03-27  CVE-2014-2109  The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
  CVE-2014-2112  The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
  CVE-2014-2111  The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.
  CVE-2014-2106  Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.
  CVE-2014-2113  Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet,...
  CVE-2014-2107  Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID...
  CVE-2014-2108  Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.

2014-03-24  MITRE:23928  RHSA-2014:0289: flash-plugin security update

2014-03-20  CVE-2014-2124  Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.

2014-03-14  CVE-2014-2292  Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via...
  CVE-2013-6835  TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a...
  CVE-2014-1286  SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.
  CVE-2014-1285  Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.
  CVE-2014-1281  Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a...
  CVE-2014-1276  IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.
  CVE-2014-1274  FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
  CVE-2014-2291  Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows...
  CVE-2013-5133  Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.

2014-03-07  MITRE:24162  RHSA-2014:0196: flash-plugin security update

2014-03-06  CVE-2014-0705  The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a...
  CVE-2014-0704  The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device...
  CVE-2014-0703  Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by...
  CVE-2014-0707  Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.
  CVE-2014-0706  Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
  CVE-2014-0701  Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high...

2014-03-03  MITRE:22096  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:21979  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22170  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22233  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22402  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22214  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22227  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22270  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22289  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22372  Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22200  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  MITRE:22304  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  MITRE:21384  Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE

2014-03-02  CVE-2013-4710  Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a...

2014-02-26  CVE-2014-0741  The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command,...
  CVE-2014-0743  The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID...
  CVE-2014-0742  The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors,...
  CVE-2014-0747  The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
  CVE-2014-0740  Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to...

2014-02-22  CVE-2014-0731  The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.

2014-02-20  CVE-2014-0732  The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct...
  CVE-2014-0733  The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a...
  CVE-2014-0734  SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka...
  CVE-2014-0735  Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug...
  CVE-2014-0736  Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary...

2014-02-18  CVE-2014-2019  The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this...

2014-02-15  REF000670  End of Windows XP support from Microsoft

2014-02-14  MITRE:22390  RHSA-2014:0137: flash-plugin security update
  MITRE:22092  RHSA-2014:0136: java-1.5.0-ibm security update
  MITRE:22560  RHSA-2014:0135: java-1.6.0-ibm security update
  MITRE:22292  RHSA-2014:0134: java-1.7.0-ibm security update

2014-02-13  CVE-2014-0722  The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka...
  CVE-2014-0724  The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
  CVE-2014-0728  SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
  CVE-2014-0726  SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
  CVE-2014-0729  SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.
  CVE-2014-0727  SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
  CVE-2014-0723  Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
  CVE-2014-0725  Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.

2014-02-04  CVE-2014-0686  Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

2014-01-28  MITRE:22499  RHSA-2014:0028: flash-plugin security update

2014-01-23  CVE-2013-7313  The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database,...

2014-01-22  CVE-2014-0661  The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a...
  CVE-2014-0677  The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.
  CVE-2014-0676  Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

2014-01-19  CVE-2013-3594  The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.
  CVE-2013-3595  The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL.
  CVE-2013-3606  The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username.

2014-01-15  CVE-2014-0613  The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before...
  MITRE:22006  RHSA-2011:0926: bind security update
  MITRE:21913  RHSA-2011:0918: curl security update
  MITRE:21435  RHSA-2011:0885: firefox security and bug fix update
  MITRE:21301  RHSA-2011:0862: subversion security update
  MITRE:21616  RHSA-2011:0859: cyrus-imapd security update
  MITRE:21740  RHSA-2011:0845: bind security update
  MITRE:21899  RHSA-2011:0843: postfix security update
  MITRE:21920  RHSA-2011:0506: rdesktop security update
  MITRE:21684  RHSA-2011:0472: nss security update
  MITRE:21758  RHSA-2011:0471: firefox security update
  MITRE:21165  RHSA-2011:0433: xorg-x11-server-utils security update
  MITRE:21712  RHSA-2011:0428: dhcp security update
  MITRE:21821  RHSA-2011:0391: libvirt security update
  MITRE:21426  RHSA-2011:0373: firefox security update
  MITRE:21856  RHSA-2011:0337: vsftpd security update
  MITRE:21847  RHSA-2011:0332: scsi-target-utils security update
  MITRE:21822  RHSA-2011:0324: logwatch security update
  MITRE:21627  RHSA-2011:0318: libtiff security update
  MITRE:21214  RHSA-2011:0310: firefox security and bug fix update
  MITRE:21898  RHSA-2011:0305: samba security update
  MITRE:21931  RHSA-2011:0281: java-1.6.0-openjdk security update
  MITRE:21713  RHSA-2011:0214: java-1.6.0-openjdk security update
  MITRE:21857  RHSA-2011:0206: flash-plugin security update
  MITRE:21138  RHSA-2011:0197: postgresql security update
  MITRE:21479  RHSA-2011:0180: pango security update
  MITRE:21813  RHSA-2011:0154: hplip security update
  CVE-2014-0617  Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet.
  CVE-2014-0615  Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...
  CVE-2014-0616  Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...

2014-01-14  MITRE:21501  RHSA-2012:1569: flash-plugin security update
  MITRE:21011  RHSA-2012:1466: java-1.6.0-ibm security update
  MITRE:21614  RHSA-2012:1465: java-1.5.0-ibm security update
  MITRE:21660  RHSA-2012:1431: flash-plugin security update
  MITRE:21594  RHSA-2012:1346: flash-plugin security update
  MITRE:21334  RHSA-2012:1245: java-1.5.0-ibm security update
  MITRE:21447  RHSA-2012:1238: java-1.6.0-ibm security update
  MITRE:21376  RHSA-2012:0722: flash-plugin security update
  MITRE:21162  RHSA-2012:0688: flash-plugin security update
  MITRE:21404  RHSA-2012:0514: java-1.6.0-ibm security update
  MITRE:21398  RHSA-2012:0508: java-1.5.0-ibm security update
  MITRE:20413  RHSA-2012:0144: flash-plugin security update

2014-01-10  CVE-2014-0618  Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote...

2014-01-09  MITRE:21081  RHSA-2013:1818: flash-plugin security update
  MITRE:20714  RHSA-2013:1518: flash-plugin security update
  MITRE:20642  RHSA-2013:1509: java-1.5.0-ibm security update
  MITRE:21240  RHSA-2013:1508: java-1.6.0-ibm security update
  MITRE:21151  RHSA-2013:1507: java-1.7.0-ibm security update
  MITRE:20796  RHSA-2013:1402: Adobe Reader - notification of end of updates
  MITRE:20919  RHSA-2013:1256: flash-plugin security update
  MITRE:21196  RHSA-2013:1081: java-1.5.0-ibm security update
  MITRE:21131  RHSA-2013:1060: java-1.7.0-ibm security update
  MITRE:21219  RHSA-2013:1059: java-1.6.0-ibm security update
  MITRE:20942  RHSA-2013:1035: flash-plugin security update
  MITRE:20910  RHSA-2013:0941: flash-plugin security update
  MITRE:21241  RHSA-2013:0855: java-1.5.0-ibm security update
  MITRE:20740  RHSA-2013:0826: acroread security update
  MITRE:21201  RHSA-2013:0825: flash-plugin security update
  MITRE:21111  RHSA-2013:0823: java-1.6.0-ibm security update
  MITRE:20254  RHSA-2013:0822: java-1.7.0-ibm security update
  MITRE:21078  RHSA-2013:0730: flash-plugin security update
  MITRE:20806  RHSA-2013:0643: flash-plugin security update
  MITRE:21040  RHSA-2013:0626: java-1.7.0-ibm security update
  MITRE:21077  RHSA-2013:0625: java-1.6.0-ibm security update
  MITRE:21109  RHSA-2013:0624: java-1.5.0-ibm security update
  MITRE:20438  RHSA-2013:0574: flash-plugin security update
  MITRE:21027  RHSA-2013:0551: acroread security update
  MITRE:20801  RHSA-2013:0254: flash-plugin security update
  MITRE:20926  RHSA-2013:0243: flash-plugin security update
  MITRE:20442  RHSA-2013:0150: acroread security update
  MITRE:21009  RHSA-2013:0149: flash-plugin security update

2014-01-08  CVE-2014-0653  The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.
  CVE-2014-0655  The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID...
  CVE-2013-6982  The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer...
  CVE-2014-0657  The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a...

2013-12-27  CVE-2013-6981  Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

2013-12-23  CVE-2013-6979  The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source...

2013-12-21  CVE-2013-6978  The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug...
  CVE-2012-4131  Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
  CVE-2012-4135  Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.

2013-12-18  CVE-2013-4775  NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware...
  CVE-2013-4776  NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.

2013-12-14  CVE-2013-6271  Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class...

2013-12-13  CVE-2013-6958  Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
  CVE-2013-6956  Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web...

2013-12-12  CVE-2013-2751  Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to...
  CVE-2013-2752  Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
  CVE-2013-7030  ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential...

2013-12-03  CVE-2013-6705  The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
  CVE-2013-6704  Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.

2013-12-02  CVE-2013-6696  Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.

2013-11-28  CVE-2013-6700  The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
  CVE-2013-6706  The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.

2013-11-26  MITRE:19002  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19020  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19032  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18645  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19046  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19096  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19101  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19207  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:18874  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19188  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
  MITRE:18504  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18733  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18971  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18990  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19024  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18436  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19088  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19150  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19185  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19189  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18894  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19039  OpenSSL vulnerability before 1.0.0c in VisualSVN Server
  MITRE:19016  OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:19081  OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:18910  OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server
  MITRE:18868  OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:18985  OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server
  MITRE:19036  Denial of service vulnerability in Microsoft SharePoint () - MS13-067
  MITRE:18750  Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
  MITRE:19136  Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
  MITRE:18922  Apache Subversion vulnerability before 1.6.17 in VisualSVN Server
  MITRE:18967  Apache Subversion vulnerability before 1.6.16 in VisualSVN Server
  MITRE:18788  Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18973  Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18980  Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18772  Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server
  MITRE:18986  Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  MITRE:19057  Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  MITRE:19007  Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server
  MITRE:18999  Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  MITRE:18889  Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  MITRE:18790  Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server
  MITRE:18835  Apache HTTP vulnerability before 2.2.25 in VisualSVN Server
  MITRE:18827  Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server

2013-11-25  MITRE:18621  Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server
  MITRE:18554  Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server
  MITRE:18087  Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18538  Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18154  Apache HTTP vulnerability before 2.2.21 in VisualSVN Server

2013-11-22  CVE-2013-6698  The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,...
  CVE-2013-6694  The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
  CVE-2013-6699  The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,...

2013-11-21  CVE-2013-6693  The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID...
  CVE-2013-6692  Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka...

2013-11-17  CVE-2013-6686  The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
  CVE-2013-5556  The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches...
  CVE-2013-5193  The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous...
  CVE-2013-6688  Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted...
  CVE-2013-6689  Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

2013-11-13  CVE-2013-6684  The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
  CVE-2013-6683  The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
  CVE-2013-5552  Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID...

2013-11-11  MITRE:18997  The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site

2013-11-07  CVE-2013-5565  The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
  CVE-2013-5553  Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
  CVE-2013-5566  Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.

2013-11-05  CVE-2013-6618  jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

2013-10-31  CVE-2013-5546  The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,...
  CVE-2013-5545  The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
  CVE-2013-5548  The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
  CVE-2013-5555  Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
  CVE-2013-5547  Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
  CVE-2013-5543  Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by...

2013-10-28  CVE-2013-6012  Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote...
  CVE-2013-6014  Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when...

2013-10-24  CVE-2013-5549  Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6...
  CVE-2013-5522  Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.

2013-10-23  CVE-2013-5162  Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
  CVE-2013-5144  Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain...
  CVE-2013-5164  Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.

2013-10-19  CVE-2013-6027  Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to...

2013-10-17  CVE-2013-6015  Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a...
  CVE-2013-6170  Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing...
  CVE-2013-4689  J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site...
  CVE-2013-6013  Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might...

2013-10-14  MITRE:18318  Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066

2013-10-13  CVE-2012-4097  The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
  CVE-2012-4099  The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
  CVE-2012-4121  Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
  CVE-2012-4077  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
  CVE-2012-4076  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.

2013-10-10  CVE-2013-5499  The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
  CVE-2013-5527  The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
  CVE-2013-5528  Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug...

2013-10-05  CVE-2012-4091  The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
  CVE-2012-4090  The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
  CVE-2012-4122  The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
  CVE-2012-4098  The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
  CVE-2012-4141  Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
  CVE-2012-4075  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

2013-10-03  CVE-2013-5519  Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

2013-10-02  CVE-2013-5503  The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.

2013-09-30  CVE-2013-5516  The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka...

2013-09-27  CVE-2013-5476  The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID...
  CVE-2013-5477  The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
  CVE-2013-5498  The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
  CVE-2013-5481  The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
  CVE-2013-5472  The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of...
  CVE-2013-5480  The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
  CVE-2013-5479  The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
  CVE-2013-5474  Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug...
  CVE-2013-5160  Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button...
  CVE-2013-5161  Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened...
  CVE-2013-5473  Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
  CVE-2013-5478  Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
  CVE-2013-5475  Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID...

2013-09-19  CVE-2013-1038  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1039  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1040  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1037  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1041  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1042  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1043  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1044  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1045  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1046  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1047  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5125  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5126  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5127  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5128  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5159  WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
  CVE-2013-5157  The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
  CVE-2013-5156  The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct...
  CVE-2013-5158  The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified...
  CVE-2013-5154  The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a...
  CVE-2013-5155  The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
  CVE-2013-1121  The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
  CVE-2013-5149  The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification...
  CVE-2013-5141  The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer...
  CVE-2013-5142  The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
  CVE-2013-5140  The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
  CVE-2011-2391  The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
  CVE-2013-5139  The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
  CVE-2013-5150  The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
  CVE-2013-5153  Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
  CVE-2013-1036  Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
  CVE-2013-5147  Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of...
  CVE-2013-5129  Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
  CVE-2013-5151  Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
  CVE-2013-5152  Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
  CVE-2013-5145  kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
  CVE-2013-5137  IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
  CVE-2013-5138  IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
  CVE-2013-0957  Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
  CVE-2013-5131  Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

2013-09-16  CVE-2013-1028  The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive...
  CVE-2013-5496  Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
  CVE-2013-1026  Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
  CVE-2013-1025  Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

2013-09-13  CVE-2013-5649  Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary...

2013-09-09  MITRE:16762  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17187  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17252  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17298  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17300  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17009  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17561  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17572  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17601  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17604  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17621  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17123  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17143  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17407  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16907  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17359  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17396  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17400  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17441  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17466  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16768  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16780  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17184  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17199  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17224  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17237  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17246  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17264  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17269  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17272  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17288  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16986  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17559  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17562  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17575  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17582  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16532  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16588  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16983  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17507  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17516  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17518  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17523  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17524  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17530  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17539  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17544  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17546  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17548  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16626  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16638  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17064  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17081  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17144  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17163  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16874  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16891  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17336  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17342  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17352  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17357  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17377  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17384  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17393  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17433  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17437  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17445  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17463  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17467  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17478  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17481  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17263  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17068  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17138  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17365  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17368  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17469  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17475  WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17212  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17203  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17207  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17208  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17211  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17317  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17020  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17051  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17483  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16714  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16724  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17076  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17084  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17133  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17170  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16865  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17340  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17355  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17362  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17370  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17383  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17401  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17444  WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17241  WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory...
  MITRE:17072  WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or...
  MITRE:16788  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17218  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17222  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16730  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17191  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17247  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17250  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17254  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17280  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17299  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17312  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16568  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16959  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17018  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17104  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17127  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17059  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17070  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17092  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17094  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17161  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17167  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17172  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17413  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16457  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16488  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16843  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16871  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16903  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16916  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:16938  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17327  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17339  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17372  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17373  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17374  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17378  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17394  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17397  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17446  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17452  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17482  WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17308  WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
  MITRE:16756  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16795  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16826  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17185  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17204  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17271  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17276  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17282  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17287  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17297  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17302  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17319  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16994  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16941  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16974  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16980  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17048  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17486  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17488  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16678  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16726  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17057  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17060  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17082  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17128  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17152  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17156  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17158  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17168  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17169  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17174  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17419  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17427  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17429  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17431  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16862  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16879  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17326  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17331  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17334  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17364  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17366  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17375  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17387  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17432  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17434  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17435  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17438  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17458  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17464  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17471  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17473  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17220  Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
  MITRE:17099  Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon
  MITRE:17367  Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium...
  MITRE:17303  Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file
  MITRE:17016  Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist
  MITRE:16919  CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)...
  MITRE:17228  Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding
  MITRE:16784  Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream
  MITRE:17304  Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file
  MITRE:17605  Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate
  MITRE:17136  Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning
  MITRE:16978  Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a...

2013-09-07  CVE-2013-3458  Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID...

2013-08-30  CVE-2013-3474  The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or...
  CVE-2013-5469  The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN...

2013-08-29  CVE-2013-3470  The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
  CVE-2013-3463  The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use...
  CVE-2013-3472  Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,...

2013-08-26  MITRE:17341  TrueType Font Parsing Vulnerability

2013-08-24  CVE-2013-3460  Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka...
  CVE-2013-3461  Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,...
  CVE-2013-3459  Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
  CVE-2013-3462  Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified...

2013-08-22  CVE-2013-3453  Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP...

2013-08-19  MITRE:16998  WMV Video Decoder remote code execution vulnerability - MS13-057
  MITRE:17253  Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058

2013-08-13  CVE-2013-3464  Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C...

2013-08-12  CVE-2013-4806  The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link...

2013-08-08  CVE-2013-3454  Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the...

2013-08-05  MITRE:17256  Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity...
  MITRE:16770  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17214  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16389  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16806  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17181  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17189  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17230  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17236  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17294  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16580  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17042  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16311  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17106  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16712  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17052  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17090  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17149  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17176  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:16840  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
  MITRE:17221  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect...
  MITRE:16545  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to...
  MITRE:16803  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:17206  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16982  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16887  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16617  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
  MITRE:17098  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
  MITRE:17195  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability...
  MITRE:17265  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and...
  MITRE:17180  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
  MITRE:16899  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
  MITRE:17257  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:17116  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:17192  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
  MITRE:17069  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to...
  MITRE:17202  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:17014  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors...
  CVE-2013-3442  The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
  CVE-2013-3451  Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug...
  CVE-2013-3450  Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.

2013-08-01  CVE-2012-5460  Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText...

2013-07-29  MITRE:16835  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  MITRE:17186  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated...
  MITRE:17266  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
  MITRE:16267  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to...
  MITRE:17175  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful...
  MITRE:16877  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network...
  MITRE:16395  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  MITRE:17077  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  MITRE:16960  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  MITRE:16947  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
  MITRE:16825  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  MITRE:17268  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
  MITRE:16758  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful...
  MITRE:16451  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  MITRE:17255  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
  MITRE:16792  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
  MITRE:16632  Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...

2013-07-25  CVE-2013-3414  Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.

2013-07-22  MITRE:16375  The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to...

2013-07-19  CVE-2013-3436  The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy...

2013-07-18  CVE-2013-3433  Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
  CVE-2013-3434  Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
  CVE-2013-3412  SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
  CVE-2013-3404  SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging...
  CVE-2013-3403  Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged...
  CVE-2013-3402  An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.

2013-07-11  CVE-2013-4686  The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and...
  CVE-2013-4690  Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of...
  CVE-2013-4684  flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM...
  CVE-2013-4687  flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via...
  CVE-2013-4688  flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
  CVE-2013-4685  Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute...

2013-07-10  CVE-2013-3400  The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.

2013-07-09  CVE-2013-4787  Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does...

2013-07-06  CVE-2013-2341  Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to...
  CVE-2013-2340  Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute...

2013-06-26  CVE-2013-3382  The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device...
  CVE-2013-3397  Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified...

2013-06-21  CVE-2013-3377  Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.

2013-06-18  CVE-2013-4616  The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier...

2013-06-10  MITRE:16168  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Swing) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
  MITRE:16430  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality,...
  MITRE:15923  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
  MITRE:16519  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16581  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on...
  MITRE:16537  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
  MITRE:16013  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
  MITRE:15888  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16058  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16496  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16558  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:15832  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16550  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  MITRE:16530  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via...
  MITRE:16528  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16513  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
  MITRE:16259  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
  MITRE:15996  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
  MITRE:16312  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
  MITRE:16649  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  MITRE:16566  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16613  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16652  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
  MITRE:16680  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
  MITRE:16567  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16035  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16045  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
  MITRE:16502  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier...
  MITRE:15733  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...

2013-06-05  CVE-2013-3954  The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is...
  CVE-2013-3953  The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory...
  CVE-2013-3950  Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR...
  CVE-2013-3948  Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary...

2013-06-03  MITRE:16549  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  MITRE:16564  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  MITRE:16697  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
  MITRE:16527  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16578  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16314  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16688  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16702  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16446  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16297  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful...
  MITRE:16597  Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
  MITRE:16684  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
  MITRE:16686  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16506  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:16685  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity...
  MITRE:16227  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity,...
  MITRE:16546  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and...
  MITRE:16553  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16538  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16585  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16602  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16654  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16043  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16466  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
  MITRE:16544  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and...

2013-05-29  CVE-2013-1212  The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,...
  CVE-2013-1209  The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable...
  CVE-2013-1208  The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by...
  CVE-2013-1211  Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a...
  CVE-2013-1213  Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability...
  CVE-2013-1210  Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by...

2013-05-27  MITRE:16598  Microsoft Windows Remote Desktop Client remote code execution vulnerability - MS13-029
  MITRE:16293  Elevation of privilege vulnerability in Windows Defender - MS13-034

2013-05-24  CVE-2013-1019  Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

2013-05-23  CVE-2013-1204  Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.

2013-05-22  CVE-2013-2842  Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

2013-05-20  CVE-2013-0999  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1000  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1001  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1002  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1003  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1006  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1007  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1008  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1010  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1004  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  CVE-2013-1005  WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...

2013-05-15  CVE-2013-1188  Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.

2013-05-13  CVE-2013-1136  The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then...

2013-05-03  CVE-2013-1234  The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
  CVE-2013-1240  The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
  CVE-2013-1235  Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly...

2013-04-29  CVE-2013-1226  The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
  CVE-2013-1216  Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.

2013-04-25  CVE-2013-1215  The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
  CVE-2013-1192  The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp...
  CVE-2013-1178  Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices...
  CVE-2013-1179  Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to...
  CVE-2013-1181  Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by...
  CVE-2013-1180  Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted...

2013-04-24  CVE-2013-1217  The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.

2013-04-18  CVE-2013-1194  The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via...
  CVE-2013-1199  Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing...

2013-04-16  CVE-2012-5415  Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for...

2013-04-11  CVE-2013-1150  The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before...
  CVE-2013-2779  Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a...
  CVE-2013-1164  Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card...
  CVE-2013-1166  Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by...
  CVE-2013-1167  Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not...
  CVE-2013-1165  Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293.
  CVE-2013-1152  Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.
  CVE-2013-1149  Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall...

2013-03-28  CVE-2013-1146  The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.
  CVE-2013-1143  The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect...
  CVE-2013-1147  The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote...
  CVE-2013-1148  The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service...
  CVE-2013-1142  Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.
  CVE-2013-1144  Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055.
  CVE-2013-1145  Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP...
  CVE-2012-5216  Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of...

2013-03-25  CVE-2013-1162  The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000.

2013-03-20  CVE-2013-0980  The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call...
  CVE-2013-0979  lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that...

2013-02-28  CVE-2013-1141  The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS...

2013-02-27  CVE-2013-1134  The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct...
  CVE-2013-1133  Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused...

2013-02-25  CVE-2013-1138  The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.

2013-02-24  CVE-2013-0120  The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request.

2013-02-23  CVE-2013-0879  Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have...

2013-02-13  CVE-2013-1100  The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.
  CVE-2013-1122  Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.

2013-02-12  CVE-2011-5262  SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.

2013-02-05  CVE-2011-1350  The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
  CVE-2011-1352  The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.

2013-01-29  CVE-2013-0948  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0949  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0950  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0951  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0952  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0953  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0954  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0955  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0956  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0958  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0959  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0968  WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2013-0974  StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript...
  CVE-2013-0963  Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an...
  CVE-2013-0962  Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.

2013-01-24  CVE-2013-1102  The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service...
  CVE-2013-1104  The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
  CVE-2013-1105  Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device...
  CVE-2013-1103  Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.

2013-01-19  CVE-2012-6396  Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces...

2013-01-18  CVE-2012-5717  Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID...
  CVE-2012-6395  Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors,...

2012-12-21  CVE-2012-0841  libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

2012-12-19  CVE-2012-5991  screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type...
  CVE-2012-5992  Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts...
  CVE-2012-6007  Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter,...

2012-12-10  CVE-2012-6301  The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.

2012-11-30  CVE-2012-4221  Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an...
  CVE-2012-4222  drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses...
  CVE-2012-4220  diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference)...

2012-11-27  CVE-2012-5134  Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or...

2012-11-26  MITRE:15395  Reflected XSS Vulnerability - MS12-070

2012-11-14  CVE-2012-2619  The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service...

2012-11-03  CVE-2012-3750  The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.
  CVE-2012-3749  The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a...
  CVE-2012-3748  Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

2012-10-29  CVE-2012-4660  The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5...
  CVE-2012-4643  The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before...
  CVE-2012-4662  The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before...
  CVE-2012-4663  The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before...
  CVE-2012-4659  The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before...
  CVE-2012-4661  Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before...

2012-10-11  CVE-2012-5112  Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

2012-10-07  CVE-2011-3918  The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.

2012-09-26  CVE-2012-3949  The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS,...
  CVE-2012-4618  The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.
  CVE-2012-4619  The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.
  CVE-2012-3950  The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS...
  CVE-2012-4623  The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a...
  CVE-2012-4621  The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
  CVE-2012-4617  The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed...
  CVE-2012-2889  Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
  CVE-2012-4622  Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error...
  CVE-2012-4620  Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug...

2012-09-20  CVE-2012-3747  WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
  CVE-2012-3746  UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
  CVE-2012-3743  The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
  CVE-2012-3722  The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service...
  CVE-2012-3741  The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step...
  CVE-2012-3737  The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.
  CVE-2012-3740  The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
  CVE-2012-3735  The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the...
  CVE-2012-3736  The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call.
  CVE-2012-3739  The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.
  CVE-2012-3728  The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.
  CVE-2012-3738  The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime...
  CVE-2012-3725  The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information...
  CVE-2012-3729  The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a...
  CVE-2012-3744  Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating...
  CVE-2012-3742  Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the...
  CVE-2012-3734  Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
  CVE-2012-3745  Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.
  CVE-2012-3733  Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain...
  CVE-2012-3732  Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
  CVE-2012-3731  Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
  CVE-2012-3730  Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a...
  CVE-2012-3726  Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
  CVE-2012-3724  CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived...
  CVE-2012-3727  Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

2012-09-17  CVE-2012-2993  Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an...

2012-09-16  CVE-2012-3924  The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a...
  CVE-2012-3923  The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a...
  CVE-2012-3893  The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
  CVE-2012-3915  The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.
  CVE-2012-3051  Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822.
  CVE-2012-3895  Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224.
  CVE-2012-3079  Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957.

2012-09-13  CVE-2012-3606  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3607  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3621  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3632  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3687  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2012-3701  WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...

2012-08-31  CVE-2012-2870  libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not...
  CVE-2012-2871  libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or...

2012-08-20  MITRE:14783  ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045

2012-08-06  CVE-2012-2857  Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a...
  CVE-2012-1367  The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka...
  CVE-2012-1357  The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521.
  CVE-2012-2474  Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN...
  CVE-2012-2469  Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP)...
  CVE-2012-1361  Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750.
  CVE-2012-1344  Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka...
  CVE-2012-1338  Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.
  CVE-2012-1350  Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426.
  CVE-2012-2472  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU...

2012-06-27  CVE-2012-2824  Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
  CVE-2012-2807  Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via...

2012-06-25  MITRE:15621  GDI+ Record Type Vulnerability

2012-06-20  CVE-2012-3058  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause...

2012-05-31  CVE-2012-2488  Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.

2012-05-15  CVE-2011-3102  Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

2012-05-08  CVE-2012-0672  WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
  CVE-2012-0674  Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

2012-05-03  CVE-2012-0376  The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
  CVE-2012-1324  Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
  CVE-2011-4023  Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
  CVE-2011-4019  Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs...
  CVE-2012-1327  dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S,...
  CVE-2011-4231  Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
  CVE-2012-0378  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect...

2012-05-02  CVE-2011-4016  The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID...
  CVE-2011-3295  The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888.
  CVE-2011-2586  The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
  CVE-2012-0362  The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network...
  CVE-2011-4006  The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
  CVE-2011-2578  Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366.
  CVE-2011-3285  CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
  CVE-2011-4015  Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
  CVE-2011-4007  Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2)...
  CVE-2011-3289  Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640.
  CVE-2012-0339  Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client,...
  CVE-2012-0338  Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka...
  CVE-2011-4012  Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091.
  CVE-2011-3309  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE...
  CVE-2012-0335  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a...

2012-04-27  CVE-2012-2439  The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.

2012-04-02  MITRE:15075  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:15069  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
  MITRE:14878  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote...
  MITRE:14082  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
  MITRE:14900  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
  MITRE:14813  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
  MITRE:14942  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect...
  MITRE:13976  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...

2012-03-30  CVE-2011-3058  Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

2012-03-29  CVE-2012-1314  The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.
  CVE-2012-0386  The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse...
  CVE-2012-0385  The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.
  CVE-2012-1311  The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets,...
  CVE-2012-0382  The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote...
  CVE-2012-1312  The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.
  CVE-2012-0381  The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of...
  CVE-2012-1310  Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536.
  CVE-2012-1315  Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171.
  CVE-2012-0383  Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation...
  CVE-2012-0387  Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug...
  CVE-2012-0388  Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID...
  CVE-2012-0384  Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow...

2012-03-14  CVE-2012-0353  The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3...
  CVE-2012-0354  The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before...
  CVE-2012-0355  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service...
  CVE-2012-0356  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8),...
  CVE-2012-0358  Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before...

2012-03-08  CVE-2011-2833  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2867  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2868  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2869  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2870  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2871  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2872  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2011-2873  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0611  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0612  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0616  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0617  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0591  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0592  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0593  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0594  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0595  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0596  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0597  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0598  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0599  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0600  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0601  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0602  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0603  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0604  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0605  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0606  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0607  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0608  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0609  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0610  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0613  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0614  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0615  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0618  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0619  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0620  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0621  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0622  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0623  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0624  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0625  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0626  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0627  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0628  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0629  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0630  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0631  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0632  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0633  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0635  WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2012-0585  The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
  CVE-2012-0643  The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
  CVE-2012-0645  Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to...
  CVE-2012-0644  Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
  CVE-2012-0642  Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.
  CVE-2012-0646  Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
  CVE-2012-0590  Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
  CVE-2012-0586  Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588,...
  CVE-2012-0587  Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588,...
  CVE-2012-0588  Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,...
  CVE-2012-0589  Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,...
  CVE-2012-0641  CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

2012-02-29  CVE-2012-0368  The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device...
  CVE-2011-4487  SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and...
  CVE-2012-0369  Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID...
  CVE-2012-0371  Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709.
  CVE-2012-0370  Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2)...
  CVE-2011-4486  Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before...

2012-02-24  CVE-2012-0363  The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a...
  CVE-2012-0365  Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload...
  CVE-2012-0364  Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.

2012-02-16  CVE-2012-0352  Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote...

2012-01-30  MITRE:14309  Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.
  MITRE:14650  Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
  MITRE:14489  Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of...
  MITRE:13796  Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.
  MITRE:14634  Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka...
  MITRE:14725  IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
  MITRE:14203  Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR...
  MITRE:14238  Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are...
  MITRE:14822  Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party...
  MITRE:14348  Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share...

2012-01-27  CVE-2011-3874  Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand...

2012-01-25  CVE-2011-4276  The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.

2012-01-16  MITRE:14282  Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:13357  Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14092  Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14101  Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14276  Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
  MITRE:14340  Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14354  Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14208  Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
  MITRE:13959  Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and...
  MITRE:13662  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to...
  MITRE:14492  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14339  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14394  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14465  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown...
  MITRE:14316  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to...
  MITRE:14373  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to...
  MITRE:14524  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to...
  MITRE:14180  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to...
  MITRE:13885  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14210  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
  MITRE:14288  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:14105  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:13971  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:13492  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
  MITRE:14061  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
  MITRE:14321  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability...
  MITRE:13803  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability...
  MITRE:14351  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors....
  MITRE:13552  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java...
  MITRE:14417  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets...
  MITRE:14045  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and...
  MITRE:13639  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14233  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14034  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:14403  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
  MITRE:13546  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
  MITRE:14039  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
  MITRE:14119  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
  MITRE:14271  Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows...
  MITRE:13888  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:14011  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start...
  MITRE:14240  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14081  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14112  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14225  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14335  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
  MITRE:14477  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:14174  Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and...
  MITRE:14475  Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors....
  MITRE:13923  Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the...
  MITRE:13795  Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14453  Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14350  Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14144  Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. ...
  MITRE:14503  Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
  MITRE:14521  Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
  MITRE:13934  Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via...
  MITRE:14328  The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other...
  MITRE:13317  Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality,...

2011-11-22  CVE-2011-4500  The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests.
  CVE-2011-4499  The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish...

2011-11-11  CVE-2011-3440  The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
  CVE-2011-3442  The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
  CVE-2011-3441  libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
  CVE-2011-3439  FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

2011-11-03  CVE-2011-4005  Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and...

2011-11-01  CVE-2011-0941  Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory...

2011-10-27  CVE-2011-3315  Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP...
  CVE-2011-2569  Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008,...

2011-10-21  CVE-2011-2060  The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description,...
  CVE-2011-2059  The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a...
  CVE-2011-1640  The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug...
  CVE-2011-2058  The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors...
  CVE-2011-2057  The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which...

2011-10-16  CVE-2010-4964  recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
  CVE-2010-4965  /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.

2011-10-14  CVE-2011-3434  The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
  CVE-2011-3432  The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
  CVE-2011-3430  The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by...
  CVE-2011-3429  The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
  CVE-2011-3245  The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
  CVE-2011-3259  The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many...
  CVE-2011-3431  The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
  CVE-2011-3427  The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or...
  CVE-2011-3257  The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances...
  CVE-2011-3256  FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
  CVE-2011-3261  Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
  CVE-2011-3243  Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
  CVE-2011-3426  Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
  CVE-2011-3254  Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
  CVE-2011-3246  CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a...
  CVE-2011-3255  CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
  CVE-2011-3253  CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
  CVE-2011-3260  Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.

2011-10-06  CVE-2011-3296  Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via...
  CVE-2011-3297  Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by...
  CVE-2011-3304  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before...
  CVE-2011-3303  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before...
  CVE-2011-3299  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3...
  CVE-2011-3300  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3...
  CVE-2011-3301  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3...
  CVE-2011-3302  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3...
  CVE-2011-3298  Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before...

2011-10-03  CVE-2011-3271  Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.
  CVE-2011-3278  Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka...
  CVE-2011-3277  Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka...
  CVE-2011-3276  Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port...
  CVE-2011-3281  Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID...
  CVE-2011-0939  Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022.
  CVE-2011-3282  Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related...
  CVE-2011-3274  Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet,...
  CVE-2011-3270  Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453.
  CVE-2011-3279  The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219.
  CVE-2011-0946  The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS)...
  CVE-2011-3272  The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073.
  CVE-2011-3280  Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port...
  CVE-2011-0945  Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to...
  CVE-2011-3273  Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka...
  CVE-2011-2072  Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of...
  CVE-2011-3275  Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504.
  CVE-2011-0944  Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.
  CVE-2011-3975  A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote...

2011-09-23  CVE-2011-2544  Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant...
  CVE-2011-2543  Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long...

2011-09-14  CVE-2011-2581  The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which...

2011-08-31  CVE-2011-2577  Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted...

2011-08-29  CVE-2011-2563  Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause...
  CVE-2011-2564  Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause...
  CVE-2011-2562  Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service...
  CVE-2011-2561  The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a...
  CVE-2011-2560  The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by...
  CVE-2011-0228  The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL...
  CVE-2011-1643  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by...

2011-08-18  CVE-2011-1625  Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing...
  CVE-2011-1624  Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631.

2011-08-15  MITRE:12441  Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability

2011-08-12  CVE-2011-2357  Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the...

2011-08-01  MITRE:12664  XML External Entities Resolution Vulnerability

2011-07-28  CVE-2011-2549  Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695.
  CVE-2011-2547  The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
  CVE-2011-2546  SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.

2011-07-19  CVE-2011-0227  The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
  CVE-2011-0226  Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial...

2011-07-11  CVE-2011-2064  Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577.

2011-07-08  CVE-2011-2344  Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums...

2011-06-09  CVE-2011-1823  The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that...
  CVE-2010-4804  The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

2011-06-08  CVE-2011-2395  The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is...

2011-05-31  CVE-2011-1651  Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095.
  CVE-2011-0943  Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147.
  CVE-2011-0949  Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.

2011-05-30  MITRE:12673  Scripting Memory Reallocation Vulnerability
  MITRE:12457  MFC Insecure Library Loading Vulnerability

2011-05-09  MITRE:12367  Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions

2011-05-03  CVE-2011-1613  Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets,...
  CVE-2011-1605  Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process...
  CVE-2011-1606  Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process...
  CVE-2011-1609  SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL...
  CVE-2011-1610  Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2,...
  CVE-2011-1604  Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption...
  CVE-2011-1607  Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to...

2011-04-25  MITRE:12514  Vulnerability in Microsoft Internet Explorer Could Allow GUI Corruption
  MITRE:12519  Apple iTunes Webkit Vulnerability, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service

2011-04-21  CVE-2011-1149  Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to...

2011-04-15  CVE-2011-0195  The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.

2011-04-14  CVE-2011-0935  The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a...

2011-03-11  CVE-2011-0163  WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site...
  CVE-2011-0161  WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences...
  CVE-2011-0160  WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the...
  CVE-2011-0157  WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs...
  CVE-2011-0159  The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by...
  CVE-2011-0158  MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.
  CVE-2011-1417  Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory...

2011-03-10  CVE-2011-1344  Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary...

2011-02-25  CVE-2011-0390  The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534.
  CVE-2011-0378  The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.
  CVE-2011-0376  The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.
  CVE-2011-0383  The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative...
  CVE-2011-0384  The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary...
  CVE-2011-0375  The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
  CVE-2011-0373  The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.
  CVE-2011-0374  The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.
  CVE-2011-0372  The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.
  CVE-2011-0385  The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite...
  CVE-2011-0387  The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors...
  CVE-2011-0388  Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which...
  CVE-2011-0389  Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID...
  CVE-2011-0377  Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP...
  CVE-2011-0396  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read...
  CVE-2011-0395  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow...
  CVE-2011-0393  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances...
  CVE-2011-0394  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances...
  CVE-2011-0379  Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software...

2011-02-21  MITRE:12333  DSN Overflow Vulnerability
  MITRE:12411  ADO Record Memory Vulnerability

2011-01-31  CVE-2011-0680  data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in...

2011-01-28  CVE-2011-0349  Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID...
  CVE-2011-0350  Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID...
  CVE-2011-0348  Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass...

2011-01-24  MITRE:12289  TIFF Image Converter Memory Corruption Vulnerability
  MITRE:11827  TIFF Image Converter Heap Overflow Vulnerability
  MITRE:12387  TIFF Image Converter Buffer Overflow Vulnerability
  MITRE:11967  PICT Image Converter Integer Overflow Vulnerability
  MITRE:12235  Insecure Library Loading Vulnerability
  MITRE:12150  FlashPix Image Converter Heap Corruption Vulnerability
  MITRE:12350  FlashPix Image Converter Buffer Overflow Vulnerability
  MITRE:12249  CGM Image Converter Buffer Overrun Vulnerability
  CVE-2011-0352  Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request.

2011-01-07  CVE-2010-4691  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742.
  CVE-2010-4692  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka...
  CVE-2010-4676  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748.
  CVE-2010-4681  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901.
  CVE-2010-4674  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992.
  CVE-2010-4688  Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug...
  CVE-2010-4680  The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to...
  CVE-2010-4671  The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with...
  CVE-2010-4690  The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers...
  CVE-2010-4687  STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls...
  CVE-2010-4682  Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID...
  CVE-2009-5039  Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as...
  CVE-2010-4683  Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733.
  CVE-2010-4677  emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416.
  CVE-2010-4684  Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.
  CVE-2010-4685  Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug...
  CVE-2009-5038  Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server,...
  CVE-2010-4670  Cisco Adaptive Security Appliances (ASA) IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS
  CVE-2010-4689  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network...
  CVE-2010-4678  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network...
  CVE-2010-4679  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP...
  CVE-2010-4675  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access...
  CVE-2009-5037  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911.
  CVE-2010-4673  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316.
  CVE-2010-4672  Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269.
  CVE-2010-4686  CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending...
  CVE-2009-5040  CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.

2010-12-27  MITRE:11268  Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:11798  Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:11880  Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:12240  Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:12004  Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:12005  Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:11330  Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
  MITRE:11990  Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
  MITRE:11871  Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:11619  Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
  MITRE:12226  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
  MITRE:12029  Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
  MITRE:12173  Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
  MITRE:11320  Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:12181  Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
  MITRE:12200  Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
  MITRE:12189  Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:11714  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions
  MITRE:12225  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
  MITRE:12180  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
  MITRE:11893  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:12177  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
  MITRE:11815  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions

2010-12-20  MITRE:12219  Untrusted search path vulnerability in Microsoft Office PowerPoint 2007

2010-12-08  CVE-2010-4012  Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.

2010-12-06  MITRE:6653  Windows Media Player Memory Corruption Vulnerability
  MITRE:7360  Vulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software
  MITRE:6843  Untrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47

2010-11-30  CVE-2010-4354  The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only...

2010-11-29  MITRE:6645  Vulnerability in pl\php ADD-ON in PostgreSQL version less than or equal to 9.0
  MITRE:7291  Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0

2010-11-26  CVE-2010-3829  WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for...
  CVE-2010-3831  Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a...
  CVE-2010-3830  Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
  CVE-2010-3828  iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
  CVE-2010-3832  Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary...
  CVE-2010-3827  Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

2010-11-09  CVE-2010-3039  /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the...

2010-11-08  MITRE:6778  Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5

2010-11-01  MITRE:7221  Apple iTunes Webkit Unspecified Vulnerability
  MITRE:7604  Apple iTunes Log File Insecure File Operation Local Privilege Escalation Vulnerability
  MITRE:7061  Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability
  MITRE:7217  Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability
  MITRE:6988  Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
  MITRE:7178  Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability

2010-10-07  CISEC:1127  Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows

2010-09-27  MITRE:12011  Movie Maker Memory Corruption Vulnerability

2010-09-23  CVE-2010-2831  Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.
  CVE-2010-2832  Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.
  CVE-2010-2833  Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.
  CVE-2010-2829  Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via...
  CVE-2010-2828  Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323...
  CVE-2010-2830  The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.
  CVE-2010-2836  Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections...
  CVE-2010-2834  Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote...
  CVE-2010-2835  Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before...

2010-09-10  CVE-2010-1807  WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial...
  CVE-2010-2841  Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service...
  CVE-2010-0574  Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to...
  CVE-2010-3034  Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified...
  CVE-2010-0575  Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified...
  CVE-2010-3033  Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
  CVE-2010-2842  Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
  CVE-2010-2843  Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...

2010-09-09  CVE-2010-1814  WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving...
  CVE-2010-1813  WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
  CVE-2010-1812  Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors...
  CVE-2010-1815  Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors...
  CVE-2010-1809  The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
  CVE-2010-1811  ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
  CVE-2010-1810  FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
  CVE-2010-1781  Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an...
  CVE-2010-1817  Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

2010-08-30  CVE-2010-3035  Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the...

2010-08-26  CVE-2010-2837  The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to...
  CVE-2010-2838  The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process...

2010-08-17  CVE-2010-2825  Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series...
  CVE-2010-2822  Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710...
  CVE-2010-2823  Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets,...

2010-08-16  CVE-2010-1797  Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch...
  CVE-2010-2827  Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.

2010-08-10  CVE-2010-2983  The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an...
  CVE-2010-2976  The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4)...
  CVE-2010-2988  Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333.
  CVE-2010-2975  Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
  CVE-2010-2980  Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794.
  CVE-2010-2979  Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508.
  CVE-2010-2984  Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.
  CVE-2010-2978  Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions,...
  CVE-2010-2977  Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.
  CVE-2010-2982  Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037.
  CVE-2010-2981  Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.

2010-08-09  CVE-2010-2707  Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
  CVE-2010-2708  Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.
  CVE-2010-2705  Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via...
  CVE-2010-1581  Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
  CVE-2010-2814  Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
  CVE-2010-2815  Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
  CVE-2010-1578  Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
  CVE-2010-1579  Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
  CVE-2010-1580  Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
  CVE-2010-2816  Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of...
  CVE-2010-2706  Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.
  CVE-2010-2817  Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and...

2010-08-05  CVE-2010-2973  Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.

2010-07-08  CVE-2010-1574  IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the...

2010-07-06  CVE-2010-1576  The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence...
  CVE-2010-2629  The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which...
  CVE-2010-1575  The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via...

2010-06-29  CVE-2009-4922  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer...
  CVE-2009-4916  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka...
  CVE-2009-4915  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection...
  CVE-2009-4917  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901.
  CVE-2009-4911  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug...
  CVE-2009-4923  Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.
  CVE-2009-4920  Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412.
  CVE-2009-4913  The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6...
  CVE-2009-4914  Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID...
  CVE-2009-4910  Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug...
  CVE-2008-7257  CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack...
  CVE-2009-4912  Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions...
  CVE-2009-4921  Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.
  CVE-2009-4918  Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439.
  CVE-2009-4919  Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.

2010-06-28  CVE-2010-2506  Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.

2010-06-22  CVE-2010-1407  WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via...
  CVE-2010-1757  WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
  CVE-2010-1756  The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an...
  CVE-2010-1752  Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
  CVE-2010-1755  Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
  CVE-2010-1775  Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data,...
  CVE-2010-1754  Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to...
  CVE-2010-1753  ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
  CVE-2010-1751  Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.

2010-06-18  CVE-2010-1387  Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service...

2010-06-15  CVE-2010-2293  The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.
  CVE-2010-2292  Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.

2010-06-09  CVE-2010-1573  Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3)...
  CVE-2010-2261  Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.

2010-06-07  MITRE:7170  VBScript Help Keypress Vulnerability
  MITRE:7049  LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
  MITRE:7561  Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability
  MITRE:6741  Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability
  MITRE:6901  Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability
  MITRE:6885  Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability
  MITRE:7427  Apple iTunes MP4 File Processing Denial of Service Vulnerability
  MITRE:7110  Apple iTunes Install or Update Privilege Escalation Vulnerability

2010-05-24  MITRE:8595  Movie Maker and Producer Buffer Overflow Vulnerability

2010-05-17  MITRE:7709  libpng buffer overflow

2010-04-27  CVE-2009-4821  The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi...

2010-04-01  CVE-2010-1226  The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV...

2010-03-29  CVE-2010-1181  Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.

2010-03-25  CVE-2010-1119  Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause...
  CVE-2010-0581  Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
  CVE-2010-0580  Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."
  CVE-2010-0584  Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.
  CVE-2010-0576  Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers...
  CVE-2010-0579  The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."
  CVE-2010-0578  The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.
  CVE-2010-0583  Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.
  CVE-2010-0577  Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.
  CVE-2010-0585  Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny...
  CVE-2010-0586  Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny...
  CVE-2010-0582  Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.

2010-03-08  CVE-2010-0936  Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.

2010-03-05  CVE-2010-0592  The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of...
  CVE-2010-0590  The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register...
  CVE-2010-0591  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to...
  CVE-2010-0588  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines...
  CVE-2010-0587  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP...

2010-02-22  MITRE:7573  ATL Null String Vulnerability
  MITRE:7995  Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability

2010-02-19  CVE-2010-0149  Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a...
  CVE-2010-0565  Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device...
  CVE-2010-0568  Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote...
  CVE-2010-0150  Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows...
  CVE-2010-0569  Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows...
  CVE-2010-0567  Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows...
  CVE-2010-0566  Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service...

2010-02-08  MITRE:7581  ATL Uninitialized Object Vulnerability
  MITRE:6716  ATL COM Initialization Vulnerability

2010-02-03  CVE-2010-0038  Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that...

2010-01-25  MITRE:5846  WordPad and Office Text converter Memory Corruption Vulnerability

2010-01-21  CVE-2010-0137  Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.

2009-12-29  CVE-2009-4455  The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended...

2009-12-07  MITRE:6407  Windows Media Runtime Voice Sample Rate Vulnerability
  MITRE:6484  Windows Media Runtime Heap Corruption Vulnerability

2009-12-04  CVE-2009-2631  Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix...

2009-11-30  MITRE:5967  GDI+ WMF Integer Overflow Vulnerability
  MITRE:5898  GDI+ TIFF Buffer Overflow Vulnerability
  MITRE:6491  GDI+ TIFF Buffer Overflow Vulnerability
  MITRE:6134  GDI+ PNG Integer Overflow Vulnerability
  MITRE:6282  GDI+ .NET API Vulnerability
  MITRE:6290  Apple iTunes '.pls' File Buffer Overflow Vulnerability

2009-10-19  MITRE:6257  Windows Media Header Parsing Invalid Free Vulnerability
  MITRE:6316  JScript Remote Code Execution Vulnerability

2009-10-14  CVE-2009-2999  The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an...
  CVE-2009-3698  An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.

2009-09-30  CVE-2009-3486  Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the...
  CVE-2009-3487  Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the...
  CVE-2009-3485  Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.

2009-09-28  CVE-2009-2867  Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP...
  CVE-2009-2869  Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.
  CVE-2009-2870  Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880.
  CVE-2009-2868  Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.
  CVE-2009-2866  Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104.
  CVE-2009-2871  Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.
  CVE-2009-2862  The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114,...
  CVE-2009-2863  Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
  CVE-2009-2864  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP...
  CVE-2009-2873  Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889.
  CVE-2009-2872  Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from...
  CVE-2009-2865  Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a...

2009-09-24  CVE-2009-3341  Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this...
  CVE-2009-3347  Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this...

2009-09-21  CVE-2009-3273  iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
  CVE-2009-3271  Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

2009-09-10  CVE-2009-2797  The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive...
  CVE-2009-2796  The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
  CVE-2009-2815  The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted...
  CVE-2009-2207  The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these...
  CVE-2009-2794  The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended...
  CVE-2009-2206  Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial...
  CVE-2009-2795  Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related...

2009-09-08  CVE-2009-0627  Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation,"...

2009-08-27  CVE-2009-2861  The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of...
  CVE-2009-2050  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
  CVE-2009-2054  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and...
  CVE-2009-2053  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP...
  CVE-2009-2052  Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote...
  CVE-2009-2051  Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote...
  CVE-2009-2976  Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by...

2009-08-21  CVE-2009-2056  Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
  CVE-2009-1154  Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

2009-08-19  CVE-2009-2055  Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

2009-08-12  CVE-2009-2199  Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and...

2009-08-03  CVE-2009-2204  Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory...
  CVE-2009-2656  Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and...

2009-07-30  CVE-2009-1168  Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through...
  CVE-2009-2049  Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t...

2009-07-29  CVE-2009-1167  Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules...
  CVE-2009-1166  The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services...
  CVE-2009-1164  The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services...
  CVE-2009-1165  Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless...

2009-07-17  CVE-2009-2348  Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and...

2009-07-09  CVE-2009-1725  WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle...
  CVE-2009-1724  Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or...

2009-06-25  CVE-2009-1203  WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it...
  CVE-2009-1202  WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS)...
  CVE-2009-1201  Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct...

2009-06-19  CVE-2009-1692  WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via...
  CVE-2009-1683  The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an...
  CVE-2009-1679  The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password...
  CVE-2009-0959  The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input...
  CVE-2009-0960  The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device...
  CVE-2009-0961  The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a...
  CVE-2009-1680  Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to...
  CVE-2009-0958  Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in...

2009-06-10  CVE-2009-1698  WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical...
  CVE-2009-1690  Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to...
  CVE-2009-1701  Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or...
  CVE-2009-1700  The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from...
  CVE-2009-1699  The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read...
  CVE-2009-1702  Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors...

2009-05-26  CVE-2009-1754  The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an...

2009-05-06  CVE-2009-1561  Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator...

2009-05-04  MITRE:5868  Microsoft Malformed BMP Filter Vulnerability
  MITRE:5336  Apple iTunes Information Disclosure Vulnerability
  MITRE:6001  Apple iTunes Denial of Service Vulnerability

2009-04-09  CVE-2009-1156  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload)...
  CVE-2009-1158  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote...
  CVE-2009-1159  Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a...
  CVE-2009-1157  Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of...
  CVE-2009-1155  Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field,...
  CVE-2009-1160  Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote...

2009-04-01  CVE-2008-6576  Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion...
  CVE-2008-6577  Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
  CVE-2008-6579  Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."
  CVE-2008-6578  Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.

2009-03-27  CVE-2009-0636  Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.
  CVE-2009-0631  Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol...
  CVE-2009-0626  The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
  CVE-2009-0637  The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite...
  CVE-2009-0630  The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission...
  CVE-2009-0629  The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging...
  CVE-2009-0634  Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge...
  CVE-2009-0633  Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6...
  CVE-2009-0628  Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control...
  CVE-2009-0635  Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a...

2009-03-12  CVE-2009-0632  The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2)...

2009-02-26  CVE-2009-0624  Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote...
  CVE-2009-0623  Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of...
  CVE-2009-0622  Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute...
  CVE-2009-0625  Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of...
  CVE-2009-0742  The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers...
  CVE-2009-0621  Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform...

2009-02-09  CVE-2008-6096  Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet...

2009-02-06  CVE-2009-0470  Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different...
  CVE-2009-0471  Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.

2009-02-04  CVE-2009-0061  Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before...
  CVE-2009-0062  Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain...
  CVE-2009-0058  The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial...
  CVE-2009-0059  The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a...

2009-01-22  CVE-2009-0057  The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a...

2009-01-16  CVE-2008-3821  Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
  CVE-2008-3818  Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session.

2008-12-08  MITRE:6075  HIS Command Execution Vulnerability

2008-11-25  CVE-2008-5230  The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which...
  CVE-2008-4230  The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain...
  CVE-2008-4228  The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an...
  CVE-2008-4232  Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a...
  CVE-2008-4231  Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2008-4233  Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone...
  CVE-2008-4229  Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the...
  CVE-2008-1586  ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
  CVE-2008-4227  Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain...

2008-11-17  REF000667  USB devices installed over time

2008-11-06  CVE-2008-4963  Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP...

2008-11-04  CVE-2008-4918  Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that...

2008-11-03  MITRE:6035  Apple iTunes Local Privilege Escalation Vulnerability

2008-10-23  CVE-2008-3816  Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.
  CVE-2008-3815  Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using...
  CVE-2008-3817  Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets,...

2008-10-20  CVE-2008-4609  The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple...

2008-10-17  CVE-2008-4594  Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.

2008-10-14  CVE-2008-4441  The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of...

2008-10-10  CVE-2008-4211  Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service...

2008-10-06  MITRE:5995  Windows Messenger Information Disclosure Vulnerability

2008-10-03  CVE-2008-4383  Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01,...

2008-09-27  CVE-2008-4296  The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.

2008-09-26  CVE-2008-3802  Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka...
  CVE-2008-3800  Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service...
  CVE-2008-3801  Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service...
  CVE-2008-3804  Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software...
  CVE-2008-3813  Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
  CVE-2008-3808  Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.
  CVE-2008-2739  The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a...
  CVE-2008-3799  Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP...
  CVE-2008-3812  Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
  CVE-2008-3798  Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.
  CVE-2008-3810  Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than...
  CVE-2008-3811  Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different...
  CVE-2008-3807  Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this...
  CVE-2008-3809  Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.
  CVE-2008-3805  Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of...
  CVE-2008-3806  Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of...
  CVE-2008-3803  A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from...

2008-09-22  MITRE:5997  Microsoft PICT Filter Parsing Vulnerability
  MITRE:6019  Microsoft Office WPG Image File Heap Corruption Vulnerability
  MITRE:5879  Microsoft Malformed PICT Filter Vulnerability
  MITRE:6122  Microsoft Malformed EPS Filter Vulnerability

2008-09-19  CVE-2008-4133  The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

2008-09-18  CVE-2008-4128  Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command...

2008-09-05  CVE-2008-1197  The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a...
  CVE-2008-1144  The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or...
  CVE-2007-5474  The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users...

2008-09-04  CVE-2008-2736  Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown...
  CVE-2008-2735  The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of...
  CVE-2008-2732  Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow...
  CVE-2008-2734  Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a...
  CVE-2008-2733  Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote...

2008-06-26  CVE-2008-2062  The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information...
  CVE-2008-2730  The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and...
  CVE-2008-2061  The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP...

2008-06-23  MITRE:5578  Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

2008-06-09  CVE-2008-2636  The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many...

2008-06-04  CVE-2008-2057  The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a...
  CVE-2008-2056  Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the...
  CVE-2008-2059  Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.
  CVE-2008-2058  Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device.
  CVE-2008-2055  Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface.

2008-05-22  CVE-2008-1159  Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.

2008-05-16  CVE-2008-1747  Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via...
  CVE-2008-1746  The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and...
  CVE-2008-1744  The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via...
  CVE-2008-1743  Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service...
  CVE-2008-1742  Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of...
  CVE-2008-1748  Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service...
  CVE-2008-1745  Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.

2008-04-04  CVE-2008-1154  The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not...

2008-03-27  CVE-2008-1156  Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree...
  CVE-2008-1150  The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB)...
  CVE-2008-1152  The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
  CVE-2008-1151  Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated...
  CVE-2008-1153  Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.

2008-03-13  CVE-2007-6709  The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
  CVE-2007-6707  Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than...
  CVE-2007-6708  Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an...

2008-03-10  CVE-2008-1247  The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2)...
  CVE-2008-1263  The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.
  CVE-2008-1264  The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.
  CVE-2008-1265  The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.
  CVE-2008-1268  The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
  CVE-2008-1266  Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name...
  CVE-2008-1243  Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.
  CVE-2008-1258  Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
  CVE-2008-1253  Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the...

2008-02-14  CVE-2008-0026  SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and...

2008-02-04  MITRE:3622  Windows Media Format Remote Code Execution Vulnerability

2008-01-23  CVE-2008-0028  Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of...

2008-01-17  REF000657  IM installed: Yahoo! Messenger
  REF000661  IM installed: Windows Live Messenger
  REF000658  IM installed: Trillian
  REF000659  IM installed: Skype
  REF000662  IM installed: Pidgin
  REF000656  IM installed: ICQ
  REF000655  IM installed: Google Talk
  REF000660  IM installed: Gizmo

2008-01-16  CVE-2008-0027  Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows...

2008-01-11  CVE-2007-0588  SANS07C4:Apple QuickDraw on Mac OSX 10.4.8 and earlier allows remote denial of service
  CVE-2007-0466  SANS07C4: Telestream Flip4Mac WMV for Quicktime 2.1.0.33 remote code execution vulnerability

2008-01-10  CVE-2007-0731  SANS07S3: Samba module in Apple Mac OS X buffer overflow
  CVE-2006-6652  SANS07S3: Buffer overflow in libc used in FTP daemon and tnftpd in Apple Mac OS X
  CVE-2007-0776  SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8
  CVE-2008-0228  Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.

2008-01-08  CVE-2006-0994  SANS07S5: Sophos Anti-Virus products allow remote code execution via crafted CAB
  CVE-2006-6335  SANS07S5: Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40

2008-01-07  CVE-2007-3509  SANS07S4: Buffer overflow in Symantec/Veritas Backup Exec
  REF000618  IM installed: xchat installed
  REF000617  IM installed: konversation installed

2008-01-03  CVE-2007-2974  SANS07S5: Multiple Vulnerabilities in Avira AntiVir
  CVE-2007-3509  SANS07S4: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers
  REF000584  Config pam: no bruteforce protection configured

2007-12-21  CVE-2007-2139  SANS07S4: Multiple unspecified vulnerabilities in mediasvr and caloggerd in CA BrightStor ARCServe Backup

2007-12-20  REF000653  MP installed: VLC browser plug-in is installed
  REF000651  MP installed: MPlayer browser plug-in is installed
  REF000652  MP installed: HelixPlayer browser plug-in is installed
  REF000654  MP installed: GCJ java browser plug-in is installed
  REF000650  MP installed: Flash browser plug-in is installed

2007-12-17  CVE-2006-5339  SANS07S7: Multiple vulnerabilities in Oracle 8.1.7.4
  CVE-2007-1086  SANS07S7: Multiple vulnerabilities in IBM DB2

2007-12-14  CVE-2007-6372  Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping.
  CVE-2006-5332  SANS07S7: Multiple vulnerabilities in Oracle Database 9i
  CVE-2006-5332  SANS07S7: Multiple vulnerabilities in Oracle Database 10g
  CVE-2007-1680  SANS07A1: Stack-based buffer overflow in Yahoo! Messenger before 20070313
  CVE-2007-2418  SANS07A1: Multiple buffer overflow vulnerabilities in Trillian earlier than 3.1.7.0

2007-12-11  CVE-2007-0711  SANS07C4: Multiple vulnerabilities in Apple Quicktime 7.2 and earlier
  CVE-2007-3457  SANS07C4: Adobe Flash Player 8.0.34.0 and earlier vulnerable to CSRF attack

2007-12-10  CVE-2007-2497  SANS07C4: Multiple Vulnerabilities in RealPlayer 10, 10.5 and 11 Beta
  CVE-2007-3752  SANS07C4: Buffer overflow in Apple iTunes before 7.4
  REF000642  P2P installed: mldonkey installed

2007-12-07  CVE-2007-0044  SANS07C1: Multiple vulnerabilities in Adobe Reader earlier than 8.0.0

2007-12-06  REF000638  P2P installed: xmule installed
  REF000636  P2P installed: transmission installed
  REF000635  P2P installed: rtorrent installed
  REF000634  P2P installed: qtella installed
  REF000643  P2P installed: napster installed
  REF000646  P2P installed: nap installed
  REF000640  P2P installed: mutella installed
  REF000645  P2P installed: lopster instaled
  REF000632  P2P installed: ktorrent installed
  REF000633  P2P installed: kommute installed
  REF000641  P2P installed: knapster installed
  REF000647  P2P installed: gtk-gnutella installed
  REF000644  P2P installed: gnut installed
  REF000631  P2P installed: gnunet installed
  REF000630  P2P installed: deluge installed
  REF000637  P2P installed: dctc installed
  REF000629  P2P installed: ctorrent installed
  REF000628  P2P installed: bittorrent installed
  REF000627  P2P installed: bittornado installed
  REF000649  P2P installed: bitstormlite installed
  REF000626  P2P installed: azureus installed
  REF000639  P2P installed: apollon installed
  REF000648  P2P installed: amule installed
  REF000624  IM installed: ytalk installed
  REF000621  IM installed: yahoo messenger installed
  REF000622  IM installed: trebuchet installed
  REF000623  IM installed: talk installed
  REF000601  IM installed: skype installed
  REF000615  IM installed: sircd installed
  REF000614  IM installed: sim installed
  REF000613  IM installed: psi installed
  REF000612  IM installed: pidgin installed
  REF000611  IM installed: micq installed
  REF000610  IM installed: lostirc installed
  REF000609  IM installed: licq installed
  REF000608  IM installed: kxicq installed
  REF000620  IM installed: kopete installed
  REF000616  IM installed: kicq installed
  REF000607  IM installed: kadu installed
  REF000606  IM installed: jabbin installed
  REF000605  IM installed: jabber installed
  REF000604  IM installed: gossip installed
  REF000603  IM installed: gnu gadu installed
  REF000619  IM installed: gaim installed
  REF000625  IM installed: gabber installed
  REF000602  IM installed: epic installed

2007-12-05  REF000663  Config laptop: swap partition not encrypted
  REF000665  Config laptop: root partition not encypted
  REF000664  Config laptop: home partition not encrypted

2007-12-04  CVE-2007-2867  SANS07C3: Multiple Vulnerabilities in Mozilla Thunderbird 2.x earlier than 2.0.0.6
  CVE-2007-0777  SANS07C3: Multiple Vulnerabilities in Mozilla Thunderbird 1.5.x earlier than 1.5.0.13
  CVE-2007-0981  SANS07C1: Multiple Vulnerabilities in SeaMonkey earlier than 1.1.5
  CVE-2007-0776  SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8
  REF000578  Config yum-updatesd: auto-updating disabled
  REF000580  Config yum-updatesd: auto-resolving dependencies disabled
  REF000579  Config yum-updatesd: auto-downloading disabled
  REF000583  Config apt: update notification disabled
  REF000582  Config apt: daily job disabled
  REF000581  Config apt: auto-updating package lists disabled

2007-12-03  REF000577  Config yum-updatesd: start on boot disabled

2007-10-30  CVE-2007-5020  APSB07-18: Adobe Acrobat mailto: vulnerability

2007-10-23  CVE-2007-5651  Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and...

2007-10-18  CVE-2007-5549  Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as...
  CVE-2007-5550  Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no...
  CVE-2007-5551  Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information....
  CVE-2007-5548  Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory...
  CVE-2007-5552  Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known...
  CVE-2007-5547  Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague...
  CVE-2007-5569  Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.

2007-10-17  CVE-2007-5537  Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers...
  CVE-2007-5538  Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of...

2007-10-15  CVE-2007-5468  Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof...

2007-10-11  CVE-2007-5381  Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message...

2007-08-31  CVE-2007-4634  Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands...
  CVE-2007-4633  Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web...
  CVE-2007-4632  Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass...

2007-08-20  CVE-2007-4430  Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE:...

2007-08-09  CVE-2007-4294  Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
  CVE-2007-4285  Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or...
  CVE-2007-4295  Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
  CVE-2007-4292  Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007,...
  CVE-2007-4291  Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with...
  CVE-2007-4293  Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
  CVE-2007-4286  Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.

2007-08-08  CVE-2007-4263  Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.

2007-07-25  CVE-2007-4011  Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or...
  CVE-2007-4012  Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a...

2007-07-23  CVE-2007-3944  Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute...

2007-07-15  CVE-2007-3775  Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1)...
  CVE-2006-5277  Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that...
  CVE-2006-5278  Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets,...
  CVE-2007-3776  Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings,...

2007-07-10  MITRE:1670  CAPICOM.Certificates Vulnerability

2007-07-05  CVE-2007-3574  Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3)...

2007-06-22  CVE-2007-3348  The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
  CVE-2007-3347  The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.

2007-05-23  CVE-2007-2832  Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via...
  MITRE:2001  CMS Memory Corruption Vulnerability
  MITRE:1575  CMS Cross-Site Scripting and Spoofing Vulnerability

2007-05-22  CVE-2007-2813  Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.

2007-05-16  CVE-2007-2734  The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.

2007-05-15  CVE-2007-2688  The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

2007-05-10  REF000467  AutoRun is enabled

2007-05-09  CVE-2007-2587  The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
  CVE-2007-2586  The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that...

2007-05-03  CVE-2007-2502  Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015.

2007-05-02  CVE-2007-2462  Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via...
  CVE-2007-2463  Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination...
  CVE-2007-2461  The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP...
  CVE-2007-2464  Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions."

2007-04-27  CVE-2007-2332  Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.
  CVE-2007-2333  Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow...
  CVE-2007-2334  Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration...

2007-04-16  CVE-2007-2036  The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID...
  CVE-2007-2038  The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1)...
  CVE-2007-2039  The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1)...
  CVE-2007-2041  Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug...
  CVE-2007-2037  Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.
  CVE-2007-2040  Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.

2007-04-10  MITRE:746  Word Malformed Data Structures Vulnerability
  MITRE:1141  FTP Server Response Parsing Memory Corruption Vulnerability
  MITRE:257  COM Object Instantiation Memory Corruption Vulnerability
  MITRE:1120  COM Object Instantiation Memory Corruption Vulnerability

2007-04-02  CVE-2007-1826  Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster...
  CVE-2007-1833  The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of...
  CVE-2007-1834  Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.

2007-03-21  CVE-2007-1585  The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE:...

2007-03-16  CVE-2007-1467  Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace...

2007-03-03  CVE-2007-1258  Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a...

2007-03-02  REF000466  P2P Software: SoulSeek Installed
  REF000465  P2P Software: Shareaza Installed
  REF000464  P2P Software: Kazaa Installed
  REF000463  P2P Software: IMESH Installed
  REF000462  P2P Software: eMule Installed
  REF000461  P2P Software: eDonkey 2000 Installed
  REF000460  P2P Software: DC++ Installed
  REF000459  P2P Software: BitTorrent Installed

2007-02-20  MITRE:669  Windows Media Format ASX Parsing Vulnerability
  MITRE:536  Windows Media Format ASF Parsing Vulnerability
  MITRE:313  TIF Folder Information Disclosure Vulnerability
  MITRE:337  TIF Folder Information Disclosure Vulnerability
  MITRE:761  Script Error Handling Memory Corruption Vulnerability
  MITRE:116  DHTML Script Function Memory Corruption Vulnerability

2007-02-16  REF000454  Config shadow: incorrect file premissions
  REF000458  Config passwd: incorrect file permissions
  REF000456  Config LILO: no password configured
  REF000457  Config INIT: pasword-less single user mode
  REF000455  Config GRUB: no password configured

2007-02-15  REF000451  Config PAM: password strenght checking not configured
  REF000450  Config PAM: minimum password lenght less than 6
  REF000452  Config PAM: empty passwords enabled
  REF000453  Config PAM: difference between paswords less than 6
  REF000431  Config GDM: remote root login enabled
  REF000449  Config GDM: remote logins enabled
  REF000448  Config GDM: remote autologin enabled

2007-02-14  REF000403  Config VSFTPd: upload enabled
  REF000404  Config VSFTPd: anonymous upload enabled
  REF000402  Config VSFTPd: anonymous login enabled
  REF000428  Config SSHd: using default port
  REF000429  Config SSHd: protocol 1 enabled
  REF000427  Config SSHd: .rhosts and .shosts enabled
  REF000430  Config SSH: protocol 1 enabled
  REF000437  Config shadow: weak encryption detected
  REF000447  Config passwd: no shadow file detected
  REF000446  Config passwd: multiple root accounts
  REF000442  Config KDM: shutdown by everybody enabled
  REF000441  Config KDM: root login enabled
  REF000439  Config KDM: password-less login enabled
  REF000440  Config KDM: empty password login enabled
  REF000438  Config KDM: autologin enabled
  REF000445  Config GDM: shutdown by everbody enabled
  REF000444  Config GDM: root login enabled
  REF000443  Config GDM: autologin enabled

2007-02-13  CVE-2007-0917  The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
  CVE-2007-0918  The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations...
  REF000383  GFI EndPointSecurity Report
  REF000382  GFI EndPointSecurity agent missing

2007-02-12  CVE-2006-1249  SANS06C5: Multiple iTunes and QuickTime for Mac Vulnerabilities
  CVE-2006-5084  SANS06C4: Skype for Mac 1.5.*.79 and earlier vulnerable to DoS or remote code execution.

2007-02-09  CVE-2006-3505  SANS06M1: WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
  CVE-2006-3946  SANS06M1: WebCore in Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to cause a denial of service
  CVE-2006-3946  SANS06M1: WebCore in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
  CVE-2006-0848  SANS06M1: Vulnerability in Safari and LaunchServices can lead to remote code exencution.
  CVE-2006-4394  SANS06M1: Vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIDs to bypass service access controls.
  CVE-2006-0397  SANS06M1: Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5
  CVE-2005-2516  SANS06M1: Safari in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary commands.
  CVE-2006-1450  SANS06M1: Multiple vulnerabilities in Mail in Apple Mac OS X 10.3.9 and 10.4.6
  CVE-2005-3705  SANS06M1: Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, allows remote attackers to execute arbitrary code.
  CVE-2006-3498  SANS06M1: Buffer overflow in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 and earlier
  CVE-2005-2518  SANS06M1: Buffer overflow in servermgrd in Mac OS X Server 10.4.2 and earlier
  CVE-2006-1987  SANS06M1: Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag.

2007-02-08  CVE-2006-1469  SANS06M1: Multiple Vulnerabilities in ImageIO
  CVE-2006-0384  SANS06M1: automount in Mac OS X 10.4.5 and earlier vulnerable to denial of service or execution of arbitrary code.

2007-02-07  CVE-2006-3507  SANS06M1: Multiple vulnerabilities in AirPort wireless driver
  REF000409  Config SSHd: X11 forwarding enabled
  REF000408  Config SSHd: root login permited
  REF000410  Config SSHd: empty passwords permited
  REF000436  Config shadow: empty password detected
  REF000412  Config SElinux: not in strict mode
  REF000411  Config SElinux: not in enforcing mode

2007-02-06  REF000407  Service running: SSH

2007-02-05  REF000433  Config BIND: allow-update not specified
  REF000434  Config BIND: allow-transfer not specified
  REF000435  Config BIND: allow-recursion not specified
  REF000432  Config BIND: allow-query not specified

2007-01-31  REF000415  Service running: Telnet
  REF000422  Service running: SWAT
  REF000416  Service running: SMTP
  REF000425  Service running: SAMBA SMB
  REF000426  Service running: SAMBA NMB
  REF000424  Service running: PostgeSQL
  REF000420  Service running: POP3
  REF000423  Service running: MySQL
  REF000421  Service running: IMAP4
  REF000419  Service running: HTTPS
  REF000406  Service running: HTTP
  REF000414  Service running: FTP
  REF000413  Service running: Finger
  REF000417  Service running: DNS
  REF000418  Service running: CUPS
  CVE-2007-0648  Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.

2007-01-11  CVE-2007-0199  The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."

2006-12-20  CVE-2006-2313  SANS06C2: PostgreSQL 8.1 SQL injection vulnerability

2006-12-13  CVE-2006-6538  D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the...

2006-12-12  CVE-2006-2753  SANS06C2: SQL Injection vulnerability in MySQL 5.0.x
  CVE-2006-2753  SANS06C2: SQL Injection vulnerability in MySQL 4.1.x
  CVE-2006-2313  SANS06C2: PostgreSQL 8.0 SQL injection vulnerability
  CVE-2006-2313  SANC06C2: PostgreSQL 8.0 SQL injection vulnerability

2006-12-11  CVE-2005-3641  SANS06C2: Multiple vulnerabilities in Oracle Database 9i

2006-12-06  CVE-2005-3641  SANS06C2: Multiple vulnerabilities in Oracle Database 10g

2006-12-04  CVE-2006-5478  SANS07S6: Multiple vulnerabilities in Novell eDirectory 8.x

2006-12-01  CVE-2006-0992  SANS07S6: Stack-based buffer overflow in Novell GroupWise Messenger

2006-11-30  CVE-2005-1928  SANS07C6: Multiple vulnerabilities in Trend Micro ServerProtect EarthAgent 5.58 and earlier
  CVE-2006-0323  SANS06C5: Buffer overflow in swfformat.dll in Real Rhapsody 3

2006-11-28  CVE-2005-2628  SANS06C5: Multiple vulnerabilities in Macromedia Flash

2006-11-27  CVE-2006-1370  SANS06C5: Multiple Vulnerabilities in RealPlayer
  CVE-2006-1249  SANS06C5: Multiple iTunes and QuickTime Vulnerabilities
  CVE-2005-2310  SANS06C5: Multiple buffer overflows in NullSoft Winamp 5.13 and earlier

2006-11-21  CVE-2006-6055  Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).

2006-11-10  SFBID715  Sendmail 8-8-4

2006-10-31  MITRE:100  VML Buffer Overrun Vulnerability

2006-10-26  CVE-2006-5537  Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection...
  CVE-2006-5536  Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
  CVE-2006-5538  D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.
  CVE-2006-5553  Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan...

2006-10-25  CVE-2006-5382  3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that...

2006-10-24  MITRE:376  Windows XP,SP2 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:256  Windows XP,SP2 Print Spooler Service Buffer Overflow
  MITRE:497  Windows XP,SP2 Plug and Play Buffer Overflow Vulnerability
  MITRE:618  Windows XP,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:267  Windows XP Plug and Play Buffer Overflow Vulnerability
  MITRE:346  Windows Server 2003,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:609  Windows Server 2003 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:160  Windows Server 2003 Plug and Play Buffer Overflow Vulnerability
  MITRE:783  Windows Server 2003 Plug and Play Buffer Overflow Vulnerability
  MITRE:180  Windows 2000,SP4 Remote Desktop Protocol (RDP) DoS Vulnerability
  MITRE:474  Windows 2000 Plug and Play Buffer Overflow Vulnerability

2006-10-17  REF000190  Webmin running
  REF000197  VNC server listening on port 5901
  REF000245  Upnp helper is running
  REF000188  Sub7 server passworded
  REF000185  Squid running
  REF000196  Some POP3 server banners providing information to attacker
  REF000252  Sasser worm
  REF000182  Oracle HTTP Server running
  REF000181  MySQL (open source database) running
  REF000180  Microsoft SQL server
  REF000192  List of modems installed
  REF000195  IMAP4 server banner provides information to attacker
  REF000161  Ftp Exposing Full Path
  REF000194  Finger service running
  REF000193  Citrix server running on this host
  REF000240  BugBear-B backdoor
  REF000177  Apache Tomcat running

2006-10-16  MITRE:171  Window Location Information Disclosure Vulnerability
  MITRE:694  Visual Basic for Applications Vulnerability
  MITRE:577  Source Element Cross-Domain Vulnerability
  MITRE:738  Redirect Cross-Domain Information Disclosure Vulnerability
  MITRE:502  HTML Rendering Memory Corruption Vulnerability
  MITRE:433  HTML Layout and Positioning Memory Corruption Vulnerability
  MITRE:462  FTP Server Command Injection Vulnerability
  MITRE:5  CSS Memory Corruption Vulnerability
  MITRE:719  COM Object Instantiation Memory Corruption Vulnerability

2006-10-10  CVE-2006-5202  Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout...

2006-10-07  MITRE:1922  Remote Code Execution Vulnerability in Flash Player 8
  MITRE:1987  Remote Code Execution Vulnerability in Flash Player 6 and 7

2006-09-23  CVE-2006-4950  Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting...

2006-09-13  CVE-2006-4775  The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a...
  CVE-2006-4774  The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.
  CVE-2006-4776  Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.

2006-09-12  CVE-2006-4662  SANS06C4: ICQ 2003b Buffer Overflow

2006-09-08  CVE-2006-4650  Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect...

2006-08-25  CVE-2006-4352  The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.

2006-08-24  CVE-2006-2113  The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not...
  CVE-2006-2112  Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP...

2006-08-23  CVE-2006-4312  Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user...

2006-08-14  CVE-2006-4143  Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.

2006-08-07  CVE-2006-4015  Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.

2006-07-27  CVE-2006-3906  Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the...

2006-07-21  CVE-2006-3687  Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows...

2006-07-18  CVE-2006-3592  Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI...
  CVE-2006-3593  The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.
  CVE-2006-3594  Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.

2006-07-11  CVE-2006-3529  Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed.

2006-06-28  CVE-2006-3291  The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all...

2006-06-20  CVE-2006-3109  Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in...

2006-06-07  CVE-2006-2901  The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.

2006-05-31  MITRE:1748  FPSE XSS Vulnerability

2006-05-30  CVE-2006-2653  Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.

2006-05-23  CVE-2006-2559  Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using...

2006-05-11  CVE-2006-2337  Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.

2006-04-21  CVE-2006-1973  Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.

2006-04-20  CVE-2006-1928  Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS...
  CVE-2006-1927  Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco...

2006-04-05  CVE-2006-1631  Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP...

2006-02-19  CVE-2006-0784  D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.

2006-01-31  CVE-2006-0485  The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may...
  CVE-2006-0486  Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user...

2006-01-22  CVE-2006-0367  Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative...
  CVE-2006-0354  Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large...
  CVE-2006-0368  Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000...

2006-01-20  CVE-2006-0340  Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang...

2006-01-18  CVE-2006-0309  Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.

2005-12-31  CVE-2005-4826  Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different...
  CVE-2005-4723  D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.

2005-12-22  CVE-2005-4499  The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password,...

2005-12-15  CVE-2005-4258  Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is...
  CVE-2005-4257  Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is...

2005-12-01  MITRE:1231  WinXP,SP2 DirectShow Malicious avi File Vulnerability
  MITRE:1434  WinXP,SP1 DirectShow Malicious avi File Vulnerability
  MITRE:1267  Win2k,SP4 DirectShow Malicious avi File Vulnerability
  MITRE:1149  Server 2003,SP1 DirectShow Malicious avi File Vulnerability
  MITRE:1424  Server 2003 DirectShow Malicious avi File Vulnerability

2005-11-30  CVE-2005-3921  Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of...

2005-11-22  CVE-2005-3774  Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system,...

2005-11-16  CVE-2003-1267  GuildFTPd FTP Server Can Be Crashed By Remote Users Requesting DOS Device Names
  MITRE:100110  Apache Listening Socket Starvation Vulnerability

2005-11-02  CVE-2005-3481  Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the...
  CVE-2005-3482  Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic...

2005-11-01  CVE-2005-3426  Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.

2005-10-20  CVE-2005-2973  Linux Kernel version prior to 2.6.14-rc5

2005-10-12  MITRE:989  Microsoft Outlook Express 6,SP1 News Reading Vulnerability

2005-09-15  CVE-2005-2799  Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.

2005-09-14  CVE-2005-2912  Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
  CVE-2005-2916  Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi...
  CVE-2005-2915  ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to...
  CVE-2005-2914  ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration...

2005-09-08  CVE-2005-2841  Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted...

2005-08-23  CVE-2005-2640  Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which...

2005-08-17  CVE-2005-2589  Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.

2005-08-03  CVE-2005-2434  Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.
  CVE-2005-2451  Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.

2005-07-12  CVE-2005-2244  The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger...
  CVE-2005-2243  Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory...
  CVE-2005-2241  Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows...

2005-07-05  CVE-2005-2105  Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.

2005-06-01  MITRE:3556  Microsoft .NET Framework v1.1 Security Bypass

2005-05-27  CVE-2005-1802  Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

2005-05-26  CVE-2005-1828  D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
  CVE-2005-1827  D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.

2005-05-20  CVE-2005-1680  D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes...

2005-05-02  CVE-2005-1133  The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
  CVE-2005-1025  The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.
  CVE-2005-1020  Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the...
  CVE-2005-1006  Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
  CVE-2005-1021  Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
  CVE-2005-1059  Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
  CVE-2005-1057  Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
  CVE-2005-1058  Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass...
  CVE-2005-0197  Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
  CVE-2005-0195  Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
  CVE-2005-0196  Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
  CVE-2005-1238  By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.

2005-03-29  REF000254  Possible Rootkit Detected : Hidden Processes
  REF000255  Possible Rootkit Detected : Hidden Processes
  REF000257  Possible Rootkit Detected : Altered system call table detected
  REF000253  Possible Rootkit Detected : Altered system call functions code

2005-01-19  CVE-2005-0186  Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed...

2005-01-17  CVE-2005-0290  NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
  CVE-2005-0291  Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.

2004-12-31  CVE-2004-2691  Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this...
  CVE-2004-1446  Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
  CVE-2004-2606  The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
  CVE-2004-2556  NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
  CVE-2004-2557  NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
  CVE-2004-0467  Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at...
  CVE-2004-2508  Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
  CVE-2004-1775  Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
  CVE-2004-1464  Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
  CVE-2004-1454  Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
  CVE-2004-2377  Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
  CVE-2004-2507  Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.

2004-12-09  MITRE:4392  Windows Server 2003 NNTP Component Buffer Overflow
  MITRE:5070  Windows NT NNTP Component Buffer Overflow
  MITRE:5926  Windows 2000 NNTP Component Buffer Overflow

2004-12-06  CVE-2004-0611  Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
  CVE-2004-0468  Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
  CVE-2004-0615  Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a...

2004-11-23  CVE-2004-0312  Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
  CVE-2004-0244  Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet,...
  CVE-2004-0352  Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.

2004-09-29  MITRE:188  MS Word Macro Security Bypass Vulnerability

2004-08-31  CVE-2004-1650  D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.

2004-08-06  CVE-2004-0661  Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid...
  CVE-2004-0580  DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
  CVE-2004-0589  Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
  CVE-2004-0551  Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the...

2004-07-27  CVE-2004-0710  IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of...

2004-07-21  MITRE:2705  Windows XP/Server 2003 DirectPlay Denial of Service
  MITRE:2413  Windows XP (64-Bit) DirectPlay Denial of Service
  MITRE:2190  Windows XP (32-Bit) DirectPlay Denial of Service
  MITRE:2516  Windows Server 2003 (32-Bit) DirectPlay Denial of Service

2004-07-16  CVE-2002-0082  mod_ssl is old

2004-07-14  CVE-2004-0595  PHP older than 4.3.8

2004-07-12  MITRE:1027  Windows 2000 DirectPlay Denial of Service

2004-06-16  MITRE:958  Windows XP RPCSS Service DCOM Activation Denial of Service
  MITRE:900  Windows XP RPCSS DCOM Buffer Overflow
  MITRE:925  MS IE HTML Directive Buffer Overflow
  MITRE:974  IE Frame Domain Verification Vulnerability
  MITRE:921  IE File Execution User-prompt Bypass Vulnerability
  MITRE:1014  IE File Download Dialog Deception Vulnerability

2004-06-11  CVE-2004-0413  Subversion version older than 1.0.5

2004-05-25  MITRE:886  Windows XP SSL Library Denial of Service
  MITRE:898  Windows XP LSASS Buffer Overflow
  MITRE:964  Windows XP H.323 Protocol Remote Code Execution Vulnerability
  MITRE:885  Windows Server 2003 SSL Library Denial of Service
  MITRE:919  Windows Server 2003 LSASS Buffer Overflow (Sasser Worm Vulnerability
  MITRE:946  Windows Server 2003 H.323 Protocol Remote Code Execution Vulnerability
  MITRE:968  MS Jet Database Buffer Overflow
  MITRE:990  Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability

2004-03-25  MITRE:586  MS Word 98 Macro Names Buffer Overflow
  MITRE:585  MS Word 97 Macro Names Buffer Overflow
  MITRE:675  MS Excel 97 Malicious Macro Security Bypass Vulnerability
  MITRE:141  Microsoft Internet Explorer MIME Hack

2004-02-17  CVE-2004-0054  Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the...

2004-02-03  CVE-2004-0129  phpMyAdmin mysql web administration tool vulnerability

2004-01-27  CVE-2003-0789  Apache is older than 2.0.48

2004-01-05  CVE-2003-1002  Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
  CVE-2003-1001  Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.

2003-12-31  CVE-2003-1132  The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to...
  CVE-2003-1264  TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img)...
  CVE-2003-1490  SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
  CVE-2003-1346  D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
  CVE-2003-1398  Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
  CVE-2003-1497  Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.

2003-11-12  CVE-2003-0795  zebra/Quagga versions older than 0.96.4

2003-08-27  CVE-2003-0511  The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
  CVE-2003-0512  Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password...
  CVE-2003-0647  Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.

2003-06-30  SFBID8062  Abyss Web server Bufferoverflow

2003-06-09  CVE-2003-0305  The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.

2003-05-12  CVE-2003-0216  Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.

2003-04-11  CVE-2002-1426  HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.

2003-03-31  CVE-2002-1547  Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different...

2003-03-29  CVE-2003-0161  Sendmail is older than 8.12.9

2003-03-03  CVE-2003-0100  Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.

2003-03-02  CVE-2002-1337  Remote Buffer Overflow in Sendmail

2002-12-31  CVE-2002-2053  The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is...
  CVE-2002-2239  The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.
  CVE-2002-1892  NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
  CVE-2002-2371  Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
  CVE-2002-2159  Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to...
  CVE-2002-2137  GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive...
  CVE-2002-2150  Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the...
  CVE-2002-2208  Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements,...
  CVE-2002-1810  D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and...
  CVE-2002-2341  Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.
  CVE-2002-1706  Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message...
  CVE-2002-2315  Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
  CVE-2002-1768  Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
  CVE-2002-2316  Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive...
  CVE-2002-2052  Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port...
  CVE-2002-1865  Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote...
  CVE-2002-2379  ** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be...

2002-12-23  CVE-2002-1360  Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code...
  CVE-2002-1357  Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder...
  CVE-2002-1358  Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
  CVE-2002-1359  Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder...

2002-12-13  CVE-2002-1354  TYPSoft FTP Server 0-99-8 Arbitrary Dir Listing

2002-12-11  CVE-2002-1272  Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.

2002-11-20  CVE-2002-1312  Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to...

2002-11-12  CVE-2002-1236  The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.

2002-10-28  CVE-2002-1222  Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.

2002-10-11  CVE-2002-1147  The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of...

2002-10-04  CVE-2002-1068  The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
  CVE-2002-0891  The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.
  CVE-2002-1069  The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device...
  CVE-2002-0954  The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
  CVE-2002-0886  Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to...

2002-09-05  CVE-2002-0870  The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL...

2002-08-12  CVE-2002-0426  VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
  CVE-2002-0792  The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
  CVE-2002-0505  Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via...
  CVE-2002-0813  Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.

2002-08-09  CVE-2002-0661  Apache: Apache 2.0.39 directory traversal and path disclosure bug

2002-08-08  CVE-2002-0826  Ipswitch WS_FTP Server 3-1-1 Buffer Overflow in SITE CPWD Command Processing

2002-08-01  REF000107  All Servers: Tomcat source.jsp directory listing and webroot location display

2002-07-30  CVE-2002-0655  OpenSSL versions older than 0.9.7e and 0.9.6m

2002-07-03  CVE-2002-0713  Multiple Squid vulnerabilities
  CVE-2002-0545  Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.

2002-06-25  CVE-2002-0350  HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service.
  CVE-2002-0339  Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.

2002-06-24  CVE-2002-0640  Remote OpenSSH Vulnerability

2002-06-17  CVE-2002-0392  Apache Chunked-Encoding Memory Corruption Vulnerability

2002-05-29  CVE-2002-0234  NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which...
  CVE-2002-1634  All Servers: Netware default programs display server information
  CVE-2002-1634  All Servers: Netware default programs display server information

2002-05-22  CVE-2002-0893  IIS: ServletExec 4.1 ISAPI File Reading

2002-05-10  CVE-2002-0379  IMAP4 server

2002-04-28  CVE-2002-0889  Qualcomm QPopper Bulletin Name Buffer Overflow Vulnerability

2002-04-19  CVE-2002-0575  AFS-Kerberos Support in OpenSSH Poses a Security Threat

2002-04-16  CVE-2002-1744  IIS: Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability

2002-03-25  CVE-2002-0109  Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the...

2002-03-21  CVE-2002-0061  Apache: Apache Win32 Batch File Remote Command Execution Vulnerability

2002-03-12  CVE-2002-0434  All Servers: Directory.php Allows Arbitrary Code Execution

2002-03-09  SFBID4261  Web server 404 path disclosure
  CVE-2000-1196  Netscape: Netscape PSCOErrPage
  CVE-2001-0461  All Servers: Free On-line Dictionary

2002-03-07  CVE-2002-0083  OpenSSH Channel Code Off-By-One Vulnerability

2002-02-27  CVE-2002-0082  Apache Mod_SSL-Apache-SSL Buffer Overflow Vulnerability

2002-02-26  CVE-2002-0081  PHP Post File Upload Buffer Overflow Vulnerabilities

2002-02-02  CVE-2002-0232  All Servers: MRTG CGI Arbitrary File Display Vulnerability
  CVE-2002-0232  All Servers: MRTG CGI Arbitrary File Display Vulnerability
  CVE-2002-0232  All Servers: MRTG CGI Arbitrary File Display Vulnerability
  CVE-2002-0232  All Servers: MRTG CGI Arbitrary File Display Vulnerability
  CVE-2002-0232  All Servers: MRTG CGI Arbitrary File Display Vulnerability

2002-01-29  CVE-2002-2113  All Servers: AHG's 'search.cgi' Search Engine Input Validation Flaw

2002-01-21  SFBID3915  All Servers: COWS CGI Online Worldweb Shopping Information Disclosure Vulnerability

2002-01-18  CVE-2002-2032  All Servers: Possible PHPNuke SQL_Debug Information Disclosure Vulnerability

2002-01-07  CVE-2002-2033  Apache: Faqmanager.cgi file read vulnerability

2002-01-04  CVE-2002-2029  Apache: Security Risk When Using the CGI Binary (PHP.EXE) Under Apache

2002-01-01  REF000323  yppasswdd service running
  REF000308  Windows AutoUpdate is not enabled
  REF000307  Windows AutoUpdate is enabled but requires user interaction to install patches
  REF000306  Windows AutoUpdate is enabled but require user intervention for both patch download and installation
  REF000322  walld message spoofing
  REF000256  Vulnerable Linux/Unix application package
  REF000319  This computer is a NIS server
  CVE-1999-0660  Telecomando trojan
  REF000189  Systems Management Server
  CVE-1999-0660  Syphillis 1-18 trojan
  CVE-1999-0660  Subseven 2-x trojan
  REF000187  SSL module running
  REF000186  SSL enabled
  REF000295  Shutdown without logon
  CVE-1999-0660  Psychward trojan
  CVE-1999-0660  Prosiak 0-70 trojan
  CVE-1999-0660  Priority BETA trojan
  REF000184  PHP module running
  REF000183  Perl module running
  REF000081  Netscape: Netscape Administration Server admin password
  CVE-1999-0660  NetbusPro2 trojan
  CVE-1999-0660  Ncw trojan
  REF000304  Nachi Worm
  REF000283  LM Hash
  REF000198  Linux/Unix application package(s) version check
  REF000282  Last logged-on username visible
  CVE-1999-0660  Kuang trojan
  CVE-1999-0660  Indoctrination trojan
  REF000124  IIS: Terminal Services
  REF000062  IIS: IIS Global.asa Retrieval
  REF000060  IIS: IIS ASP.NET Application Trace Enabled
  REF000275  Guest users have access to the system log
  REF000273  Guest users have access to the security log
  REF000271  Guest users have access to the application log
  REF000179  Frontpage extensions enabled
  REF000311  fam service running
  CVE-1999-0660  CrazyNet trojan
  REF000178  ClearCase running
  REF000265  Cached Logon Credentials
  REF000303  Blaster Worm
  CVE-1999-0660  Back Orifice 2000 (BO2K) trojan
  REF000262  AutoShareWKS
  REF000260  AutoShareServer
  REF000305  Auto Logon
  CVE-2000-0628  Apache: Apache source.asp
  REF000016  Apache: Apache server-status
  REF000015  Apache: Apache server-info
  REF000013  Apache: Apache manual
  REF000309  amd service running
  REF000090  All Servers: Perl.exe
  REF000040  All Servers: Directory Manager Execution bug
  REF000191  A modem is installed on this computer

2001-12-31  CVE-2001-1209  All Servers: Abe Timmerman zml.cgi File Disclosure Vulnerability

2001-12-30  CVE-2001-1210  Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary...

2001-12-21  CVE-2001-1221  D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
  CVE-2001-1220  D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.

2001-12-06  CVE-2001-0866  Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access...
  CVE-2001-0865  Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
  CVE-2001-0864  Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
  CVE-2001-0867  Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
  CVE-2001-0863  Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
  CVE-2001-0862  Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
  CVE-2001-0861  Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.

2001-11-28  CVE-2001-0929  Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.

2001-11-27  CVE-2001-0550  WU-FTPD glob() function error handling heap corruption

2001-11-15  CVE-2001-0895  Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the...

2001-11-07  REF000251  SSH server accepts Version 1.x connections

2001-10-22  CVE-2001-1503  Solaris Fingerd Discloses Complete User List

2001-10-18  CVE-2001-0751  Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
  CVE-2001-0750  Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
  CVE-2001-0753  Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.
  CVE-2001-0752  Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
  CVE-2001-0754  Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.
  CVE-2001-0757  Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.

2001-10-09  CVE-2001-1156  TYPSoft FTP Server 0-95-1 and possibly prior for Microsoft Windows Can Be Crashed by Remote Users
  CVE-2001-1071  Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.

2001-09-20  CVE-2001-0650  Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.

2001-09-18  REF000106  IIS: This computer seems to be infected with Nimda
  CVE-1999-0756  IIS: Cold Fusion check

2001-09-15  CVE-2001-1014  All Servers: (e)shop Online-Shop System

2001-09-06  CVE-2001-1137  D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.

2001-09-05  CVE-2001-0992  All Servers: ShopPlus Cart

2001-08-31  CVE-2001-1065  Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
  CVE-2001-0711  Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string.
  CVE-2001-1064  Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop...

2001-08-29  CVE-2001-1168  All Servers: PhpMyExplorer Vulnerable to Directory Traversal

2001-08-22  CVE-2001-0589  NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.

2001-08-14  CVE-2001-0622  The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating...
  CVE-2001-0621  The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
  CVE-2001-0566  Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.

2001-08-10  CVE-2001-1117  LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.

2001-07-26  CVE-2001-1021  Ipswitch WS_FTP Server 2-0-2 Will Execute Remotely-Supplied Arbitrary Code

2001-07-25  CVE-2001-1104  SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.

2001-07-24  CVE-2001-1097  Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.

2001-07-21  CVE-2001-0514  SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such...
  CVE-2001-0537  HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

2001-07-20  REF000105  IIS: This computer is infected with CodeRed

2001-07-15  CVE-2001-0804  All Servers: Directory traversal vulnerability in story.pl

2001-07-12  CVE-2001-1183  PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.

2001-07-02  CVE-2001-0444  Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
  CVE-2001-0429  Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.

2001-06-27  CVE-2001-0455  Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.

2001-06-19  CVE-2001-0698  SurgeFTP nlist directory traversal

2001-06-18  CVE-2001-0376  SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This...
  CVE-2001-0427  Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several...
  CVE-2001-0375  Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
  CVE-2001-0412  Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
  CVE-2001-0821  All Servers: DCShop vulnerability

2001-06-17  CVE-2001-0820  Possible Gaztek HTTP Daemon (ghttpd) buffer overflow

2001-06-10  CVE-2001-0688  Broker FTP server 5.9.5.0

2001-05-26  CVE-2001-0767  GuildFTPD FTP

2001-05-07  CVE-1999-0922  IIS: Cold Fusion check
  CVE-2001-0561  All Servers: A1Stats

2001-05-03  CVE-2001-0288  Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

2001-04-27  CVE-2001-0463  All Servers: PerlCal allows remote file retrieving

2001-04-04  CVE-2001-0272  All Servers: sendtemp.pl

2001-04-03  CVE-2001-0466  All Servers: uStorekeeper allows remote file retrieving

2001-03-15  CVE-2001-0236  Possible snmpXdmid SunOS buffer overflow

2001-03-12  CVE-2000-0368  Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

2001-03-11  CVE-2001-0360  All Servers: Ikonboard allows remote file retrieving

2001-02-28  CVE-2002-0558  TYPSoft FTP Server 0-97-1 and prior Discloses Listing of Directory Contents for Any Directory on the
  CVE-2001-0293  FtpXQ FTP Server
  CVE-2004-1776  Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
  CVE-2001-1434  Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.

2001-02-17  SFBID2698  Multiple WarFTPd (1-71) DoS

2001-02-16  CVE-2001-0058  The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.
  CVE-2001-0056  The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
  CVE-2001-0041  Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
  CVE-2001-0057  Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet.
  CVE-2001-0055  CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
  CVE-2001-0305  All Servers: Arts Store.cgi

2001-02-12  CVE-2001-0080  Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.
  CVE-2001-0211  All Servers: WebSPIRS
  CVE-2001-0214  All Servers: Way-board
  CVE-2001-0215  All Servers: Roads search system
  CVE-2001-0212  All Servers: HIS Aktion
  CVE-2001-0210  All Servers: Commerce.cgi
  CVE-2001-0212  All Servers: Auktion.cgi

2001-02-08  CVE-2001-0144  SSH1 CRC-32 compensation attack

2001-02-05  CVE-2001-0015  Network Dynamic Data Exchange (DDE) vulnerability

2001-01-29  CVE-2001-0010  BIND 8-2-1, 8-2-2
  CVE-2002-0400  BIND - Prior to Version 9

2001-01-28  CVE-2001-0253  All Servers: Hyperseek

2001-01-15  CVE-2001-0113  OmniHTTPd v2.07

2001-01-09  CVE-2000-1098  The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
  CVE-2000-1097  The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.

2001-01-01  CVE-2001-0163  Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
  CVE-2001-0161  Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.

2000-12-23  CVE-2001-0074  All Servers: Talkback vulnerability

2000-12-20  CVE-2001-0100  All Servers: Brian Stanback bslist.cgi
  CVE-2001-0099  All Servers: Brian Stanback bsguest.cgi

2000-12-19  CVE-2000-0945  The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
  CVE-2000-0984  The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

2000-12-13  CVE-2001-0065  bftpd 1.0.13
  CVE-2000-1092  All Servers: Alex Heiphetz Group EZShopper Directory Disclosure

2000-12-11  CVE-2001-0025  Leif M. Wright ad.cgi

2000-12-06  CVE-2001-0045  Windows 2000 SNMP parameters

2000-12-05  CVE-2001-0054  Serv-U FTP-Server v2.2 to 2.5

2000-11-20  CVE-2000-1161  All Servers: Adcycle - build.cgi

2000-11-01  SFBID1872  SWAT - Samba Web Administration Tool enabled

2000-10-20  CVE-2000-0700  Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or...

2000-09-21  CVE-2000-1016  Apache: Apache doc packages directory
  CVE-2000-1016  Apache: Apache doc directory

2000-08-29  CVE-1999-0511  IP forwarding enabled

2000-08-23  CVE-2000-0709  IIS: Frontpage check

2000-07-28  CVE-2000-0663  Windows 2000 Relative Shell Path

2000-07-27  CVE-2000-0673  NetBIOS Name Server Protocol Spoofing
  CVE-2000-0673  NetBIOS Name Server Protocol Spoofing

2000-07-16  CVE-2000-0666  Possible statd format string attack

2000-07-12  CVE-2000-0674  All Servers: Virtual Vision FTP Browser Vulnerability

2000-06-22  CVE-2000-0573  wu-ftpd SITE EXEC format

2000-05-03  CVE-2000-0345  The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.

2000-04-26  CVE-2000-0380  The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

2000-04-25  CVE-1999-0203  Sendmail 8-6
  CVE-1999-0203  Sendmail 8-5

2000-04-20  CVE-2000-0268  Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
  CVE-2000-0267  Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.

2000-03-20  CVE-2000-0613  Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.

2000-01-12  CVE-2000-0070  Spoofed LPC Port Request

1999-12-31  CVE-1999-1175  Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
  CVE-1999-1464  Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not...
  CVE-1999-1465  Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with...

1999-12-27  SFBID894  POP3 server might be vulnerable to a remote buffer overflow exploit

1999-12-10  CVE-1999-0977  sadmin service running

1999-11-08  SFBID789  Imail Pop3 5.0

1999-11-03  CVE-1999-0885  All Servers: get32.exe

1999-09-29  CVE-1999-0526  X server accepts connections from any host
  CVE-1999-0204  Sendmail 8-6-9 ident vulnerability
  CVE-1999-0626  rusers service running

1999-09-11  CVE-1999-0071  Apache 1-1-1

1999-09-01  CVE-1999-1129  Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.

1999-08-21  CVE-1999-0687  ttsession service running

1999-07-26  CVE-1999-0197  Finger service is running

1999-07-13  CVE-1999-0320  cmsd service running

1999-07-03  CVE-1999-0345  Fragmented IGMP Packet
  CVE-1999-0345  Fragmented ICMP Packet

1999-07-01  CVE-1999-0889  Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.

1999-06-23  CVE-1999-0721  Malformed LSA Request

1999-06-10  CVE-1999-0775  Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.

1999-06-07  CVE-1999-0616  Trivial FTP service running
  CVE-1999-0512  SMTP server allows relaying
  CVE-1999-0651  RSH service enabled
  CVE-1999-0651  RLOGIN service enabled
  CVE-1999-0618  REXEC service enabled
  CVE-1999-0253  IIS: ASP source using $2e trick
  CVE-1999-0497  Ftp Anonymous Upload
  CVE-1999-0531  EXPN,VRFY commands enabled on mail server

1999-04-20  CVE-1999-0605  All Servers: Merchant Order Form 1.2 Order Log Permissions

1999-04-01  CVE-1999-0445  In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.

1999-03-12  CVE-1999-0382  NT Screen Saver Vulnerability

1999-03-11  CVE-1999-0416  Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.
  CVE-1999-0415  The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.

1999-02-20  CVE-1999-0376  KnownDLLs List Vulnerability

1999-02-11  CVE-1999-0800  IIS: Cold Fusion check

1999-02-04  CVE-1999-0362  WS FTP Server 1-0-2

1999-01-14  CVE-1999-1538  IIS: iisadmin is accesible

1999-01-11  CVE-1999-0063  Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.

1998-09-01  CVE-1999-0162  The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.

1998-08-31  CVE-1999-0003  ttdbserver service running

1998-08-28  CVE-1999-0002  Linux mountd running

1998-08-12  CVE-1999-0159  Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.

1998-07-15  CVE-1999-1582  By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive...

1998-06-27  CVE-1999-0006  QPOP 2-2 to 2.4

1998-02-09  CVE-2002-0421  IIS: Microsoft IIS 4.0 IISADMPWD Proxied Password Attack

1998-01-06  CVE-1999-1293  Apache 1-2-5

1998-01-01  CVE-1999-0293  AAA authentication on Cisco systems allows attackers to execute commands without authorization.

1997-12-15  CVE-1999-0230  Buffer overflow in Cisco 7xx routers through the telnet service.

1997-12-01  CVE-1999-0016  Land IP denial of service.
  REF000326  Alerter service enabled

1997-10-04  CVE-1999-1061  HP JetDirect password is not set

1997-10-01  CVE-1999-0160  Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.

1997-02-07  SFBID688  Denial of service on port 135

1997-01-20  CVE-1999-0047  Sendmail privilege escalation

1996-07-03  SFBID2026  All Servers: Aglimpse

1995-12-19  SFBID1749  ypupdated service running

1995-07-31  CVE-1999-0161  In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.

1992-12-10  CVE-1999-1466  Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
  CVE-1999-1306  Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.

  CVE-2023-4581  XLL file extensions were downloadable without warnings
  CVE-2023-4387  use-after-free in vmxnet3_rq_alloc_rx_buf
  CVE-2023-4563  Use-after-free in nft_verdict_dump due to a race between set GC and transaction
  CVE-2023-4133  use-after-free in ch_flower_stats_cb
  CVE-2023-4273  stack overflow in exfat_get_uniname_from_ext_entry
  CVE-2023-4155  SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
  CVE-2023-4580  Push notifications saved to disk unencrypted
  CVE-2023-41358  processes invalid NLRIs if attribute length is zero
  CVE-2023-41175  potential integer overflow in raw2tiff.c
  CVE-2023-4641  possible password leak during passwd
  CVE-2023-41359  out of bounds read in bgp_attr_aigp_valid
  CVE-2023-41080  Open Redirect vulnerability in FORM authentication
  CVE-2023-4459  NULL pointer dereference in vmxnet3_rq_cleanup
  CVE-2023-4147  nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free
  CVE-2023-4585  Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
  CVE-2023-4584  Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
  CVE-2023-4577  Memory corruption in JIT UpdateRegExpStatics
  CVE-2023-4575  Memory corruption in IPC FilePickerShownCallback
  CVE-2023-4574  Memory corruption in IPC ColorPickerShownCallback
  CVE-2023-4573  Memory corruption in IPC CanvasTranslator
  CVE-2023-40745  integer overflow in tiffcp.c
  CVE-2023-4569  information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c
  CVE-2023-4156  heap out of bound read in builtin.c
  CVE-2023-4051  Full screen notification obscured by file open dialog
  CVE-2023-4053  Full screen notification obscured by external program
  CVE-2023-41105  file path truncation at \0 characters
  CVE-2023-4578  Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
  CVE-2023-4511  DoS
  CVE-2023-4512  DoS
  CVE-2023-4513  DoS
  CVE-2023-41361  does not check for an overly large length of the rcv software version
  CVE-2023-4194  correctly initialize socket uid next fix of i_uid to current_fsuid
  CVE-2023-4128  cls_fw, cls_u32 and cls_route
  CVE-2023-40857  buffer overflow that allows a remote attacker to execute arbtirary code via the yr_execute_cod function
  CVE-2023-4583  Browsing Context potentially not cleared when closing Private Window
  CVE-2023-41360  ahead-of-stream read of ORF header